From sle-updates at lists.suse.com Fri Feb 1 07:13:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Feb 2019 15:13:47 +0100 (CET) Subject: SUSE-RU-2019:13941-1: moderate: Recommended update for openssl-certs Message-ID: <20190201141347.92739F7C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-certs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13941-1 Rating: moderate References: #1121446 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-certs fixes the following issues: The package was updated to 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446) Removed Root CAs: - AC Raiz Certicamara S.A. - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - Visa eCommerce Root Added Root CAs: - Certigna Root CA (email and server auth) - GTS Root R1 (server auth) - GTS Root R2 (server auth) - GTS Root R3 (server auth) - GTS Root R4 (server auth) - OISTE WISeKey Global Root GC CA (email and server auth) - UCA Extended Validation Root (server auth) - UCA Global G2 Root (email and server auth) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssl-certs-13941=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openssl-certs-13941=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-certs-13941=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): openssl-certs-2.30-0.7.9.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): openssl-certs-2.30-0.7.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): openssl-certs-2.30-0.7.9.1 References: https://bugzilla.suse.com/1121446 From sle-updates at lists.suse.com Fri Feb 1 13:09:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Feb 2019 21:09:00 +0100 (CET) Subject: SUSE-SU-2019:0223-1: important: Security update for python Message-ID: <20190201200900.47B96F7C8@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0223-1 Rating: important References: #1122191 #984751 #985177 #985348 #989523 Cross-References: CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2019-5010 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-223=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libpython2_7-1_0-2.7.9-16.7.2 libpython2_7-1_0-debuginfo-2.7.9-16.7.2 python-2.7.9-16.7.1 python-base-2.7.9-16.7.2 python-base-debuginfo-2.7.9-16.7.2 python-base-debugsource-2.7.9-16.7.2 python-curses-2.7.9-16.7.1 python-curses-debuginfo-2.7.9-16.7.1 python-debuginfo-2.7.9-16.7.1 python-debugsource-2.7.9-16.7.1 python-demo-2.7.9-16.7.1 python-gdbm-2.7.9-16.7.1 python-gdbm-debuginfo-2.7.9-16.7.1 python-idle-2.7.9-16.7.1 python-tk-2.7.9-16.7.1 python-tk-debuginfo-2.7.9-16.7.1 python-xml-2.7.9-16.7.2 python-xml-debuginfo-2.7.9-16.7.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.9-16.7.2 libpython2_7-1_0-debuginfo-32bit-2.7.9-16.7.2 python-32bit-2.7.9-16.7.1 python-base-32bit-2.7.9-16.7.2 python-base-debuginfo-32bit-2.7.9-16.7.2 python-debuginfo-32bit-2.7.9-16.7.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): python-doc-2.7.9-16.7.2 python-doc-pdf-2.7.9-16.7.2 References: https://www.suse.com/security/cve/CVE-2016-0772.html https://www.suse.com/security/cve/CVE-2016-1000110.html https://www.suse.com/security/cve/CVE-2016-5636.html https://www.suse.com/security/cve/CVE-2016-5699.html https://www.suse.com/security/cve/CVE-2019-5010.html https://bugzilla.suse.com/1122191 https://bugzilla.suse.com/984751 https://bugzilla.suse.com/985177 https://bugzilla.suse.com/985348 https://bugzilla.suse.com/989523 From sle-updates at lists.suse.com Fri Feb 1 13:10:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Feb 2019 21:10:35 +0100 (CET) Subject: SUSE-SU-2019:0221-1: important: Security update for java-11-openjdk Message-ID: <20190201201035.A1913F7BB@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0221-1 Rating: important References: #1120431 #1122293 #1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for java-11-openjdk to version 11.0.2+7 fixes the following issues: Security issues fixed: - CVE-2019-2422: Better FileChannel transfer performance (bsc#1122293) - CVE-2019-2426: Improve web server connections - CVE-2018-11212: Improve JPEG processing (bsc#1122299) - Better route routing - Better interface enumeration - Better interface lists - Improve BigDecimal support - Improve robot support - Better icon support - Choose printer defaults - Proper allocation handling - Initial class initialization - More reliable p11 transactions - Improve NIO stability - Better loading of classloader classes - Strengthen Windows Access Bridge Support - Improved data set handling - Improved LSA authentication - Libsunmscapi improved interactions Non-security issues fix: - Do not resolve by default the added JavaEE modules (bsc#1120431) - ~2.5% regression on compression benchmark starting with 12-b11 - java.net.http.HttpClient hangs on 204 reply without Content-length 0 - Add additional TeliaSonera root certificate - Add more ld preloading related info to hs_error file on Linux - Add test to exercise server-side client hello processing - AES encrypt performance regression in jdk11b11 - AIX: ProcessBuilder: Piping between created processes does not work. - AIX: Some class library files are missing the Classpath exception - AppCDS crashes for some uses with JRuby - Automate vtable/itable stub size calculation - BarrierSetC1::generate_referent_check() confuses register allocator - Better HTTP Redirection - Catastrophic size_t underflow in BitMap::*_large methods - Clip.isRunning() may return true after Clip.stop() was called - Compiler thread creation should be bounded by available space in memory and Code Cache - com.sun.net.httpserver.HttpServer returns Content-length header for 204 response code - Default mask register for avx512 instructions - Delayed starting of debugging via jcmd - Disable all DES cipher suites - Disable anon and NULL cipher suites - Disable unsupported GCs for Zero - Epsilon alignment adjustments can overflow max TLAB size - Epsilon elastic TLAB sizing may cause misalignment - HotSpot update for vm_version.cpp to recognise updated VS2017 - HttpClient does not retrieve files with large sizes over HTTP/1.1 - IIOException "tEXt chunk length is not proper" on opening png file - Improve TLS connection stability again - InitialDirContext ctor sometimes throws NPE if the server has sent a disconnection - Inspect stack during error reporting - Instead of circle rendered in appl window, but ellipse is produced JEditor Pane - Introduce diagnostic flag to abort VM on failed JIT compilation - Invalid assert(HeapBaseMinAddress > 0) in ReservedHeapSpace::initialize_compressed_heap - jar has issues with UNC-path arguments for the jar -C parameter [windows] - java.net.http HTTP client should allow specifying Origin and Referer headers - java.nio.file.Files.writeString writes garbled UTF-16 instead of UTF-8 - JDK 11.0.1 l10n resource file update - JDWP Transport Listener: dt_socket thread crash - JVMTI ResourceExhausted should not be posted in CompilerThread - LDAPS communication failure with jdk 1.8.0_181 - linux: Poor StrictMath performance due to non-optimized compilation - Missing synchronization when reading counters for live threads and peak thread count - NPE in SupportedGroupsExtension - OpenDataException thrown when constructing CompositeData for StackTraceElement - Parent class loader may not have a referred ClassLoaderData instance when obtained in Klass::class_in_module_of_loader - Populate handlers while holding streamHandlerLock - ppc64: Enable POWER9 CPU detection - print_location is not reliable enough (printing register info) - Reconsider default option for ClassPathURLCheck change done in JDK-8195874 - Register to register spill may use AVX 512 move instruction on unsupported platform. - s390: Use of shift operators not covered by cpp standard - serviceability/sa/TestUniverse.java#id0 intermittently fails with assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded - SIGBUS in CodeHeapState::print_names() - SIGSEGV in MethodArityHistogram() with -XX:+CountCompiledCalls - Soft reference reclamation race in com.sun.xml.internal.stream.util.ThreadLocalBufferAllocator - Swing apps are slow if displaying from a remote source to many local displays - switch jtreg to 4.2b13 - Test library OSInfo.getSolarisVersion cannot determine Solaris version - TestOptionsWithRanges.java is very slow - TestOptionsWithRanges.java of '-XX:TLABSize=2147483648' fails intermittently - The Japanese message of FileNotFoundException garbled - The "supported_groups" extension in ServerHellos - ThreadInfoCompositeData.toCompositeData fails to map ThreadInfo to CompositeData - TimeZone.getDisplayName given Locale.US doesn't always honor the Locale. - TLS 1.2 Support algorithm in SunPKCS11 provider - TLS 1.3 handshake server name indication is missing on a session resume - TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and psk_key_exchange_modes - TLS 1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth - tz: Upgrade time-zone data to tzdata2018g - Undefined behaviour in ADLC - Update avx512 implementation - URLStreamHandler initialization race - UseCompressedOops requirement check fails fails on 32-bit system - windows: Update OS detection code to recognize Windows Server 2019 - x86: assert on unbound assembler Labels used as branch targets - x86: jck tests for ldc2_w bytecode fail - x86: sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization - "-XX:OnOutOfMemoryError" uses fork instead of vfork Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-221=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.2.0-3.18.1 java-11-openjdk-accessibility-11.0.2.0-3.18.1 java-11-openjdk-accessibility-debuginfo-11.0.2.0-3.18.1 java-11-openjdk-debuginfo-11.0.2.0-3.18.1 java-11-openjdk-debugsource-11.0.2.0-3.18.1 java-11-openjdk-demo-11.0.2.0-3.18.1 java-11-openjdk-devel-11.0.2.0-3.18.1 java-11-openjdk-headless-11.0.2.0-3.18.1 java-11-openjdk-jmods-11.0.2.0-3.18.1 java-11-openjdk-src-11.0.2.0-3.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): java-11-openjdk-javadoc-11.0.2.0-3.18.1 References: https://www.suse.com/security/cve/CVE-2018-11212.html https://www.suse.com/security/cve/CVE-2019-2422.html https://www.suse.com/security/cve/CVE-2019-2426.html https://bugzilla.suse.com/1120431 https://bugzilla.suse.com/1122293 https://bugzilla.suse.com/1122299 From sle-updates at lists.suse.com Fri Feb 1 13:11:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Feb 2019 21:11:47 +0100 (CET) Subject: SUSE-SU-2019:0222-1: important: Security update for the Linux Kernel Message-ID: <20190201201147.99E08F7C8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0222-1 Rating: important References: #1024718 #1046299 #1050242 #1050244 #1051510 #1055120 #1055121 #1055186 #1058115 #1060463 #1065600 #1065729 #1068032 #1068273 #1074562 #1074578 #1074701 #1075006 #1075419 #1075748 #1078248 #1079935 #1080039 #1082387 #1082555 #1082653 #1083647 #1085535 #1086282 #1086283 #1086423 #1087082 #1087084 #1087939 #1087978 #1088386 #1089350 #1090888 #1091405 #1094244 #1097593 #1097755 #1102055 #1102875 #1102877 #1102879 #1102882 #1102896 #1103257 #1104353 #1104427 #1104824 #1104967 #1105168 #1106105 #1106110 #1106237 #1106240 #1106615 #1106913 #1107207 #1107256 #1107385 #1107866 #1108270 #1108468 #1109272 #1109772 #1109806 #1110006 #1110558 #1110998 #1111062 #1111174 #1111188 #1111469 #1111696 #1111795 #1111809 #1112128 #1112963 #1113295 #1113412 #1113501 #1113677 #1113722 #1113769 #1114015 #1114178 #1114279 #1114385 #1114576 #1114577 #1114578 #1114579 #1114580 #1114581 #1114582 #1114583 #1114584 #1114585 #1114648 #1114839 #1114871 #1115074 #1115269 #1115431 #1115433 #1115440 #1115567 #1115709 #1115976 #1116040 #1116183 #1116336 #1116692 #1116693 #1116698 #1116699 #1116700 #1116701 #1116803 #1116841 #1116862 #1116863 #1116876 #1116877 #1116878 #1116891 #1116895 #1116899 #1116950 #1117115 #1117162 #1117165 #1117168 #1117172 #1117174 #1117181 #1117184 #1117186 #1117188 #1117189 #1117349 #1117561 #1117656 #1117788 #1117789 #1117790 #1117791 #1117792 #1117794 #1117795 #1117796 #1117798 #1117799 #1117801 #1117802 #1117803 #1117804 #1117805 #1117806 #1117807 #1117808 #1117815 #1117816 #1117817 #1117818 #1117819 #1117820 #1117821 #1117822 #1117953 #1118102 #1118136 #1118137 #1118138 #1118140 #1118152 #1118215 #1118316 #1118319 #1118320 #1118428 #1118484 #1118505 #1118752 #1118760 #1118761 #1118762 #1118766 #1118767 #1118768 #1118769 #1118771 #1118772 #1118773 #1118774 #1118775 #1118787 #1118788 #1118798 #1118809 #1118962 #1119017 #1119086 #1119212 #1119322 #1119410 #1119714 #1119749 #1119804 #1119946 #1119947 #1119962 #1119968 #1119974 #1120036 #1120046 #1120053 #1120054 #1120055 #1120058 #1120088 #1120092 #1120094 #1120096 #1120097 #1120173 #1120214 #1120223 #1120228 #1120230 #1120232 #1120234 #1120235 #1120238 #1120594 #1120598 #1120600 #1120601 #1120602 #1120603 #1120604 #1120606 #1120612 #1120613 #1120614 #1120615 #1120616 #1120617 #1120618 #1120620 #1120621 #1120632 #1120633 #1120743 #1120954 #1121017 #1121058 #1121263 #1121273 #1121477 #1121483 #1121599 #1121621 #1121714 #1121715 #1121973 #1122019 #1122292 Cross-References: CVE-2017-5753 CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18397 CVE-2018-19407 CVE-2018-19824 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 258 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic was uninitialized (bnc#1116841). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319). - CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1074578) The following non-security bugs were fixed: - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). - ACPICA: Tables: Add WSMT support (bsc#1089350). - ACPI/CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115). - ACPI/CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - ACPI/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - ACPI/NFTI: Fix ARS overflow continuation (bsc#1116895). - ACPI/NFIT: x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - ACPI/NFIT: x86/mce: Validate a MCE's address before using it (bsc#1114279). - ACPI/platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - ACPI/watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - Add the cherry-picked dup id for PCI dwc fix - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - ALSA: control: Fix race between adding and removing a user element (bsc#1051510). - ALSA: cs46xx: Potential NULL dereference in probe (bsc#1051510). - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - ALSA: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - ALSA: fireface: fix for state to fetch PCM frames (bsc#1051510). - ALSA: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - ALSA: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - ALSA: hda: Add support for AMD Stoney Ridge (bsc#1051510). - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - ALSA: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - ALSA: hda: fix front speakers on Huawei MBXP (bsc#1051510). - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510). - ALSA: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - ALSA: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - ALSA: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - ALSA: hda/realtek - Support ALC300 (bsc#1051510). - ALSA: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - ALSA: hda/tegra: clear pending irq handlers (bsc#1051510). - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - ALSA: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - ALSA: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - ALSA: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - ALSA: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: trident: Suppress gcc string warning (bsc#1051510). - ALSA: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - ALSA: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - b43: Fix error in cordic routine (bsc#1051510). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block: respect virtual boundary mask in bvecs (bsc#1113412). - block/swim: Fix array bounds check (Git-fixes). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - Bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf: use per htab salt for bucket hash (git-fixes). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - Btrfs: Always try all copies when reading extent buffers (git-fixes). - Btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - Btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - Btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - Btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - Btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - Btrfs: fix deadlock when writing out free space caches (bsc#1116700). - Btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - Btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - Btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - Btrfs: fix fsync of files with multiple hard links in new directories (1120173). - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - Btrfs: Fix memory barriers usage with device stats counters (git-fixes). - Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - Btrfs: fix use-after-free during inode eviction (bsc#1116701). - Btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - Btrfs: fix use-after-free when dumping free space (bsc#1116862). - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - Btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - Btrfs: get rid of unused orphan infrastructure (bsc#1111469). - Btrfs: make sure we create all new block groups (bsc#1116699). - Btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - Btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - Btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - Btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - Btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - Btrfs: stop creating orphan items for truncate (bsc#1111469). - Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - Btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - configfs: replace strncpy with memcpy (bsc#1051510). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable INFINIBAND_USNIC - disable SERIAL_NONSTANDARD - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1107207). - Drivers: hv: vmbus: Add comments on ring buffer signaling (bsc#1107207). - Drivers: hv: vmbus: add numa_node to sysfs (bsc#1107207). - Drivers: hv: vmbus: Cleanup synic memory free path (bsc#1107207). - Drivers: hv: vmbus: enable VMBus protocol version 5.0 (bsc#1107207). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1107207). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1107207). - Drivers: hv: vmbus: Implement Direct Mode for stimer0 (bsc#1107207). - Drivers: hv: vmbus: Make TLFS #define names architecture neutral (bsc#1107207). - Drivers: hv: vmbus: Removed an unnecessary cast from void * (bsc#1107207). - Drivers: hv: vmbus: Remove use of slow_virt_to_phys() (bsc#1107207). - Drivers: hv: vmbus: Remove x86-isms from arch independent drivers (bsc#1107207). - Drivers: hv: vmbus: Remove x86 MSR refs in arch independent code (bsc#1107207). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1107207). - Drivers: hv: vmbus: respect what we get from hv_get_synint_state() (bsc#1107207). - Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() (bsc#1107207). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1107207). - Drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - Drivers/net/usb/r8152: remove the unneeded variable "ret" in rtl8152_system_suspend (bsc#1119749). - Drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix "compatible" prop description (git-fixes). - dt-bindings: pwm: Update STM32 timers clock names (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - enable CONFIG_SCSI_MQ_DEFAULT (bsc#1107207) - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fanotify: fix handling of events on child sub-directory (bsc#1122019). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - fbdev: fix broken menu dependencies (bsc#1113722) - filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787). - firmware: add firmware_request_nowarn() - load firmware without warnings (). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix kABI for "Ensure we commit after writeback is complete" (bsc#1111809). - Fix the breakage of KMP build on x86_64 (bsc#1121017) The backport of the commit 4cd24de3a098 broke KMP builds because of the failure of make kernelrelease call in spec file. Clear the blacklist and backport the fix from the upstream. - Fix tracing sample code warning (git-fixes). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - git_sort.py: Remove non-existent remote tj/libata - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - HID: Add quirk for Primax PIXART OEM mice (bsc#1119410). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - HID: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv: add SPDX license id to Kconfig (bsc#1107207). - hv: add SPDX license to trace (bsc#1107207). - hv_balloon: trace post_status (bsc#1107207). - hv_netvsc: Add handlers for ethtool get/set msg level (bsc#1107207). - hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (bsc#1107207). - hv_netvsc: Add per-cpu ethtool stats for netvsc (bsc#1107207). - hv_netvsc: Add range checking for rx packet offset and length (bsc#1107207). - hv_netvsc: add trace points (bsc#1107207). - hv_netvsc: Clean up extra parameter from rndis_filter_receive_data() (bsc#1107207). - hv_netvsc: fix bogus ifalias on network device (bsc#1107207). - hv_netvsc: fix network namespace issues with VF support (bsc#1107207). - hv_netvsc: Fix the return status in RX path (bsc#1107207). - hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload (bsc#1107207). - hv_netvsc: fix vf serial matching with pci slot info (bsc#1107207). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207). - hv_netvsc: pair VF based on serial number (bsc#1107207). - hv_netvsc: Pass net_device parameter to revoke and teardown functions (bsc#1107207). - hv_netvsc: pass netvsc_device to rndis halt (bsc#1107207). - hv_netvsc: propogate Hyper-V friendly name into interface alias (bsc#1107207). - hv_netvsc: select needed ucs2_string routine (bsc#1107207). - hv_netvsc: simplify receive side calling arguments (bsc#1107207). - hv_netvsc: typo in NDIS RSS parameters structure (bsc#1107207). - hv: Synthetic typo correction (bsc#1107207). - hv_vmbus: Correct the stale comments regarding cpu affinity (bsc#1107207). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - hyper-v: use GFP_KERNEL for hv_context.hv_numa_map (bsc#1107207). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - include modules.fips in kernel-binary as well as kernel-binary-base (). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - KABI fix for "NFSv4.1: Fix up replays of interrupted requests" (git-fixes). - KABI: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - KABI: mask raw in struct bpf_reg_state (bsc#1083647). - KABI: powerpc: Revert npu callback signature change (bsc#1055120). - KABI protect hnae_ae_ops (bsc#1104353). - KABI: protect struct fib_nh_exception (kabi). - KABI: protect struct rtable (kabi). - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: move "_all" target out of $(KBUILD_SRC) conditional (bsc#1114279). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - Kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h (Git-fixes). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - KVM: hyperv: idr_find needs RCU protection (bsc#1107207). - KVM: introduce kvm_make_vcpus_request_mask() API (bsc#1107207). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - KVM: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - KVM: s390: vsie: copy wrapping keys to right place (git-fixes). - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - KVM: VMX: re-add ple_gap module parameter (bsc#1106240). - KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd (bsc#1107207). - KVM: x86: factor out kvm.arch.hyperv (de)init (bsc#1107207). - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - KVM: x86: hyperv: delete dead code in kvm_hv_hypercall() (bsc#1107207). - KVM: x86: hyperv: do rep check for each hypercall separately (bsc#1107207). - KVM: x86: hyperv: guest->host event signaling via eventfd (bsc#1107207). - KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE}_EX implementation (bsc#1107207). - KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} implementation (bsc#1107207). - KVM: x86: hyperv: use defines when parsing hypercall parameters (bsc#1107207). - KVM: x86: VMX: hyper-v: Enlightened MSR-Bitmap support (bsc#1107207). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Always report TX status (bsc#1051510). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: rework memcg kernel stack accounting (bnc#1113677). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - Move dell_rbu fix to sorted section (bsc#1087978). - Move USB-audio UAF fix patch to sorted section - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - nfs: Avoid RCU usage in tracepoints (git-fixes). - nfs: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - nfs: Ensure we commit after writeback is complete (bsc#1111809). - nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes). - nfs: Fix a typo in nfs_rename() (git-fixes). - nfs: Fix typo in nomigration mount option (git-fixes). - nfs: Fix unstable write completion (git-fixes). - nfsv4.0 fix client reference leak in callback (git-fixes). - nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - nfsv4.1 fix infinite loop on I/O (git-fixes). - nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - nfsv4.1: Fix up replays of interrupted requests (git-fixes). - nfsv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Include <asm/barrier.h> dependency (bsc#1114279). - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme: Free ctrl device name on init failure (). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix "noreturn" detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - PCI: Add ACS quirk for Ampere root ports (bsc#1120058). - PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058). - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk (bsc#1051510). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - PCI: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - PCI: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510) - PCI: Export pcie_has_flr() (bsc#1120058). - PCI: hv: Convert remove_lock to refcount (bsc#1107207). - PCI: hv: Fix return value check in hv_pci_assign_slots() (bsc#1107207). - PCI: hv: Remove unused reason for refcount handler (bsc#1107207). - PCI: hv: Replace GFP_ATOMIC with GFP_KERNEL in new_pcichild_device() (bsc#1107207). - PCI: hv: support reporting serial number as slot information (bsc#1107207). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: hv: Use list_for_each_entry() (bsc#1107207). - PCI: imx6: Fix link training status detection in link up check (bsc#1109806). - PCI: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - PCI: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - PCI: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - PCI: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - PCI: vmd: Assign vector zero to all bridges (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1109806). - PCI: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - perf tools: Fix tracing_path_mount proper path (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - RDMA/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - RDMA/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - RDMA/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - RDMA/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - RDMA/RXE: make rxe work over 802.1q VLAN devices (bsc#1082387). - rds: fix two RCU related problems (networking-stable-18_09_18). - README: Clean-up trailing whitespace - Reenable support for KVM guest Earlier trimming of config-azure disabled also KVM. But since parts of QA are done within KVM guests, this flavor must be able to run within such guest type. - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes). - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert commit ef9209b642f "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c" (bsc#1051510). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1051510). - Revert "powerpc/64: Fix checksum folding in csum_add()" (bsc#1065729). - Revert "rpm/kernel-binary.spec.in: allow unsupported modules for -extra" This reverts commit 0d585a8c2d17de86869cc695fc7a5d10c6b96abb. - Revert "scsi: lpfc: ls_rjt erroneus FLOGIs" (bsc#1119322). - Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" (bsc#1051510). - Revert wlcore patch to follow stable tree develpment - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-${flavor}-devel packages if it exists. - rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ("kconfig: remove silentoldconfig target"), "make silentoldconfig" can be no longer used. Use "make syncconfig" instead if available. - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Git fixes (scheduler)). - sched/isolcpus: Fix "isolcpus=" boot parameter handling when !CONFIG_CPUMASK_OFFSTACK (bsc#1107207). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scripts/git-pre-commit: make executable. - scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue - scripts/git_sort/git_sort.py: change SCSI git repos to make series sorting more failsafe. - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: netvsc: Use the vmbus function to calculate ring buffer percentage (bsc#1107207). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: storsvc: do not set a bounce limit (bsc#1107207). - scsi: storvsc: Avoid allocating memory for temp cpumasks (bsc#1107207). - scsi: storvsc: Select channel based on available percentage of ring buffer to write (bsc#1107207). - scsi: storvsc: Set up correct queue depth values for IDE devices (bsc#1107207). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - scsi: vmbus: Add function to report available ring buffer to write in total ring size percentage (bsc#1107207). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - skip LAYOUTRETURN if layout is invalid (git-fixes). - soc: bcm2835: sync firmware properties with downstream () - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_firmware: fix error return getting clobbered (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (bsc#1107207). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - tools: hv: Fix a bug in the key delete code (bsc#1107207). - tools: hv: Fix a bug in the key delete code (git-fixes). - tools: hv: fix compiler warnings about major/target_fname (bsc#1107207). - tools/hv: Fix IP reporting by KVP daemon with SRIOV (bsc#1107207). - tools: hv: include string.h in hv_fcopy_daemon (bsc#1107207). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools: hv: update lsvmbus to be compatible with python3 (bsc#1107207). - tools/lib/lockdep: Rename "trywlock" into "trywrlock" (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - ubifs: Fixup compilation failure due to different ubifs_assert() prototype. - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio_hv_generic: fix subchannel ring mmap (bsc#1107207). - uio_hv_generic: make ring buffer attribute for primary channel (bsc#1107207). - uio_hv_generic: set size of ring buffer attribute (bsc#1107207). - uio_hv_generic: support sub-channels (bsc#1107207). - uio_hv_generic: use correct channel in isr (bsc#1107207). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27" Apple Cinema Display (bsc#1051510). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20" Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86/headers/UAPI: Use __u64 instead of u64 in <uapi/asm/hyperv.h> (bsc#1107207). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/hyperv: Add a function to read both TSC and TSC page value simulateneously (bsc#1107207). - x86/hyper-v: Add flush HvFlushGuestPhysicalAddressSpace hypercall support (bsc#1107207). - x86/hyper-v: Add hyperv_nested_flush_guest_mapping ftrace support (bsc#1107207). - x86/hyperv: Add interrupt handler annotations (bsc#1107207). - x86/hyper-v: allocate and use Virtual Processor Assist Pages (bsc#1107207). - x86/hyper-v: Allocate the IDT entry early in boot (bsc#1107207). - x86/hyper-v: Check cpumask_to_vpset() return value in hyperv_flush_tlb_others_ex() (bsc#1107207). - x86/hyper-v: Check for VP_INVAL in hyperv_flush_tlb_others() (bsc#1107207). - x86/hyper-v: Consolidate code for converting cpumask to vpset (bsc#1107207). - x86/hyper-v: Consolidate the allocation of the hypercall input page (bsc#1107207). - x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits (bsc#1107207). - x86/hyper-v: detect nested features (bsc#1107207). - x86/hyper-v: Enable IPI enlightenments (bsc#1107207). - x86/hyper-v: Enhanced IPI enlightenment (bsc#1107207). - x86/hyper-v: Enlighten APIC access (bsc#1107207). - x86/hyper-v: Fix the circular dependency in IPI enlightenment (bsc#1107207). - x86/hyper-v: Fix wrong merge conflict resolution (bsc#1107207). - x86/hyper-v/hv_apic: Build the Hyper-V APIC conditionally (bsc#1107207). - x86/hyper-v/hv_apic: Include asm/apic.h (bsc#1107207). - x86/hyper-v: Implement hv_do_fast_hypercall16 (bsc#1107207). - x86/hyper-v: move definitions from TLFS to hyperv-tlfs.h (bsc#1107207). - x86/hyper-v: move hyperv.h out of uapi (bsc#1107207). - x86/hyper-v: move struct hv_flush_pcpu{,ex} definitions to common header (bsc#1107207). - x86/hyperv: Redirect reenlightment notifications on CPU offlining (bsc#1107207). - x86/hyperv: Reenlightenment notifications support (bsc#1107207). - x86/hyper-v: rename ipi_arg_{ex,non_ex} structures (bsc#1107207). - x86/hyper-v: Trace PV IPI send (bsc#1107207). - x86/hyper-v: Use cheaper HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} hypercalls when possible (bsc#1107207). - x86/hyper-v: Use cheaper HVCALL_SEND_IPI hypercall when possible (bsc#1107207). - x86/hyper-v: Use 'fast' hypercall for HVCALL_SEND_IPI (bsc#1107207). - x86/irq: Count Hyper-V reenlightenment interrupts (bsc#1107207). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/kvm/hyper-v: add reenlightenment MSRs support (bsc#1107207). - x86/kvm/hyper-v: inject #GP only when invalid SINTx vector is unmasked (bsc#1107207). - x86/kvm/hyper-v: remove stale entries from vec_bitmap/auto_eoi_bitmap on vector change (bsc#1107207). - x86/kvm: rename HV_X64_MSR_APIC_ASSIST_PAGE to HV_X64_MSR_VP_ASSIST_PAGE (bsc#1107207). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/PCI: Add "pci=big_root_window" option for AMD 64-bit windows (bsc#1120058). - x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058). - x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058). - x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/netfront: tolerate frags with no data (bnc#1119804). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-222=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-azure-4.12.14-6.6.2 kernel-azure-base-4.12.14-6.6.2 kernel-azure-base-debuginfo-4.12.14-6.6.2 kernel-azure-debuginfo-4.12.14-6.6.2 kernel-azure-debugsource-4.12.14-6.6.2 kernel-azure-devel-4.12.14-6.6.2 kernel-syms-azure-4.12.14-6.6.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-azure-4.12.14-6.6.2 kernel-source-azure-4.12.14-6.6.2 References: https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2018-12232.html https://www.suse.com/security/cve/CVE-2018-14625.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18397.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19854.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1046299 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068273 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1074578 https://bugzilla.suse.com/1074701 https://bugzilla.suse.com/1075006 https://bugzilla.suse.com/1075419 https://bugzilla.suse.com/1075748 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1080039 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1082653 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086423 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087084 https://bugzilla.suse.com/1087939 https://bugzilla.suse.com/1087978 https://bugzilla.suse.com/1088386 https://bugzilla.suse.com/1089350 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097593 https://bugzilla.suse.com/1097755 https://bugzilla.suse.com/1102055 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104824 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1105168 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106615 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1107207 https://bugzilla.suse.com/1107256 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1108270 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1109772 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110558 https://bugzilla.suse.com/1110998 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111174 https://bugzilla.suse.com/1111188 https://bugzilla.suse.com/1111469 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1111795 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1113501 https://bugzilla.suse.com/1113677 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1114015 https://bugzilla.suse.com/1114178 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114385 https://bugzilla.suse.com/1114576 https://bugzilla.suse.com/1114577 https://bugzilla.suse.com/1114578 https://bugzilla.suse.com/1114579 https://bugzilla.suse.com/1114580 https://bugzilla.suse.com/1114581 https://bugzilla.suse.com/1114582 https://bugzilla.suse.com/1114583 https://bugzilla.suse.com/1114584 https://bugzilla.suse.com/1114585 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1115074 https://bugzilla.suse.com/1115269 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115567 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1115976 https://bugzilla.suse.com/1116040 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116692 https://bugzilla.suse.com/1116693 https://bugzilla.suse.com/1116698 https://bugzilla.suse.com/1116699 https://bugzilla.suse.com/1116700 https://bugzilla.suse.com/1116701 https://bugzilla.suse.com/1116803 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1116862 https://bugzilla.suse.com/1116863 https://bugzilla.suse.com/1116876 https://bugzilla.suse.com/1116877 https://bugzilla.suse.com/1116878 https://bugzilla.suse.com/1116891 https://bugzilla.suse.com/1116895 https://bugzilla.suse.com/1116899 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1117115 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117168 https://bugzilla.suse.com/1117172 https://bugzilla.suse.com/1117174 https://bugzilla.suse.com/1117181 https://bugzilla.suse.com/1117184 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117188 https://bugzilla.suse.com/1117189 https://bugzilla.suse.com/1117349 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1117656 https://bugzilla.suse.com/1117788 https://bugzilla.suse.com/1117789 https://bugzilla.suse.com/1117790 https://bugzilla.suse.com/1117791 https://bugzilla.suse.com/1117792 https://bugzilla.suse.com/1117794 https://bugzilla.suse.com/1117795 https://bugzilla.suse.com/1117796 https://bugzilla.suse.com/1117798 https://bugzilla.suse.com/1117799 https://bugzilla.suse.com/1117801 https://bugzilla.suse.com/1117802 https://bugzilla.suse.com/1117803 https://bugzilla.suse.com/1117804 https://bugzilla.suse.com/1117805 https://bugzilla.suse.com/1117806 https://bugzilla.suse.com/1117807 https://bugzilla.suse.com/1117808 https://bugzilla.suse.com/1117815 https://bugzilla.suse.com/1117816 https://bugzilla.suse.com/1117817 https://bugzilla.suse.com/1117818 https://bugzilla.suse.com/1117819 https://bugzilla.suse.com/1117820 https://bugzilla.suse.com/1117821 https://bugzilla.suse.com/1117822 https://bugzilla.suse.com/1117953 https://bugzilla.suse.com/1118102 https://bugzilla.suse.com/1118136 https://bugzilla.suse.com/1118137 https://bugzilla.suse.com/1118138 https://bugzilla.suse.com/1118140 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118215 https://bugzilla.suse.com/1118316 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118320 https://bugzilla.suse.com/1118428 https://bugzilla.suse.com/1118484 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118752 https://bugzilla.suse.com/1118760 https://bugzilla.suse.com/1118761 https://bugzilla.suse.com/1118762 https://bugzilla.suse.com/1118766 https://bugzilla.suse.com/1118767 https://bugzilla.suse.com/1118768 https://bugzilla.suse.com/1118769 https://bugzilla.suse.com/1118771 https://bugzilla.suse.com/1118772 https://bugzilla.suse.com/1118773 https://bugzilla.suse.com/1118774 https://bugzilla.suse.com/1118775 https://bugzilla.suse.com/1118787 https://bugzilla.suse.com/1118788 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118809 https://bugzilla.suse.com/1118962 https://bugzilla.suse.com/1119017 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119212 https://bugzilla.suse.com/1119322 https://bugzilla.suse.com/1119410 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119749 https://bugzilla.suse.com/1119804 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119947 https://bugzilla.suse.com/1119962 https://bugzilla.suse.com/1119968 https://bugzilla.suse.com/1119974 https://bugzilla.suse.com/1120036 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120053 https://bugzilla.suse.com/1120054 https://bugzilla.suse.com/1120055 https://bugzilla.suse.com/1120058 https://bugzilla.suse.com/1120088 https://bugzilla.suse.com/1120092 https://bugzilla.suse.com/1120094 https://bugzilla.suse.com/1120096 https://bugzilla.suse.com/1120097 https://bugzilla.suse.com/1120173 https://bugzilla.suse.com/1120214 https://bugzilla.suse.com/1120223 https://bugzilla.suse.com/1120228 https://bugzilla.suse.com/1120230 https://bugzilla.suse.com/1120232 https://bugzilla.suse.com/1120234 https://bugzilla.suse.com/1120235 https://bugzilla.suse.com/1120238 https://bugzilla.suse.com/1120594 https://bugzilla.suse.com/1120598 https://bugzilla.suse.com/1120600 https://bugzilla.suse.com/1120601 https://bugzilla.suse.com/1120602 https://bugzilla.suse.com/1120603 https://bugzilla.suse.com/1120604 https://bugzilla.suse.com/1120606 https://bugzilla.suse.com/1120612 https://bugzilla.suse.com/1120613 https://bugzilla.suse.com/1120614 https://bugzilla.suse.com/1120615 https://bugzilla.suse.com/1120616 https://bugzilla.suse.com/1120617 https://bugzilla.suse.com/1120618 https://bugzilla.suse.com/1120620 https://bugzilla.suse.com/1120621 https://bugzilla.suse.com/1120632 https://bugzilla.suse.com/1120633 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120954 https://bugzilla.suse.com/1121017 https://bugzilla.suse.com/1121058 https://bugzilla.suse.com/1121263 https://bugzilla.suse.com/1121273 https://bugzilla.suse.com/1121477 https://bugzilla.suse.com/1121483 https://bugzilla.suse.com/1121599 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1121714 https://bugzilla.suse.com/1121715 https://bugzilla.suse.com/1121973 https://bugzilla.suse.com/1122019 https://bugzilla.suse.com/1122292 From sle-updates at lists.suse.com Fri Feb 1 16:10:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Feb 2019 00:10:06 +0100 (CET) Subject: SUSE-SU-2019:0224-1: important: Security update for the Linux Kernel Message-ID: <20190201231006.78103F7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0224-1 Rating: important References: #1024718 #1046299 #1050242 #1050244 #1051510 #1055120 #1055121 #1055186 #1058115 #1060463 #1061840 #1065600 #1065729 #1068273 #1078248 #1079935 #1082387 #1082555 #1082653 #1083647 #1085535 #1086196 #1086282 #1086283 #1086423 #1087978 #1088386 #1089350 #1090888 #1091405 #1091800 #1094244 #1097593 #1097755 #1100132 #1102875 #1102877 #1102879 #1102882 #1102896 #1103257 #1103356 #1103925 #1104124 #1104353 #1104427 #1104824 #1104967 #1105168 #1105428 #1106105 #1106110 #1106237 #1106240 #1106615 #1106913 #1107256 #1107385 #1107866 #1108270 #1108468 #1109272 #1109772 #1109806 #1110006 #1110558 #1110998 #1111040 #1111062 #1111174 #1111183 #1111188 #1111469 #1111696 #1111795 #1111809 #1111921 #1112878 #1112963 #1113295 #1113408 #1113412 #1113501 #1113667 #1113677 #1113722 #1113751 #1113769 #1113780 #1113972 #1114015 #1114178 #1114279 #1114385 #1114576 #1114577 #1114578 #1114579 #1114580 #1114581 #1114582 #1114583 #1114584 #1114585 #1114839 #1114871 #1115074 #1115269 #1115431 #1115433 #1115440 #1115567 #1115709 #1115976 #1116040 #1116183 #1116336 #1116692 #1116693 #1116698 #1116699 #1116700 #1116701 #1116803 #1116841 #1116862 #1116863 #1116876 #1116877 #1116878 #1116891 #1116895 #1116899 #1116950 #1117115 #1117162 #1117165 #1117168 #1117172 #1117174 #1117181 #1117184 #1117186 #1117188 #1117189 #1117349 #1117561 #1117656 #1117788 #1117789 #1117790 #1117791 #1117792 #1117794 #1117795 #1117796 #1117798 #1117799 #1117801 #1117802 #1117803 #1117804 #1117805 #1117806 #1117807 #1117808 #1117815 #1117816 #1117817 #1117818 #1117819 #1117820 #1117821 #1117822 #1117953 #1118102 #1118136 #1118137 #1118138 #1118140 #1118152 #1118215 #1118316 #1118319 #1118428 #1118484 #1118505 #1118752 #1118760 #1118761 #1118762 #1118766 #1118767 #1118768 #1118769 #1118771 #1118772 #1118773 #1118774 #1118775 #1118798 #1118809 #1118962 #1119017 #1119086 #1119212 #1119322 #1119410 #1119714 #1119749 #1119804 #1119946 #1119962 #1119968 #1120036 #1120046 #1120053 #1120054 #1120055 #1120058 #1120088 #1120092 #1120094 #1120096 #1120097 #1120173 #1120214 #1120223 #1120228 #1120230 #1120232 #1120234 #1120235 #1120238 #1120594 #1120598 #1120600 #1120601 #1120602 #1120603 #1120604 #1120606 #1120612 #1120613 #1120614 #1120615 #1120616 #1120617 #1120618 #1120620 #1120621 #1120632 #1120633 #1120743 #1120954 #1121017 #1121058 #1121263 #1121273 #1121477 #1121483 #1121599 #1121621 #1121714 #1121715 #1121973 Cross-References: CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18397 CVE-2018-18710 CVE-2018-19407 CVE-2018-19824 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 253 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. This update brings following features: - Support for Enhanced-IBRS on new Intel CPUs (fate#326564) The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - acpi/apei: Handle GSIV and GPIO notification types (bsc#1115567). - acpica: Tables: Add WSMT support (bsc#1089350). - acpi/cpcc: Check for valid PCC subspace only if PCC is used (bsc#1117115). - acpi/cpcc: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - acpi/iort: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - acpi/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - acpi/nfit: Fix ARS overflow continuation (bsc#1116895). - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - acpi/platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - acpi/watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - alsa: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - alsa: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - alsa: control: Fix race between adding and removing a user element (bsc#1051510). - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510). - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - alsa: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510). - alsa: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510). - alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - alsa: hda: fix unused variable warning (bsc#1051510). - alsa: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - alsa: hda/realtek - Add GPIO data update helper (bsc#1051510). - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - alsa: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - alsa: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - alsa: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - alsa: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - alsa: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - alsa: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - alsa: hda/realtek - Support ALC300 (bsc#1051510). - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - alsa: hda/tegra: clear pending irq handlers (bsc#1051510). - alsa: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - alsa: trident: Suppress gcc string warning (bsc#1051510). - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - alsa: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - alsa: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - alsa: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Enabled ENA (Amazon network driver) for arm64. - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: kvm: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: kvm: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: kvm: Tighten guest core register access from userspace (bsc#1110998). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - b43: Fix error in cordic routine (bsc#1051510). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block: respect virtual boundary mask in bvecs (bsc#1113412). - block/swim: Fix array bounds check (Git-fixes). - bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf: use per htab salt for bucket hash (git-fixes). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - btrfs: Always try all copies when reading extent buffers (git-fixes). - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - btrfs: fix deadlock when writing out free space caches (bsc#1116700). - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: fix fsync of files with multiple hard links in new directories (1120173). - btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - btrfs: fix use-after-free during inode eviction (bsc#1116701). - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - btrfs: fix use-after-free when dumping free space (bsc#1116862). - btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - btrfs: get rid of unused orphan infrastructure (bsc#1111469). - btrfs: make sure we create all new block groups (bsc#1116699). - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - btrfs: stop creating orphan items for truncate (bsc#1111469). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - configfs: replace strncpy with memcpy (bsc#1051510). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable "ret" in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix "compatible" prop description (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - fbdev: fix broken menu dependencies (bsc#1113722) - firmware: add firmware_request_nowarn() - load firmware without warnings (). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix the breakage of KMP build on x86_64 (bsc#1121017). - Fix tracing sample code warning (git-fixes). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs: Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - git_sort.py: Remove non-existent remote tj/libata - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - hid: Add quirk for Primax PIXART OEM mice (bsc#1119410). - hid: hiddev: fix potential Spectre v1 (bsc#1051510). - hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - hid: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - hwrng: core - document the quality field (bsc#1051510). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi: hide new member in struct iommu_table from genksyms (bsc#1061840). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi: mask raw in struct bpf_reg_state (bsc#1083647). - kabi: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - kabi: powerpc: Revert npu callback signature change (bsc#1055120). - kabi protect hnae_ae_ops (bsc#1104353). - kabi/severities: ignore __xive_vm_h_* KVM internal symbols. - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: move "_all" target out of $(KBUILD_SRC) conditional (bsc#1114279). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h (Git-fixes). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - kvm: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - kvm: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - kvm: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - kvm: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - kvm: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - kvm: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - kvm: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - kvm: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - kvm: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - kvm: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - kvm: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - kvm: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - kvm: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - kvm: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - kvm: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - kvm: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - kvm: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - kvm: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - kvm: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - kvm: PPC: Book3S HV: Do not use existing "prodded" flag for XIVE escalations (bsc#1061840). - kvm: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - kvm: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - kvm: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - kvm: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - kvm: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - kvm: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - kvm: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - kvm: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - kvm: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - kvm: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - kvm: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - kvm: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - kvm: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - kvm: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - kvm: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - kvm: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - kvm: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - kvm: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - kvm: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - kvm: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - kvm: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - kvm: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - kvm: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - kvm: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - kvm: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - kvm: PPC: Book3S HV: Remove useless statement (bsc#1061840). - kvm: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - kvm: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - kvm: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - kvm: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - kvm: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - kvm: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - kvm: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - kvm: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - kvm: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - kvm: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - kvm: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - kvm: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - kvm: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - kvm: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - kvm: s390: vsie: copy wrapping keys to right place (git-fixes). - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - kvm: VMX: re-add ple_gap module parameter (bsc#1106240). - kvm: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - livepatch: create and include UAPI headers (). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - lockd: fix "list_add double add" caused by legacy signal interface (git-fixes). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Always report TX status (bsc#1051510). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: rework memcg kernel stack accounting (bnc#1113677). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - modpost: ignore livepatch unresolved relocations (). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nfc: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - nfs: Avoid RCU usage in tracepoints (git-fixes). - nfs: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - nfs: Ensure we commit after writeback is complete (bsc#1111809). - nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes). - nfs: Fix a typo in nfs_rename() (git-fixes). - nfs: Fix typo in nomigration mount option (git-fixes). - nfs: Fix unstable write completion (git-fixes). - nfsv4.0 fix client reference leak in callback (git-fixes). - nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - nfsv4.1 fix infinite loop on I/O (git-fixes). - nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - nfsv4.1: Fix up replays of interrupted requests (git-fixes). - nfsv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Include dependency (bsc#1114279). - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme: Free ctrl device name on init failure (). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix "noreturn" detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - of: add helper to lookup compatible child node (bsc#1106110) - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - pci: Add ACS quirk for Ampere root ports (bsc#1120058). - pci: Add ACS quirk for APM X-Gene devices (bsc#1120058). - pci: Add Device IDs for Intel GPU "spurious interrupt" quirk (bsc#1051510). - pci/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - pci/ASPM: Fix link_state teardown on device removal (bsc#1051510). - pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - pci: dwc: remove duplicate fix (bsc#1115269) - pci: Export pcie_has_flr() (bsc#1120058). - pci: hv: Use effective affinity mask (bsc#1109772). - pci: imx6: Fix link training status detection in link up check (bsc#1109806). - pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - pci: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - pci/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - pci: vmd: Assign vector zero to all bridges (bsc#1109806). - pci: vmd: Detach resources after stopping root bus (bsc#1109806). - pci: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - perf tools: Fix tracing_path_mount proper path (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pnfs: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pnfs: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pnfs: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries: Fix "OF: ERROR: Bad of_node_put() on /cpus" during DLPAR (bsc#1113295). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - raid10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - rds: fix two RCU related problems (networking-stable-18_09_18). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - reset: remove remaining WARN_ON() in (Git-fixes). - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert "blacklist.conf: blacklist inapplicable commits" This reverts commit 88bd1b2b53990d5518b819968445522fb1392bee. We only build with VIRT_CPU_ACCOUNTING_NATIVE on s390 - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert commit ef9209b642f "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c" (bsc#1051510). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1051510). - Revert "powerpc/64: Fix checksum folding in csum_add()" (bsc#1065729). - Revert "scsi: lpfc: ls_rjt erroneus FLOGIs" (bsc#1119322). - Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" (bsc#1051510). - Revert wlcore patch to follow stable tree develpment - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - skip LAYOUTRETURN if layout is invalid (git-fixes). - soc: bcm2835: sync firmware properties with downstream () - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_firmware: fix error return getting clobbered (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename "trywlock" into "trywrlock" (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype. - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27" Apple Cinema Display (bsc#1051510). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20" Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vfs: close race between getcwd() and d_move() (git-fixes). - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/PCI: Add "pci=big_root_window" option for AMD 64-bit windows (bsc#1120058). - x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058). - x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058). - x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/netfront: tolerate frags with no data (bnc#1119804). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-224=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-224=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-224=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-224=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-224=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-224=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-default-extra-4.12.14-25.28.1 kernel-default-extra-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-25.28.1 kernel-default-base-debuginfo-4.12.14-25.28.1 kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-obs-qa-4.12.14-25.28.1 kselftests-kmp-default-4.12.14-25.28.1 kselftests-kmp-default-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 reiserfs-kmp-default-4.12.14-25.28.1 reiserfs-kmp-default-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.28.1 kernel-obs-build-debugsource-4.12.14-25.28.1 kernel-syms-4.12.14-25.28.1 kernel-vanilla-base-4.12.14-25.28.1 kernel-vanilla-base-debuginfo-4.12.14-25.28.1 kernel-vanilla-debuginfo-4.12.14-25.28.1 kernel-vanilla-debugsource-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.28.1 kernel-source-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.28.1 kernel-default-base-4.12.14-25.28.1 kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-default-devel-4.12.14-25.28.1 kernel-default-devel-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.28.1 kernel-macros-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.28.1 kernel-zfcpdump-4.12.14-25.28.1 kernel-zfcpdump-debuginfo-4.12.14-25.28.1 kernel-zfcpdump-debugsource-4.12.14-25.28.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.28.1 cluster-md-kmp-default-debuginfo-4.12.14-25.28.1 dlm-kmp-default-4.12.14-25.28.1 dlm-kmp-default-debuginfo-4.12.14-25.28.1 gfs2-kmp-default-4.12.14-25.28.1 gfs2-kmp-default-debuginfo-4.12.14-25.28.1 kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 ocfs2-kmp-default-4.12.14-25.28.1 ocfs2-kmp-default-debuginfo-4.12.14-25.28.1 References: https://www.suse.com/security/cve/CVE-2018-12232.html https://www.suse.com/security/cve/CVE-2018-14625.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18397.html https://www.suse.com/security/cve/CVE-2018-18710.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19854.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1046299 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1068273 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1082653 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1086196 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086423 https://bugzilla.suse.com/1087978 https://bugzilla.suse.com/1088386 https://bugzilla.suse.com/1089350 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1091800 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097593 https://bugzilla.suse.com/1097755 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1103356 https://bugzilla.suse.com/1103925 https://bugzilla.suse.com/1104124 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104824 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1105168 https://bugzilla.suse.com/1105428 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106615 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1107256 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1108270 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1109772 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110558 https://bugzilla.suse.com/1110998 https://bugzilla.suse.com/1111040 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111174 https://bugzilla.suse.com/1111183 https://bugzilla.suse.com/1111188 https://bugzilla.suse.com/1111469 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1111795 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1111921 https://bugzilla.suse.com/1112878 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1113408 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1113501 https://bugzilla.suse.com/1113667 https://bugzilla.suse.com/1113677 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113751 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1113780 https://bugzilla.suse.com/1113972 https://bugzilla.suse.com/1114015 https://bugzilla.suse.com/1114178 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114385 https://bugzilla.suse.com/1114576 https://bugzilla.suse.com/1114577 https://bugzilla.suse.com/1114578 https://bugzilla.suse.com/1114579 https://bugzilla.suse.com/1114580 https://bugzilla.suse.com/1114581 https://bugzilla.suse.com/1114582 https://bugzilla.suse.com/1114583 https://bugzilla.suse.com/1114584 https://bugzilla.suse.com/1114585 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1115074 https://bugzilla.suse.com/1115269 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115567 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1115976 https://bugzilla.suse.com/1116040 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116692 https://bugzilla.suse.com/1116693 https://bugzilla.suse.com/1116698 https://bugzilla.suse.com/1116699 https://bugzilla.suse.com/1116700 https://bugzilla.suse.com/1116701 https://bugzilla.suse.com/1116803 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1116862 https://bugzilla.suse.com/1116863 https://bugzilla.suse.com/1116876 https://bugzilla.suse.com/1116877 https://bugzilla.suse.com/1116878 https://bugzilla.suse.com/1116891 https://bugzilla.suse.com/1116895 https://bugzilla.suse.com/1116899 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1117115 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117168 https://bugzilla.suse.com/1117172 https://bugzilla.suse.com/1117174 https://bugzilla.suse.com/1117181 https://bugzilla.suse.com/1117184 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117188 https://bugzilla.suse.com/1117189 https://bugzilla.suse.com/1117349 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1117656 https://bugzilla.suse.com/1117788 https://bugzilla.suse.com/1117789 https://bugzilla.suse.com/1117790 https://bugzilla.suse.com/1117791 https://bugzilla.suse.com/1117792 https://bugzilla.suse.com/1117794 https://bugzilla.suse.com/1117795 https://bugzilla.suse.com/1117796 https://bugzilla.suse.com/1117798 https://bugzilla.suse.com/1117799 https://bugzilla.suse.com/1117801 https://bugzilla.suse.com/1117802 https://bugzilla.suse.com/1117803 https://bugzilla.suse.com/1117804 https://bugzilla.suse.com/1117805 https://bugzilla.suse.com/1117806 https://bugzilla.suse.com/1117807 https://bugzilla.suse.com/1117808 https://bugzilla.suse.com/1117815 https://bugzilla.suse.com/1117816 https://bugzilla.suse.com/1117817 https://bugzilla.suse.com/1117818 https://bugzilla.suse.com/1117819 https://bugzilla.suse.com/1117820 https://bugzilla.suse.com/1117821 https://bugzilla.suse.com/1117822 https://bugzilla.suse.com/1117953 https://bugzilla.suse.com/1118102 https://bugzilla.suse.com/1118136 https://bugzilla.suse.com/1118137 https://bugzilla.suse.com/1118138 https://bugzilla.suse.com/1118140 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118215 https://bugzilla.suse.com/1118316 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118428 https://bugzilla.suse.com/1118484 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118752 https://bugzilla.suse.com/1118760 https://bugzilla.suse.com/1118761 https://bugzilla.suse.com/1118762 https://bugzilla.suse.com/1118766 https://bugzilla.suse.com/1118767 https://bugzilla.suse.com/1118768 https://bugzilla.suse.com/1118769 https://bugzilla.suse.com/1118771 https://bugzilla.suse.com/1118772 https://bugzilla.suse.com/1118773 https://bugzilla.suse.com/1118774 https://bugzilla.suse.com/1118775 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118809 https://bugzilla.suse.com/1118962 https://bugzilla.suse.com/1119017 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119212 https://bugzilla.suse.com/1119322 https://bugzilla.suse.com/1119410 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119749 https://bugzilla.suse.com/1119804 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119962 https://bugzilla.suse.com/1119968 https://bugzilla.suse.com/1120036 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120053 https://bugzilla.suse.com/1120054 https://bugzilla.suse.com/1120055 https://bugzilla.suse.com/1120058 https://bugzilla.suse.com/1120088 https://bugzilla.suse.com/1120092 https://bugzilla.suse.com/1120094 https://bugzilla.suse.com/1120096 https://bugzilla.suse.com/1120097 https://bugzilla.suse.com/1120173 https://bugzilla.suse.com/1120214 https://bugzilla.suse.com/1120223 https://bugzilla.suse.com/1120228 https://bugzilla.suse.com/1120230 https://bugzilla.suse.com/1120232 https://bugzilla.suse.com/1120234 https://bugzilla.suse.com/1120235 https://bugzilla.suse.com/1120238 https://bugzilla.suse.com/1120594 https://bugzilla.suse.com/1120598 https://bugzilla.suse.com/1120600 https://bugzilla.suse.com/1120601 https://bugzilla.suse.com/1120602 https://bugzilla.suse.com/1120603 https://bugzilla.suse.com/1120604 https://bugzilla.suse.com/1120606 https://bugzilla.suse.com/1120612 https://bugzilla.suse.com/1120613 https://bugzilla.suse.com/1120614 https://bugzilla.suse.com/1120615 https://bugzilla.suse.com/1120616 https://bugzilla.suse.com/1120617 https://bugzilla.suse.com/1120618 https://bugzilla.suse.com/1120620 https://bugzilla.suse.com/1120621 https://bugzilla.suse.com/1120632 https://bugzilla.suse.com/1120633 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120954 https://bugzilla.suse.com/1121017 https://bugzilla.suse.com/1121058 https://bugzilla.suse.com/1121263 https://bugzilla.suse.com/1121273 https://bugzilla.suse.com/1121477 https://bugzilla.suse.com/1121483 https://bugzilla.suse.com/1121599 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1121714 https://bugzilla.suse.com/1121715 https://bugzilla.suse.com/1121973 From sle-updates at lists.suse.com Fri Feb 1 16:54:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Feb 2019 00:54:13 +0100 (CET) Subject: SUSE-SU-2019:0224-1: important: Security update for the Linux Kernel Message-ID: <20190201235413.C76A5F7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0224-1 Rating: important References: #1024718 #1046299 #1050242 #1050244 #1051510 #1055120 #1055121 #1055186 #1058115 #1060463 #1061840 #1065600 #1065729 #1068273 #1078248 #1079935 #1082387 #1082555 #1082653 #1083647 #1085535 #1086196 #1086282 #1086283 #1086423 #1087978 #1088386 #1089350 #1090888 #1091405 #1091800 #1094244 #1097593 #1097755 #1100132 #1102875 #1102877 #1102879 #1102882 #1102896 #1103257 #1103356 #1103925 #1104124 #1104353 #1104427 #1104824 #1104967 #1105168 #1105428 #1106105 #1106110 #1106237 #1106240 #1106615 #1106913 #1107256 #1107385 #1107866 #1108270 #1108468 #1109272 #1109772 #1109806 #1110006 #1110558 #1110998 #1111040 #1111062 #1111174 #1111183 #1111188 #1111469 #1111696 #1111795 #1111809 #1111921 #1112878 #1112963 #1113295 #1113408 #1113412 #1113501 #1113667 #1113677 #1113722 #1113751 #1113769 #1113780 #1113972 #1114015 #1114178 #1114279 #1114385 #1114576 #1114577 #1114578 #1114579 #1114580 #1114581 #1114582 #1114583 #1114584 #1114585 #1114839 #1114871 #1115074 #1115269 #1115431 #1115433 #1115440 #1115567 #1115709 #1115976 #1116040 #1116183 #1116336 #1116692 #1116693 #1116698 #1116699 #1116700 #1116701 #1116803 #1116841 #1116862 #1116863 #1116876 #1116877 #1116878 #1116891 #1116895 #1116899 #1116950 #1117115 #1117162 #1117165 #1117168 #1117172 #1117174 #1117181 #1117184 #1117186 #1117188 #1117189 #1117349 #1117561 #1117656 #1117788 #1117789 #1117790 #1117791 #1117792 #1117794 #1117795 #1117796 #1117798 #1117799 #1117801 #1117802 #1117803 #1117804 #1117805 #1117806 #1117807 #1117808 #1117815 #1117816 #1117817 #1117818 #1117819 #1117820 #1117821 #1117822 #1117953 #1118102 #1118136 #1118137 #1118138 #1118140 #1118152 #1118215 #1118316 #1118319 #1118428 #1118484 #1118505 #1118752 #1118760 #1118761 #1118762 #1118766 #1118767 #1118768 #1118769 #1118771 #1118772 #1118773 #1118774 #1118775 #1118798 #1118809 #1118962 #1119017 #1119086 #1119212 #1119322 #1119410 #1119714 #1119749 #1119804 #1119946 #1119962 #1119968 #1120036 #1120046 #1120053 #1120054 #1120055 #1120058 #1120088 #1120092 #1120094 #1120096 #1120097 #1120173 #1120214 #1120223 #1120228 #1120230 #1120232 #1120234 #1120235 #1120238 #1120594 #1120598 #1120600 #1120601 #1120602 #1120603 #1120604 #1120606 #1120612 #1120613 #1120614 #1120615 #1120616 #1120617 #1120618 #1120620 #1120621 #1120632 #1120633 #1120743 #1120954 #1121017 #1121058 #1121263 #1121273 #1121477 #1121483 #1121599 #1121621 #1121714 #1121715 #1121973 Cross-References: CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18397 CVE-2018-18710 CVE-2018-19407 CVE-2018-19824 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 253 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. This update brings following features: - Support for Enhanced-IBRS on new Intel CPUs (fate#326564) The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - acpi/apei: Handle GSIV and GPIO notification types (bsc#1115567). - acpica: Tables: Add WSMT support (bsc#1089350). - acpi/cpcc: Check for valid PCC subspace only if PCC is used (bsc#1117115). - acpi/cpcc: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - acpi/iort: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - acpi/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - acpi/nfit: Fix ARS overflow continuation (bsc#1116895). - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - acpi/platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - acpi/watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - alsa: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - alsa: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - alsa: control: Fix race between adding and removing a user element (bsc#1051510). - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510). - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - alsa: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510). - alsa: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510). - alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - alsa: hda: fix unused variable warning (bsc#1051510). - alsa: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - alsa: hda/realtek - Add GPIO data update helper (bsc#1051510). - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - alsa: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - alsa: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - alsa: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - alsa: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - alsa: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - alsa: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - alsa: hda/realtek - Support ALC300 (bsc#1051510). - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - alsa: hda/tegra: clear pending irq handlers (bsc#1051510). - alsa: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - alsa: trident: Suppress gcc string warning (bsc#1051510). - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - alsa: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - alsa: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - alsa: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Enabled ENA (Amazon network driver) for arm64. - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: kvm: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: kvm: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: kvm: Tighten guest core register access from userspace (bsc#1110998). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - b43: Fix error in cordic routine (bsc#1051510). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block: respect virtual boundary mask in bvecs (bsc#1113412). - block/swim: Fix array bounds check (Git-fixes). - bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf: use per htab salt for bucket hash (git-fixes). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - btrfs: Always try all copies when reading extent buffers (git-fixes). - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - btrfs: fix deadlock when writing out free space caches (bsc#1116700). - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: fix fsync of files with multiple hard links in new directories (1120173). - btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - btrfs: fix use-after-free during inode eviction (bsc#1116701). - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - btrfs: fix use-after-free when dumping free space (bsc#1116862). - btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - btrfs: get rid of unused orphan infrastructure (bsc#1111469). - btrfs: make sure we create all new block groups (bsc#1116699). - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - btrfs: stop creating orphan items for truncate (bsc#1111469). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - configfs: replace strncpy with memcpy (bsc#1051510). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable "ret" in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix "compatible" prop description (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - fbdev: fix broken menu dependencies (bsc#1113722) - firmware: add firmware_request_nowarn() - load firmware without warnings (). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix the breakage of KMP build on x86_64 (bsc#1121017). - Fix tracing sample code warning (git-fixes). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs: Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - git_sort.py: Remove non-existent remote tj/libata - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - hid: Add quirk for Primax PIXART OEM mice (bsc#1119410). - hid: hiddev: fix potential Spectre v1 (bsc#1051510). - hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - hid: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - hwrng: core - document the quality field (bsc#1051510). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi: hide new member in struct iommu_table from genksyms (bsc#1061840). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi: mask raw in struct bpf_reg_state (bsc#1083647). - kabi: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - kabi: powerpc: Revert npu callback signature change (bsc#1055120). - kabi protect hnae_ae_ops (bsc#1104353). - kabi/severities: ignore __xive_vm_h_* KVM internal symbols. - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: move "_all" target out of $(KBUILD_SRC) conditional (bsc#1114279). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h (Git-fixes). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - kvm: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - kvm: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - kvm: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - kvm: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - kvm: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - kvm: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - kvm: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - kvm: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - kvm: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - kvm: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - kvm: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - kvm: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - kvm: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - kvm: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - kvm: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - kvm: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - kvm: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - kvm: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - kvm: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - kvm: PPC: Book3S HV: Do not use existing "prodded" flag for XIVE escalations (bsc#1061840). - kvm: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - kvm: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - kvm: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - kvm: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - kvm: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - kvm: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - kvm: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - kvm: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - kvm: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - kvm: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - kvm: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - kvm: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - kvm: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - kvm: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - kvm: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - kvm: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - kvm: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - kvm: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - kvm: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - kvm: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - kvm: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - kvm: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - kvm: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - kvm: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - kvm: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - kvm: PPC: Book3S HV: Remove useless statement (bsc#1061840). - kvm: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - kvm: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - kvm: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - kvm: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - kvm: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - kvm: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - kvm: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - kvm: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - kvm: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - kvm: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - kvm: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - kvm: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - kvm: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - kvm: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - kvm: s390: vsie: copy wrapping keys to right place (git-fixes). - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - kvm: VMX: re-add ple_gap module parameter (bsc#1106240). - kvm: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - livepatch: create and include UAPI headers (). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - lockd: fix "list_add double add" caused by legacy signal interface (git-fixes). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Always report TX status (bsc#1051510). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: rework memcg kernel stack accounting (bnc#1113677). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - modpost: ignore livepatch unresolved relocations (). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nfc: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - nfs: Avoid RCU usage in tracepoints (git-fixes). - nfs: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - nfs: Ensure we commit after writeback is complete (bsc#1111809). - nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes). - nfs: Fix a typo in nfs_rename() (git-fixes). - nfs: Fix typo in nomigration mount option (git-fixes). - nfs: Fix unstable write completion (git-fixes). - nfsv4.0 fix client reference leak in callback (git-fixes). - nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - nfsv4.1 fix infinite loop on I/O (git-fixes). - nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - nfsv4.1: Fix up replays of interrupted requests (git-fixes). - nfsv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Include dependency (bsc#1114279). - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme: Free ctrl device name on init failure (). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix "noreturn" detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - of: add helper to lookup compatible child node (bsc#1106110) - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - pci: Add ACS quirk for Ampere root ports (bsc#1120058). - pci: Add ACS quirk for APM X-Gene devices (bsc#1120058). - pci: Add Device IDs for Intel GPU "spurious interrupt" quirk (bsc#1051510). - pci/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - pci/ASPM: Fix link_state teardown on device removal (bsc#1051510). - pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - pci: dwc: remove duplicate fix (bsc#1115269) - pci: Export pcie_has_flr() (bsc#1120058). - pci: hv: Use effective affinity mask (bsc#1109772). - pci: imx6: Fix link training status detection in link up check (bsc#1109806). - pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - pci: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - pci/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - pci: vmd: Assign vector zero to all bridges (bsc#1109806). - pci: vmd: Detach resources after stopping root bus (bsc#1109806). - pci: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - perf tools: Fix tracing_path_mount proper path (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pnfs: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pnfs: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pnfs: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries: Fix "OF: ERROR: Bad of_node_put() on /cpus" during DLPAR (bsc#1113295). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - raid10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - rds: fix two RCU related problems (networking-stable-18_09_18). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - reset: remove remaining WARN_ON() in (Git-fixes). - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert "blacklist.conf: blacklist inapplicable commits" This reverts commit 88bd1b2b53990d5518b819968445522fb1392bee. We only build with VIRT_CPU_ACCOUNTING_NATIVE on s390 - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert commit ef9209b642f "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c" (bsc#1051510). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1051510). - Revert "powerpc/64: Fix checksum folding in csum_add()" (bsc#1065729). - Revert "scsi: lpfc: ls_rjt erroneus FLOGIs" (bsc#1119322). - Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" (bsc#1051510). - Revert wlcore patch to follow stable tree develpment - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - skip LAYOUTRETURN if layout is invalid (git-fixes). - soc: bcm2835: sync firmware properties with downstream () - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_firmware: fix error return getting clobbered (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename "trywlock" into "trywrlock" (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype. - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27" Apple Cinema Display (bsc#1051510). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20" Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vfs: close race between getcwd() and d_move() (git-fixes). - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/PCI: Add "pci=big_root_window" option for AMD 64-bit windows (bsc#1120058). - x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058). - x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058). - x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/netfront: tolerate frags with no data (bnc#1119804). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-224=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-224=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-224=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-224=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-224=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-224=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-224=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-default-extra-4.12.14-25.28.1 kernel-default-extra-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-25.28.1 kernel-default-base-debuginfo-4.12.14-25.28.1 kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-obs-qa-4.12.14-25.28.1 kselftests-kmp-default-4.12.14-25.28.1 kselftests-kmp-default-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-default-livepatch-4.12.14-25.28.1 kernel-livepatch-4_12_14-25_28-default-1-1.3.1 kernel-livepatch-4_12_14-25_28-default-debuginfo-1-1.3.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 reiserfs-kmp-default-4.12.14-25.28.1 reiserfs-kmp-default-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.28.1 kernel-obs-build-debugsource-4.12.14-25.28.1 kernel-syms-4.12.14-25.28.1 kernel-vanilla-base-4.12.14-25.28.1 kernel-vanilla-base-debuginfo-4.12.14-25.28.1 kernel-vanilla-debuginfo-4.12.14-25.28.1 kernel-vanilla-debugsource-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.28.1 kernel-source-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.28.1 kernel-default-base-4.12.14-25.28.1 kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-default-devel-4.12.14-25.28.1 kernel-default-devel-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.28.1 kernel-macros-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.28.1 kernel-zfcpdump-4.12.14-25.28.1 kernel-zfcpdump-debuginfo-4.12.14-25.28.1 kernel-zfcpdump-debugsource-4.12.14-25.28.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.28.1 cluster-md-kmp-default-debuginfo-4.12.14-25.28.1 dlm-kmp-default-4.12.14-25.28.1 dlm-kmp-default-debuginfo-4.12.14-25.28.1 gfs2-kmp-default-4.12.14-25.28.1 gfs2-kmp-default-debuginfo-4.12.14-25.28.1 kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 ocfs2-kmp-default-4.12.14-25.28.1 ocfs2-kmp-default-debuginfo-4.12.14-25.28.1 References: https://www.suse.com/security/cve/CVE-2018-12232.html https://www.suse.com/security/cve/CVE-2018-14625.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18397.html https://www.suse.com/security/cve/CVE-2018-18710.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19854.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1046299 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1068273 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1082653 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1086196 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086423 https://bugzilla.suse.com/1087978 https://bugzilla.suse.com/1088386 https://bugzilla.suse.com/1089350 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1091800 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097593 https://bugzilla.suse.com/1097755 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1103356 https://bugzilla.suse.com/1103925 https://bugzilla.suse.com/1104124 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104824 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1105168 https://bugzilla.suse.com/1105428 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106615 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1107256 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1108270 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1109772 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110558 https://bugzilla.suse.com/1110998 https://bugzilla.suse.com/1111040 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111174 https://bugzilla.suse.com/1111183 https://bugzilla.suse.com/1111188 https://bugzilla.suse.com/1111469 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1111795 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1111921 https://bugzilla.suse.com/1112878 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1113408 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1113501 https://bugzilla.suse.com/1113667 https://bugzilla.suse.com/1113677 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113751 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1113780 https://bugzilla.suse.com/1113972 https://bugzilla.suse.com/1114015 https://bugzilla.suse.com/1114178 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114385 https://bugzilla.suse.com/1114576 https://bugzilla.suse.com/1114577 https://bugzilla.suse.com/1114578 https://bugzilla.suse.com/1114579 https://bugzilla.suse.com/1114580 https://bugzilla.suse.com/1114581 https://bugzilla.suse.com/1114582 https://bugzilla.suse.com/1114583 https://bugzilla.suse.com/1114584 https://bugzilla.suse.com/1114585 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1115074 https://bugzilla.suse.com/1115269 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115567 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1115976 https://bugzilla.suse.com/1116040 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116692 https://bugzilla.suse.com/1116693 https://bugzilla.suse.com/1116698 https://bugzilla.suse.com/1116699 https://bugzilla.suse.com/1116700 https://bugzilla.suse.com/1116701 https://bugzilla.suse.com/1116803 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1116862 https://bugzilla.suse.com/1116863 https://bugzilla.suse.com/1116876 https://bugzilla.suse.com/1116877 https://bugzilla.suse.com/1116878 https://bugzilla.suse.com/1116891 https://bugzilla.suse.com/1116895 https://bugzilla.suse.com/1116899 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1117115 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117168 https://bugzilla.suse.com/1117172 https://bugzilla.suse.com/1117174 https://bugzilla.suse.com/1117181 https://bugzilla.suse.com/1117184 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117188 https://bugzilla.suse.com/1117189 https://bugzilla.suse.com/1117349 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1117656 https://bugzilla.suse.com/1117788 https://bugzilla.suse.com/1117789 https://bugzilla.suse.com/1117790 https://bugzilla.suse.com/1117791 https://bugzilla.suse.com/1117792 https://bugzilla.suse.com/1117794 https://bugzilla.suse.com/1117795 https://bugzilla.suse.com/1117796 https://bugzilla.suse.com/1117798 https://bugzilla.suse.com/1117799 https://bugzilla.suse.com/1117801 https://bugzilla.suse.com/1117802 https://bugzilla.suse.com/1117803 https://bugzilla.suse.com/1117804 https://bugzilla.suse.com/1117805 https://bugzilla.suse.com/1117806 https://bugzilla.suse.com/1117807 https://bugzilla.suse.com/1117808 https://bugzilla.suse.com/1117815 https://bugzilla.suse.com/1117816 https://bugzilla.suse.com/1117817 https://bugzilla.suse.com/1117818 https://bugzilla.suse.com/1117819 https://bugzilla.suse.com/1117820 https://bugzilla.suse.com/1117821 https://bugzilla.suse.com/1117822 https://bugzilla.suse.com/1117953 https://bugzilla.suse.com/1118102 https://bugzilla.suse.com/1118136 https://bugzilla.suse.com/1118137 https://bugzilla.suse.com/1118138 https://bugzilla.suse.com/1118140 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118215 https://bugzilla.suse.com/1118316 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118428 https://bugzilla.suse.com/1118484 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118752 https://bugzilla.suse.com/1118760 https://bugzilla.suse.com/1118761 https://bugzilla.suse.com/1118762 https://bugzilla.suse.com/1118766 https://bugzilla.suse.com/1118767 https://bugzilla.suse.com/1118768 https://bugzilla.suse.com/1118769 https://bugzilla.suse.com/1118771 https://bugzilla.suse.com/1118772 https://bugzilla.suse.com/1118773 https://bugzilla.suse.com/1118774 https://bugzilla.suse.com/1118775 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118809 https://bugzilla.suse.com/1118962 https://bugzilla.suse.com/1119017 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119212 https://bugzilla.suse.com/1119322 https://bugzilla.suse.com/1119410 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119749 https://bugzilla.suse.com/1119804 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119962 https://bugzilla.suse.com/1119968 https://bugzilla.suse.com/1120036 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120053 https://bugzilla.suse.com/1120054 https://bugzilla.suse.com/1120055 https://bugzilla.suse.com/1120058 https://bugzilla.suse.com/1120088 https://bugzilla.suse.com/1120092 https://bugzilla.suse.com/1120094 https://bugzilla.suse.com/1120096 https://bugzilla.suse.com/1120097 https://bugzilla.suse.com/1120173 https://bugzilla.suse.com/1120214 https://bugzilla.suse.com/1120223 https://bugzilla.suse.com/1120228 https://bugzilla.suse.com/1120230 https://bugzilla.suse.com/1120232 https://bugzilla.suse.com/1120234 https://bugzilla.suse.com/1120235 https://bugzilla.suse.com/1120238 https://bugzilla.suse.com/1120594 https://bugzilla.suse.com/1120598 https://bugzilla.suse.com/1120600 https://bugzilla.suse.com/1120601 https://bugzilla.suse.com/1120602 https://bugzilla.suse.com/1120603 https://bugzilla.suse.com/1120604 https://bugzilla.suse.com/1120606 https://bugzilla.suse.com/1120612 https://bugzilla.suse.com/1120613 https://bugzilla.suse.com/1120614 https://bugzilla.suse.com/1120615 https://bugzilla.suse.com/1120616 https://bugzilla.suse.com/1120617 https://bugzilla.suse.com/1120618 https://bugzilla.suse.com/1120620 https://bugzilla.suse.com/1120621 https://bugzilla.suse.com/1120632 https://bugzilla.suse.com/1120633 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120954 https://bugzilla.suse.com/1121017 https://bugzilla.suse.com/1121058 https://bugzilla.suse.com/1121263 https://bugzilla.suse.com/1121273 https://bugzilla.suse.com/1121477 https://bugzilla.suse.com/1121483 https://bugzilla.suse.com/1121599 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1121714 https://bugzilla.suse.com/1121715 https://bugzilla.suse.com/1121973 From sle-updates at lists.suse.com Mon Feb 4 10:09:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Feb 2019 18:09:51 +0100 (CET) Subject: SUSE-RU-2019:0225-1: moderate: Recommended update for hmaccalc Message-ID: <20190204170951.15A29FEBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for hmaccalc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0225-1 Rating: moderate References: #1122491 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hmaccalc fixes the following issues: - require libfreebl3-hmac and libsoftokn3-hmac during building (bsc#1122491) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-225=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): hmaccalc-0.9.14-3.3.1 hmaccalc-debuginfo-0.9.14-3.3.1 hmaccalc-debugsource-0.9.14-3.3.1 References: https://bugzilla.suse.com/1122491 From sle-updates at lists.suse.com Tue Feb 5 04:11:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2019 12:11:20 +0100 (CET) Subject: SUSE-RU-2018:3655-2: Optional update for gcc8 Message-ID: <20190205111120.3688EFF7D@maintenance.suse.de> SUSE Recommended Update: Optional update for gcc8 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:3655-2 Rating: low References: #1084812 #1084842 #1087550 #1094222 #1102564 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-227=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (s390x): libatomic1-32bit-8.2.1+r264010-1.3.7 libgcc_s1-32bit-8.2.1+r264010-1.3.7 libgomp1-32bit-8.2.1+r264010-1.3.7 libitm1-32bit-8.2.1+r264010-1.3.7 libstdc++6-32bit-8.2.1+r264010-1.3.7 libstdc++6-devel-gcc8-32bit-8.2.1+r264010-1.3.7 References: https://bugzilla.suse.com/1084812 https://bugzilla.suse.com/1084842 https://bugzilla.suse.com/1087550 https://bugzilla.suse.com/1094222 https://bugzilla.suse.com/1102564 From sle-updates at lists.suse.com Tue Feb 5 07:09:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2019 15:09:04 +0100 (CET) Subject: SUSE-SU-2019:0228-1: Security update for uriparser Message-ID: <20190205140904.9FAB2FF7E@maintenance.suse.de> SUSE Security Update: Security update for uriparser ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0228-1 Rating: low References: #1115722 #1115723 #1115724 #1122193 Cross-References: CVE-2018-19198 CVE-2018-19199 CVE-2018-19200 CVE-2018-20721 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for uriparser fixes the following issues: Security issues fixed: - CVE-2018-20721: Fixed an out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address (bsc#1122193). - CVE-2018-19198: Fixed an out-of-bounds write that was possible via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115722). - CVE-2018-19199: Fixed an integer overflow caused by an unchecked multiplication via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115723). - CVE-2018-19200: Fixed a operation attempted on NULL input via a uriResetUri* function (bsc#1115724). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-228=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): liburiparser1-0.8.5-3.5.1 liburiparser1-debuginfo-0.8.5-3.5.1 uriparser-0.8.5-3.5.1 uriparser-debuginfo-0.8.5-3.5.1 uriparser-debugsource-0.8.5-3.5.1 uriparser-devel-0.8.5-3.5.1 References: https://www.suse.com/security/cve/CVE-2018-19198.html https://www.suse.com/security/cve/CVE-2018-19199.html https://www.suse.com/security/cve/CVE-2018-19200.html https://www.suse.com/security/cve/CVE-2018-20721.html https://bugzilla.suse.com/1115722 https://bugzilla.suse.com/1115723 https://bugzilla.suse.com/1115724 https://bugzilla.suse.com/1122193 From sle-updates at lists.suse.com Tue Feb 5 07:10:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2019 15:10:49 +0100 (CET) Subject: SUSE-SU-2019:0230-1: important: Security update for spice Message-ID: <20190205141049.B98E1FF7D@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0230-1 Rating: important References: #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-230=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-230=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-230=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-230=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-230=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): libspice-server1-0.12.7-10.6.1 libspice-server1-debuginfo-0.12.7-10.6.1 spice-debugsource-0.12.7-10.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libspice-server1-0.12.7-10.6.1 libspice-server1-debuginfo-0.12.7-10.6.1 spice-debugsource-0.12.7-10.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libspice-server1-0.12.7-10.6.1 libspice-server1-debuginfo-0.12.7-10.6.1 spice-debugsource-0.12.7-10.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libspice-server1-0.12.7-10.6.1 libspice-server1-debuginfo-0.12.7-10.6.1 spice-debugsource-0.12.7-10.6.1 - SUSE Enterprise Storage 4 (x86_64): libspice-server1-0.12.7-10.6.1 libspice-server1-debuginfo-0.12.7-10.6.1 spice-debugsource-0.12.7-10.6.1 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1122706 From sle-updates at lists.suse.com Tue Feb 5 07:43:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2019 15:43:03 +0100 (CET) Subject: SUSE-SU-2019:0231-1: important: Security update for spice Message-ID: <20190205144303.E127CFF7E@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0231-1 Rating: important References: #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-231=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): libspice-server1-0.12.5-10.2.3.1 libspice-server1-debuginfo-0.12.5-10.2.3.1 spice-debugsource-0.12.5-10.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1122706 From sle-updates at lists.suse.com Tue Feb 5 07:43:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2019 15:43:36 +0100 (CET) Subject: SUSE-SU-2019:0232-1: important: Security update for haproxy Message-ID: <20190205144336.2CBDBFF7D@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0232-1 Rating: important References: #1121283 Cross-References: CVE-2018-20615 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for haproxy version 1.8.17 fixes the following issues: Security issues fixed: - CVE-2018-20615: Fixed a denial of service, triggered by mishandling the priority flag on short HEADERS frame in the HTTP/2 decoder (bsc#1121283) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-232=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): haproxy-1.8.17~git0.e89d25b2-3.9.1 haproxy-debuginfo-1.8.17~git0.e89d25b2-3.9.1 haproxy-debugsource-1.8.17~git0.e89d25b2-3.9.1 References: https://www.suse.com/security/cve/CVE-2018-20615.html https://bugzilla.suse.com/1121283 From sle-updates at lists.suse.com Tue Feb 5 07:44:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2019 15:44:10 +0100 (CET) Subject: SUSE-SU-2019:0229-1: important: Security update for spice Message-ID: <20190205144410.5F8A8FF7D@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0229-1 Rating: important References: #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-229=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): libspice-server1-0.12.4-8.21.1 libspice-server1-debuginfo-0.12.4-8.21.1 spice-debugsource-0.12.4-8.21.1 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1122706 From sle-updates at lists.suse.com Tue Feb 5 10:09:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2019 18:09:41 +0100 (CET) Subject: SUSE-SU-2019:0236-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15) Message-ID: <20190205170941.71294FF7E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0236-1 Rating: important References: #1119947 Cross-References: CVE-2018-16884 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-25_25 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-233=1 SUSE-SLE-Module-Live-Patching-15-2019-234=1 SUSE-SLE-Module-Live-Patching-15-2019-235=1 SUSE-SLE-Module-Live-Patching-15-2019-236=1 SUSE-SLE-Module-Live-Patching-15-2019-237=1 SUSE-SLE-Module-Live-Patching-15-2019-238=1 SUSE-SLE-Module-Live-Patching-15-2019-239=1 SUSE-SLE-Module-Live-Patching-15-2019-240=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-23-default-8-22.2 kernel-livepatch-4_12_14-23-default-debuginfo-8-22.2 kernel-livepatch-4_12_14-25_13-default-5-2.1 kernel-livepatch-4_12_14-25_13-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-25_16-default-4-2.1 kernel-livepatch-4_12_14-25_16-default-debuginfo-4-2.1 kernel-livepatch-4_12_14-25_19-default-4-2.1 kernel-livepatch-4_12_14-25_19-default-debuginfo-4-2.1 kernel-livepatch-4_12_14-25_22-default-3-2.1 kernel-livepatch-4_12_14-25_22-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-25_25-default-2-2.1 kernel-livepatch-4_12_14-25_25-default-debuginfo-2-2.1 kernel-livepatch-4_12_14-25_3-default-7-2.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-7-2.1 kernel-livepatch-4_12_14-25_6-default-7-2.1 kernel-livepatch-4_12_14-25_6-default-debuginfo-7-2.1 kernel-livepatch-SLE15_Update_0-debugsource-8-22.2 References: https://www.suse.com/security/cve/CVE-2018-16884.html https://bugzilla.suse.com/1119947 From sle-updates at lists.suse.com Tue Feb 5 10:10:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2019 18:10:18 +0100 (CET) Subject: SUSE-SU-2019:0242-1: important: Security update for spice Message-ID: <20190205171018.3526DFF7D@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0242-1 Rating: important References: #1109044 #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Non-security issue fixed: - Include spice-server tweak to compensate for performance issues with Windows guests (bsc#1109044). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-242=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.14.0-4.6.2 libspice-server1-0.14.0-4.6.2 libspice-server1-debuginfo-0.14.0-4.6.2 spice-debugsource-0.14.0-4.6.2 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1109044 https://bugzilla.suse.com/1122706 From sle-updates at lists.suse.com Tue Feb 5 10:11:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2019 18:11:05 +0100 (CET) Subject: SUSE-SU-2019:0241-1: important: Security update for spice Message-ID: <20190205171105.B1ED8FF7D@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0241-1 Rating: important References: #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-241=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-241=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-241=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-241=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-241=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-241=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.12.8-12.1 spice-debugsource-0.12.8-12.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.12.8-12.1 spice-debugsource-0.12.8-12.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libspice-server1-0.12.8-12.1 libspice-server1-debuginfo-0.12.8-12.1 spice-debugsource-0.12.8-12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libspice-server1-0.12.8-12.1 libspice-server1-debuginfo-0.12.8-12.1 spice-debugsource-0.12.8-12.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libspice-server1-0.12.8-12.1 libspice-server1-debuginfo-0.12.8-12.1 spice-debugsource-0.12.8-12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libspice-server1-0.12.8-12.1 libspice-server1-debuginfo-0.12.8-12.1 spice-debugsource-0.12.8-12.1 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1122706 From sle-updates at lists.suse.com Tue Feb 5 13:09:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2019 21:09:13 +0100 (CET) Subject: SUSE-RU-2019:0245-1: moderate: Recommended update for kernel-firmware Message-ID: <20190205200913.186D0FDF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0245-1 Rating: moderate References: #1104289 #1110720 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kernel-firmware fixes the following issues: Update to version 20190118 (bsc#1110720,FATE#325946,bsc#1104289): - brcm: Add BCM43455 NVRAM for Raspberry Pi 3 B+ - brcm: Fix filename for BCM43430 NVRAM for the Raspberry Pi 3 Model B - amdgpu: add raven2 fw for 18.50 release - amdgpu: add picasso fw for 18.50 release - Revert "brcm: Add BCM43455 NVRAM for Raspberry Pi 3 B+" - Update firmware file for Intel Bluetooth 8265 - Update firmware file for Intel Bluetooth 8260 - Update firmware file for Intel Bluetooth 9260 - Update firmware file for Intel Bluetooth 9560 - brcm: Add BCM43430 NVRAM for the Raspberry Pi 3 Model B - brcm: Add BCM43455 NVRAM for Raspberry Pi 3 B+ - update Marvell USB8801 B0 firmware image - iwlwifi: update firmwares for 9000 series - cxgb4: update firmware to revision 1.22.9.0 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-245=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-firmware-20190118-3.14.1 ucode-amd-20190118-3.14.1 References: https://bugzilla.suse.com/1104289 https://bugzilla.suse.com/1110720 From sle-updates at lists.suse.com Tue Feb 5 13:09:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2019 21:09:53 +0100 (CET) Subject: SUSE-RU-2019:0246-1: moderate: Recommended update for qemu Message-ID: <20190205200953.6E1D1FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for qemu ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0246-1 Rating: moderate References: #1100408 #1108474 #1112646 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for qemu fixes the following issues: - Fix a condition when retry logic does not execute in case of data transmit failure or connection hungup (bsc#1108474) - Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646) - fix memory leak in xen_disk (bsc#1100408) - building against xen-devel requires the XC_* compat macros to be set because this version of QEMU will be built against many versions of Xen. configure will decide on the appropriate function names it knows about today. To actually call these functions, future versions of Xen may require XC_* to be set. Furthermore, fix a bug in QEMU: xen_common.h undefines the XC_* macros unconditionally. (bsc#1100408) - Fix a condition when retry logic does not execute in case of data transmit failure or connection hungup (bsc#1108474) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-246=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-246=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): qemu-2.9.1-6.25.1 qemu-block-curl-2.9.1-6.25.1 qemu-block-curl-debuginfo-2.9.1-6.25.1 qemu-block-iscsi-2.9.1-6.25.1 qemu-block-iscsi-debuginfo-2.9.1-6.25.1 qemu-block-ssh-2.9.1-6.25.1 qemu-block-ssh-debuginfo-2.9.1-6.25.1 qemu-debugsource-2.9.1-6.25.1 qemu-guest-agent-2.9.1-6.25.1 qemu-guest-agent-debuginfo-2.9.1-6.25.1 qemu-lang-2.9.1-6.25.1 qemu-tools-2.9.1-6.25.1 qemu-tools-debuginfo-2.9.1-6.25.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): qemu-block-rbd-2.9.1-6.25.1 qemu-block-rbd-debuginfo-2.9.1-6.25.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): qemu-kvm-2.9.1-6.25.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64): qemu-arm-2.9.1-6.25.1 qemu-arm-debuginfo-2.9.1-6.25.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): qemu-ppc-2.9.1-6.25.1 qemu-ppc-debuginfo-2.9.1-6.25.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): qemu-ipxe-1.0.0+-6.25.1 qemu-seabios-1.10.2-6.25.1 qemu-sgabios-8-6.25.1 qemu-vgabios-1.10.2-6.25.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): qemu-x86-2.9.1-6.25.1 qemu-x86-debuginfo-2.9.1-6.25.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): qemu-s390-2.9.1-6.25.1 qemu-s390-debuginfo-2.9.1-6.25.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): qemu-ipxe-1.0.0+-6.25.1 qemu-seabios-1.10.2-6.25.1 qemu-sgabios-8-6.25.1 qemu-vgabios-1.10.2-6.25.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): qemu-2.9.1-6.25.1 qemu-block-curl-2.9.1-6.25.1 qemu-block-curl-debuginfo-2.9.1-6.25.1 qemu-debugsource-2.9.1-6.25.1 qemu-kvm-2.9.1-6.25.1 qemu-tools-2.9.1-6.25.1 qemu-tools-debuginfo-2.9.1-6.25.1 qemu-x86-2.9.1-6.25.1 - SUSE CaaS Platform ALL (x86_64): qemu-debugsource-2.9.1-6.25.1 qemu-guest-agent-2.9.1-6.25.1 qemu-guest-agent-debuginfo-2.9.1-6.25.1 - SUSE CaaS Platform 3.0 (x86_64): qemu-debugsource-2.9.1-6.25.1 qemu-guest-agent-2.9.1-6.25.1 qemu-guest-agent-debuginfo-2.9.1-6.25.1 References: https://bugzilla.suse.com/1100408 https://bugzilla.suse.com/1108474 https://bugzilla.suse.com/1112646 From sle-updates at lists.suse.com Tue Feb 5 13:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2019 21:11:03 +0100 (CET) Subject: SUSE-SU-2019:0243-1: important: Security update for python3 Message-ID: <20190205201103.F2F98FDF2@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0243-1 Rating: important References: #1120644 #1122191 Cross-References: CVE-2018-20406 CVE-2019-5010 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-243=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-243=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-243=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-243=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-243=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-243=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-243=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-243=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-243=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-243=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-243=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-243=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-243=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-243=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-dbm-3.4.6-25.21.1 python3-dbm-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 python3-devel-3.4.6-25.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-devel-3.4.6-25.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Enterprise Storage 4 (x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 References: https://www.suse.com/security/cve/CVE-2018-20406.html https://www.suse.com/security/cve/CVE-2019-5010.html https://bugzilla.suse.com/1120644 https://bugzilla.suse.com/1122191 From sle-updates at lists.suse.com Tue Feb 5 13:12:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Feb 2019 21:12:35 +0100 (CET) Subject: SUSE-RU-2019:0244-1: moderate: Recommended update for rpmlint Message-ID: <20190205201235.62406FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpmlint ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0244-1 Rating: moderate References: #1118049 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rpmlint fixes the following issues: - Backport of OTRS whitelisting (bsc#1118049). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-244=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-244=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.8-2.11.1 rpmlint-mini-debuginfo-1.8-2.11.1 rpmlint-mini-debugsource-1.8-2.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): rpmlint-1.5-41.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.8-2.11.1 rpmlint-mini-debuginfo-1.8-2.11.1 rpmlint-mini-debugsource-1.8-2.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): rpmlint-1.5-41.11.1 References: https://bugzilla.suse.com/1118049 From sle-updates at lists.suse.com Wed Feb 6 04:10:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 12:10:43 +0100 (CET) Subject: SUSE-SU-2019:0248-1: important: Security update for curl Message-ID: <20190206111043.CB8B6FDF2@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0248-1 Rating: important References: #1123371 #1123377 #1123378 Cross-References: CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-248=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-248=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): curl-mini-7.60.0-3.17.1 curl-mini-debuginfo-7.60.0-3.17.1 curl-mini-debugsource-7.60.0-3.17.1 libcurl-mini-devel-7.60.0-3.17.1 libcurl4-mini-7.60.0-3.17.1 libcurl4-mini-debuginfo-7.60.0-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.17.1 curl-debuginfo-7.60.0-3.17.1 curl-debugsource-7.60.0-3.17.1 libcurl-devel-7.60.0-3.17.1 libcurl4-7.60.0-3.17.1 libcurl4-debuginfo-7.60.0-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libcurl4-32bit-7.60.0-3.17.1 libcurl4-32bit-debuginfo-7.60.0-3.17.1 References: https://www.suse.com/security/cve/CVE-2018-16890.html https://www.suse.com/security/cve/CVE-2019-3822.html https://www.suse.com/security/cve/CVE-2019-3823.html https://bugzilla.suse.com/1123371 https://bugzilla.suse.com/1123377 https://bugzilla.suse.com/1123378 From sle-updates at lists.suse.com Wed Feb 6 07:09:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:09:29 +0100 (CET) Subject: SUSE-RU-2019:0258-1: Recommended update for man-pages Message-ID: <20190206140929.6C68EFD0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for man-pages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0258-1 Rating: low References: #1116987 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for man-pages fixes the following issues: - Supplements the package 'man' in order to install some missing man pages. (bsc#1116987) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-258=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): man-pages-4.16-3.3.1 References: https://bugzilla.suse.com/1116987 From sle-updates at lists.suse.com Wed Feb 6 07:10:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:10:03 +0100 (CET) Subject: SUSE-RU-2019:0253-1: moderate: Recommended update for grub2 Message-ID: <20190206141003.5ACA1FD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0253-1 Rating: moderate References: #1114754 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 fixes the following issues: - Fixed possible install media boot issues on certain hardware by changing default tsc calibration method to pmtimer on EFI. (bsc#1114754) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-253=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-253=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.02-4.37.1 grub2-debuginfo-2.02-4.37.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.02-4.37.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-4.37.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64): grub2-arm64-efi-2.02-4.37.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): grub2-i386-pc-2.02-4.37.1 grub2-x86_64-efi-2.02-4.37.1 grub2-x86_64-xen-2.02-4.37.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.37.1 grub2-systemd-sleep-plugin-2.02-4.37.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): grub2-s390x-emu-2.02-4.37.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.37.1 grub2-systemd-sleep-plugin-2.02-4.37.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): grub2-2.02-4.37.1 grub2-debuginfo-2.02-4.37.1 grub2-debugsource-2.02-4.37.1 grub2-i386-pc-2.02-4.37.1 grub2-x86_64-efi-2.02-4.37.1 grub2-x86_64-xen-2.02-4.37.1 - SUSE CaaS Platform ALL (x86_64): grub2-2.02-4.37.1 grub2-debuginfo-2.02-4.37.1 grub2-debugsource-2.02-4.37.1 grub2-i386-pc-2.02-4.37.1 grub2-x86_64-efi-2.02-4.37.1 grub2-x86_64-xen-2.02-4.37.1 - SUSE CaaS Platform ALL (noarch): grub2-snapper-plugin-2.02-4.37.1 - SUSE CaaS Platform 3.0 (noarch): grub2-snapper-plugin-2.02-4.37.1 - SUSE CaaS Platform 3.0 (x86_64): grub2-2.02-4.37.1 grub2-debuginfo-2.02-4.37.1 grub2-debugsource-2.02-4.37.1 grub2-i386-pc-2.02-4.37.1 grub2-x86_64-efi-2.02-4.37.1 grub2-x86_64-xen-2.02-4.37.1 References: https://bugzilla.suse.com/1114754 From sle-updates at lists.suse.com Wed Feb 6 07:10:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:10:38 +0100 (CET) Subject: SUSE-RU-2019:0255-1: moderate: Recommended update for snapper Message-ID: <20190206141038.3AC2AFD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for snapper ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0255-1 Rating: moderate References: #1049574 #1111414 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for snapper fixes the following issues: - adapted to libbtrfs changes to resurrect special btrfs directory comparison. (bsc#1111414) - avoid deadlock for special btrfs directory comparison. (bsc#1049574) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-255=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsnapper-devel-0.5.6-5.7.1 libsnapper4-0.5.6-5.7.1 libsnapper4-debuginfo-0.5.6-5.7.1 pam_snapper-0.5.6-5.7.1 pam_snapper-debuginfo-0.5.6-5.7.1 snapper-0.5.6-5.7.1 snapper-debuginfo-0.5.6-5.7.1 snapper-debugsource-0.5.6-5.7.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): snapper-zypp-plugin-0.5.6-5.7.1 References: https://bugzilla.suse.com/1049574 https://bugzilla.suse.com/1111414 From sle-updates at lists.suse.com Wed Feb 6 07:11:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:11:31 +0100 (CET) Subject: SUSE-RU-2019:0260-1: moderate: Recommended update for trustedgrub2 Message-ID: <20190206141131.07955FD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for trustedgrub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0260-1 Rating: moderate References: #1052420 #1084632 #1100984 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for trustedgrub2 provides the following fixes: - Fix "no symbol table" error on new binutils. (bsc#1100984) - Fix packed-not-aligned error on GCC 8. (bsc#1084632) - Allow to execute menuentry unrestricted as default. (fate#318574, bsc#1052420) - Disable PIE building, as it does not make sense for bootloader. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-260=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-260=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-260=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-260=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): trustedgrub2-i386-pc-1.4.0-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): trustedgrub2-1.4.0-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): trustedgrub2-i386-pc-1.4.0-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): trustedgrub2-1.4.0-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): trustedgrub2-i386-pc-1.4.0-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): trustedgrub2-1.4.0-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): trustedgrub2-i386-pc-1.4.0-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): trustedgrub2-1.4.0-3.3.1 References: https://bugzilla.suse.com/1052420 https://bugzilla.suse.com/1084632 https://bugzilla.suse.com/1100984 From sle-updates at lists.suse.com Wed Feb 6 07:12:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:12:36 +0100 (CET) Subject: SUSE-SU-2019:0247-1: moderate: Security update for lua53 Message-ID: <20190206141236.E5EA1FD0B@maintenance.suse.de> SUSE Security Update: Security update for lua53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0247-1 Rating: moderate References: #1123043 Cross-References: CVE-2019-6706 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-247=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-247=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): lua53-doc-5.3.4-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): liblua5_3-5-5.3.4-3.3.2 liblua5_3-5-debuginfo-5.3.4-3.3.2 lua53-5.3.4-3.3.2 lua53-debuginfo-5.3.4-3.3.2 lua53-debugsource-5.3.4-3.3.2 lua53-devel-5.3.4-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): liblua5_3-5-32bit-5.3.4-3.3.2 liblua5_3-5-32bit-debuginfo-5.3.4-3.3.2 References: https://www.suse.com/security/cve/CVE-2019-6706.html https://bugzilla.suse.com/1123043 From sle-updates at lists.suse.com Wed Feb 6 07:13:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:13:10 +0100 (CET) Subject: SUSE-RU-2019:0256-1: moderate: Recommended update for ppc64-diag Message-ID: <20190206141310.18674FD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for ppc64-diag ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0256-1 Rating: moderate References: #1113097 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ppc64-diag fixes the following issues: - Fix daily cron script not exiting gracefully without SCSI enclosure. (bsc#1113097) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-256=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (ppc64le): ppc64-diag-2.7.4-3.3.2 ppc64-diag-debuginfo-2.7.4-3.3.2 ppc64-diag-debugsource-2.7.4-3.3.2 References: https://bugzilla.suse.com/1113097 From sle-updates at lists.suse.com Wed Feb 6 07:13:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:13:55 +0100 (CET) Subject: SUSE-RU-2019:0251-1: moderate: Recommended update for glib2 Message-ID: <20190206141355.0CE42FD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0251-1 Rating: moderate References: #1090047 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-251=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-251=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-251=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (x86_64): glib2-debugsource-2.54.3-4.10.1 glib2-devel-32bit-2.54.3-4.10.1 glib2-devel-32bit-debuginfo-2.54.3-4.10.1 glib2-tools-32bit-2.54.3-4.10.1 glib2-tools-32bit-debuginfo-2.54.3-4.10.1 libgthread-2_0-0-32bit-2.54.3-4.10.1 libgthread-2_0-0-32bit-debuginfo-2.54.3-4.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.10.1 glib2-devel-static-2.54.3-4.10.1 libgio-fam-2.54.3-4.10.1 libgio-fam-debuginfo-2.54.3-4.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): gio-branding-upstream-2.54.3-4.10.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.10.1 glib2-devel-2.54.3-4.10.1 glib2-devel-debuginfo-2.54.3-4.10.1 glib2-tools-2.54.3-4.10.1 glib2-tools-debuginfo-2.54.3-4.10.1 libgio-2_0-0-2.54.3-4.10.1 libgio-2_0-0-debuginfo-2.54.3-4.10.1 libglib-2_0-0-2.54.3-4.10.1 libglib-2_0-0-debuginfo-2.54.3-4.10.1 libgmodule-2_0-0-2.54.3-4.10.1 libgmodule-2_0-0-debuginfo-2.54.3-4.10.1 libgobject-2_0-0-2.54.3-4.10.1 libgobject-2_0-0-debuginfo-2.54.3-4.10.1 libgthread-2_0-0-2.54.3-4.10.1 libgthread-2_0-0-debuginfo-2.54.3-4.10.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): glib2-lang-2.54.3-4.10.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libgio-2_0-0-32bit-2.54.3-4.10.1 libgio-2_0-0-32bit-debuginfo-2.54.3-4.10.1 libglib-2_0-0-32bit-2.54.3-4.10.1 libglib-2_0-0-32bit-debuginfo-2.54.3-4.10.1 libgmodule-2_0-0-32bit-2.54.3-4.10.1 libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.10.1 libgobject-2_0-0-32bit-2.54.3-4.10.1 libgobject-2_0-0-32bit-debuginfo-2.54.3-4.10.1 References: https://bugzilla.suse.com/1090047 From sle-updates at lists.suse.com Wed Feb 6 07:14:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:14:29 +0100 (CET) Subject: SUSE-RU-2019:0265-1: moderate: Recommended update for python-cliff Message-ID: <20190206141429.03402FD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-cliff ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0265-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-cliff fixes the following issues: - Update UPPER_CONSTRAINTS_FILE for stable/pike (bsc#1109991) - Updated from global requirements - update cmd2 dependency to handle py3 only versions - Align parsed() call with cmd2 versions >= 0.7.3 - Fix codec error when format=csv - Update .gitreview for stable/pike - Fix PEP8 in gate Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-265=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-265=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-265=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-cliff-2.8.2-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-cliff-2.8.2-3.3.1 - HPE Helion Openstack 8 (noarch): python-cliff-2.8.2-3.3.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Wed Feb 6 07:15:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:15:04 +0100 (CET) Subject: SUSE-RU-2019:0266-1: moderate: Recommended update for python-django_openstack_auth Message-ID: <20190206141504.B8085FD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-django_openstack_auth ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0266-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-django_openstack_auth fixes the following issues: - Add a new optional WEBSSO_KEYSTONE_URL property in order to support WEBSSO for deployments where network segmentation is used per security requirement (bsc#1109991) - Add .zuul.yaml for pike - Update UPPER_CONSTRAINTS_FILE for stable/pike - Zuul: Remove project name - Don't add required attribute to html form fields - Imported Translations from Zanata - Remove tox_install.sh usage - Updated from global requirements - Allow an action if no policy exists for it and there is no default policy. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-266=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-266=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-266=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-django_openstack_auth-3.6.1-4.5.1 - SUSE OpenStack Cloud 8 (noarch): python-django_openstack_auth-3.6.1-4.5.1 - HPE Helion Openstack 8 (noarch): python-django_openstack_auth-3.6.1-4.5.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Wed Feb 6 07:15:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:15:37 +0100 (CET) Subject: SUSE-RU-2019:0263-1: moderate: Recommended update for caasp-openstack-heat-templates Message-ID: <20190206141537.7A96CFD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for caasp-openstack-heat-templates ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0263-1 Rating: moderate References: #1108001 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for caasp-openstack-heat-templates fixes the following issues: - Remove wrong characters from environment file - Install CaaSP templates for multiple master nodes(SCRD-2811) - SCRD-2811 Add a Loadbalancer for CaaSP Master nodes - Enable ntpd service for CaaSP nodes (bsc#1108001) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-263=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-263=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-263=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): caasp-openstack-heat-templates-1.0+git.1540887180.64bfde8-4.9.1 - SUSE OpenStack Cloud 8 (noarch): caasp-openstack-heat-templates-1.0+git.1540887180.64bfde8-4.9.1 - HPE Helion Openstack 8 (noarch): caasp-openstack-heat-templates-1.0+git.1540887180.64bfde8-4.9.1 References: https://bugzilla.suse.com/1108001 From sle-updates at lists.suse.com Wed Feb 6 07:16:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:16:18 +0100 (CET) Subject: SUSE-RU-2019:0252-1: moderate: Recommended update for grub2 Message-ID: <20190206141618.01FCBFD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0252-1 Rating: moderate References: #1114754 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 fixes the following issues: - Fixed possible install media boot issues on certain hardware by changing default tsc calibration method to pmtimer on EFI. (bsc#1114754) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-252=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-252=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-252=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): grub2-debuginfo-2.02-19.21.3 grub2-debugsource-2.02-19.21.3 grub2-x86_64-xen-2.02-19.21.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): grub2-branding-upstream-2.02-19.21.3 grub2-debuginfo-2.02-19.21.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 s390x x86_64): grub2-debugsource-2.02-19.21.3 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): grub2-2.02-19.21.3 grub2-debuginfo-2.02-19.21.3 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 s390x x86_64): grub2-debugsource-2.02-19.21.3 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64): grub2-arm64-efi-2.02-19.21.3 - SUSE Linux Enterprise Module for Basesystem 15 (ppc64le): grub2-powerpc-ieee1275-2.02-19.21.3 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): grub2-snapper-plugin-2.02-19.21.3 grub2-systemd-sleep-plugin-2.02-19.21.3 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): grub2-i386-pc-2.02-19.21.3 grub2-x86_64-efi-2.02-19.21.3 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): grub2-s390x-emu-2.02-19.21.3 References: https://bugzilla.suse.com/1114754 From sle-updates at lists.suse.com Wed Feb 6 07:16:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:16:52 +0100 (CET) Subject: SUSE-RU-2019:0250-1: moderate: Recommended update for gtk3 Message-ID: <20190206141652.0583AFD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for gtk3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0250-1 Rating: moderate References: #1119306 #1121456 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gtk3 fixes the following issues: - Add support for AtkTableCell. (bsc#1119306, fate#326548) - Export gtk_cell_accessible_parent_get_(row|column)_header_cells_ functions. (bsc#1121456) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-250=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-250=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): gtk3-debugsource-3.22.30-4.8.2 gtk3-immodule-amharic-3.22.30-4.8.2 gtk3-immodule-amharic-debuginfo-3.22.30-4.8.2 gtk3-immodule-broadway-3.22.30-4.8.2 gtk3-immodule-broadway-debuginfo-3.22.30-4.8.2 gtk3-immodule-inuktitut-3.22.30-4.8.2 gtk3-immodule-inuktitut-debuginfo-3.22.30-4.8.2 gtk3-immodule-multipress-3.22.30-4.8.2 gtk3-immodule-multipress-debuginfo-3.22.30-4.8.2 gtk3-immodule-thai-3.22.30-4.8.2 gtk3-immodule-thai-debuginfo-3.22.30-4.8.2 gtk3-immodule-vietnamese-3.22.30-4.8.2 gtk3-immodule-vietnamese-debuginfo-3.22.30-4.8.2 gtk3-immodule-xim-3.22.30-4.8.2 gtk3-immodule-xim-debuginfo-3.22.30-4.8.2 gtk3-immodules-tigrigna-3.22.30-4.8.2 gtk3-immodules-tigrigna-debuginfo-3.22.30-4.8.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): gtk3-branding-upstream-3.22.30-4.8.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gettext-its-gtk3-3.22.30-4.8.2 gtk3-debugsource-3.22.30-4.8.2 gtk3-devel-3.22.30-4.8.2 gtk3-devel-debuginfo-3.22.30-4.8.2 gtk3-tools-3.22.30-4.8.2 gtk3-tools-debuginfo-3.22.30-4.8.2 libgtk-3-0-3.22.30-4.8.2 libgtk-3-0-debuginfo-3.22.30-4.8.2 typelib-1_0-Gtk-3_0-3.22.30-4.8.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): gtk3-data-3.22.30-4.8.2 gtk3-lang-3.22.30-4.8.2 gtk3-schema-3.22.30-4.8.2 References: https://bugzilla.suse.com/1119306 https://bugzilla.suse.com/1121456 From sle-updates at lists.suse.com Wed Feb 6 07:17:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:17:38 +0100 (CET) Subject: SUSE-RU-2019:0254-1: moderate: Recommended update for grub2 Message-ID: <20190206141738.25538FD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0254-1 Rating: moderate References: #1114754 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 fixes the following issues: - Fixed possible install media boot issues on certain hardware by changing default tsc calibration method to pmtimer on EFI. (bsc#1114754) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-254=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-254=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): grub2-2.02-12.6.2 grub2-debuginfo-2.02-12.6.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 s390x x86_64): grub2-debugsource-2.02-12.6.2 - SUSE Linux Enterprise Server 12-SP4 (ppc64le): grub2-powerpc-ieee1275-2.02-12.6.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64): grub2-arm64-efi-2.02-12.6.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.6.2 grub2-systemd-sleep-plugin-2.02-12.6.2 grub2-x86_64-xen-2.02-12.6.2 - SUSE Linux Enterprise Server 12-SP4 (x86_64): grub2-i386-pc-2.02-12.6.2 grub2-x86_64-efi-2.02-12.6.2 - SUSE Linux Enterprise Server 12-SP4 (s390x): grub2-s390x-emu-2.02-12.6.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): grub2-2.02-12.6.2 grub2-debuginfo-2.02-12.6.2 grub2-debugsource-2.02-12.6.2 grub2-i386-pc-2.02-12.6.2 grub2-x86_64-efi-2.02-12.6.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.6.2 grub2-systemd-sleep-plugin-2.02-12.6.2 grub2-x86_64-xen-2.02-12.6.2 References: https://bugzilla.suse.com/1114754 From sle-updates at lists.suse.com Wed Feb 6 07:18:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:18:11 +0100 (CET) Subject: SUSE-RU-2019:0264-1: moderate: Recommended update for python-keystone-json-assignment Message-ID: <20190206141811.D09AAFD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-keystone-json-assignment ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0264-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-keystone-json-assignment fixes the following issues: - Update driver for keystone pike (cmurphy) (bsc#1109991) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-264=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-264=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-264=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-keystone-json-assignment-0.0.3-3.6.1 - SUSE OpenStack Cloud 8 (noarch): python-keystone-json-assignment-0.0.3-3.6.1 - HPE Helion Openstack 8 (noarch): python-keystone-json-assignment-0.0.3-3.6.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Wed Feb 6 07:18:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:18:44 +0100 (CET) Subject: SUSE-RU-2019:0259-1: Recommended update for man-pages-posix Message-ID: <20190206141844.D9003FD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for man-pages-posix ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0259-1 Rating: low References: #1116987 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for man-pages-posix fixes the following issues: - Supplements the package 'man' in order to install some missing man pages. (bnc#1116987) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-259=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): man-pages-posix-2013a-3.3.1 References: https://bugzilla.suse.com/1116987 From sle-updates at lists.suse.com Wed Feb 6 07:19:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:19:18 +0100 (CET) Subject: SUSE-RU-2019:0267-1: moderate: Recommended update for python-yarb Message-ID: <20190206141918.C4A90FD0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-yarb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0267-1 Rating: moderate References: #1111232 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-yarb fixes the following issues: - Add to SUSE OpenStack Cloud 7 (fate#326791, bsc#1111232) - Remove superfluous devel dependency for noarch package Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-267=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-267=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-267=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-yarb-1.0.0-4.3.1 - SUSE OpenStack Cloud 8 (noarch): python-yarb-1.0.0-4.3.1 - HPE Helion Openstack 8 (noarch): python-yarb-1.0.0-4.3.1 References: https://bugzilla.suse.com/1111232 From sle-updates at lists.suse.com Wed Feb 6 07:19:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:19:52 +0100 (CET) Subject: SUSE-RU-2019:0257-1: moderate: Recommended update for ppc64-diag Message-ID: <20190206141952.14A4EFD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for ppc64-diag ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0257-1 Rating: moderate References: #1113097 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ppc64-diag fixes the following issues: - Fix daily cron script not exiting gracefully without SCSI enclosure. (bsc#1113097) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-257=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (ppc64le): ppc64-diag-2.7.4-4.3.1 ppc64-diag-debuginfo-2.7.4-4.3.1 ppc64-diag-debugsource-2.7.4-4.3.1 References: https://bugzilla.suse.com/1113097 From sle-updates at lists.suse.com Wed Feb 6 07:20:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:20:29 +0100 (CET) Subject: SUSE-RU-2019:0261-1: moderate: Recommended update for pam-config Message-ID: <20190206142029.DEB39FD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam-config ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0261-1 Rating: moderate References: #1114835 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam-config fixes the following issues: - Adds support for more pam_cracklib options. (bsc#1114835) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-261=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-261=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-261=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-261=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-261=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-261=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-261=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-261=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-261=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-261=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): pam-config-0.89-5.3.2 pam-config-debuginfo-0.89-5.3.2 pam-config-debugsource-0.89-5.3.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): pam-config-0.89-5.3.2 pam-config-debuginfo-0.89-5.3.2 pam-config-debugsource-0.89-5.3.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): pam-config-0.89-5.3.2 pam-config-debuginfo-0.89-5.3.2 pam-config-debugsource-0.89-5.3.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): pam-config-0.89-5.3.2 pam-config-debuginfo-0.89-5.3.2 pam-config-debugsource-0.89-5.3.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): pam-config-0.89-5.3.2 pam-config-debuginfo-0.89-5.3.2 pam-config-debugsource-0.89-5.3.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): pam-config-0.89-5.3.2 pam-config-debuginfo-0.89-5.3.2 pam-config-debugsource-0.89-5.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): pam-config-0.89-5.3.2 pam-config-debuginfo-0.89-5.3.2 pam-config-debugsource-0.89-5.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): pam-config-0.89-5.3.2 pam-config-debuginfo-0.89-5.3.2 pam-config-debugsource-0.89-5.3.2 - SUSE Enterprise Storage 4 (x86_64): pam-config-0.89-5.3.2 pam-config-debuginfo-0.89-5.3.2 pam-config-debugsource-0.89-5.3.2 - SUSE CaaS Platform ALL (x86_64): pam-config-0.89-5.3.2 pam-config-debuginfo-0.89-5.3.2 pam-config-debugsource-0.89-5.3.2 - SUSE CaaS Platform 3.0 (x86_64): pam-config-0.89-5.3.2 pam-config-debuginfo-0.89-5.3.2 pam-config-debugsource-0.89-5.3.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): pam-config-0.89-5.3.2 pam-config-debuginfo-0.89-5.3.2 pam-config-debugsource-0.89-5.3.2 References: https://bugzilla.suse.com/1114835 From sle-updates at lists.suse.com Wed Feb 6 07:39:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:39:30 +0100 (CET) Subject: SUSE-RU-2019:0262-1: moderate: Recommended update for documentation-suse-openstack-cloud Message-ID: <20190206143930.A0DBDFD0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for documentation-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0262-1 Rating: moderate References: #1068928 #1068929 #1069434 #1075107 #1076358 #1085068 #1088399 #1088518 #1089358 #1089880 #1091218 #1095120 #1095363 #1098295 #1098440 #1098478 #1098711 #1099140 #1099377 #1099469 #1099567 #1099749 #1101038 #1101350 #1101527 #1102129 #1102309 #1102518 #1102550 #1102630 #1102653 #1102978 #1102993 #1103060 #1103083 #1103115 #1103146 #1103160 #1103357 #1103622 #1103903 #1104267 #1104269 #1104554 #1104699 #1104984 #1105131 #1105132 #1105133 #1105134 #1105135 #1105136 #1105137 #1105138 #1105139 #1105269 #1105527 #1105984 #1105986 #1106402 #1106642 #1107674 #1108081 #1108226 #1108867 #1108938 #1109018 #1109910 #1110502 #1110503 #1110505 #111061 #1110958 #1110962 #1110978 #1111061 #1111503 #1111533 #1112059 #1112110 #1112812 #1113339 #1114530 #1114802 #1114902 #1115079 #1115192 #1115667 #1116079 #1116495 #1116606 #966641 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 92 recommended fixes can now be installed. Description: This update for documentation-suse-openstack-cloud fixes the following issues: - Update to version 8.20181203: * leftovers from revert of PR 586 (bsc#1108867) - Update to version 8.20181128: * Adding back removed space * Updating Fernet tokens for SOC8 as per TR recommendation - Update to version 8.20181121: * manila-manage log, configure back-end (bsc#1116495, 1116511) * Revert "migration guide limitation (bsc#1108867)" - Update to version 8.20181120: * Revert "migration guide limitation (bsc#1108867)" - Update to version 8.20181120: * change MariaDB recovery process * remove section restart MySQL manually (bsc#1116606) * disable automatic restart (bsc#1099140) - Update to version 8.20181116: * Update art_migration.xml * SCRD-5619 Document migration w/OVSvApp + other small updates - Update to version 8.20181116: * manila: install steps improvement (bsc#1116079) * change Cinder logging procedure (bsc#1114902) * add RabbitMQ notifications (bsc#1110958) * change IPA image names (bsc#1115192) - Update to version 8.20181115: * Percona-deploy is required to be run (bsc#1116079) - Update to version 8.20181114: * restart Crowbar manually (bsc#1069434) - Update to version 8.20181113: * skip unchanged nodes (bsc#1068928) - Update to version 8.20181112: * fix typo (bsc#1115667) - Update to version 8.20181112: * add skip-unready-nodes (bsc#1068929) - Update to version 8.20181108: * change sudo user name (bsc#1115079) * change partition name (bsc#1114802) - Update to version 8.20181106: * add PTF deployment procedure (bsc#1114530) - Update to version 8.20181102: * minimum three Galera nodes (bsc#1110962) * fix TLS disabled selection (bsc#1112812) - Update to version 8.20181031: * changes requested by Charles Wang, added comment about NetApp * remove InfoBlox section (bsc#1099377) * Document Ardana Manila usage (bsc#1112110) - Update to version 8.20181030: * add file system setup clarification (bsc#1104267) * remove Cassandra recovery section (bsc#1113339) - Update to version 8.20181023: * enable NSX-v baremetal (bsc#1103146) * remove Heat feature not supported (no bsc#) - Update to version 8.20181022: * Docs for RHEL 7.5 support (bsc#1112059) - Update to version 8.20181022: * Fix minor typo * migration guide limitation (bsc#1108867) * fix RHEL installation instructions (bsc#1111503) (bsc#1111533) * Update migration docs (bsc#1111061) - Update to version 8.20181017: * add ses-config content (bsc#1103357) * add warning about rolling reboot (bsc#111061-comment19) - Update to version 8.20181016: * Add maint/cloud_8 to branches built for susedoc.gh.io * Add latest feedback * Additional feedback from jsuchome * Fix upgrade wording * Add feedback from matthewoliver * Add more feedback * Add feddback from jsuchome * Add the remaining content * PostgreSQL to MariaDB migration. Still WIP * Add Migrate Postgre to MariaDB procedure. SCRD-5005 - Update to version 8.20181015: * remove merge conflict * PostgreSQL to MariaDB migration * update Fernet documentation (bsc#1110503) - Update to version 8.20181012: * correct filename typo (bsc#1110505) * change smt repository location (bsc#1107674) * correct link to OpenStack-scaling (bsc#1105269) * remove duplicate rabbitmq content (bsc#1104984) * add IPv6 caution (bsc#1103060) * change galera to mariadb, percona (bsc#1102630) * remove shared storage section (bsc#1110978) * change UEFI information for SLES nodes (bsc#1088518) * change user stack to ardana, /home/stack/ to ~/ (bsc#1110502) * remove Red Hat reference - Update to version 8.20181010: * change version entities in migration guide (SCRD-5138) - Update to version 8.20181009: * Add glance-rate-limiter (bsc#1104554) - Update to version 8.20181005: * Improve introduction to Installation Guide (bsc#1091218) - Update to version 8.20181005: * rearrange SLES installation instructions (bsc#1108226) * make filename uppercase (bsc#1109910) * correct file path (bsc#1103903) * increase mediasize entity reference (bsc#1085068) * remove SDK from SLES install instructions (bsc#1089358) * OpenSwan not in FWaaS or VPNaaS (bsc#1095363) - Update to version 8.20180927: * Revise migration documentation based on further testing (bsc#1109018) * change path and indentation (bsc#1105527) * change hp3par to hpe3par (bsc#1109910) * manually add networking_generic_switch pkg (bsc#1102653) * add notes about SSACLI installation requirement (bsc#1108938) * change MAC address example (bsc#1089880) * add supportconfig for HPE (bsc#1103622) * add oxygenxml config to gitignore * Add note HPE SSACLI tool not available (bsc#1108938) * Correct Neutron region references in Installation Guide (bsc#1105139) * Correct Ironic region references in Installation Guide (bsc#1105138) * Correct Magnum region references in Installation Guide (bsc#1105137) * Correct CLM region references in Planning Guide (bsc#1105136) * Correct Nova region references in Operations Guide (bsc#1105135) * Correct Logging region references in Operations Guide (bsc#1105134) * Correct Monasca region references in Operations Guide (bsc#1105133) * Correct Swift region references in Planning Guide (bsc#1105132) * Correct Swift region references in Operations Guide (bsc#1105132) * Correct Swift region references in Administration Guide (bsc#1105132) * Add note HPE SSACLI tool not available (bsc#1108938) * Keystone single region deployment (bsc#1105131) * Re-arrange mtce upgrade procedure - Update to version 8.20180924: * bsc1108867_migration-limitation (#506) * add correct column parameter * Fix file path in C8 migration script (#505) * add support information for core, non-core openstack * rearrange freezer commands-bsc#1102518 * add command to CLM update procedure * Modify instructions and process for installing stand-alone deployer * Refinement to migration docs after testing with customers (#493) * add stand alone deployer instructions * Correct name of ardana-service.service in esx guide (bsc#1108081) * clean up standalone deployer instructions * clarify wording - Update to version 8.20180910: * change zypper patch command * bsc#1106642-rewrite update instructions * remove hyphen image-list * Update Cinder deployment doc with Pure Storage FlashArray information * change command to generate UUID * Fix repo locations * Simplified procedure structure. WIP * Fix type, better working * Fix bsc#1106402 * email comment Aug28 * add command example * Section -> subsection * bsc#1105986-migration guide updates * bsc#1105984-migration guide changes * Minor fix for online docs * Add details to password generation algorithm (bsc#1103115) * Added where needed * Added note about rpm -U for migration previous RHEL systems * Add 'sudo' where necessary * Fixed entity names * RHEL doc changes requested by Keith * Syntax fixes to migration * Refinements to migration and RHEL compute documentation * Revise RHEL compute node setup process * SES/RADOS integration-bsc#1101350,bsc#1103160 * Separate RHEL compute provisioning into its own document * Maintenance update based on #1094340 * bsc#1104269-deprecated driver names * rearrange SES location * add cinder_admin command * SCRD3688 Operations Guide maintenance upgrade * no ESX migration support HOS5 to HOS8 bsc#1102978 * change sudo prompt to ardana * SCRD3791 bsc#1098711 HPE feedback * remove ilo from diagram * add first time note bsc#1104699 * remove extraneous steps * HA network services addition to PR 457 * Fix invalid XML * add installation instructions from Chris DeVita SCRD3688 * third-party-import.yml warn on venv build * Fix screenshot * More migration refinement * Further tweaks to cert handling during migration * Update migration cert file reference paths * change user from stack to ardana * Planning Guide review by Keith Berger, requested by Sheilagh * Further refinement of compute node migration instructions * Update compute node migration instructions for sles repo mgmt * Support migrations with MySQL TLS enabled * Remove Ceph refs. Fix bsc#1102129 * change stack user to ardana * Additional steps - Update to version 8.20180815: * OVSvApp Trunk port group configuration (bsc#1098440) * Need an example of the agent * Make OpenStack User & Admin Guide validate with new GeekoDoc * Adding travis files - Update to version 8.20180906: * change zypper patch command - Update to version 8.20180905: * bsc#1106642-rewrite update instructions * remove hyphen image-list * Simplified procedure structure. WIP - Update to version 8.20180901: * Update Cinder deployment doc with Pure Storage FlashArray information - Update to version 8.20180830: * change command to generate UUID * Fix repo locations - Update to version 8.20180830: * Fix type, better working * Fix bsc#1106402 - Update to version 8.20180829: * email comment Aug28 * add command example * Section -> subsection - Update to version 8.20180827: * bsc#1105986-migration guide updates * bsc#1105984-migration guide changes - Update to version 8.20180827: * Minor fix for online docs - Update to version 8.20180824: * Add details to password generation algorithm (bsc#1103115) - Update to version 8.20180824: * Added where needed * Added note about rpm -U for migration previous RHEL systems * Add 'sudo' where necessary * Fixed entity names * RHEL doc changes requested by Keith * Syntax fixes to migration * Refinements to migration and RHEL compute documentation * Revise RHEL compute node setup process * Separate RHEL compute provisioning into its own document - Update to version 8.20180822: * SES/RADOS integration-bsc#1101350,bsc#1103160 * Maintenance update based on #1094340 * bsc#1104269-deprecated driver names * rearrange SES location * no ESX migration support HOS5 to HOS8 bsc#1102978 * SCRD3791 bsc#1098711 HPE feedback - Update to version 8.20180821: * add cinder_admin command * SCRD3688 Operations Guide maintenance upgrade * change sudo prompt to ardana * HA network services addition to PR 457 - Update to version 8.20180815: * remove ilo from diagram * add first time note bsc#1104699 * remove extraneous steps - Update to version 8.20180810: * Fix invalid XML * add installation instructions from Chris DeVita SCRD3688 * third-party-import.yml warn on venv build * Fix screenshot * More migration refinement * Further tweaks to cert handling during migration * Update migration cert file reference paths * Further refinement of compute node migration instructions * Update compute node migration instructions for sles repo mgmt * Support migrations with MySQL TLS enabled * Remove Ceph refs. Fix bsc#1102129 * Additional steps - Update to version 8.20180808: * change user from stack to ardana * Planning Guide review by Keith Berger, requested by Sheilagh - Update to version 8.20180807: * change stack user to ardana - Update to version 8.20180802: * Need an example of the agent * Update art_migration.xml * Update art_migration.xml * Updates to migration docs - Update to version 8.20180801: * remove iLO reference * minor change bsc#1103083 * bsc#1088399 add ESX warning * address comments; tweak appearance * NSX edits to SCRD4207/bsc#1102309 * edits from SCRD3691-Guglo review - Update to version 8.20180802: * Document SES integration during migration workflow - Update to version 8.20180801: * Update tftpboot path to refer to 12.3 instead of 12.2 (bsc#1102550) * Remove region reference from swift doc SCRD-3936 * Add notes to create ISO mountpoints if missing bsc#1102993 - Update to version 8.20180731: * Update incorrect references to /etc/swiftlm/builder_dir SCRD-3936 * Remove references to hlm in ovsvapp setup document bsc#1102993 - Update to version 8.20180731: * optipng * Validation fixes for online docs * Add RHEL documentation reference (bsc#1099469) * Add feedback from mshah for Boot from SAN section * Fix "boot from SAN" information (bsc#1095120) - Update to version 8.20180727: * move SES blocks out of CLM * Update support matrix. Fix bsc#1076358 * SCRD4207/bsc#1102309 NSX Installation - Update to version 8.20180728: * Operations Guide Review - Freezer (SCRD-3691) - Update to version 8.20180727: * A few more fixes to compute node recovery procedure * recovery procedure for compute nodes (bsc#966641) - Update to version 8.20180726: * Update operations-tutorials-quickstart_guide.xml * Update operations-maintenance-controller-restart_controller.xml * Updated operations guide per reviewing the doc - (1) * Operations Guide Review - SCRD-3961 - Update to version 8.20180725: * Operations Guide Review - Neutron (SCRD-3961) - Update to version 8.20180725: * SCRD 3688 attached review PDF notes * Operations Guide Review - Swift (SCRD-3691) - Update to version 8.20180724: * change diagram text; change text to agree * Fixed user doc loadbalancer step * typo fixes recommended by * remove minor eon reference - Update to version 8.20180724: * fixes typos - Update to version 8.20180723: * Operations Guide Review - Orchestration (SCRD-3691) * Operations Guide Review - Metering (SCRD-3961) * Operations Guide Review - Compute (SCRD-3961) * Update operations-troubleshooting-objectstorage-recovering_builder_file.xml * Update operations-maintenance-controller-swiftrings_recovery.xml * Update operations-maintenance-controller-pit_swiftrings_recovery.xml * Backup/Restore: Fix swift restore paths (bsc#1099567) * SCRD 3709 image review * recommit cadenzajon PR - Update to version 8.20180723: * Rename DC files to match book name - Add socmmsoperator, socmosoperator and socmoverview - Update to version 8.20180721: * Update operations-central_log_access_data.xml * Update operations-monitoring-monasca_slack_plugin.xml * Update operations-monitoring-monasca_jira_plugin.xml * Update operations-configuring_check_plugins.xml * Update operations-configuring_alarm_definitions.xml * Update operations-audit_logs_enable.xml * Operations Guide Review - Logging SCRD-3961 * Operations Guide Review - Monitoring SCRD-3961 - Update to version 8.20180720: * Update operations-configuring-identity-keystone_federation.xml * Update operations-configuring-identity-configure_identity.xml * Update operations-change_service_passwords.xml * change directory name * Operations Guide Review - Identity SCRD-3961 * Minor fixes to improve consistency * bsc#1075107-SCRD3600 * ESX-OVSvApp installation-bsc#1075107-SCRD3600 - Update to version 8.20180719: * Remove dashes from ids * Add rootids to monitoring docs. Fix bsc#1101038 * Minor fixes for freezer process (bsc#1098478) * Minor fix for splunk (bsc#1101527) - Update to version 8.20180717: * Updated to clean up screens and remove duplicates for splunk (bsc#1101527) - Update to version 8.20180717: * Update art_migration.xml * Update art_migration.xml * Add required step for updating PTF repo during migration - Update to version 8.20180717: * Make replaceables more consistent * bsc#1098478-freezer restore * Remove freezer-scheduler references (bsc#1099567) * bsc#1099749-changes per attachment to bug - Update to version 8.20180706: * supersedes PR393 bsc#1098295 * Update installation-installation-ironic-cert_ramdisk.xml * Update installation-installation-ironic-cert_ramdisk.xml * SCRD-3776 clarify IPA image section - Installation Guide (bug#1098295) * Fix typo in caasp heat install * Update CaaSP image filenames, rework to make duplicate obsolete * Update reference for overview * Remove duplicate file * Update CaaSP image filenames for v3 - Update to version 8.20180712: * Fix docbook xml syntax * Fix migration instructions to work around ansible bug Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-262=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-262=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-262=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): documentation-suse-openstack-cloud-deployment-8.20181203-1.6.1 documentation-suse-openstack-cloud-supplement-8.20181203-1.6.1 documentation-suse-openstack-cloud-upstream-admin-8.20181203-1.6.1 documentation-suse-openstack-cloud-upstream-user-8.20181203-1.6.1 - SUSE OpenStack Cloud 8 (noarch): documentation-suse-openstack-cloud-installation-8.20181203-1.6.1 documentation-suse-openstack-cloud-operations-8.20181203-1.6.1 documentation-suse-openstack-cloud-opsconsole-8.20181203-1.6.1 documentation-suse-openstack-cloud-planning-8.20181203-1.6.1 documentation-suse-openstack-cloud-security-8.20181203-1.6.1 documentation-suse-openstack-cloud-supplement-8.20181203-1.6.1 documentation-suse-openstack-cloud-upstream-admin-8.20181203-1.6.1 documentation-suse-openstack-cloud-upstream-user-8.20181203-1.6.1 documentation-suse-openstack-cloud-user-8.20181203-1.6.1 - HPE Helion Openstack 8 (noarch): documentation-hpe-helion-openstack-installation-8.20181203-1.6.1 documentation-hpe-helion-openstack-operations-8.20181203-1.6.1 documentation-hpe-helion-openstack-opsconsole-8.20181203-1.6.1 documentation-hpe-helion-openstack-planning-8.20181203-1.6.1 documentation-hpe-helion-openstack-security-8.20181203-1.6.1 documentation-hpe-helion-openstack-user-8.20181203-1.6.1 References: https://bugzilla.suse.com/1068928 https://bugzilla.suse.com/1068929 https://bugzilla.suse.com/1069434 https://bugzilla.suse.com/1075107 https://bugzilla.suse.com/1076358 https://bugzilla.suse.com/1085068 https://bugzilla.suse.com/1088399 https://bugzilla.suse.com/1088518 https://bugzilla.suse.com/1089358 https://bugzilla.suse.com/1089880 https://bugzilla.suse.com/1091218 https://bugzilla.suse.com/1095120 https://bugzilla.suse.com/1095363 https://bugzilla.suse.com/1098295 https://bugzilla.suse.com/1098440 https://bugzilla.suse.com/1098478 https://bugzilla.suse.com/1098711 https://bugzilla.suse.com/1099140 https://bugzilla.suse.com/1099377 https://bugzilla.suse.com/1099469 https://bugzilla.suse.com/1099567 https://bugzilla.suse.com/1099749 https://bugzilla.suse.com/1101038 https://bugzilla.suse.com/1101350 https://bugzilla.suse.com/1101527 https://bugzilla.suse.com/1102129 https://bugzilla.suse.com/1102309 https://bugzilla.suse.com/1102518 https://bugzilla.suse.com/1102550 https://bugzilla.suse.com/1102630 https://bugzilla.suse.com/1102653 https://bugzilla.suse.com/1102978 https://bugzilla.suse.com/1102993 https://bugzilla.suse.com/1103060 https://bugzilla.suse.com/1103083 https://bugzilla.suse.com/1103115 https://bugzilla.suse.com/1103146 https://bugzilla.suse.com/1103160 https://bugzilla.suse.com/1103357 https://bugzilla.suse.com/1103622 https://bugzilla.suse.com/1103903 https://bugzilla.suse.com/1104267 https://bugzilla.suse.com/1104269 https://bugzilla.suse.com/1104554 https://bugzilla.suse.com/1104699 https://bugzilla.suse.com/1104984 https://bugzilla.suse.com/1105131 https://bugzilla.suse.com/1105132 https://bugzilla.suse.com/1105133 https://bugzilla.suse.com/1105134 https://bugzilla.suse.com/1105135 https://bugzilla.suse.com/1105136 https://bugzilla.suse.com/1105137 https://bugzilla.suse.com/1105138 https://bugzilla.suse.com/1105139 https://bugzilla.suse.com/1105269 https://bugzilla.suse.com/1105527 https://bugzilla.suse.com/1105984 https://bugzilla.suse.com/1105986 https://bugzilla.suse.com/1106402 https://bugzilla.suse.com/1106642 https://bugzilla.suse.com/1107674 https://bugzilla.suse.com/1108081 https://bugzilla.suse.com/1108226 https://bugzilla.suse.com/1108867 https://bugzilla.suse.com/1108938 https://bugzilla.suse.com/1109018 https://bugzilla.suse.com/1109910 https://bugzilla.suse.com/1110502 https://bugzilla.suse.com/1110503 https://bugzilla.suse.com/1110505 https://bugzilla.suse.com/111061 https://bugzilla.suse.com/1110958 https://bugzilla.suse.com/1110962 https://bugzilla.suse.com/1110978 https://bugzilla.suse.com/1111061 https://bugzilla.suse.com/1111503 https://bugzilla.suse.com/1111533 https://bugzilla.suse.com/1112059 https://bugzilla.suse.com/1112110 https://bugzilla.suse.com/1112812 https://bugzilla.suse.com/1113339 https://bugzilla.suse.com/1114530 https://bugzilla.suse.com/1114802 https://bugzilla.suse.com/1114902 https://bugzilla.suse.com/1115079 https://bugzilla.suse.com/1115192 https://bugzilla.suse.com/1115667 https://bugzilla.suse.com/1116079 https://bugzilla.suse.com/1116495 https://bugzilla.suse.com/1116606 https://bugzilla.suse.com/966641 From sle-updates at lists.suse.com Wed Feb 6 07:54:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:54:23 +0100 (CET) Subject: SUSE-SU-2019:0249-1: important: Security update for curl Message-ID: <20190206145423.55CF2FD0D@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0249-1 Rating: important References: #1123371 #1123377 #1123378 Cross-References: CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-249=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-249=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-249=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-249=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-249=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-249=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-249=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-249=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-249=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-249=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-249=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-32bit-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl-devel-7.37.0-37.34.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libcurl4-32bit-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libcurl4-32bit-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-32bit-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-32bit-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Enterprise Storage 4 (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-32bit-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE CaaS Platform ALL (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE CaaS Platform 3.0 (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 References: https://www.suse.com/security/cve/CVE-2018-16890.html https://www.suse.com/security/cve/CVE-2019-3822.html https://www.suse.com/security/cve/CVE-2019-3823.html https://bugzilla.suse.com/1123371 https://bugzilla.suse.com/1123377 https://bugzilla.suse.com/1123378 From sle-updates at lists.suse.com Wed Feb 6 10:09:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 18:09:18 +0100 (CET) Subject: SUSE-RU-2019:13942-1: moderate: Recommended update for microcode_ctl Message-ID: <20190206170918.F268CFD09@maintenance.suse.de> SUSE Recommended Update: Recommended update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13942-1 Rating: moderate References: #1104479 #1123647 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for microcode_ctl fixes the following issues: - Also include the Xeon(R) CPU E5-2698 v4 microcode (bsc#1123647) - updated to 20180807a, no change except the licensing was clarified. (bsc#1104479) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-microcode_ctl-13942=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): microcode_ctl-1.17-102.83.30.1 References: https://bugzilla.suse.com/1104479 https://bugzilla.suse.com/1123647 From sle-updates at lists.suse.com Wed Feb 6 10:10:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 18:10:03 +0100 (CET) Subject: SUSE-RU-2019:0268-1: moderate: Recommended update for python-docker-py, python-docker-pycreds Message-ID: <20190206171003.C0C60FD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-docker-py, python-docker-pycreds ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0268-1 Rating: moderate References: #1112174 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-docker-py, python-docker-pycreds fixes the following issues: python-docker-py was updated to 1.10.6 (fate#326660) bringing new features and bugfixes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-268=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-docker-py-1.10.6-29.3.1 python-docker-pycreds-0.2.1-2.3.1 References: https://bugzilla.suse.com/1112174 From sle-updates at lists.suse.com Wed Feb 6 13:09:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 21:09:19 +0100 (CET) Subject: SUSE-SU-2019:0271-1: moderate: Security update for python Message-ID: <20190206200919.112DCFF7D@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0271-1 Rating: moderate References: #1122191 Cross-References: CVE-2019-5010 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-271=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-271=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-271=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.6.1 python-debugsource-2.7.14-7.6.1 python-demo-2.7.14-7.6.1 python-idle-2.7.14-7.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-doc-2.7.14-7.6.1 python-doc-pdf-2.7.14-7.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.6.1 python-debugsource-2.7.14-7.6.1 python-tk-2.7.14-7.6.1 python-tk-debuginfo-2.7.14-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.6.1 libpython2_7-1_0-debuginfo-2.7.14-7.6.1 python-2.7.14-7.6.1 python-base-2.7.14-7.6.1 python-base-debuginfo-2.7.14-7.6.1 python-base-debugsource-2.7.14-7.6.1 python-curses-2.7.14-7.6.1 python-curses-debuginfo-2.7.14-7.6.1 python-debuginfo-2.7.14-7.6.1 python-debugsource-2.7.14-7.6.1 python-devel-2.7.14-7.6.1 python-gdbm-2.7.14-7.6.1 python-gdbm-debuginfo-2.7.14-7.6.1 python-xml-2.7.14-7.6.1 python-xml-debuginfo-2.7.14-7.6.1 References: https://www.suse.com/security/cve/CVE-2019-5010.html https://bugzilla.suse.com/1122191 From sle-updates at lists.suse.com Wed Feb 6 13:10:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 21:10:17 +0100 (CET) Subject: SUSE-RU-2019:0270-1: important: Recommended update for mariadb-connector-c Message-ID: <20190206201017.99613FF79@maintenance.suse.de> SUSE Recommended Update: Recommended update for mariadb-connector-c ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0270-1 Rating: important References: #1097938 #1116686 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mariadb-connector-c fixes the following issues: - Update to version 3.0.7 (bsc#1116686) - Fixed installation issue where libmysqlclient.so.18 link was missing (bsc#1097938). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-270=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-270=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libmariadb-devel-3.0.7-3.3.1 libmariadb-devel-debuginfo-3.0.7-3.3.1 libmariadb_plugins-3.0.7-3.3.1 libmariadb_plugins-debuginfo-3.0.7-3.3.1 mariadb-connector-c-debugsource-3.0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libmariadb3-3.0.7-3.3.1 libmariadb3-debuginfo-3.0.7-3.3.1 libmariadbprivate-3.0.7-3.3.1 libmariadbprivate-debuginfo-3.0.7-3.3.1 mariadb-connector-c-debugsource-3.0.7-3.3.1 References: https://bugzilla.suse.com/1097938 https://bugzilla.suse.com/1116686 From sle-updates at lists.suse.com Wed Feb 6 13:11:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 21:11:48 +0100 (CET) Subject: SUSE-SU-2019:0272-1: moderate: Security update for rmt-server Message-ID: <20190206201148.A4516FF79@maintenance.suse.de> SUSE Security Update: Security update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0272-1 Rating: moderate References: #1102046 #1102193 #1109307 #1113760 #1113969 #1114831 #1117106 #1118579 #1118584 Cross-References: CVE-2018-14404 CVE-2018-16468 CVE-2018-16470 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has 6 fixes is now available. Description: This update for rmt-server to version 1.1.1 fixes the following issues: The following issues have been fixed: - Fixed migration problems which caused some extensions / modules to be dropped (bsc#1118584, bsc#1118579) - Fixed listing of mirrored products (bsc#1102193) - Include online migration paths into offline migration (bsc#1117106) - Sync products that do not have a base product (bsc#1109307) - Fixed SLP auto discovery for RMT (bsc#1113760) Update dependencies for security fixes: - CVE-2018-16468: Update loofah to 2.2.3 (bsc#1113969) - CVE-2018-16470: Update rack to 2.0.6 (bsc#1114831) - CVE-2018-14404: Update nokogiri to 1.8.5 (bsc#1102046) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-272=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): rmt-server-1.1.1-3.13.1 rmt-server-debuginfo-1.1.1-3.13.1 References: https://www.suse.com/security/cve/CVE-2018-14404.html https://www.suse.com/security/cve/CVE-2018-16468.html https://www.suse.com/security/cve/CVE-2018-16470.html https://bugzilla.suse.com/1102046 https://bugzilla.suse.com/1102193 https://bugzilla.suse.com/1109307 https://bugzilla.suse.com/1113760 https://bugzilla.suse.com/1113969 https://bugzilla.suse.com/1114831 https://bugzilla.suse.com/1117106 https://bugzilla.suse.com/1118579 https://bugzilla.suse.com/1118584 From sle-updates at lists.suse.com Wed Feb 6 13:13:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 21:13:37 +0100 (CET) Subject: SUSE-RU-2019:0274-1: moderate: Recommended update for salt containers Message-ID: <20190206201337.E5711FF7D@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt containers ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0274-1 Rating: moderate References: #1120106 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the salt containers fixes the following issues: - salt container shows errors (bsc#1120106) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): sles12-salt-api-image-3.1.1-3.6.2 sles12-salt-master-image-3.1.1-4.6.2 sles12-salt-minion-image-3.1.1-3.6.2 References: https://bugzilla.suse.com/1120106 From sle-updates at lists.suse.com Wed Feb 6 13:14:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Feb 2019 21:14:15 +0100 (CET) Subject: SUSE-SU-2019:0273-1: important: Security update for MozillaFirefox Message-ID: <20190206201415.E2BB9FF79@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0273-1 Rating: important References: #1119069 #1120374 #1122983 Cross-References: CVE-2018-12404 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issues fixed: - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: - Update to MozillaFirefox ESR 60.5.0 - Update to mozilla-nss 3.41.1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-273=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-273=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-273=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.5.0-3.24.2 MozillaFirefox-debuginfo-60.5.0-3.24.2 MozillaFirefox-debugsource-60.5.0-3.24.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.5.0-3.24.2 MozillaFirefox-debuginfo-60.5.0-3.24.2 MozillaFirefox-debugsource-60.5.0-3.24.2 MozillaFirefox-devel-60.5.0-3.24.2 MozillaFirefox-translations-common-60.5.0-3.24.2 MozillaFirefox-translations-other-60.5.0-3.24.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libfreebl3-3.41.1-3.13.1 libfreebl3-debuginfo-3.41.1-3.13.1 libfreebl3-hmac-3.41.1-3.13.1 libsoftokn3-3.41.1-3.13.1 libsoftokn3-debuginfo-3.41.1-3.13.1 libsoftokn3-hmac-3.41.1-3.13.1 mozilla-nss-3.41.1-3.13.1 mozilla-nss-certs-3.41.1-3.13.1 mozilla-nss-certs-debuginfo-3.41.1-3.13.1 mozilla-nss-debuginfo-3.41.1-3.13.1 mozilla-nss-debugsource-3.41.1-3.13.1 mozilla-nss-devel-3.41.1-3.13.1 mozilla-nss-sysinit-3.41.1-3.13.1 mozilla-nss-sysinit-debuginfo-3.41.1-3.13.1 mozilla-nss-tools-3.41.1-3.13.1 mozilla-nss-tools-debuginfo-3.41.1-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libfreebl3-32bit-3.41.1-3.13.1 libfreebl3-32bit-debuginfo-3.41.1-3.13.1 libfreebl3-hmac-32bit-3.41.1-3.13.1 libsoftokn3-32bit-3.41.1-3.13.1 libsoftokn3-32bit-debuginfo-3.41.1-3.13.1 libsoftokn3-hmac-32bit-3.41.1-3.13.1 mozilla-nss-32bit-3.41.1-3.13.1 mozilla-nss-32bit-debuginfo-3.41.1-3.13.1 mozilla-nss-certs-32bit-3.41.1-3.13.1 mozilla-nss-certs-32bit-debuginfo-3.41.1-3.13.1 References: https://www.suse.com/security/cve/CVE-2018-12404.html https://www.suse.com/security/cve/CVE-2018-18500.html https://www.suse.com/security/cve/CVE-2018-18501.html https://www.suse.com/security/cve/CVE-2018-18505.html https://bugzilla.suse.com/1119069 https://bugzilla.suse.com/1120374 https://bugzilla.suse.com/1122983 From sle-updates at lists.suse.com Wed Feb 6 16:09:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Feb 2019 00:09:07 +0100 (CET) Subject: SUSE-RU-2019:0275-1: moderate: Recommended update for velum Message-ID: <20190206230907.5F165FF79@maintenance.suse.de> SUSE Recommended Update: Recommended update for velum ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0275-1 Rating: moderate References: #1117152 #1121459 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for velum provides the following: - Complete OIDC connector support (fate#324601) - prevent removing minions in the public cloud (bsc#1117152) - expose pillars managing kubernetes extra args (bsc#1121459) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r910_36c0b42-3.42.1 - SUSE CaaS Platform 3.0 (x86_64): sles12-velum-image-3.1.8-3.30.2 References: https://bugzilla.suse.com/1117152 https://bugzilla.suse.com/1121459 From sle-updates at lists.suse.com Wed Feb 6 16:09:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Feb 2019 00:09:51 +0100 (CET) Subject: SUSE-RU-2019:0280-1: moderate: Recommended update for libvirt Message-ID: <20190206230951.5F106FF79@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0280-1 Rating: moderate References: #1081516 #1104203 #1104249 #1104662 #1106420 #1108086 #1119588 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for libvirt fixes the following issues: Non-security issues fixed: - qemu: set microcode value before writing capabilities cache (bsc#1119588) - qemu: fix incorrect signature usage in manual backport (bsc#1119588) - qemu: only support raw format in DomainBlockPeek API (bsc#1104249) - libxl: add support for soft reset (bsc#1081516) - libxl: fix VM migration on busy hosts (bsc#1108086) - util: don't check for parallel iteration in hash-related functions (bsc#1106420) - nwfilter: fix potential libvirtd deadlock when shutting down a VM with traffic filters (bsc#1104203) - spec: don't restart libvirt-guests when updating libvirt-client (bsc#1104662) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-280=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-280=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-280=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-3.3.0-5.25.1 libvirt-devel-3.3.0-5.25.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-3.3.0-5.25.1 libvirt-admin-3.3.0-5.25.1 libvirt-admin-debuginfo-3.3.0-5.25.1 libvirt-client-3.3.0-5.25.1 libvirt-client-debuginfo-3.3.0-5.25.1 libvirt-daemon-3.3.0-5.25.1 libvirt-daemon-config-network-3.3.0-5.25.1 libvirt-daemon-config-nwfilter-3.3.0-5.25.1 libvirt-daemon-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-interface-3.3.0-5.25.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-lxc-3.3.0-5.25.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-network-3.3.0-5.25.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-nodedev-3.3.0-5.25.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-nwfilter-3.3.0-5.25.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-qemu-3.3.0-5.25.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-secret-3.3.0-5.25.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-storage-3.3.0-5.25.1 libvirt-daemon-driver-storage-core-3.3.0-5.25.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-storage-disk-3.3.0-5.25.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.25.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-storage-logical-3.3.0-5.25.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.25.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.25.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.25.1 libvirt-daemon-hooks-3.3.0-5.25.1 libvirt-daemon-lxc-3.3.0-5.25.1 libvirt-daemon-qemu-3.3.0-5.25.1 libvirt-debugsource-3.3.0-5.25.1 libvirt-doc-3.3.0-5.25.1 libvirt-libs-3.3.0-5.25.1 libvirt-libs-debuginfo-3.3.0-5.25.1 libvirt-lock-sanlock-3.3.0-5.25.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.25.1 libvirt-nss-3.3.0-5.25.1 libvirt-nss-debuginfo-3.3.0-5.25.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-3.3.0-5.25.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.25.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.25.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.25.1 libvirt-daemon-xen-3.3.0-5.25.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvirt-3.3.0-5.25.1 libvirt-admin-3.3.0-5.25.1 libvirt-admin-debuginfo-3.3.0-5.25.1 libvirt-client-3.3.0-5.25.1 libvirt-client-debuginfo-3.3.0-5.25.1 libvirt-daemon-3.3.0-5.25.1 libvirt-daemon-config-network-3.3.0-5.25.1 libvirt-daemon-config-nwfilter-3.3.0-5.25.1 libvirt-daemon-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-interface-3.3.0-5.25.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-libxl-3.3.0-5.25.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-lxc-3.3.0-5.25.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-network-3.3.0-5.25.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-nodedev-3.3.0-5.25.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-nwfilter-3.3.0-5.25.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-qemu-3.3.0-5.25.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-secret-3.3.0-5.25.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-storage-3.3.0-5.25.1 libvirt-daemon-driver-storage-core-3.3.0-5.25.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-storage-disk-3.3.0-5.25.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.25.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-storage-logical-3.3.0-5.25.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.25.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.25.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.25.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.25.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.25.1 libvirt-daemon-lxc-3.3.0-5.25.1 libvirt-daemon-qemu-3.3.0-5.25.1 libvirt-daemon-xen-3.3.0-5.25.1 libvirt-debugsource-3.3.0-5.25.1 libvirt-doc-3.3.0-5.25.1 libvirt-libs-3.3.0-5.25.1 libvirt-libs-debuginfo-3.3.0-5.25.1 References: https://bugzilla.suse.com/1081516 https://bugzilla.suse.com/1104203 https://bugzilla.suse.com/1104249 https://bugzilla.suse.com/1104662 https://bugzilla.suse.com/1106420 https://bugzilla.suse.com/1108086 https://bugzilla.suse.com/1119588 From sle-updates at lists.suse.com Wed Feb 6 19:08:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Feb 2019 03:08:58 +0100 (CET) Subject: SUSE-RU-2019:0276-1: moderate: Recommended update for rollback-helper Message-ID: <20190207020858.85235FF7D@maintenance.suse.de> SUSE Recommended Update: Recommended update for rollback-helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0276-1 Rating: moderate References: #1108618 #1113048 #1115555 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rollback-helper fixes the following issues: - Added handling for separate /var subvolumes (bsc#1115555) - Run before any other services calling zypper (bsc#1113048) - Retry network connection if it doesn't work yet (bsc#1108618) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-276=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): rollback-helper-1.0+git20181218.5394d6e-4.3.1 References: https://bugzilla.suse.com/1108618 https://bugzilla.suse.com/1113048 https://bugzilla.suse.com/1115555 From sle-updates at lists.suse.com Wed Feb 6 19:10:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Feb 2019 03:10:06 +0100 (CET) Subject: SUSE-RU-2019:0279-1: moderate: Recommended update for kiwi Message-ID: <20190207021006.4A8A0FF79@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0279-1 Rating: moderate References: #1003091 #1008898 #1009032 #1029904 #1036198 #1039469 #1047291 #1059715 #1066873 #1071135 #1075810 #1075813 #1095856 #1108837 #1116729 #1118306 #984158 #997085 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has 18 recommended fixes can now be installed. Description: This update for kiwi fixes the following issues: - This version upgrade is on behalf of fate#326575 and bsc#1108837 - Revert "Fixup kiwi-tools requirement". (bsc#1118306) - Replace 'ifplugd' with 'auto' in STARTMODE (#670). (bsc#1116729) - Clear the terminal I/O before dialog. (bsc#1095856) - Keep Infiniband drivers in the initrd. - Fixup elog shell pid detection. (bsc#1075813) - Set serial console configuration for grub for ec2 firmware and vhd-fixed format (#664). (bsc#1071135) - Build initrd for every single kernel installed using dracut. (bsc#1075810) - Fixed blocksize setup in losetup. (bsc#1066873) - Fixup kiwi-tools requirement. (bsc#1047291) - Fix vmdk disk convertion when using LVM. (bsc#1059715) - Do not include any suffix to the displayname value. (bsc#1029904) - Follow up spec file fix for kiwi-pxeboot build. (bsc#1047291) - Limit creation of kiwi-pxeboot sub package. (bsc#1047291) - Limit creation of kiwi-tools sub package. (bsc#1047291) - Fixes OEM deployments on a free partition. (bsc#1039469) - Fixed detection of Xen PV guest. (bsc#1036198) - Fixed release network using ip tool. (bsc#1003091) - Move bootloader_cmdline to etc. (bsc#1009032) - Lazy umount for the chrooted environment. (bsc#1008898) - Add reading of kernel boot params from grub.cfg. (bsc#1009032) - Solving some broken dialogs. (bsc#997085) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-279=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-279=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kiwi-instsource-7.04.47-72.31.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kiwi-7.04.47-72.31.1 kiwi-desc-oemboot-7.04.47-72.31.1 kiwi-desc-vmxboot-7.04.47-72.31.1 kiwi-templates-7.04.47-72.31.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): kiwi-desc-netboot-7.04.47-72.31.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): kiwi-desc-isoboot-7.04.47-72.31.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kiwi-doc-7.04.47-72.31.1 References: https://bugzilla.suse.com/1003091 https://bugzilla.suse.com/1008898 https://bugzilla.suse.com/1009032 https://bugzilla.suse.com/1029904 https://bugzilla.suse.com/1036198 https://bugzilla.suse.com/1039469 https://bugzilla.suse.com/1047291 https://bugzilla.suse.com/1059715 https://bugzilla.suse.com/1066873 https://bugzilla.suse.com/1071135 https://bugzilla.suse.com/1075810 https://bugzilla.suse.com/1075813 https://bugzilla.suse.com/1095856 https://bugzilla.suse.com/1108837 https://bugzilla.suse.com/1116729 https://bugzilla.suse.com/1118306 https://bugzilla.suse.com/984158 https://bugzilla.suse.com/997085 From sle-updates at lists.suse.com Wed Feb 6 19:13:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Feb 2019 03:13:38 +0100 (CET) Subject: SUSE-RU-2019:0278-1: moderate: Recommended update for systemtap Message-ID: <20190207021338.5A76BFF7D@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemtap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0278-1 Rating: moderate References: #1090047 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemtap fixes the following issues: - Fix glib2 is now built with SDT markers. (bsc#1090047) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-278=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): systemtap-3.2-7.3.2 systemtap-debuginfo-3.2-7.3.2 systemtap-debugsource-3.2-7.3.2 systemtap-headers-3.2-7.3.2 systemtap-runtime-3.2-7.3.2 systemtap-runtime-debuginfo-3.2-7.3.2 systemtap-sdt-devel-3.2-7.3.2 systemtap-server-3.2-7.3.2 systemtap-server-debuginfo-3.2-7.3.2 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): systemtap-docs-3.2-7.3.2 References: https://bugzilla.suse.com/1090047 From sle-updates at lists.suse.com Wed Feb 6 19:14:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Feb 2019 03:14:40 +0100 (CET) Subject: SUSE-RU-2019:0277-1: moderate: Recommended update for ipmctl Message-ID: <20190207021440.E234BFF79@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0277-1 Rating: moderate References: #1091108 #1111020 #1116404 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ipmctl fixes the following issues: ipmctl was updated to v01.00.00.3394+ [FATE#326756, FATE#326917, FATE#326918] [bsc#1116404, bsc#1091108] This is required for current NVDIMM devices. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-277=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): ipmctl-01.00.00.3394-1.3.1 ipmctl-debuginfo-01.00.00.3394-1.3.1 ipmctl-debugsource-01.00.00.3394-1.3.1 ipmctl-devel-01.00.00.3394-1.3.1 ipmctl-monitor-01.00.00.3394-1.3.1 ipmctl-monitor-debuginfo-01.00.00.3394-1.3.1 References: https://bugzilla.suse.com/1091108 https://bugzilla.suse.com/1111020 https://bugzilla.suse.com/1116404 From sle-updates at lists.suse.com Thu Feb 7 10:09:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Feb 2019 18:09:07 +0100 (CET) Subject: SUSE-SU-2019:0285-1: moderate: Security update for avahi Message-ID: <20190207170907.C44E2FCB4@maintenance.suse.de> SUSE Security Update: Security update for avahi ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0285-1 Rating: moderate References: #1120281 Cross-References: CVE-2018-1000845 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-285=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-285=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-285=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-285=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.6.32-5.3.1 avahi-debugsource-0.6.32-5.3.1 python-avahi-0.6.32-5.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.6.32-5.3.1 avahi-debugsource-0.6.32-5.3.1 avahi-glib2-debugsource-0.6.32-5.3.1 python-avahi-0.6.32-5.3.1 python-avahi-gtk-0.6.32-5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): avahi-autoipd-0.6.32-5.3.1 avahi-autoipd-debuginfo-0.6.32-5.3.1 avahi-debuginfo-0.6.32-5.3.1 avahi-debugsource-0.6.32-5.3.1 avahi-glib2-debugsource-0.6.32-5.3.1 avahi-utils-gtk-0.6.32-5.3.1 avahi-utils-gtk-debuginfo-0.6.32-5.3.1 libavahi-gobject-devel-0.6.32-5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): avahi-32bit-debuginfo-0.6.32-5.3.1 libavahi-client3-32bit-0.6.32-5.3.1 libavahi-client3-32bit-debuginfo-0.6.32-5.3.1 libavahi-common3-32bit-0.6.32-5.3.1 libavahi-common3-32bit-debuginfo-0.6.32-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): avahi-0.6.32-5.3.1 avahi-compat-howl-devel-0.6.32-5.3.1 avahi-compat-mDNSResponder-devel-0.6.32-5.3.1 avahi-debuginfo-0.6.32-5.3.1 avahi-debugsource-0.6.32-5.3.1 avahi-glib2-debugsource-0.6.32-5.3.1 avahi-utils-0.6.32-5.3.1 avahi-utils-debuginfo-0.6.32-5.3.1 libavahi-client3-0.6.32-5.3.1 libavahi-client3-debuginfo-0.6.32-5.3.1 libavahi-common3-0.6.32-5.3.1 libavahi-common3-debuginfo-0.6.32-5.3.1 libavahi-core7-0.6.32-5.3.1 libavahi-core7-debuginfo-0.6.32-5.3.1 libavahi-devel-0.6.32-5.3.1 libavahi-glib-devel-0.6.32-5.3.1 libavahi-glib1-0.6.32-5.3.1 libavahi-glib1-debuginfo-0.6.32-5.3.1 libavahi-gobject0-0.6.32-5.3.1 libavahi-gobject0-debuginfo-0.6.32-5.3.1 libavahi-ui-gtk3-0-0.6.32-5.3.1 libavahi-ui-gtk3-0-debuginfo-0.6.32-5.3.1 libavahi-ui0-0.6.32-5.3.1 libavahi-ui0-debuginfo-0.6.32-5.3.1 libdns_sd-0.6.32-5.3.1 libdns_sd-debuginfo-0.6.32-5.3.1 libhowl0-0.6.32-5.3.1 libhowl0-debuginfo-0.6.32-5.3.1 typelib-1_0-Avahi-0_6-0.6.32-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): avahi-lang-0.6.32-5.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000845.html https://bugzilla.suse.com/1120281 From sle-updates at lists.suse.com Thu Feb 7 10:09:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Feb 2019 18:09:41 +0100 (CET) Subject: SUSE-SU-2019:0286-1: moderate: Security update for docker Message-ID: <20190207170941.DAEADFCB4@maintenance.suse.de> SUSE Security Update: Security update for docker ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0286-1 Rating: moderate References: #1001161 #1112980 #1115464 #1118897 #1118898 #1118899 #1118990 #1121412 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues: Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: - CVE-2018-16873: cmd/go: remote command execution during "go get -u" (bsc#1118897) - CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces in import paths (bsc#1118898) - CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899) Non-security issues fixed for docker: - Disable leap based builds for kubic flavor (bsc#1121412) - Allow users to explicitly specify the NIS domainname of a container (bsc#1001161) - Update docker.service to match upstream and avoid rlimit problems (bsc#1112980) - Allow docker images larger then 23GB (bsc#1118990) - Docker version update to version 18.09.0-ce (bsc#1115464) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-286=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-286=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): containerd-ctr-1.1.2-5.6.1 docker-debuginfo-18.09.0_ce-6.11.2 docker-debugsource-18.09.0_ce-6.11.2 docker-test-18.09.0_ce-6.11.2 docker-test-debuginfo-18.09.0_ce-6.11.2 golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): containerd-test-1.1.2-5.6.1 docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1 docker-zsh-completion-18.09.0_ce-6.11.2 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): containerd-1.1.2-5.6.1 docker-18.09.0_ce-6.11.2 docker-debuginfo-18.09.0_ce-6.11.2 docker-debugsource-18.09.0_ce-6.11.2 docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2704_6da50d197830-4.6.1 docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1 docker-runc-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1 - SUSE Linux Enterprise Module for Containers 15 (noarch): docker-bash-completion-18.09.0_ce-6.11.2 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://bugzilla.suse.com/1001161 https://bugzilla.suse.com/1112980 https://bugzilla.suse.com/1115464 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 https://bugzilla.suse.com/1118990 https://bugzilla.suse.com/1121412 From sle-updates at lists.suse.com Thu Feb 7 10:11:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Feb 2019 18:11:18 +0100 (CET) Subject: SUSE-SU-2019:13943-1: important: Security update for spice Message-ID: <20190207171118.E7A40FCB4@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13943-1 Rating: important References: #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed an out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-spice-13943=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-spice-13943=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-spice-13943=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libspice-server-devel-0.12.4-18.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): libspice-server1-0.12.4-18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): spice-debuginfo-0.12.4-18.1 spice-debugsource-0.12.4-18.1 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1122706 From sle-updates at lists.suse.com Thu Feb 7 10:11:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Feb 2019 18:11:55 +0100 (CET) Subject: SUSE-SU-2019:0284-1: moderate: Security update for libunwind Message-ID: <20190207171155.64A7FFCB4@maintenance.suse.de> SUSE Security Update: Security update for libunwind ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0284-1 Rating: moderate References: #1122012 #936786 #976955 Cross-References: CVE-2015-3239 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libunwind fixes the following issues: Security issues fixed: - CVE-2015-3239: Fixed a off-by-one in the dwarf_to_unw_regnum function (bsc#936786) Non-security issues fixed: - Fixed a dependency issue with libzmq5 (bsc#1122012) - Fixed build on armv7 (bsc#976955) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-284=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-284=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-284=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-284=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-284=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-284=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le x86_64): libunwind-debuginfo-1.1-11.3.1 libunwind-debugsource-1.1-11.3.1 libunwind-devel-1.1-11.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le x86_64): libunwind-debuginfo-1.1-11.3.1 libunwind-debugsource-1.1-11.3.1 libunwind-devel-1.1-11.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le x86_64): libunwind-1.1-11.3.1 libunwind-debuginfo-1.1-11.3.1 libunwind-debugsource-1.1-11.3.1 libunwind-devel-1.1-11.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le x86_64): libunwind-1.1-11.3.1 libunwind-debuginfo-1.1-11.3.1 libunwind-debugsource-1.1-11.3.1 libunwind-devel-1.1-11.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libunwind-1.1-11.3.1 libunwind-debuginfo-1.1-11.3.1 libunwind-debugsource-1.1-11.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libunwind-1.1-11.3.1 libunwind-debuginfo-1.1-11.3.1 libunwind-debugsource-1.1-11.3.1 References: https://www.suse.com/security/cve/CVE-2015-3239.html https://bugzilla.suse.com/1122012 https://bugzilla.suse.com/936786 https://bugzilla.suse.com/976955 From sle-updates at lists.suse.com Thu Feb 7 10:12:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Feb 2019 18:12:47 +0100 (CET) Subject: SUSE-SU-2019:0283-1: critical: Security update for LibVNCServer Message-ID: <20190207171247.E3B7FFCB4@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0283-1 Rating: critical References: #1123823 #1123828 #1123832 Cross-References: CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-283=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-283=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-283=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): LibVNCServer-debugsource-0.9.10-4.6.1 libvncclient0-0.9.10-4.6.1 libvncclient0-debuginfo-0.9.10-4.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.6.1 libvncserver0-0.9.10-4.6.1 libvncserver0-debuginfo-0.9.10-4.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.6.1 LibVNCServer-devel-0.9.10-4.6.1 libvncserver0-0.9.10-4.6.1 libvncserver0-debuginfo-0.9.10-4.6.1 References: https://www.suse.com/security/cve/CVE-2018-20748.html https://www.suse.com/security/cve/CVE-2018-20749.html https://www.suse.com/security/cve/CVE-2018-20750.html https://bugzilla.suse.com/1123823 https://bugzilla.suse.com/1123828 https://bugzilla.suse.com/1123832 From sle-updates at lists.suse.com Fri Feb 8 07:08:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Feb 2019 15:08:57 +0100 (CET) Subject: SUSE-RU-2019:0290-1: moderate: Recommended update for raspberrypi-firmware-dt Message-ID: <20190208140857.7B850FD43@maintenance.suse.de> SUSE Recommended Update: Recommended update for raspberrypi-firmware-dt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0290-1 Rating: moderate References: #1116751 #1122118 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for raspberrypi-firmware-dt fixes the following issues: - Add overlay to fix activity led (bsc#1116751) - Updates the touchscreens overlay to support both downstream and upstream versions of the driver (FATE#326921 bsc#1122118) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-290=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): raspberrypi-firmware-dt-2018.03.14-3.7.1 References: https://bugzilla.suse.com/1116751 https://bugzilla.suse.com/1122118 From sle-updates at lists.suse.com Fri Feb 8 10:08:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Feb 2019 18:08:49 +0100 (CET) Subject: SUSE-RU-2019:13949-1: important: Security update for the Linux Kernel Message-ID: <20190208170849.03080FD43@maintenance.suse.de> SUSE Recommended Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13949-1 Rating: important References: #1086695 #1094244 #1104098 #1105799 #1109330 #1109806 #1112963 #1114440 #1114672 #1114920 #1115007 #1115038 #1115827 #1115828 #1115829 #1115830 #1115831 #1115832 #1115833 #1115834 #1115835 #1115836 #1115837 #1115838 #1115839 #1115840 #1115841 #1115842 #1115843 #1115844 #1116888 #1117042 #1117796 #1117802 #1117805 #1117806 #1118760 #1120056 #1120077 #1120086 #1120093 #1120094 #1120105 #1120107 #1120109 #1120217 #1120223 #1120226 #1120336 #1120347 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 50 recommended fixes can now be installed. Description: The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various bugfixes. The following non-security bugs were fixed: - aacraid: Fix memory leak in aac_fib_map_free (bsc#1115827). - arcmsr: upper 32 of dma address lost (bsc#1115828). - block/swim: Fix array bounds check (Git-fix). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - Fix breakage in nfs-idmap-hang.fix (bsc#1105799, bsc#1117042). - fuse: Add missed unlock_page() to fuse_readpages_fill() (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: Fix oops at process_init_reply() (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: umount should wait for all requests (git-fixes). - megaraid_sas: Fix probing cards without io port (bsc#1115829). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114440, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114440, LTC#172679). - NFS: Do not drop CB requests with invalid principals (git-fixes). - NFSv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args (git-fixes). - nlm: Ensure callback code also checks that the files match (git-fixes). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1109806). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - Revert "NFS: Make close(2) asynchronous when closing NFS O_DIRECT files" (git-fixes). - ring-buffer: Always reset iterator to reader page (bsc#1120107). - ring-buffer: Fix first commit on sub-buffer having non-zero delta (bsc#1120077). - ring-buffer: Fix infinite spin in reading buffer (bsc#1120107). - ring-buffer: Have ring_buffer_iter_empty() return true when empty (bsc#1120107). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - ring-buffer: Up rb_iter_peek() loop count to 3 (bsc#1120105). - s390: always save and restore all registers on context switch (git-fixes). - s390/decompressor: fix initrd corruption caused by bss clear (git-fixes). - s390/qdio: do not release memory in qdio_setup_irq() (git-fixes). - s390/qdio: reset old sbal_state flags (bnc#1114440, LTC#171525). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114440, LTC#172682). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114440, LTC#172682). - scsi: aacraid: Fix typo in blink status (bsc#1115830). - scsi: aacraid: Reorder Adapter status check (bsc#1115830). - scsi: aic94xx: fix an error code in aic94xx_init() (bsc#1115831). - scsi: bfa: integer overflow in debugfs (bsc#1115832). - scsi: esp_scsi: Track residual for PIO transfers (bsc#1115833). - scsi: fas216: fix sense buffer initialization (bsc#1115834). - scsi: libfc: Revert " libfc: use offload EM instance again instead jumping to next EM" (bsc#1115835). - scsi: libsas: fix ata xfer length (bsc#1115836). - scsi: libsas: fix error when getting phy events (bsc#1115837). - scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function (bsc#1115838). - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (bsc#1115839). - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (bsc#1115839). - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1115840). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1115841). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1115842). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (bsc#1115843). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (git-fixes). - sg: fix dxferp in from_to case (bsc#1115844). - svc: Avoid garbage replies when pc_func() returns rpc_drop_reply (git-fixes). - svcrpc: do not leak contexts on PROC_DESTROY (git-fixes). - tracepoints: Do not trace when cpu is offline (bsc#1120109). - tracing: Add #undef to fix compile error (bsc#1120226). - tracing: Allow events to have NULL strings (bsc#1120056). - tracing: Do not add event files for modules that fail tracepoints (bsc#1120086). - tracing: Fix check for cpu online when event is disabled (bsc#1120109). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing/kprobes: Allow to create probe with a module name starting with a digit (bsc#1120336). - tracing: Move mutex to protect against resetting of seq data (bsc#1120217). - tracing: probeevent: Fix to support minus offset from symbol (bsc#1120347). - USB: keyspan: fix overrun-error reporting (bsc#1114672). - USB: keyspan: fix tty line-status reporting (bsc#1114672). - USB: option: fix Cinterion AHxx enumeration (bsc#1114672). - USB: serial: cyberjack: fix NULL-deref at open (bsc#1114672). - USB: serial: io_ti: fix NULL-deref at open (bsc#1114672). - USB: serial: keyspan_pda: verify endpoints at probe (bsc#1114672). - USB: serial: kl5kusb105: abort on open exception path (bsc#1114672). - USB: serial: kl5kusb105: fix open error path (bsc#1114672). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1114920). - xfs: stop searching for free slots in an inode chunk when there are none (bsc#1115007). - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-rt-20190131-13949=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-rt-20190131-13949=1 Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-69.42.1 kernel-rt-base-3.0.101.rt130-69.42.1 kernel-rt-devel-3.0.101.rt130-69.42.1 kernel-rt_trace-3.0.101.rt130-69.42.1 kernel-rt_trace-base-3.0.101.rt130-69.42.1 kernel-rt_trace-devel-3.0.101.rt130-69.42.1 kernel-source-rt-3.0.101.rt130-69.42.1 kernel-syms-rt-3.0.101.rt130-69.42.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-69.42.1 kernel-rt-debugsource-3.0.101.rt130-69.42.1 kernel-rt_debug-debuginfo-3.0.101.rt130-69.42.1 kernel-rt_debug-debugsource-3.0.101.rt130-69.42.1 kernel-rt_trace-debuginfo-3.0.101.rt130-69.42.1 kernel-rt_trace-debugsource-3.0.101.rt130-69.42.1 References: https://bugzilla.suse.com/1086695 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1104098 https://bugzilla.suse.com/1105799 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1114440 https://bugzilla.suse.com/1114672 https://bugzilla.suse.com/1114920 https://bugzilla.suse.com/1115007 https://bugzilla.suse.com/1115038 https://bugzilla.suse.com/1115827 https://bugzilla.suse.com/1115828 https://bugzilla.suse.com/1115829 https://bugzilla.suse.com/1115830 https://bugzilla.suse.com/1115831 https://bugzilla.suse.com/1115832 https://bugzilla.suse.com/1115833 https://bugzilla.suse.com/1115834 https://bugzilla.suse.com/1115835 https://bugzilla.suse.com/1115836 https://bugzilla.suse.com/1115837 https://bugzilla.suse.com/1115838 https://bugzilla.suse.com/1115839 https://bugzilla.suse.com/1115840 https://bugzilla.suse.com/1115841 https://bugzilla.suse.com/1115842 https://bugzilla.suse.com/1115843 https://bugzilla.suse.com/1115844 https://bugzilla.suse.com/1116888 https://bugzilla.suse.com/1117042 https://bugzilla.suse.com/1117796 https://bugzilla.suse.com/1117802 https://bugzilla.suse.com/1117805 https://bugzilla.suse.com/1117806 https://bugzilla.suse.com/1118760 https://bugzilla.suse.com/1120056 https://bugzilla.suse.com/1120077 https://bugzilla.suse.com/1120086 https://bugzilla.suse.com/1120093 https://bugzilla.suse.com/1120094 https://bugzilla.suse.com/1120105 https://bugzilla.suse.com/1120107 https://bugzilla.suse.com/1120109 https://bugzilla.suse.com/1120217 https://bugzilla.suse.com/1120223 https://bugzilla.suse.com/1120226 https://bugzilla.suse.com/1120336 https://bugzilla.suse.com/1120347 From sle-updates at lists.suse.com Fri Feb 8 10:19:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Feb 2019 18:19:57 +0100 (CET) Subject: SUSE-SU-2019:13948-1: moderate: Security update for fuse Message-ID: <20190208171957.5ECCBFD10@maintenance.suse.de> SUSE Security Update: Security update for fuse ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13948-1 Rating: moderate References: #1101797 Cross-References: CVE-2018-10906 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fuse fixes the following issues: Security issue fixed: - CVE-2018-10906: Fix a bypass of the user_allow_other restriction (bsc#1101797) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-fuse-13948=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-fuse-13948=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-fuse-13948=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): fuse-devel-2.8.7-0.11.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): fuse-2.8.7-0.11.3.1 libfuse2-2.8.7-0.11.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): fuse-debuginfo-2.8.7-0.11.3.1 fuse-debugsource-2.8.7-0.11.3.1 References: https://www.suse.com/security/cve/CVE-2018-10906.html https://bugzilla.suse.com/1101797 From sle-updates at lists.suse.com Fri Feb 8 10:20:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Feb 2019 18:20:32 +0100 (CET) Subject: SUSE-SU-2019:13947-1: moderate: Security update for avahi Message-ID: <20190208172032.225B4FD10@maintenance.suse.de> SUSE Security Update: Security update for avahi ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13947-1 Rating: moderate References: #1120281 Cross-References: CVE-2018-1000845 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-avahi-13947=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-avahi-13947=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-avahi-13947=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): avahi-compat-howl-devel-0.6.23-35.6.2 avahi-compat-mDNSResponder-devel-0.6.23-35.6.2 libavahi-devel-0.6.23-35.6.2 libavahi-glib-devel-0.6.23-35.6.1 libavahi-gobject-devel-0.6.23-35.6.1 libavahi-gobject0-0.6.23-35.6.1 libavahi-ui0-0.6.23-35.6.1 libhowl0-0.6.23-35.6.2 python-avahi-0.6.23-35.6.2 python-avahi-gtk-0.6.23-35.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 s390x x86_64): avahi-mono-0.6.23-35.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): avahi-0.6.23-35.6.2 avahi-lang-0.6.23-35.6.2 avahi-utils-0.6.23-35.6.2 libavahi-client3-0.6.23-35.6.2 libavahi-common3-0.6.23-35.6.2 libavahi-core5-0.6.23-35.6.2 libavahi-glib1-0.6.23-35.6.1 libdns_sd-0.6.23-35.6.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libavahi-client3-32bit-0.6.23-35.6.2 libavahi-common3-32bit-0.6.23-35.6.2 libavahi-glib1-32bit-0.6.23-35.6.1 libdns_sd-32bit-0.6.23-35.6.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): libavahi-client3-x86-0.6.23-35.6.2 libavahi-common3-x86-0.6.23-35.6.2 libavahi-glib1-x86-0.6.23-35.6.1 libdns_sd-x86-0.6.23-35.6.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): avahi-debuginfo-0.6.23-35.6.2 avahi-debugsource-0.6.23-35.6.2 avahi-glib2-debuginfo-0.6.23-35.6.1 avahi-glib2-debugsource-0.6.23-35.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): avahi-debuginfo-32bit-0.6.23-35.6.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): avahi-debuginfo-x86-0.6.23-35.6.2 References: https://www.suse.com/security/cve/CVE-2018-1000845.html https://bugzilla.suse.com/1120281 From sle-updates at lists.suse.com Fri Feb 8 10:21:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Feb 2019 18:21:05 +0100 (CET) Subject: SUSE-SU-2019:0298-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3) Message-ID: <20190208172105.D4B9AFD10@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0298-1 Rating: important References: #1119947 Cross-References: CVE-2018-16884 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.120-94_17 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-293=1 SUSE-SLE-Live-Patching-12-SP4-2019-301=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-296=1 SUSE-SLE-Live-Patching-12-SP3-2019-297=1 SUSE-SLE-Live-Patching-12-SP3-2019-298=1 SUSE-SLE-Live-Patching-12-SP3-2019-300=1 SUSE-SLE-Live-Patching-12-SP3-2019-302=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-94_41-default-3-2.7.2 kgraft-patch-4_12_14-94_41-default-debuginfo-3-2.7.2 kgraft-patch-4_12_14-95_3-default-2-2.1 kgraft-patch-SLE12-SP4_Update_0-debugsource-3-2.7.2 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_114-94_11-default-11-2.1 kgraft-patch-4_4_114-94_11-default-debuginfo-11-2.1 kgraft-patch-4_4_114-94_14-default-11-2.1 kgraft-patch-4_4_114-94_14-default-debuginfo-11-2.1 kgraft-patch-4_4_120-94_17-default-10-2.1 kgraft-patch-4_4_120-94_17-default-debuginfo-10-2.1 kgraft-patch-4_4_126-94_22-default-10-2.1 kgraft-patch-4_4_126-94_22-default-debuginfo-10-2.1 kgraft-patch-4_4_131-94_29-default-8-2.1 kgraft-patch-4_4_131-94_29-default-debuginfo-8-2.1 References: https://www.suse.com/security/cve/CVE-2018-16884.html https://bugzilla.suse.com/1119947 From sle-updates at lists.suse.com Sat Feb 9 07:08:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Feb 2019 15:08:32 +0100 (CET) Subject: SUSE-SU-2019:0313-1: critical: Security update for LibVNCServer Message-ID: <20190209140832.C1D36FD43@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0313-1 Rating: critical References: #1123823 #1123828 #1123832 Cross-References: CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-313=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-313=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-313=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-313=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-313=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-313=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-313=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-313=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-313=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-313=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-313=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 LibVNCServer-devel-0.9.9-17.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 LibVNCServer-devel-0.9.9-17.11.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Enterprise Storage 4 (x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 References: https://www.suse.com/security/cve/CVE-2018-20748.html https://www.suse.com/security/cve/CVE-2018-20749.html https://www.suse.com/security/cve/CVE-2018-20750.html https://bugzilla.suse.com/1123823 https://bugzilla.suse.com/1123828 https://bugzilla.suse.com/1123832 From sle-updates at lists.suse.com Mon Feb 11 07:08:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Feb 2019 15:08:56 +0100 (CET) Subject: SUSE-RU-2019:0314-1: moderate: Recommended update for libdlm Message-ID: <20190211140856.518C0FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for libdlm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0314-1 Rating: moderate References: #1098449 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libdlm fixes the following issues: - Explicitly use and link libstonithd from libpacemaker3 (bsc#1098449) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-314=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-314=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libdlm-debuginfo-4.0.7-4.3.1 libdlm-debugsource-4.0.7-4.3.1 libdlm-devel-4.0.7-4.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libdlm-4.0.7-4.3.1 libdlm-debuginfo-4.0.7-4.3.1 libdlm-debugsource-4.0.7-4.3.1 libdlm3-4.0.7-4.3.1 libdlm3-debuginfo-4.0.7-4.3.1 References: https://bugzilla.suse.com/1098449 From sle-updates at lists.suse.com Mon Feb 11 13:08:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Feb 2019 21:08:41 +0100 (CET) Subject: SUSE-SU-2019:0320-1: important: Security update for the Linux Kernel Message-ID: <20190211200841.5F4D4FCB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0320-1 Rating: important References: #1012382 #1015336 #1015337 #1015340 #1019683 #1019695 #1020645 #1023175 #1027260 #1027457 #1031492 #1042286 #1043083 #1046264 #1047487 #1048916 #1065600 #1066223 #1068032 #1069702 #1070805 #1079935 #1086423 #1087082 #1091405 #1092100 #1093158 #1093641 #1093649 #1093653 #1093655 #1093657 #1093663 #1094244 #1094973 #1096242 #1096281 #1099523 #1100105 #1101557 #1102439 #1102660 #1103156 #1103257 #1103624 #1104098 #1104731 #1106105 #1106237 #1106240 #1106929 #1107385 #1108145 #1108240 #1109168 #1109272 #1109330 #1109806 #1110286 #1111062 #1111174 #1111809 #1112246 #1112963 #1113412 #1113766 #1114190 #1114417 #1114475 #1114648 #1114763 #1114839 #1114871 #1115431 #1115433 #1115440 #1115482 #1115587 #1115709 #1116027 #1116183 #1116285 #1116336 #1116345 #1116497 #1116841 #1116924 #1116950 #1116962 #1117162 #1117165 #1117186 #1117562 #1118152 #1118316 #1118319 #1118505 #1118790 #1118798 #1118915 #1118922 #1118926 #1118930 #1118936 #1119204 #1119445 #1119714 #1119877 #1119946 #1119967 #1119970 #1120046 #1120260 #1120743 #1120950 #1121239 #1121240 #1121241 #1121242 #1121275 #1121621 #985031 Cross-References: CVE-2017-16939 CVE-2018-1120 CVE-2018-16862 CVE-2018-16884 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 113 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 Realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bsc#1120743). - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). The following non-security bugs were fixed: - 9p: clear dangling pointers in p9stat_free (bnc#1012382). - 9p locks: fix glock.client_id leak in do_lock (bnc#1012382). - 9p/net: put a lower bound on msize (bnc#1012382). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1121239). - ACPI/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bnc#1012382). - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114648). - ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114648). - ACPI/platform: Add SMB0001 HID to forbidden_id_list (bnc#1012382). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bnc#1012382). - ahci: do not ignore result code of ahci_reset_controller() (bnc#1012382). - aio: fix spectre gadget in lookup_ioctx (bnc#1012382). - aio: hold an extra file reference over AIO read/write operations (bsc#1116027). - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bnc#1012382). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bnc#1012382). - ALSA: control: Fix race between adding and removing a user element (bnc#1012382). - ALSA: cs46xx: Potential NULL dereference in probe (bnc#1012382). - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - ALSA: emux: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bnc#1012382). - ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bnc#1012382). - ALSA: hda: Add support for AMD Stoney Ridge (bnc#1012382). - ALSA: hda: Check the non-cached stream buffers more explicitly (bnc#1012382). - ALSA: hda/tegra: clear pending irq handlers (bnc#1012382). - ALSA: isa/wavefront: prevent some out of bound writes (bnc#1012382). - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bnc#1012382). - ALSA: pcm: Fix interval evaluation with openmin/max (bnc#1012382). - ALSA: pcm: Fix potential Spectre v1 vulnerability (bnc#1012382). - ALSA: pcm: Fix starvation on down_write_nonblock() (bnc#1012382). - ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command (bnc#1012382). - ALSA: rme9652: Fix potential Spectre v1 vulnerability (bnc#1012382). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bnc#1012382). - ALSA: timer: Fix zero-division by continue of uninitialized instance (bnc#1012382). - ALSA: trident: Suppress gcc string warning (bnc#1012382). - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bnc#1012382). - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bnc#1012382). - ALSA: wss: Fix invalid snd_free_pages() at error path (bnc#1012382). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - ARC: change defconfig defaults to ARCv2 (bnc#1012382). - arc: [devboards] Add support of NFSv3 ACL (bnc#1012382). - arch/alpha, termios: implement BOTHER, IBSHIFT and termios2 (bnc#1012382). - ARC: io.h: Implement reads{x}()/writes{x}() (bnc#1012382). - arm64: Disable asm-operand-width warning for clang (bnc#1012382). - arm64: dts: stratix10: Correct System Manager register size (bnc#1012382). - arm64: hardcode rodata_enabled=true earlier in the series (bsc#1114763). - arm64: PCI: ACPI support for legacy IRQs parsing and consolidation with DT code (bsc#985031). - arm64: percpu: Initialize ret in the default case (bnc#1012382). - arm64: remove no-op -p linker flag (bnc#1012382). - arm: 8799/1: mm: fix pci_ioremap_io() offset check (bnc#1012382). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bnc#1012382). - arm: dts: apq8064: add ahci ports-implemented mask (bnc#1012382). - arm: dts: imx53-qsb: disable 1.2GHz OPP (bnc#1012382). - arm: fix mis-applied iommu identity check (bsc#1116924). - arm: imx: update the cpu power up timing setting on i.mx6sx (bnc#1012382). - arm: kvm: fix building with gcc-8 (bsc#1121241). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bnc#1012382). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bnc#1012382). - asix: Check for supported Wake-on-LAN modes (bnc#1012382). - ASoC: ak4613: Enable cache usage to fix crashes on resume (bnc#1012382). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bnc#1012382). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bnc#1012382). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bnc#1012382). - ASoC: spear: fix error return code in spdif_in_probe() (bnc#1012382). - ASoC: wm8940: Enable cache usage to fix crashes on resume (bnc#1012382). - ataflop: fix error handling during setup (bnc#1012382). - ath10k: fix kernel panic due to race in accessing arvif list (bnc#1012382). - ath10k: schedule hardware restart if WMI command times out (bnc#1012382). - ax25: fix a use-after-free in ax25_fillin_cb() (bnc#1012382). - ax88179_178a: Check for supported Wake-on-LAN modes (bnc#1012382). - b43: Fix error in cordic routine (bnc#1012382). - batman-adv: Expand merged fragment buffer for full packet (bnc#1012382). - bcache: fix miss key refill->end in writeback (bnc#1012382). - bfs: add sanity check at bfs_fill_super() (bnc#1012382). - binfmt_elf: fix calculations for bss padding (bnc#1012382). - bitops: protect variables in bit_clear_unless() macro (bsc#1116285). - block: fix inheriting request priority from bio (bsc#1116924). - block: respect virtual boundary mask in bvecs (bsc#1113412). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bnc#1012382). - Bluetooth: SMP: fix crash in unpairing (bnc#1012382). - bna: ethtool: Avoid reading past end of buffer (bnc#1012382). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bnc#1012382). - bonding: fix 802.3ad state sent to partner when unbinding slave (bnc#1012382). - bpf: fix check of allowed specifiers in bpf_trace_printk (bnc#1012382). - bpf: generally move prog destruction to RCU deferral (bnc#1012382). - bpf: support 8-byte metafield access (bnc#1012382). - bpf, trace: check event type in bpf_perf_event_read (bsc#1119970). - bpf, trace: use READ_ONCE for retrieving file ptr (bsc#1119967). - bpf/verifier: Add spi variable to check_stack_write() (bnc#1012382). - bpf/verifier: Pass instruction index to check_mem_access() and check_xadd() (bnc#1012382). - bridge: do not add port to router list when receives query with source 0.0.0.0 (bnc#1012382). - btrfs: Always try all copies when reading extent buffers (bnc#1012382). - btrfs: do not attempt to trim devices that do not support it (bnc#1012382). - btrfs: ensure path name is null terminated at btrfs_control_ioctl (bnc#1012382). - btrfs: fix backport error in submit_stripe_bio (bsc#1114763). - btrfs: fix data corruption due to cloning of eof block (bnc#1012382). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix null pointer dereference on compressed write path error (bnc#1012382). - btrfs: fix pinned underflow after transaction aborted (bnc#1012382). - btrfs: fix use-after-free when dumping free space (bnc#1012382). - btrfs: fix wrong dentries after fsync of file that got its parent replaced (bnc#1012382). - btrfs: Handle error from btrfs_uuid_tree_rem call in _btrfs_ioctl_set_received_subvol (git-fixes). - btrfs: Handle owner mismatch gracefully when walking up tree (bnc#1012382). - btrfs: iterate all devices during trim, instead of fs_devices::alloc_list (bnc#1012382). - btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock (bnc#1012382). - btrfs: make sure we create all new block groups (bnc#1012382). - btrfs: qgroup: Dirty all qgroups before rescan (bnc#1012382). - btrfs: release metadata before running delayed refs (bnc#1012382). - btrfs: reset max_extent_size on clear in a bitmap (bnc#1012382). - btrfs: send, fix infinite loop due to directory rename dependencies (bnc#1012382). - btrfs: set max_extent_size properly (bnc#1012382). - btrfs: wait on caching when putting the bg cache (bnc#1012382). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bnc#1012382). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bnc#1012382). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bnc#1012382). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bnc#1012382). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bnc#1012382). - can: rcar_can: Fix erroneous registration (bnc#1012382). - cdc-acm: correct counting of UART states in serial state notification (bnc#1012382). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bnc#1012382). - ceph: call setattr_prepare from ceph_setattr instead of inode_change_ok (bsc#1114763). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121275). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bnc#1012382). - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bnc#1012382). - cifs: Fix separator when building path from dentry (bnc#1012382). - CIFS: handle guest access errors to Windows shares (bnc#1012382). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bnc#1012382). - clk: mmp: Off by one in mmp_clk_add() (bnc#1012382). - clk: s2mps11: Add used attribute to s2mps11_dt_match (git-fixes). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bnc#1012382). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bnc#1012382). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bnc#1012382). - configfs: replace strncpy with memcpy (bnc#1012382). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq: imx6q: add return value check for voltage scale (bnc#1012382). - cpuidle: Do not access cpuidle_devices when !CONFIG_CPU_IDLE (bnc#1012382). - Cramfs: fix abad comparison when wrap-arounds occur (bnc#1012382). - crypto: arm64/sha - avoid non-standard inline asm tricks (bnc#1012382). - crypto: lrw - Fix out-of bounds access on counter overflow (bnc#1012382). - crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned (bnc#1012382). - crypto, x86: aesni - fix token pasting for clang (bnc#1012382). - crypto: x86/chacha20 - avoid sleeping with preemption disabled (bnc#1012382). - cw1200: Do not leak memory if krealloc failes (bnc#1012382). - cxgb4: Add support for new flash parts (bsc#1102439). - cxgb4: assume flash part size to be 4MB, if it can't be determined (bsc#1102439). - cxgb4: Fix FW flash errors (bsc#1102439). - cxgb4: fix missing break in switch and indent return statements (bsc#1102439). - cxgb4: support new ISSI flash parts (bsc#1102439). - debugobjects: avoid recursive calls with kmemleak (bnc#1012382). - disable stringop truncation warnings for now (bnc#1012382). - dlm: fixed memory leaks after failed ls_remove_names allocation (bnc#1012382). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bnc#1012382). - dlm: memory leaks on error path in dlm_user_request() (bnc#1012382). - dlm: possible memory leak on error path in create_lkb() (bnc#1012382). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bnc#1012382). - dmaengine: at_hdmac: fix module unloading (bnc#1012382). - dmaengine: dma-jz4780: Return error if not probed from DT (bnc#1012382). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (bnc#1012382). - dm-multipath: do not assign cmd_flags in setup_clone() (bsc#1103156). - dm raid: stop using BUG() in __rdev_sectors() (bsc#1046264). This syncs with the upstream fix which caught a case where it returning 0 may have caused incorrect behavior. - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dpaa_eth: fix dpaa_get_stats64 to match prototype (bsc#1114763). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bnc#1012382). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bnc#1012382). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bnc#1012382). - drivers/sbus/char: add of_node_put() (bnc#1012382). - drivers/tty: add missing of_node_put() (bnc#1012382). - drm/ast: change resolution may cause screen blurred (bnc#1012382). - drm/ast: fixed cursor may disappear sometimes (bnc#1012382). - drm/ast: fixed reading monitor EDID not stable issue (bnc#1012382). - drm/ast: Fix incorrect free on ioregs (bsc#1106929) - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bnc#1012382). - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106929) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113766) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113766) - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bnc#1012382). - drm/ioctl: Fix Spectre v1 vulnerabilities (bnc#1012382). - drm/msm: Grab a vblank reference when waiting for commit_done (bnc#1012382). - drm/nouveau/fbcon: fix oops without fbdev emulation (bnc#1012382). - drm/omap: fix memory barrier bug in DMM driver (bnc#1012382). - drm: rcar-du: Fix external clock error checks (bsc#1106929) - drm: rcar-du: Fix vblank initialization (bsc#1106929) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bnc#1012382). - e1000: avoid null pointer dereference on invalid stat type (bnc#1012382). - e1000: fix race condition between e1000_down() and e1000_watchdog (bnc#1012382). - efi/libstub/arm64: Force 'hidden' visibility for section markers (bnc#1012382). - efi/libstub/arm64: Set -fpie when building the EFI stub (bnc#1012382). - exec: avoid gcc-8 warning for get_task_comm (bnc#1012382). - exportfs: do not read dentry after free (bnc#1012382). - ext2: fix potential use after free (bnc#1012382). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bnc#1012382). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bnc#1012382). - ext4: add missing brelse() update_backups()'s error path (bnc#1012382). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bnc#1012382). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bnc#1012382). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bnc#1012382). - ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bnc#1012382). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bnc#1012382). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bnc#1012382). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bnc#1012382). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bnc#1012382). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bnc#1012382). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bnc#1012382). - ext4: fix possible use after free in ext4_quota_enable (bnc#1012382). - ext4: force inode writes when nfsd calls commit_metadata() (bnc#1012382). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bnc#1012382). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bnc#1012382). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bnc#1012382). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106929) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106929) - fcoe: remove duplicate debugging message in fcoe_ctlr_vn_add (bsc#1114763). - Fix kABI for "Ensure we commit after writeback is complete" (bsc#1111809). - floppy: fix race condition in __floppy_read_block_0() (Git-fixes). - flow_dissector: do not dissect l4 ports for fragments (bnc#1012382). - fork: record start_time late (bnc#1012382). - fscache, cachefiles: remove redundant variable 'cache' (bnc#1012382). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs, elf: make sure to page align bss in load_elf_library (bnc#1012382). - fs/exofs: fix potential memory leak in mount option parsing (bnc#1012382). - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() (bnc#1012382). - fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio (bnc#1012382). - fuse: fix blocked_waitq wakeup (bnc#1012382). - fuse: fix leaked notify reply (bnc#1012382). - fuse: Fix use-after-free in fuse_dev_do_read() (bnc#1012382). - fuse: Fix use-after-free in fuse_dev_do_write() (bnc#1012382). - fuse: set FR_SENT while locked (bnc#1012382). - genirq: Fix race on spurious interrupt detection (bnc#1012382). - genwqe: Fix size check (bnc#1012382). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bnc#1012382). - gfs2: Fix loop in gfs2_rbm_find (bnc#1012382). - gfs2_meta: ->mount() can get NULL dev_name (bnc#1012382). - gfs2: Put bitmap buffers in put_super (bnc#1012382). - git_sort.py: Remove non-existent remote tj/libata - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bnc#1012382). - gpio: msic: fix error return code in platform_msic_gpio_probe() (bnc#1012382). - gpu: host1x: fix error return code in host1x_probe() (bnc#1012382). - gro_cell: add napi_disable in gro_cells_destroy (bnc#1012382). - hfs: do not free node before using (bnc#1012382). - hfsplus: do not free node before using (bnc#1012382). - hfsplus: prevent btree data loss on root split (bnc#1012382). - hfs: prevent btree data loss on root split (bnc#1012382). - HID: hiddev: fix potential Spectre v1 (bnc#1012382). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bnc#1012382). - hpwdt add dynamic debugging (bsc#1114417). - hpwdt calculate reload value on each use (bsc#1114417). - hugetlbfs: dirty pages as they are added to pagecache (bnc#1012382). - hugetlbfs: fix bug in pgoff overflow checking (bnc#1012382). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (bnc#1012382). - hwmon: (ibmpowernv) Remove bogus __init annotations (bnc#1012382). - hwmon: (ina2xx) Fix current value calculation (bnc#1012382). - hwmon: (pmbus) Fix page count auto-detection (bnc#1012382). - hwmon: (w83795) temp4_type has writable permission (bnc#1012382). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bnc#1012382). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bnc#1012382). - IB/hfi1: Fix an out-of-bounds access in get_hw_stats (). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (bnc#1012382). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - IB/ucm: Fix Spectre v1 vulnerability (bnc#1012382). - ide: pmac: add of_node_put() (bnc#1012382). - ieee802154: lowpan_header_create check must check daddr (bnc#1012382). - igb: Remove superfluous reset to PHY and page 0 selection (bnc#1012382). - iio: adc: at91: fix acking DRDY irq on simple conversions (bnc#1012382). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bnc#1012382). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bnc#1012382). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bnc#1012382). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bnc#1012382). - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bnc#1012382). - Input: elan_i2c - add ELAN0620 to the ACPI table (bnc#1012382). - Input: elan_i2c - add support for ELAN0621 touchpad (bnc#1012382). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bnc#1012382). - Input: omap-keypad - fix idle configuration to not block SoC idle states (bnc#1012382). - Input: omap-keypad - fix keyboard debounce configuration (bnc#1012382). - Input: restore EV_ABS ABS_RESERVED (bnc#1012382). - Input: xpad - add GPD Win 2 Controller USB IDs (bnc#1012382). - Input: xpad - add Mad Catz FightStick TE 2 VID/PID (bnc#1012382). - Input: xpad - add more third-party controllers (bnc#1012382). - Input: xpad - add PDP device id 0x02a4 (bnc#1012382). - Input: xpad - add product ID for Xbox One S pad (bnc#1012382). - Input: xpad - add support for PDP Xbox One controllers (bnc#1012382). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bnc#1012382). - Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth (bnc#1012382). - Input: xpad - avoid using __set_bit() for capabilities (bnc#1012382). - Input: xpad - constify usb_device_id (bnc#1012382). - Input: xpad - correctly sort vendor id's (bnc#1012382). - Input: xpad - correct xbox one pad device name (bnc#1012382). - Input: xpad - do not depend on endpoint order (bnc#1012382). - Input: xpad - fix GPD Win 2 controller name (bnc#1012382). - Input: xpad - fix PowerA init quirk for some gamepad models (bnc#1012382). - Input: xpad - fix rumble on Xbox One controllers with 2015 firmware (bnc#1012382). - Input: xpad - fix some coding style issues (bnc#1012382). - Input: xpad - fix stuck mode button on Xbox One S pad (bnc#1012382). - Input: xpad - fix Xbox One rumble stopping after 2.5 secs (bnc#1012382). - Input: xpad - handle "present" and "gone" correctly (bnc#1012382). - Input: xpad - move reporting xbox one home button to common function (bnc#1012382). - Input: xpad - power off wireless 360 controllers on suspend (bnc#1012382). - Input: xpad - prevent spurious input from wired Xbox 360 controllers (bnc#1012382). - Input: xpad - quirk all PDP Xbox One gamepads (bnc#1012382). - Input: xpad - remove spurious events of wireless xpad 360 controller (bnc#1012382). - Input: xpad - remove unused function (bnc#1012382). - Input: xpad - restore LED state after device resume (bnc#1012382). - Input: xpad - simplify error condition in init_output (bnc#1012382). - Input: xpad - sort supported devices by USB ID (bnc#1012382). - Input: xpad - support some quirky Xbox One pads (bnc#1012382). - Input: xpad - sync supported devices with 360Controller (bnc#1012382). - Input: xpad - sync supported devices with XBCD (bnc#1012382). - Input: xpad - sync supported devices with xboxdrv (bnc#1012382). - Input: xpad - update Xbox One Force Feedback Support (bnc#1012382). - Input: xpad - use LED API when identifying wireless controllers (bnc#1012382). - Input: xpad - validate USB endpoint type during probe (bnc#1012382). - Input: xpad - workaround dead irq_out after suspend/ resume (bnc#1012382). - Input: xpad - xbox one elite controller support (bnc#1012382). - intel_th: msu: Fix an off-by-one in attribute store (bnc#1012382). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6mr: Fix potential Spectre v1 vulnerability (bnc#1012382). - ipmi: Fix timer race with module unload (bnc#1012382). - ip_tunnel: do not force DF when MTU is locked (bnc#1012382). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (bnc#1012382). - ipv4: Fix potential Spectre v1 vulnerability (bnc#1012382). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286). - ipv6: Check available headroom in ip6_xmit() even without options (bnc#1012382). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (bnc#1012382). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (bnc#1012382). - ipv6: mcast: fix a use-after-free in inet6_mc_check (bnc#1012382). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (bnc#1012382). - ipv6: orphan skbs in reassembly unit (bnc#1012382). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ipv6: suppress sparse warnings in IP6_ECN_set_ce() (bnc#1012382). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bnc#1012382). - iser: set sector for ambiguous mr status errors (bnc#1012382). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bnc#1012382). - iwlwifi: mvm: support sta_statistics() even on older firmware (bnc#1012382). - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105). - ixgbe: Add support for build_skb (bsc#1100105). - ixgbe: Add support for padding packet (bsc#1100105). - ixgbe: Break out Rx buffer page management (bsc#1100105). - ixgbe: Fix output from ixgbe_dump (bsc#1100105). - ixgbe: fix possible race in reset subtask (bsc#1101557). - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105). - ixgbe: Only DMA sync frame length (bsc#1100105). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bnc#1012382). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - ixgbe: Update code to better handle incrementing page count (bsc#1100105). - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105). - ixgbe: Use length to determine if descriptor is done (bsc#1100105). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bnc#1012382). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bnc#1012382). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kABI: protect get_vaddr_frames (kabi). - kABI: protect struct azx (kabi). - kABI: protect struct cfs_bandwidth (kabi). - kABI: protect struct esp (kabi). - kABI: protect struct fuse_io_priv (kabi). - kABI: protect __usb_get_extra_descriptor (kabi). - kABI: protect xen/xen-ops.h include in xlate_mmu.c (kabi). - kabi: revert sig change on pnfs_read_resend_pnfs (git-fixes). - kbuild: Add better clang cross build support (bnc#1012382). - kbuild: Add __cc-option macro (bnc#1012382). - kbuild: Add support to generate LLVM assembly files (bnc#1012382). - kbuild: allow to use GCC toolchain not in Clang search path (bnc#1012382). - kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS (bnc#1012382). - kbuild: clang: Disable 'address-of-packed-member' warning (bnc#1012382). - kbuild: clang: disable unused variable warnings only when constant (bnc#1012382). - kbuild: clang: fix build failures with sparse check (bnc#1012382). - kbuild: clang: remove crufty HOSTCFLAGS (bnc#1012382). - kbuild: Consolidate header generation from ASM offset information (bnc#1012382). - kbuild: consolidate redundant sed script ASM offset generation (bnc#1012382). - kbuild: drop -Wno-unknown-warning-option from clang options (bnc#1012382). - kbuild: fix asm-offset generation to work with clang (bnc#1012382). - kbuild: fix kernel/bounds.c 'W=1' warning (bnc#1012382). - kbuild: fix linker feature test macros when cross compiling with Clang (bnc#1012382). - kbuild, LLVMLinux: Add -Werror to cc-option to support clang (bnc#1012382). - kbuild: move cc-option and cc-disable-warning after incl. arch Makefile (bnc#1012382). - kbuild: Set KBUILD_CFLAGS before incl. arch Makefile (bnc#1012382). - kbuild: set no-integrated-as before incl. arch Makefile (bnc#1012382). - kbuild: use -Oz instead of -Os when using clang (bnc#1012382). - kdb: use memmove instead of overlapping memcpy (bnc#1012382). - kdb: Use strscpy with destination buffer size (bnc#1012382). - kernel-source.spec: Align source numbering. - kernfs: Replace strncpy with memcpy (bnc#1012382). - KEYS: put keyring if install_session_keyring_to_cred() fails (bnc#1012382). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bnc#1012382). - kgdboc: Fix restrict error (bnc#1012382). - kgdboc: Fix warning with module build (bnc#1012382). - kgdboc: Passing ekgdboc to command line causes panic (bnc#1012382). - kobject: Replace strncpy with memcpy (bnc#1012382). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bnc#1012382). - KVM: arm64: Fix caching of host MDCR_EL2 value (bsc#1121242). - KVM: arm: Restore banked registers and physical timer access on hyp_panic() (bsc#1121240). - KVM: mmu: Fix race in emulated page table writes (bnc#1012382). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: Eliminate vmcs02 pool (bnc#1012382). - KVM: nVMX: mark vmcs12 pages dirty on L2 exit (bnc#1012382). - KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE (bnc#1012382). - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032). - KVM/SVM: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114648). - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032 bsc#1096242 bsc#1096281). - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (bnc#1012382). - KVM/VMX: introduce alloc_loaded_vmcs (bnc#1012382). - KVM/VMX: make MSR bitmaps per-VCPU (bnc#1012382). - KVM/x86: Add IBPB support (bnc#1012382 bsc#1068032 bsc#1068032). - KVM/x86: fix empty-body warnings (bnc#1012382). - KVM/x86: Remove indirect MSR op calls from SPEC_CTRL (bnc#1012382). - KVM/x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bnc#1012382). - lan78xx: Check for supported Wake-on-LAN modes (bnc#1012382). - leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF (bnc#1012382). - leds: leds-gpio: Fix return value check in create_gpio_led() (bnc#1012382). - leds: turn off the LED and wait for completion on unregistering LED class device (bnc#1012382). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bnc#1012382). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libfc: sync strings with upstream versions (bsc#1114763). - lib/interval_tree_test.c: allow full tree search (bnc#1012382). - lib/interval_tree_test.c: allow users to limit scope of endpoint (bnc#1012382). - lib/interval_tree_test.c: make test options module parameters (bnc#1012382). - libnvdimm, {btt, blk}: do integrity setup before add_disk() (bsc#1118926). - libnvdimm, dimm: fix dpa reservation vs uninitialized label area (bsc#1118936). - libnvdimm: fix integer overflow static analysis warning (bsc#1118922). - libnvdimm: fix nvdimm_bus_lock() vs device_lock() ordering (bsc#1118915). - libnvdimm: Hold reference on parent while scheduling async init (bnc#1012382). - lib/raid6: Fix arm64 test build (bnc#1012382). - lib/rbtree_test.c: make input module parameters (bnc#1012382). - lib/rbtree-test: lower default params (bnc#1012382). - llc: do not use sk_eat_skb() (bnc#1012382). - lockd: fix access beyond unterminated strings in prints (bnc#1012382). - locking/lockdep: Fix debug_locks off performance problem (bnc#1012382). - mac80211: Always report TX status (bnc#1012382). - mac80211: Clear beacon_int in ieee80211_do_stop (bnc#1012382). - mac80211: fix reordering of buffered broadcast packets (bnc#1012382). - mac80211_hwsim: do not omit multicast announce of first added radio (bnc#1012382). - mac80211_hwsim: fix module init error paths for netlink (bnc#1012382). - mac80211_hwsim: Timer should be initialized before device registered (bnc#1012382). - mac80211: ignore NullFunc frames in the duplicate detection (bnc#1012382). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bnc#1012382). - mach64: fix display corruption on big endian machines (bnc#1012382). - mach64: fix image corruption due to reading accelerator registers (bnc#1012382). - matroxfb: fix size of memcpy (bnc#1012382). - MD: do not check MD_SB_CHANGE_CLEAN in md_allow_write (Git-fixes). - MD: fix invalid stored role for a disk (bnc#1012382). - MD: fix invalid stored role for a disk - try2 (bnc#1012382). - media: dvb-frontends: fix i2c access helpers for KASAN (bnc#1012382). - media: em28xx: fix input name for Terratec AV 350 (bnc#1012382). - media: em28xx: Fix use-after-free when disconnecting (bnc#1012382). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bnc#1012382). - media: em28xx: use a default format if TRY_FMT fails (bnc#1012382). - media: pci: cx23885: handle adding to list failure (bnc#1012382). - media: tvp5150: fix width alignment during set_selection() (bnc#1012382). - media: v4l: event: Add subscription to list before calling "add" operation (bnc#1012382). - media: vivid: free bitmap_cap when updating std/timings/etc (bnc#1012382). - MIPS: Align kernel load address to 64KB (bnc#1012382). - MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression (bnc#1012382). - MIPS: Ensure pmd_present() returns false after pmd_mknotpresent() (bnc#1012382). - MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue (bnc#1012382). - MIPS: fix mips_get_syscall_arg o32 check (bnc#1012382). - MIPS: Handle non word sized instructions when examining frame (bnc#1012382). - MIPS: kexec: Mark CPU offline before disabling local IRQ (bnc#1012382). - MIPS: Loongson-3: Fix BRIDGE irq delivery problem (bnc#1012382). - MIPS: Loongson-3: Fix CPU UART irq delivery problem (bnc#1012382). - MIPS: microMIPS: Fix decoding of swsp16 instruction (bnc#1012382). - MIPS: OCTEON: fix out of bounds array access on CN68XX (bnc#1012382). - MIPS: ralink: Fix mt7620 nd_sd pinmux (bnc#1012382). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bnc#1012382). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bnc#1012382). - MMC: core: Reset HPI enabled state during re-init and in case of errors (bnc#1012382). - mm: cleancache: fix corruption on missed inode invalidation (bnc#1012382). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bnc#1012382). - MMC: omap_hsmmc: fix DMA API warning (bnc#1012382). - MMC: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bnc#1012382). - mm, devm_memremap_pages: kill mapping "System RAM" support (bnc#1012382). - mm: do not bug_on on incorrect length in __mm_populate() (bnc#1012382). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm, elf: handle vm_brk error (bnc#1012382). - mm, hugetlb: fix huge_pte_alloc BUG_ON (bsc#1119204). - mm: hwpoison: call shake_page() after try_to_unmap() for mlocked page (bnc#1116336). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1012382). - mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT) (bnc#1012382). - mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages() (bnc#1012382). - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1118790). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: refuse wrapped vm_brk requests (bnc#1012382). - mm: remove write/force parameters from __get_user_pages_locked() (bnc#1012382 bsc#1027260). - mm: remove write/force parameters from __get_user_pages_unlocked() (bnc#1012382 bsc#1027260). - mm: replace __access_remote_vm() write parameter with gup_flags (bnc#1012382). - mm: replace access_remote_vm() write parameter with gup_flags (bnc#1012382). - mm: replace get_user_pages_locked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_user_pages_unlocked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_user_pages() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_vaddr_frames() write/force parameters with gup_flags (bnc#1012382). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - modules: mark __inittest/__exittest as __maybe_unused (bnc#1012382). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bnc#1012382). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bnc#1012382). - mount: Retest MNT_LOCKED in do_umount (bnc#1012382). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bnc#1012382). - mtd: spi-nor: Add support for is25wp series chips (bnc#1012382). - mv88e6060: disable hardware level MAC learning (bnc#1012382). - mwifiex: Fix NULL pointer dereference in skb_dequeue() (bnc#1012382). - mwifiex: fix p2p device does not find in scan problem (bnc#1012382). - namei: allow restricted O_CREAT of FIFOs and regular files (bnc#1012382). - neighbour: Avoid writing before skb->head in neigh_hh_output() (bnc#1012382). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (bnc#1012382). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114475, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114475, LTC#172679). - net: amd: add missing of_node_put() (bnc#1012382). - net: bcmgenet: fix OF child-node lookup (bnc#1012382). - net: bridge: remove ipv6 zero address check in mcast queries (bnc#1012382). - net: cxgb3_main: fix a missing-check bug (bnc#1012382). - net: drop skb on failure in ip_check_defrag() (bnc#1012382). - net: drop write-only stack variable (bnc#1012382). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1117562). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1117562). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1117562). - net: ena: complete host info to match latest ENA spec (bsc#1117562). - net: ena: enable Low Latency Queues (bsc#1117562). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1117562). - net: ena: fix auto casting to boolean (bsc#1117562). - net: ena: fix compilation error in xtensa architecture (bsc#1117562). - net: ena: fix crash during ena_remove() (bsc#1108240). - net: ena: fix crash during failed resume from hibernation (bsc#1117562). - net: ena: fix indentations in ena_defs for better readability (bsc#1117562). - net: ena: Fix Kconfig dependency on X86 (bsc#1117562). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1117562). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1117562). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1117562). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1117562). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1117562). - net: ena: minor performance improvement (bsc#1117562). - net: ena: remove ndo_poll_controller (bsc#1117562). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1117562). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1108240). - net: ena: update driver version to 2.0.1 (bsc#1117562). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1117562). - net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts (bnc#1012382). - netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net (bnc#1012382). - netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() (bnc#1012382). - netfilter: nf_tables: fix oops when inserting an element into a verdict map (bnc#1012382). - netfilter: xt_IDLETIMER: add sysfs filename checking routine (bnc#1012382). - net-gro: reset skb->pkt_type in napi_reuse_skb() (bnc#1012382). - net: hisilicon: remove unexpected free_netdev (bnc#1012382). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net/ipv4: defensive cipso option parsing (bnc#1012382). - net/ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (bnc#1012382). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1015336 bsc#1015337 bsc#1015340). - net/mlx4_core: Fix uninitialized variable compilation warning (bnc#1012382). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bnc#1012382). - net/mlx4: Fix UBSAN warning of signed integer overflow (bnc#1012382). - net: phy: do not allow __set_phy_supported to add unsupported modes (bnc#1012382). - net: Prevent invalid access to skb->prev in __qdisc_drop_all (bnc#1012382). - net: qla3xxx: Remove overflowing shift statement (bnc#1012382). - netrom: fix locking in nr_find_socket() (bnc#1012382). - net: sched: gred: pass the right attribute to gred_change_table_def() (bnc#1012382). - net: socket: fix a missing-check bug (bnc#1012382). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (bnc#1012382). - net: thunderx: fix NULL pointer dereference in nic_remove (bnc#1012382). - new helper: uaccess_kernel() (bnc#1012382). - NFC: nfcmrvl_uart: fix OF child-node lookup (bnc#1012382). - nfit: skip region registration for incomplete control regions (bsc#1118930). - nfsd: Fix an Oops in free_session() (bnc#1012382). - NFS: Ensure we commit after writeback is complete (bsc#1111809). - NFSv4.1: Fix the r/wsize checking (bnc#1012382). - NFSv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bnc#1012382). - ocfs2: fix deadlock caused by ocfs2_defrag_extent() (bnc#1012382). - ocfs2: fix potential use after free (bnc#1012382). - of: add helper to lookup compatible child node (bnc#1012382). - packet: validate address length (bnc#1012382). - packet: validate address length if non-zero (bnc#1012382). - parisc: Fix address in HPMC IVA (bnc#1012382). - parisc: Fix map_pages() to not overwrite existing pte entries (bnc#1012382). - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk (bnc#1012382). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1109806). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1106105). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bnc#1012382). - perf/bpf: Convert perf_event_array to use struct file (bsc#1119967). - perf/core: Do not leak event in the syscall error path (bnc#1012382). - perf pmu: Suppress potential format-truncation warning (bnc#1012382). - perf/ring_buffer: Prevent concurent ring buffer access (bnc#1012382). - perf tools: Cleanup trace-event-info 'tdata' leak (bnc#1012382). - perf tools: Disable parallelism for 'make clean' (bnc#1012382). - perf tools: Free temporary 'sys' string in read_event_files() (bnc#1012382). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bnc#1012382). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bnc#1012382). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bnc#1012382). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bnc#1012382). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bnc#1012382). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bnc#1012382). - PM/devfreq: tegra: fix error return code in tegra_devfreq_probe() (bnc#1012382). - pNFS: Fix a deadlock between read resends and layoutreturn (git-fixes). - pNFS/flexfiles: Fix up the ff_layout_write_pagelist failure path (git-fixes). - pNFS/flexfiles: When checking for available DSes, conditionally check for MDS io (git-fixes). - pnfs: set NFS_IOHDR_REDO in pnfs_read_resend_pnfs (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/boot: Ensure _zimage_start is a weak symbol (bnc#1012382). - powerpc/boot: Fix random libfdt related build errors (bnc#1012382). - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805). - powerpc: Fix COFF zImage booting on old powermacs (bnc#1012382). - powerpc/mm/radix: Use mm->task_size for boundary checking instead of addr_limit (bsc#1027457). - powerpc/msi: Fix compile error on mpc83xx (bnc#1012382). - powerpc/msi: Fix NULL pointer access in teardown code (bnc#1012382). - powerpc/nohash: fix undefined behaviour when testing page size support (bnc#1012382). - powerpc/numa: Suppress "VPHN is not supported" messages (bnc#1012382). - powerpc/powernv: Do not select the cpufreq governors (bsc#1066223). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1066223). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1066223). - powerpc/pseries: Fix DTL buffer registration (bsc#1066223). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1066223). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: olpc_battery: correct the temperature units (bnc#1012382). - printk: Fix panic caused by passing log_buf_len to command line (bnc#1012382). - Provide a temporary fix for STIBP on-by-default (bsc#1116497). - pstore: Convert console write to use ->write_buf (bnc#1012382). - ptp: fix Spectre v1 vulnerability (bnc#1012382). - pxa168fb: prepare the clock (bnc#1012382). - qed: Fix bitmap_weight() check (bsc#1019695). - qed: Fix PTT leak in qed_drain() (bnc#1012382). - qed: Fix QM getters to always return a valid pq (bsc#1019695 ). - qed: Fix reading wrong value in loop condition (bnc#1012382). - r8152: Check for supported Wake-on-LAN Modes (bnc#1012382). - r8169: fix NAPI handling under high load (bnc#1012382). - rapidio/rionet: do not free skb before reading its length (bnc#1012382). - RDMA/ucma: Fix Spectre v1 vulnerability (bnc#1012382). - reiserfs: propagate errors from fill_with_dentries() properly (bnc#1012382). - Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV" (bnc#1012382). - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" (bsc#1106929) - Revert "exec: avoid gcc-8 warning for get_task_comm" (kabi). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "media: v4l: event: Add subscription to list before calling "add" operation" (kabi). - Revert "media: videobuf2-core: do not call memop 'finish' when queueing" (bnc#1012382). - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1106105). - Revert "usb: musb: musb_host: Enable HCD_BH flag to handle urb return in bottom half" (bsc#1047487). - Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()" (bnc#1012382). - Revert "x86/kconfig: Fall back to ticket spinlocks" (kabi). - rocker: fix rocker_tlv_put_* functions for KASAN (bnc#1012382). - rpcrdma: Add RPCRDMA_HDRLEN_ERR (git-fixes). - rpm/kernel-binary.spec.in: Add missing export BRP_SIGN_FILES (bsc#1115587) The export line was accidentally dropped at merging scripts branch, which resulted in the invalid module signature. - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1042286 bsc#1108145). - rtc: hctosys: Add missing range error reporting (bnc#1012382). - rtc: snvs: add a missing write sync (bnc#1012382). - rtc: snvs: Add timeouts to avoid kernel lockups (bnc#1012382). - rtnetlink: Disallow FDB configuration for non-Ethernet device (bnc#1012382). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (bnc#1012382). - s390/cpum_cf: Reject request for sampling in event initialization (bnc#1012382). - s390/mm: Check for valid vma before zapping in gmap_discard (bnc#1012382). - s390/mm: Fix ERROR: "__node_distance" undefined! (bnc#1012382). - s390/qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114475, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1114475, LTC#172953). - s390/qeth: fix length check in SNMP processing (bnc#1012382). - s390/qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114475, LTC#172682). - s390/vdso: add missing FORCE to build targets (bnc#1012382). - sbus: char: add of_node_put() (bnc#1012382). - sc16is7xx: Fix for multi-channel stall (bnc#1012382). - sched/cgroup: Fix cgroup entity load tracking tear-down (bnc#1012382). - sched/fair: Fix throttle_list starvation with low CFS quota (bnc#1012382). - sch_red: update backlog as well (bnc#1012382). - scsi: aacraid: Fix typo in blink status (bnc#1012382). - scsi: bfa: convert to strlcpy/strlcat (bnc#1012382 bsc#1019683, ). - scsi: bnx2fc: Fix NULL dereference in error handling (bnc#1012382). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: Create two versions of scsi_internal_device_unblock() (bsc#1119877). - scsi: csiostor: Avoid content leaks and casts (bnc#1012382). - scsi: esp_scsi: Track residual for PIO transfers (bnc#1012382). - scsi: Introduce scsi_start_queue() (bsc#1119877). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1103624, bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (bnc#1012382). - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (bsc#1102660). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bnc#1012382). - scsi: lpfc: devloss timeout race condition caused null pointer reference (bsc#1102660). - scsi: lpfc: Fix abort error path for NVMET (bsc#1102660). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix driver crash when re-registering NVME rports (bsc#1102660). - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102660). - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102660). - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102660). - scsi: lpfc: Fix panic if driver unloaded when port is offline (bsc#1102660). - scsi: lpfc: update driver version to 11.4.0.7-5 (bsc#1102660). - scsi: Make __scsi_remove_device go straight from BLOCKED to DEL (bsc#1119877). - scsi: megaraid_sas: fix a missing-check bug (bnc#1012382). - scsi: Protect SCSI device state changes with a mutex (bsc#1119877). - scsi: qedi: Add ISCSI_BOOT_SYSFS to Kconfig (bsc#1043083). - scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure (bsc#1094973). - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters (bnc#1012382). - scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure (bsc#1094973). - scsi: Re-export scsi_internal_device_{,un}_block() (bsc#1119877). - scsi: Split scsi_internal_device_block() (bsc#1119877). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: ufs: fix bugs related to null pointer access and array size (bnc#1012382). - scsi: ufs: fix race between clock gating and devfreq scaling work (bnc#1012382). - scsi: ufshcd: Fix race between clk scaling and ungate work (bnc#1012382). - scsi: ufshcd: release resources if probe fails (bnc#1012382). - scsi: use 'inquiry_mutex' instead of 'state_mutex' (bsc#1119877). - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload (bnc#1012382). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bnc#1012382). - sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer (bnc#1012382). - sctp: fix race on sctp_id2asoc (bnc#1012382). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (bnc#1012382). - selftests: ftrace: Add synthetic event syntax testcase (bnc#1012382). - selftests: Move networking/timestamping from Documentation (bnc#1012382). - seq_file: fix incomplete reset on read from zero offset (Git-fixes). - ser_gigaset: use container_of() instead of detour (bnc#1012382). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (bnc#1012382). - signal/GenWQE: Fix sending of SIGKILL (bnc#1012382). - smb3: allow stats which track session and share reconnects to be reset (bnc#1012382). - smb3: do not attempt cifs operation in smb3 query info error path (bnc#1012382). - smb3: on kerberos mount if server does not specify auth type use krb5 (bnc#1012382). - smsc75xx: Check for Wake-on-LAN modes (bnc#1012382). - smsc95xx: Check for Wake-on-LAN modes (bnc#1012382). - sock: Make sock->sk_stamp thread-safe (bnc#1012382). - soc/tegra: pmc: Fix child-node lookup (bnc#1012382). - sparc64: Fix exception handling in UltraSPARC-III memcpy (bnc#1012382). - sparc64 mm: Fix more TSB sizing issues (bnc#1012382). - sparc: Fix single-pcr perf event counter management (bnc#1012382). - sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata (bnc#1012382). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bnc#1012382). - spi: bcm2835: Fix book-keeping of DMA termination (bnc#1012382). - spi: bcm2835: Fix race on DMA termination (bnc#1012382). - spi: bcm2835: Unbreak the build of esoteric configs (bnc#1012382). - spi/bcm63xx: fix error return code in bcm63xx_spi_probe() (bnc#1012382). - spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe() (bnc#1012382). - spi: xlp: fix error return code in xlp_spi_probe() (bnc#1012382). - sr9800: Check for supported Wake-on-LAN modes (bnc#1012382). - sr: pass down correctly sized SCSI sense buffer (bnc#1012382). - staging: rts5208: fix gcc-8 logic error warning (bnc#1012382). - staging: speakup: Replace strncpy with memcpy (bnc#1012382). - SUNRPC: correct the computation for page_ptr when truncating (bnc#1012382). - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() (bnc#1012382). - SUNRPC: Fix a bogus get/put in generic_key_to_expire() (bnc#1012382). - SUNRPC: Fix a potential race in xprt_connect() (git-fixes). - SUNRPC: fix cache_head leak due to queued request (bnc#1012382). - SUNRPC: Fix leak of krb5p encode pages (bnc#1012382). - svcrdma: Remove unused variable in rdma_copy_tail() (git-fixes). - swim: fix cleanup on setup error (bnc#1012382). - swiotlb: clean up reporting (bnc#1012382). - sysv: return 'err' instead of 0 in __sysv_write_inode (bnc#1012382). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: fix NULL ref in tail loss probe (bnc#1012382). - TC: Set DMA masks for devices (bnc#1012382). - termios, tty/tty_baudrate.c: fix buffer overrun (bnc#1012382). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (bnc#1012382). - thermal: allow spear-thermal driver to be a module (bnc#1012382). - thermal: allow u8500-thermal driver to be a module (bnc#1012382). - timer/debug: Change /proc/timer_list from 0444 to 0400 (bnc#1012382). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bnc#1012382). - tpm: fix response size validation in tpm_get_random() (bsc#1020645, git-fixes). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bnc#1012382). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix memory leak in set_trigger_filter() (bnc#1012382). - tracing: Fix memory leak of instance function hash filters (bnc#1012382). - tracing: Skip more functions when doing stack tracing of events (bnc#1012382). - tty: check name length in tty_find_polling_driver() (bnc#1012382). - tty: serial: 8250_mtk: always resume the device in probe (bnc#1012382). - tty: serial: sprd: fix error return code in sprd_probe() (bnc#1012382). - tty: wipe buffer (bnc#1012382). - tty: wipe buffer if not echoing data (bnc#1012382). - tun: Consistently configure generic netdev params via rtnetlink (bnc#1012382). - tun: forbid iface creation with rtnl ops (bnc#1012382). - uio: ensure class is registered before devices (bnc#1012382). - uio: Fix an Oops on load (bnc#1012382). - uio: make symbol 'uio_class_registered' static (git-fixes). - um: Avoid longjmp/setjmp symbol clashes with libpthread.a (bnc#1012382). - um: Give start_idle_thread() a return code (bnc#1012382). - unifdef: use memcpy instead of strncpy (bnc#1012382). - Update config files. Enabled ENA (Amazon network driver) for arm64 - Update config files (reenable lost BT_HCIUART_3WIRE). - Update ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bnc#1012382). - usb: appledisplay: Add 27" Apple Cinema Display (bnc#1012382). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bnc#1012382). - usb: check usb_get_extra_descriptor for proper size (bnc#1012382). - usb: chipidea: Prevent unbalanced IRQ disable (bnc#1012382). - usb: core: Fix hub port connection events lost (bnc#1012382). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bnc#1012382). - usb: dwc3: omap: fix error return code in dwc3_omap_probe() (bnc#1012382). - usb: ehci-omap: fix error return code in ehci_hcd_omap_probe() (bnc#1012382). - usb: fix the usbfs flag sanitization for control transfers (bnc#1012382). - usb: gadget: dummy: fix nonsensical comparisons (bnc#1012382). - usb: gadget: storage: Fix Spectre v1 vulnerability (bnc#1012382). - usb: imx21-hcd: fix error return code in imx21_probe() (bnc#1012382). - usb: misc: appledisplay: add 20" Apple Cinema Display (bnc#1012382). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (bnc#1012382). - usb: omap_udc: fix crashes on probe error and module removal (bnc#1012382). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bnc#1012382). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bnc#1012382). - usb: omap_udc: use devm_request_irq() (bnc#1012382). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bnc#1012382). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bnc#1012382). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bnc#1012382). - usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() (bnc#1012382). - usb: serial: option: add Fibocom NL668 series (bnc#1012382). - usb: serial: option: add Fibocom NL678 series (bnc#1012382). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bnc#1012382). - usb: serial: option: add HP lt4132 (bnc#1012382). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bnc#1012382). - usb: serial: option: add Telit LN940 series (bnc#1012382). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bnc#1012382). - usb-storage: fix bogus hardware error messages for ATA pass-thru devices (bnc#1012382). - usb: usb-storage: Add new IDs to ums-realtek (bnc#1012382). - usb: xhci: fix timeout for transition from RExit to U0 (bnc#1012382). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bnc#1012382). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bnc#1012382). - v9fs_dir_readdir: fix double-free on p9stat_read error (bnc#1012382). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vhost: Fix Spectre V1 vulnerability (bnc#1012382). - vhost: make sure used idx is seen before log in vhost_add_used_n() (bnc#1012382). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bnc#1012382). - video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe() (bnc#1012382). - virtio/s390: avoid race on vcdev->config (bnc#1012382). - virtio/s390: fix race in ccw_io_helper() (bnc#1012382). - VSOCK: Send reset control packet when socket is partially bound (bnc#1012382). - vti6: flush x-netns xfrm cache when vti interface is removed (bnc#1012382). - w1: omap-hdq: fix missing bus unregister at removal (bnc#1012382). - x86: boot: Fix EFI stub alignment (bnc#1012382). - x86/boot: #undef memcpy() et al in string.c (bnc#1012382). - x86/build: Fix stack alignment for CLang (bnc#1012382). - x86/build: Specify stack alignment for clang (bnc#1012382). - x86/build: Use __cc-option for boot code compiler options (bnc#1012382). - x86/build: Use cc-option to validate stack alignment parameter (bnc#1012382). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bnc#1012382). - x86/earlyprintk/efi: Fix infinite loop on some screen widths (bnc#1012382). - x86/entry: spell EBX register correctly in documentation (bnc#1012382). - x86/kbuild: Use cc-option to enable -falign-{jumps/loops} (bnc#1012382). - x86/kconfig: Fall back to ticket spinlocks (bnc#1012382). - x86/MCE: Export memory_error() (bsc#1114648). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114648). - x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang incompatibility (bnc#1012382). - x86/mm/pat: Prevent hang during boot when mapping pages (bnc#1012382). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bnc#1012382). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP (bnc#1012382). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1012382). - xen: fix xen_qlock_wait() (bnc#1012382). - xen: make xen_qlock_wait() nestable (bnc#1012382). - xen/netback: dont overflow meta array (bnc#1099523). - xen/netfront: tolerate frags with no data (bnc#1012382). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1012382). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xen: xlate_mmu: add missing header to fix 'W=1' warning (bnc#1012382). - xfrm6: call kfree_skb when skb is toobig (bnc#1012382). - xfrm: Clear sk_dst_cache when applying per-socket policy (bnc#1012382). - xfrm: Fix bucket count reported to userspace (bnc#1012382). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfrm: Validate address prefix lengths in the xfrm selector (bnc#1012382). - xfrm: validate template mode (bnc#1012382). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs/dmapi: restore event in xfs_getbmap (bsc#1114763). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bnc#1012382). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bnc#1012382). - xprtrdma: checking for NULL instead of IS_ERR() (git-fixes). - xprtrdma: Disable pad optimization by default (git-fixes). - xprtrdma: Disable RPC/RDMA backchannel debugging messages (git-fixes). - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock) (git-fixes). - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps (git-fixes). - xprtrdma: Fix Read chunk padding (git-fixes). - xprtrdma: Fix receive buffer accounting (git-fixes). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len (git-fixes). - xprtrdma: Serialize credit accounting again (git-fixes). - xprtrdma: xprt_rdma_free() must not release backchannel reqs (git-fixes). - xtensa: add NOTES section to the linker script (bnc#1012382). - xtensa: enable coprocessors that are being flushed (bnc#1012382). - xtensa: fix boot parameters address translation (bnc#1012382). - xtensa: fix coprocessor context offset definitions (bnc#1012382). - xtensa: make sure bFLT stack is 16 byte aligned (bnc#1012382). - zram: close udev startup race condition as default groups (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP3: zypper in -t patch SUSE-SLE-RT-12-SP3-2019-320=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch): kernel-devel-rt-4.4.170-3.32.1 kernel-source-rt-4.4.170-3.32.1 - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64): cluster-md-kmp-rt-4.4.170-3.32.2 cluster-md-kmp-rt-debuginfo-4.4.170-3.32.2 dlm-kmp-rt-4.4.170-3.32.2 dlm-kmp-rt-debuginfo-4.4.170-3.32.2 gfs2-kmp-rt-4.4.170-3.32.2 gfs2-kmp-rt-debuginfo-4.4.170-3.32.2 kernel-rt-4.4.170-3.32.2 kernel-rt-base-4.4.170-3.32.2 kernel-rt-base-debuginfo-4.4.170-3.32.2 kernel-rt-debuginfo-4.4.170-3.32.2 kernel-rt-debugsource-4.4.170-3.32.2 kernel-rt-devel-4.4.170-3.32.2 kernel-rt_debug-debuginfo-4.4.170-3.32.2 kernel-rt_debug-debugsource-4.4.170-3.32.2 kernel-rt_debug-devel-4.4.170-3.32.2 kernel-rt_debug-devel-debuginfo-4.4.170-3.32.2 kernel-syms-rt-4.4.170-3.32.1 ocfs2-kmp-rt-4.4.170-3.32.2 ocfs2-kmp-rt-debuginfo-4.4.170-3.32.2 References: https://www.suse.com/security/cve/CVE-2017-16939.html https://www.suse.com/security/cve/CVE-2018-1120.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1015336 https://bugzilla.suse.com/1015337 https://bugzilla.suse.com/1015340 https://bugzilla.suse.com/1019683 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1027260 https://bugzilla.suse.com/1027457 https://bugzilla.suse.com/1031492 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1043083 https://bugzilla.suse.com/1046264 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1048916 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1069702 https://bugzilla.suse.com/1070805 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1086423 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1092100 https://bugzilla.suse.com/1093158 https://bugzilla.suse.com/1093641 https://bugzilla.suse.com/1093649 https://bugzilla.suse.com/1093653 https://bugzilla.suse.com/1093655 https://bugzilla.suse.com/1093657 https://bugzilla.suse.com/1093663 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094973 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1099523 https://bugzilla.suse.com/1100105 https://bugzilla.suse.com/1101557 https://bugzilla.suse.com/1102439 https://bugzilla.suse.com/1102660 https://bugzilla.suse.com/1103156 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1103624 https://bugzilla.suse.com/1104098 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1108145 https://bugzilla.suse.com/1108240 https://bugzilla.suse.com/1109168 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1110286 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111174 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1112246 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1113766 https://bugzilla.suse.com/1114190 https://bugzilla.suse.com/1114417 https://bugzilla.suse.com/1114475 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114763 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115482 https://bugzilla.suse.com/1115587 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1116027 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116285 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116345 https://bugzilla.suse.com/1116497 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1116924 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1116962 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117562 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118316 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118790 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118915 https://bugzilla.suse.com/1118922 https://bugzilla.suse.com/1118926 https://bugzilla.suse.com/1118930 https://bugzilla.suse.com/1118936 https://bugzilla.suse.com/1119204 https://bugzilla.suse.com/1119445 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119877 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119967 https://bugzilla.suse.com/1119970 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120260 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120950 https://bugzilla.suse.com/1121239 https://bugzilla.suse.com/1121240 https://bugzilla.suse.com/1121241 https://bugzilla.suse.com/1121242 https://bugzilla.suse.com/1121275 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/985031 From sle-updates at lists.suse.com Mon Feb 11 13:26:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Feb 2019 21:26:57 +0100 (CET) Subject: SUSE-RU-2019:0315-1: moderate: Recommended update for yast2-cluster Message-ID: <20190211202657.8EBB0FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0315-1 Rating: moderate References: #1120815 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cluster fixes the following issues: - Adds support for hostnames in ring address (bsc#1120815) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-315=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): yast2-cluster-3.4.0-2.6.1 References: https://bugzilla.suse.com/1120815 From sle-updates at lists.suse.com Mon Feb 11 13:27:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Feb 2019 21:27:28 +0100 (CET) Subject: SUSE-RU-2019:0316-1: moderate: Recommended update for pcp Message-ID: <20190211202728.0C7AFFCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for pcp ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0316-1 Rating: moderate References: #1092160 #1121920 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pcp fixes the following issues: - Now provides: missing PMDA binaries. (bsc#1121920) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-316=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-316=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): pcp-debuginfo-3.11.9-5.3.1 pcp-debugsource-3.11.9-5.3.1 pcp-export-pcp2graphite-3.11.9-5.3.1 pcp-export-pcp2influxdb-3.11.9-5.3.1 pcp-export-zabbix-agent-3.11.9-5.3.1 pcp-export-zabbix-agent-debuginfo-3.11.9-5.3.1 pcp-gui-3.11.9-5.3.1 pcp-gui-debuginfo-3.11.9-5.3.1 pcp-import-collectl2pcp-3.11.9-5.3.1 pcp-import-collectl2pcp-debuginfo-3.11.9-5.3.1 pcp-import-ganglia2pcp-3.11.9-5.3.1 pcp-manager-3.11.9-5.3.1 pcp-manager-debuginfo-3.11.9-5.3.1 pcp-pmda-activemq-3.11.9-5.3.1 pcp-pmda-apache-3.11.9-5.3.1 pcp-pmda-apache-debuginfo-3.11.9-5.3.1 pcp-pmda-bash-3.11.9-5.3.1 pcp-pmda-bash-debuginfo-3.11.9-5.3.1 pcp-pmda-bind2-3.11.9-5.3.1 pcp-pmda-bonding-3.11.9-5.3.1 pcp-pmda-cifs-3.11.9-5.3.1 pcp-pmda-cifs-debuginfo-3.11.9-5.3.1 pcp-pmda-cisco-3.11.9-5.3.1 pcp-pmda-cisco-debuginfo-3.11.9-5.3.1 pcp-pmda-dbping-3.11.9-5.3.1 pcp-pmda-dm-3.11.9-5.3.1 pcp-pmda-dm-debuginfo-3.11.9-5.3.1 pcp-pmda-docker-3.11.9-5.3.1 pcp-pmda-docker-debuginfo-3.11.9-5.3.1 pcp-pmda-ds389-3.11.9-5.3.1 pcp-pmda-ds389log-3.11.9-5.3.1 pcp-pmda-elasticsearch-3.11.9-5.3.1 pcp-pmda-gfs2-3.11.9-5.3.1 pcp-pmda-gfs2-debuginfo-3.11.9-5.3.1 pcp-pmda-gluster-3.11.9-5.3.1 pcp-pmda-gpfs-3.11.9-5.3.1 pcp-pmda-gpsd-3.11.9-5.3.1 pcp-pmda-json-3.11.9-5.3.1 pcp-pmda-kvm-3.11.9-5.3.1 pcp-pmda-lmsensors-3.11.9-5.3.1 pcp-pmda-lmsensors-debuginfo-3.11.9-5.3.1 pcp-pmda-logger-3.11.9-5.3.1 pcp-pmda-logger-debuginfo-3.11.9-5.3.1 pcp-pmda-lustre-3.11.9-5.3.1 pcp-pmda-lustrecomm-3.11.9-5.3.1 pcp-pmda-lustrecomm-debuginfo-3.11.9-5.3.1 pcp-pmda-mailq-3.11.9-5.3.1 pcp-pmda-mailq-debuginfo-3.11.9-5.3.1 pcp-pmda-memcache-3.11.9-5.3.1 pcp-pmda-mic-3.11.9-5.3.1 pcp-pmda-mounts-3.11.9-5.3.1 pcp-pmda-mounts-debuginfo-3.11.9-5.3.1 pcp-pmda-mysql-3.11.9-5.3.1 pcp-pmda-named-3.11.9-5.3.1 pcp-pmda-netfilter-3.11.9-5.3.1 pcp-pmda-news-3.11.9-5.3.1 pcp-pmda-nfsclient-3.11.9-5.3.1 pcp-pmda-nginx-3.11.9-5.3.1 pcp-pmda-nutcracker-3.11.9-5.3.1 pcp-pmda-nvidia-gpu-3.11.9-5.3.1 pcp-pmda-nvidia-gpu-debuginfo-3.11.9-5.3.1 pcp-pmda-oracle-3.11.9-5.3.1 pcp-pmda-pdns-3.11.9-5.3.1 pcp-pmda-postfix-3.11.9-5.3.1 pcp-pmda-postgresql-3.11.9-5.3.1 pcp-pmda-redis-3.11.9-5.3.1 pcp-pmda-roomtemp-3.11.9-5.3.1 pcp-pmda-roomtemp-debuginfo-3.11.9-5.3.1 pcp-pmda-rpm-3.11.9-5.3.1 pcp-pmda-rpm-debuginfo-3.11.9-5.3.1 pcp-pmda-rsyslog-3.11.9-5.3.1 pcp-pmda-samba-3.11.9-5.3.1 pcp-pmda-sendmail-3.11.9-5.3.1 pcp-pmda-sendmail-debuginfo-3.11.9-5.3.1 pcp-pmda-shping-3.11.9-5.3.1 pcp-pmda-shping-debuginfo-3.11.9-5.3.1 pcp-pmda-slurm-3.11.9-5.3.1 pcp-pmda-snmp-3.11.9-5.3.1 pcp-pmda-summary-3.11.9-5.3.1 pcp-pmda-summary-debuginfo-3.11.9-5.3.1 pcp-pmda-systemd-3.11.9-5.3.1 pcp-pmda-systemd-debuginfo-3.11.9-5.3.1 pcp-pmda-trace-3.11.9-5.3.1 pcp-pmda-trace-debuginfo-3.11.9-5.3.1 pcp-pmda-unbound-3.11.9-5.3.1 pcp-pmda-vmware-3.11.9-5.3.1 pcp-pmda-weblog-3.11.9-5.3.1 pcp-pmda-weblog-debuginfo-3.11.9-5.3.1 pcp-pmda-zimbra-3.11.9-5.3.1 pcp-pmda-zswap-3.11.9-5.3.1 pcp-system-tools-3.11.9-5.3.1 pcp-system-tools-debuginfo-3.11.9-5.3.1 pcp-testsuite-3.11.9-5.3.1 pcp-testsuite-debuginfo-3.11.9-5.3.1 pcp-webapi-3.11.9-5.3.1 pcp-webapi-debuginfo-3.11.9-5.3.1 python3-pcp-3.11.9-5.3.1 python3-pcp-debuginfo-3.11.9-5.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): libpcp-devel-3.11.9-5.3.1 libpcp3-3.11.9-5.3.1 libpcp3-debuginfo-3.11.9-5.3.1 libpcp_gui2-3.11.9-5.3.1 libpcp_gui2-debuginfo-3.11.9-5.3.1 libpcp_import1-3.11.9-5.3.1 libpcp_import1-debuginfo-3.11.9-5.3.1 libpcp_mmv1-3.11.9-5.3.1 libpcp_mmv1-debuginfo-3.11.9-5.3.1 libpcp_trace2-3.11.9-5.3.1 libpcp_trace2-debuginfo-3.11.9-5.3.1 libpcp_web1-3.11.9-5.3.1 libpcp_web1-debuginfo-3.11.9-5.3.1 pcp-3.11.9-5.3.1 pcp-conf-3.11.9-5.3.1 pcp-debuginfo-3.11.9-5.3.1 pcp-debugsource-3.11.9-5.3.1 pcp-devel-3.11.9-5.3.1 pcp-devel-debuginfo-3.11.9-5.3.1 pcp-import-iostat2pcp-3.11.9-5.3.1 pcp-import-mrtg2pcp-3.11.9-5.3.1 pcp-import-sar2pcp-3.11.9-5.3.1 perl-PCP-LogImport-3.11.9-5.3.1 perl-PCP-LogImport-debuginfo-3.11.9-5.3.1 perl-PCP-LogSummary-3.11.9-5.3.1 perl-PCP-MMV-3.11.9-5.3.1 perl-PCP-MMV-debuginfo-3.11.9-5.3.1 perl-PCP-PMDA-3.11.9-5.3.1 perl-PCP-PMDA-debuginfo-3.11.9-5.3.1 python-pcp-3.11.9-5.3.1 python-pcp-debuginfo-3.11.9-5.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): pcp-doc-3.11.9-5.3.1 References: https://bugzilla.suse.com/1092160 https://bugzilla.suse.com/1121920 From sle-updates at lists.suse.com Mon Feb 11 13:28:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Feb 2019 21:28:05 +0100 (CET) Subject: SUSE-RU-2019:0319-1: moderate: Recommended update for python-kiwi Message-ID: <20190211202805.B324EFCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0319-1 Rating: moderate References: #1110871 #1119792 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-kiwi provides the following fixes: - Rebuild auto generated code with stable generateDS. For some reason the xml_parse code generated by generateDS v2.29.24 caused warnings on simple type XSD patterns. Therefore the code was rebuilt with the stable build version v2.29.14 which fixed the issue. (bsc#1119792) - Add Codec utils for bytes literals decoding. In case of a literal decoding failure it tries to decode the result in utf-8. This is handy in python2 environments where python and the host might be using different charset configurations. In python3 this issue seems to be solved. (bsc#1110871) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-319=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-319=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-kiwi-debugsource-9.16.19-3.10.2 python2-kiwi-9.16.19-3.10.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.16.19-3.10.2 dracut-kiwi-live-9.16.19-3.10.2 dracut-kiwi-oem-dump-9.16.19-3.10.2 dracut-kiwi-oem-repart-9.16.19-3.10.2 dracut-kiwi-overlay-9.16.19-3.10.2 kiwi-man-pages-9.16.19-3.10.2 kiwi-tools-9.16.19-3.10.2 kiwi-tools-debuginfo-9.16.19-3.10.2 python-kiwi-debugsource-9.16.19-3.10.2 python3-kiwi-9.16.19-3.10.2 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): kiwi-pxeboot-9.16.19-3.10.2 References: https://bugzilla.suse.com/1110871 https://bugzilla.suse.com/1119792 From sle-updates at lists.suse.com Mon Feb 11 13:28:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Feb 2019 21:28:43 +0100 (CET) Subject: SUSE-RU-2019:0317-1: moderate: Recommended update for sendmail Message-ID: <20190211202843.48A9EFCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for sendmail ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0317-1 Rating: moderate References: #1116675 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sendmail addresses the following issues: - Fixes an issue with symlink creation on package installation. In order for the wrong symlink to be removed, the service needs to be disabled and re-enabled. (bsc#1116675) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-317=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-317=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-317=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): rmail-8.15.2-8.3.1 rmail-debuginfo-8.15.2-8.3.1 sendmail-debuginfo-8.15.2-8.3.1 sendmail-debugsource-8.15.2-8.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): rmail-8.15.2-8.3.1 rmail-debuginfo-8.15.2-8.3.1 sendmail-8.15.2-8.3.1 sendmail-debuginfo-8.15.2-8.3.1 sendmail-debugsource-8.15.2-8.3.1 sendmail-devel-8.15.2-8.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): libmilter-doc-8.15.2-8.3.1 sendmail-starttls-8.15.2-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libmilter1_0-8.15.2-8.3.1 libmilter1_0-debuginfo-8.15.2-8.3.1 sendmail-debuginfo-8.15.2-8.3.1 sendmail-debugsource-8.15.2-8.3.1 References: https://bugzilla.suse.com/1116675 From sle-updates at lists.suse.com Mon Feb 11 13:29:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Feb 2019 21:29:14 +0100 (CET) Subject: SUSE-SU-2019:0326-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12) Message-ID: <20190211202914.BA5A8FCB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 34 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0326-1 Rating: important References: #1119947 Cross-References: CVE-2018-16884 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.61-52_128 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-321=1 SUSE-SLE-SERVER-12-2019-322=1 SUSE-SLE-SERVER-12-2019-323=1 SUSE-SLE-SERVER-12-2019-324=1 SUSE-SLE-SERVER-12-2019-325=1 SUSE-SLE-SERVER-12-2019-326=1 SUSE-SLE-SERVER-12-2019-327=1 SUSE-SLE-SERVER-12-2019-328=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_119-default-12-2.1 kgraft-patch-3_12_61-52_119-xen-12-2.1 kgraft-patch-3_12_61-52_122-default-12-2.1 kgraft-patch-3_12_61-52_122-xen-12-2.1 kgraft-patch-3_12_61-52_125-default-11-2.1 kgraft-patch-3_12_61-52_125-xen-11-2.1 kgraft-patch-3_12_61-52_128-default-9-2.1 kgraft-patch-3_12_61-52_128-xen-9-2.1 kgraft-patch-3_12_61-52_133-default-8-2.1 kgraft-patch-3_12_61-52_133-xen-8-2.1 kgraft-patch-3_12_61-52_136-default-8-2.1 kgraft-patch-3_12_61-52_136-xen-8-2.1 kgraft-patch-3_12_61-52_141-default-7-2.1 kgraft-patch-3_12_61-52_141-xen-7-2.1 kgraft-patch-3_12_61-52_146-default-5-2.1 kgraft-patch-3_12_61-52_146-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2018-16884.html https://bugzilla.suse.com/1119947 From sle-updates at lists.suse.com Mon Feb 11 13:29:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Feb 2019 21:29:44 +0100 (CET) Subject: SUSE-RU-2019:0318-1: moderate: Recommended update for python-kiwi Message-ID: <20190211202944.8DE1BFCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0318-1 Rating: moderate References: #1119792 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi provides the following fix: - Rebuild auto generated code with stable generateDS. For some reason the xml_parse code generated by generateDS v2.29.24 caused warnings on simple type XSD patterns. Therefore the code was rebuilt with the stable build version v2.29.14 which fixed the issue. (bsc#1119792) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-318=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-318=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-318=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kiwi-pxeboot-9.16.19-3.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kiwi-man-pages-9.16.19-3.6.1 kiwi-tools-9.16.19-3.6.1 kiwi-tools-debuginfo-9.16.19-3.6.1 python-kiwi-debugsource-9.16.19-3.6.1 python2-kiwi-9.16.19-3.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kiwi-tools-9.16.19-3.6.1 kiwi-tools-debuginfo-9.16.19-3.6.1 python-kiwi-debugsource-9.16.19-3.6.1 References: https://bugzilla.suse.com/1119792 From sle-updates at lists.suse.com Tue Feb 12 04:10:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2019 12:10:29 +0100 (CET) Subject: SUSE-SU-2019:0330-1: important: Security update for etcd Message-ID: <20190212111029.6E249FCB4@maintenance.suse.de> SUSE Security Update: Security update for etcd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0330-1 Rating: important References: #1095184 #1118897 #1121850 Cross-References: CVE-2018-16873 CVE-2018-16886 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for etcd to version 3.3.11 fixes the following issues: Security vulnerabilities addressed: - CVE-2018-16886: Fixed an improper authentication issue when role-based access control (RBAC) was used and client-cert-auth were enabled. This allowed an remote attacker to authenticate as user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. (bsc#1121850) - CVE-2018-16873: Fixed an issue with the go get command, which allowed for remote code execution when being executed with the -u flag (bsc#1118897) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): etcd-3.3.11-3.6.1 etcdctl-3.3.11-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16886.html https://bugzilla.suse.com/1095184 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1121850 From sle-updates at lists.suse.com Tue Feb 12 07:09:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2019 15:09:43 +0100 (CET) Subject: SUSE-RU-2019:0331-1: moderate: Recommended update for ardana-db Message-ID: <20190212140943.77540FCB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ardana-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0331-1 Rating: moderate References: #1116686 Affected Products: SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ardana-db fixes the following issues: - mariadb: Set wsrep_sst_method to mariabackup (bsc#1116686) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-331=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-331=1 Package List: - SUSE OpenStack Cloud 8 (noarch): ardana-db-8.0+git.1548240045.eca685c-3.19.1 - HPE Helion Openstack 8 (noarch): ardana-db-8.0+git.1548240045.eca685c-3.19.1 References: https://bugzilla.suse.com/1116686 From sle-updates at lists.suse.com Tue Feb 12 10:08:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2019 18:08:57 +0100 (CET) Subject: SUSE-SU-2019:13951-1: important: Security update for python-numpy Message-ID: <20190212170857.3D43FFCB4@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13951-1 Rating: important References: #1122208 Cross-References: CVE-2019-6446 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-python-numpy-13951=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-python-numpy-13951=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-python-numpy-13951=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-numpy-devel-1.8.0-6.4.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-numpy-1.8.0-6.4.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): python-numpy-debuginfo-1.8.0-6.4.1 python-numpy-debugsource-1.8.0-6.4.1 References: https://www.suse.com/security/cve/CVE-2019-6446.html https://bugzilla.suse.com/1122208 From sle-updates at lists.suse.com Tue Feb 12 10:09:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2019 18:09:31 +0100 (CET) Subject: SUSE-SU-2019:0333-1: moderate: Security update for php7 Message-ID: <20190212170931.CAEABFCB4@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0333-1 Rating: moderate References: #1118832 #1123354 #1123522 Cross-References: CVE-2018-19935 CVE-2019-6977 CVE-2019-6978 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). - CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-333=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-333=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-333=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.63.1 php7-debugsource-7.0.7-50.63.1 php7-devel-7.0.7-50.63.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.63.1 php7-debugsource-7.0.7-50.63.1 php7-devel-7.0.7-50.63.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.63.1 apache2-mod_php7-debuginfo-7.0.7-50.63.1 php7-7.0.7-50.63.1 php7-bcmath-7.0.7-50.63.1 php7-bcmath-debuginfo-7.0.7-50.63.1 php7-bz2-7.0.7-50.63.1 php7-bz2-debuginfo-7.0.7-50.63.1 php7-calendar-7.0.7-50.63.1 php7-calendar-debuginfo-7.0.7-50.63.1 php7-ctype-7.0.7-50.63.1 php7-ctype-debuginfo-7.0.7-50.63.1 php7-curl-7.0.7-50.63.1 php7-curl-debuginfo-7.0.7-50.63.1 php7-dba-7.0.7-50.63.1 php7-dba-debuginfo-7.0.7-50.63.1 php7-debuginfo-7.0.7-50.63.1 php7-debugsource-7.0.7-50.63.1 php7-dom-7.0.7-50.63.1 php7-dom-debuginfo-7.0.7-50.63.1 php7-enchant-7.0.7-50.63.1 php7-enchant-debuginfo-7.0.7-50.63.1 php7-exif-7.0.7-50.63.1 php7-exif-debuginfo-7.0.7-50.63.1 php7-fastcgi-7.0.7-50.63.1 php7-fastcgi-debuginfo-7.0.7-50.63.1 php7-fileinfo-7.0.7-50.63.1 php7-fileinfo-debuginfo-7.0.7-50.63.1 php7-fpm-7.0.7-50.63.1 php7-fpm-debuginfo-7.0.7-50.63.1 php7-ftp-7.0.7-50.63.1 php7-ftp-debuginfo-7.0.7-50.63.1 php7-gd-7.0.7-50.63.1 php7-gd-debuginfo-7.0.7-50.63.1 php7-gettext-7.0.7-50.63.1 php7-gettext-debuginfo-7.0.7-50.63.1 php7-gmp-7.0.7-50.63.1 php7-gmp-debuginfo-7.0.7-50.63.1 php7-iconv-7.0.7-50.63.1 php7-iconv-debuginfo-7.0.7-50.63.1 php7-imap-7.0.7-50.63.1 php7-imap-debuginfo-7.0.7-50.63.1 php7-intl-7.0.7-50.63.1 php7-intl-debuginfo-7.0.7-50.63.1 php7-json-7.0.7-50.63.1 php7-json-debuginfo-7.0.7-50.63.1 php7-ldap-7.0.7-50.63.1 php7-ldap-debuginfo-7.0.7-50.63.1 php7-mbstring-7.0.7-50.63.1 php7-mbstring-debuginfo-7.0.7-50.63.1 php7-mcrypt-7.0.7-50.63.1 php7-mcrypt-debuginfo-7.0.7-50.63.1 php7-mysql-7.0.7-50.63.1 php7-mysql-debuginfo-7.0.7-50.63.1 php7-odbc-7.0.7-50.63.1 php7-odbc-debuginfo-7.0.7-50.63.1 php7-opcache-7.0.7-50.63.1 php7-opcache-debuginfo-7.0.7-50.63.1 php7-openssl-7.0.7-50.63.1 php7-openssl-debuginfo-7.0.7-50.63.1 php7-pcntl-7.0.7-50.63.1 php7-pcntl-debuginfo-7.0.7-50.63.1 php7-pdo-7.0.7-50.63.1 php7-pdo-debuginfo-7.0.7-50.63.1 php7-pgsql-7.0.7-50.63.1 php7-pgsql-debuginfo-7.0.7-50.63.1 php7-phar-7.0.7-50.63.1 php7-phar-debuginfo-7.0.7-50.63.1 php7-posix-7.0.7-50.63.1 php7-posix-debuginfo-7.0.7-50.63.1 php7-pspell-7.0.7-50.63.1 php7-pspell-debuginfo-7.0.7-50.63.1 php7-shmop-7.0.7-50.63.1 php7-shmop-debuginfo-7.0.7-50.63.1 php7-snmp-7.0.7-50.63.1 php7-snmp-debuginfo-7.0.7-50.63.1 php7-soap-7.0.7-50.63.1 php7-soap-debuginfo-7.0.7-50.63.1 php7-sockets-7.0.7-50.63.1 php7-sockets-debuginfo-7.0.7-50.63.1 php7-sqlite-7.0.7-50.63.1 php7-sqlite-debuginfo-7.0.7-50.63.1 php7-sysvmsg-7.0.7-50.63.1 php7-sysvmsg-debuginfo-7.0.7-50.63.1 php7-sysvsem-7.0.7-50.63.1 php7-sysvsem-debuginfo-7.0.7-50.63.1 php7-sysvshm-7.0.7-50.63.1 php7-sysvshm-debuginfo-7.0.7-50.63.1 php7-tokenizer-7.0.7-50.63.1 php7-tokenizer-debuginfo-7.0.7-50.63.1 php7-wddx-7.0.7-50.63.1 php7-wddx-debuginfo-7.0.7-50.63.1 php7-xmlreader-7.0.7-50.63.1 php7-xmlreader-debuginfo-7.0.7-50.63.1 php7-xmlrpc-7.0.7-50.63.1 php7-xmlrpc-debuginfo-7.0.7-50.63.1 php7-xmlwriter-7.0.7-50.63.1 php7-xmlwriter-debuginfo-7.0.7-50.63.1 php7-xsl-7.0.7-50.63.1 php7-xsl-debuginfo-7.0.7-50.63.1 php7-zip-7.0.7-50.63.1 php7-zip-debuginfo-7.0.7-50.63.1 php7-zlib-7.0.7-50.63.1 php7-zlib-debuginfo-7.0.7-50.63.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.63.1 php7-pear-Archive_Tar-7.0.7-50.63.1 References: https://www.suse.com/security/cve/CVE-2018-19935.html https://www.suse.com/security/cve/CVE-2019-6977.html https://www.suse.com/security/cve/CVE-2019-6978.html https://bugzilla.suse.com/1118832 https://bugzilla.suse.com/1123354 https://bugzilla.suse.com/1123522 From sle-updates at lists.suse.com Tue Feb 12 10:10:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2019 18:10:19 +0100 (CET) Subject: SUSE-SU-2019:0334-1: important: Security update for nginx Message-ID: <20190212171019.2ECB4FCB4@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0334-1 Rating: important References: #1115015 #1115022 #1115025 Cross-References: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nginx to version 1.14.2 fixes the following issues: Security vulnerabilities addressed: - CVE-2018-16843 CVE-2018-16844: Fixed an issue whereby a client using HTTP/2 might cause excessive memory consumption and CPU usage (bsc#1115025 bsc#1115022). - CVE-2018-16845: Fixed an issue which might result in worker process memory disclosure whne processing of a specially crafted mp4 file with the ngx_http_mp4_module (bsc#1115015). Other bug fixes and changes made: - Fixed an issue with handling of client addresses when using unix domain listen sockets to work with datagrams on Linux. - The logging level of the "http request", "https proxy request", "unsupported protocol", "version too low", "no suitable key share", and "no suitable signature algorithm" SSL errors has been lowered from "crit" to "info". - Fixed an issue with using OpenSSL 1.1.0 or newer it was not possible to switch off "ssl_prefer_server_ciphers" in a virtual server if it was switched on in the default server. - Fixed an issue with TLS 1.3 always being enabled when built with OpenSSL 1.1.0 and used with 1.1.1 - Fixed an issue with sending a disk-buffered request body to a gRPC backend - Fixed an issue with connections of some gRPC backends might not be cached when using the "keepalive" directive. - Fixed a segmentation fault, which might occur in a worker process if the ngx_http_mp4_module was used on 32-bit platforms. - Fixed an issue, whereby working with gRPC backends might result in excessive memory consumption. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-334=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-334=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): nginx-1.14.2-3.3.1 nginx-debuginfo-1.14.2-3.3.1 nginx-debugsource-1.14.2-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): vim-plugin-nginx-1.14.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-16843.html https://www.suse.com/security/cve/CVE-2018-16844.html https://www.suse.com/security/cve/CVE-2018-16845.html https://bugzilla.suse.com/1115015 https://bugzilla.suse.com/1115022 https://bugzilla.suse.com/1115025 From sle-updates at lists.suse.com Tue Feb 12 10:11:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2019 18:11:11 +0100 (CET) Subject: SUSE-SU-2019:13952-1: critical: Security update for LibVNCServer Message-ID: <20190212171111.7AE04FCB4@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13952-1 Rating: critical References: #1123823 #1123828 #1123832 Cross-References: CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-LibVNCServer-13952=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-LibVNCServer-13952=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-LibVNCServer-13952=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-LibVNCServer-13952=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-LibVNCServer-13952=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-devel-0.9.1-160.9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-0.9.1-160.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): LibVNCServer-0.9.1-160.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-debuginfo-0.9.1-160.9.1 LibVNCServer-debugsource-0.9.1-160.9.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): LibVNCServer-debuginfo-0.9.1-160.9.1 LibVNCServer-debugsource-0.9.1-160.9.1 References: https://www.suse.com/security/cve/CVE-2018-20748.html https://www.suse.com/security/cve/CVE-2018-20749.html https://www.suse.com/security/cve/CVE-2018-20750.html https://bugzilla.suse.com/1123823 https://bugzilla.suse.com/1123828 https://bugzilla.suse.com/1123832 From sle-updates at lists.suse.com Tue Feb 12 10:12:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2019 18:12:06 +0100 (CET) Subject: SUSE-SU-2019:0336-1: important: Security update for MozillaFirefox Message-ID: <20190212171206.3B8E7FCB4@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0336-1 Rating: important References: #1120374 #1122983 Cross-References: CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Security issues fixed: CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-336=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-336=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-336=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-336=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-336=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-336=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-336=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-336=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-336=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-336=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-336=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-336=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-336=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-devel-3.41.1-58.25.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-devel-3.41.1-58.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-devel-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-devel-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE CaaS Platform ALL (x86_64): libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 - SUSE CaaS Platform 3.0 (x86_64): libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 References: https://www.suse.com/security/cve/CVE-2018-18500.html https://www.suse.com/security/cve/CVE-2018-18501.html https://www.suse.com/security/cve/CVE-2018-18505.html https://bugzilla.suse.com/1120374 https://bugzilla.suse.com/1122983 From sle-updates at lists.suse.com Tue Feb 12 13:08:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2019 21:08:36 +0100 (CET) Subject: SUSE-SU-2019:0337-1: important: Security update for runc Message-ID: <20190212200836.C1ADAFDF3@maintenance.suse.de> SUSE Security Update: Security update for runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0337-1 Rating: important References: #1121967 Cross-References: CVE-2019-5736 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for runc fixes the following issues: Security issue fixed: - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): runc-1.0.0~rc5-3.6.1 runc-debuginfo-1.0.0~rc5-3.6.1 runc-debugsource-1.0.0~rc5-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-5736.html https://bugzilla.suse.com/1121967 From sle-updates at lists.suse.com Tue Feb 12 13:09:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Feb 2019 21:09:08 +0100 (CET) Subject: SUSE-SU-2019:0338-1: important: Security update for MozillaThunderbird Message-ID: <20190212200908.9BCF7FDF2@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0338-1 Rating: important References: #1119105 #1122983 Cross-References: CVE-2016-5824 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaThunderbird to version 60.5 fixes the following issues: Security vulnerabilities addressed (MSFA 2019-03 MSFA 2018-31 bsc#1122983 bsc#1119105): * CVE-2018-18500: Use-after-free parsing HTML5 stream * CVE-2018-18505: Privilege escalation through IPC channel messages * CVE-2016-5824 DoS (use-after-free) via a crafted ics file * CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 * CVE-2018-18492: Use-after-free with select element * CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia * CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs * CVE-2018-18498: Integer overflow when calculating buffer sizes for images * CVE-2018-12405: Memory safety bugs fixed in Firefox 64, 60.4, and Thunderbird 60.4 Other bug fixes and changes: * FileLink provider WeTransfer to upload large attachments * Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user interface: [+] button to select a file an add, [-] to remove. * More search engines: Google and DuckDuckGo available by default in some locales * During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol. * Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on * New WebExtensions FileLink API to facilitate add-ons * Fix decoding problems for messages with less common charsets (cp932, cp936) * New messages in the drafts folder (and other special or virtual folders) will no longer be included in the new messages notification * Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db, cert9.db). * Address book search and auto-complete slowness * Plain text markup with * for bold, / for italics, _ for underline and | for code did not work when the enclosed text contained non-ASCII characters * While composing a message, a link not removed when link location was removed in the link properties panel * Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding * If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was displayed. Now using date from "Received" header instead. * Body search/filtering didn't reliably ignore content of tags * Inappropriate warning "Thunderbird prevented the site (addons.thunderbird.net) from asking you to install software on your computer" when installing add-ons * Incorrect display of correspondents column since own email address was not always detected * Spurious (encoded newline) inserted into drafts and sent email * Double-clicking on a word in the Write window sometimes launched the Advanced Property Editor or Link Properties dialog * Fixe Cookie removal * "Download rest of message" was not working if global inbox was used * Fix Encoding problems for users (especially in Poland) when a file was sent via a folder using "Sent to > Mail recipient" due to a problem in the Thunderbird MAPI interface * According to RFC 4616 and RFC 5721, passwords containing non-ASCII characters are encoded using UTF-8 which can lead to problems with non-compliant providers, for example office365.com. The SMTP LOGIN and POP3 USER/PASS authentication methods are now using a Latin-1 encoding again to work around this issue * Fix shutdown crash/hang after entering an empty IMAP password Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-338=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.5.0-3.20.2 MozillaThunderbird-debuginfo-60.5.0-3.20.2 MozillaThunderbird-debugsource-60.5.0-3.20.2 MozillaThunderbird-translations-common-60.5.0-3.20.2 MozillaThunderbird-translations-other-60.5.0-3.20.2 References: https://www.suse.com/security/cve/CVE-2016-5824.html https://www.suse.com/security/cve/CVE-2018-12405.html https://www.suse.com/security/cve/CVE-2018-17466.html https://www.suse.com/security/cve/CVE-2018-18492.html https://www.suse.com/security/cve/CVE-2018-18493.html https://www.suse.com/security/cve/CVE-2018-18494.html https://www.suse.com/security/cve/CVE-2018-18498.html https://www.suse.com/security/cve/CVE-2018-18500.html https://www.suse.com/security/cve/CVE-2018-18501.html https://www.suse.com/security/cve/CVE-2018-18505.html https://bugzilla.suse.com/1119105 https://bugzilla.suse.com/1122983 From sle-updates at lists.suse.com Wed Feb 13 04:11:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 12:11:12 +0100 (CET) Subject: SUSE-SU-2019:0339-1: important: Security update for curl Message-ID: <20190213111112.DC86AFDF3@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0339-1 Rating: important References: #1112758 #1113029 #1113660 #1123371 #1123377 #1123378 Cross-References: CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3822: Fixed a NTLMv2 type-3 header stack buffer overflow (bsc#1123377). - CVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response (bsc#1123378). - CVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 (bsc#1123371). - CVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c (bsc#1113660). - CVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029). - CVE-2018-16839: Fixed an SASL password overflow caused by an integer overflow (bsc#1112758). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-339=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-339=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-339=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-4.3.1 curl-debugsource-7.60.0-4.3.1 libcurl-devel-7.60.0-4.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): curl-7.60.0-4.3.1 curl-debuginfo-7.60.0-4.3.1 curl-debugsource-7.60.0-4.3.1 libcurl4-7.60.0-4.3.1 libcurl4-debuginfo-7.60.0-4.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libcurl4-32bit-7.60.0-4.3.1 libcurl4-debuginfo-32bit-7.60.0-4.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): curl-7.60.0-4.3.1 curl-debuginfo-7.60.0-4.3.1 curl-debugsource-7.60.0-4.3.1 libcurl4-32bit-7.60.0-4.3.1 libcurl4-7.60.0-4.3.1 libcurl4-debuginfo-32bit-7.60.0-4.3.1 libcurl4-debuginfo-7.60.0-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-16839.html https://www.suse.com/security/cve/CVE-2018-16840.html https://www.suse.com/security/cve/CVE-2018-16842.html https://www.suse.com/security/cve/CVE-2018-16890.html https://www.suse.com/security/cve/CVE-2019-3822.html https://www.suse.com/security/cve/CVE-2019-3823.html https://bugzilla.suse.com/1112758 https://bugzilla.suse.com/1113029 https://bugzilla.suse.com/1113660 https://bugzilla.suse.com/1123371 https://bugzilla.suse.com/1123377 https://bugzilla.suse.com/1123378 From sle-updates at lists.suse.com Wed Feb 13 07:12:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 15:12:27 +0100 (CET) Subject: SUSE-RU-2019:0348-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190213141227.62D05FDF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0348-1 Rating: moderate References: #1110427 #1116610 #1121424 #987798 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: spacecmd: - Fix importing state channels using configchannel_import - Fix getting file info for latest revision (via configchannel_filedetails) - Add functions to merge errata (softwarechannel_errata_merge) and packages (softwarechannel_mergepackages) through spacecmd (bsc#987798) spacewalk-backend: - Move channel update close to commit to avoid long lock (bsc#1121424) - Adapt Inter Server Sync code to new SCC sync backend - Fix issue raising exceptions 'with_traceback' on Python 2 - Hide Python traceback and show only error message (bsc#1110427) - Honor renamed postgresql10 log directory for supportconfig spacewalk-client-tools: - Fix XML-RPC type serialization (bsc#1116610) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-348=1 Package List: - SUSE Manager Tools 12 (noarch): python2-spacewalk-check-2.8.22.4-52.12.1 python2-spacewalk-client-setup-2.8.22.4-52.12.1 python2-spacewalk-client-tools-2.8.22.4-52.12.1 spacecmd-2.8.25.8-38.33.1 spacewalk-backend-libs-2.8.57.8-55.27.1 spacewalk-check-2.8.22.4-52.12.1 spacewalk-client-setup-2.8.22.4-52.12.1 spacewalk-client-tools-2.8.22.4-52.12.1 References: https://bugzilla.suse.com/1110427 https://bugzilla.suse.com/1116610 https://bugzilla.suse.com/1121424 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Wed Feb 13 07:13:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 15:13:32 +0100 (CET) Subject: SUSE-RU-2019:0351-1: moderate: Recommended update for the SUSE Manager 3.2 release notes Message-ID: <20190213141332.925DEFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 3.2 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0351-1 Rating: moderate References: #1089121 #1098826 #1099988 #1104680 #1105720 #1105791 #1110427 #1110757 #1110772 #1111191 #1111686 #1111910 #1111963 #1112121 #1114029 #1114059 #1114115 #1114268 #1114877 #1115029 #1115978 #1116365 #1116566 #1116610 #1116826 #1117759 #1118112 #1118478 #1118917 #1119233 #1119271 #1119320 #1119727 #1119807 #1121038 #1121424 #1122565 #987798 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 38 recommended fixes can now be installed. Description: This update for the SUSE Manager 3.2 Release Notes provides the following additions: - New features * Image build host with SLES 12 SP4 * Updated backend for communicating with SCC * Product enablements - SLES 15 SP1 product family - SUSE Manager Server bugs fixed by latest updates: bsc#1089121, bsc#1098826, bsc#1099988, bsc#1104680, bsc#1105720 bsc#1105791, bsc#1110427, bsc#1110757, bsc#1110772, bsc#1111191 bsc#1111686, bsc#1111910, bsc#1111963, bsc#1112121, bsc#1114029 bsc#1114059, bsc#1114115, bsc#1114268, bsc#1114877, bsc#1115029 bsc#1115978, bsc#1116365, bsc#1116566, bsc#1116610, bsc#1116826 bsc#1117759, bsc#1118112, bsc#1118478, bsc#1118917, bsc#1119233 bsc#1119271, bsc#1119320, bsc#1119727, bsc#1119807, bsc#1121038 bsc#1121424, bsc#1122565, bsc#987798 - SUSE Manager Proxy bugs fixed by latest updates: bsc#1110427, bsc#1110772, bsc#1116610, bsc#1118112, bsc#1121424 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-351=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-351=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): release-notes-susemanager-3.2.5-6.21.1 - SUSE Manager Proxy 3.2 (x86_64): release-notes-susemanager-proxy-3.2.5-0.16.15.1 References: https://bugzilla.suse.com/1089121 https://bugzilla.suse.com/1098826 https://bugzilla.suse.com/1099988 https://bugzilla.suse.com/1104680 https://bugzilla.suse.com/1105720 https://bugzilla.suse.com/1105791 https://bugzilla.suse.com/1110427 https://bugzilla.suse.com/1110757 https://bugzilla.suse.com/1110772 https://bugzilla.suse.com/1111191 https://bugzilla.suse.com/1111686 https://bugzilla.suse.com/1111910 https://bugzilla.suse.com/1111963 https://bugzilla.suse.com/1112121 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114059 https://bugzilla.suse.com/1114115 https://bugzilla.suse.com/1114268 https://bugzilla.suse.com/1114877 https://bugzilla.suse.com/1115029 https://bugzilla.suse.com/1115978 https://bugzilla.suse.com/1116365 https://bugzilla.suse.com/1116566 https://bugzilla.suse.com/1116610 https://bugzilla.suse.com/1116826 https://bugzilla.suse.com/1117759 https://bugzilla.suse.com/1118112 https://bugzilla.suse.com/1118478 https://bugzilla.suse.com/1118917 https://bugzilla.suse.com/1119233 https://bugzilla.suse.com/1119271 https://bugzilla.suse.com/1119320 https://bugzilla.suse.com/1119727 https://bugzilla.suse.com/1119807 https://bugzilla.suse.com/1121038 https://bugzilla.suse.com/1121424 https://bugzilla.suse.com/1122565 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Wed Feb 13 07:19:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 15:19:39 +0100 (CET) Subject: SUSE-RU-2019:0341-1: moderate: Recommended update for SUSE Manager Proxy 3.2 Message-ID: <20190213141939.EB875FDF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0341-1 Rating: moderate References: #1110427 #1110772 #1116610 #1118112 #1121424 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: spacewalk-backend: - Move channel update close to commit to avoid long lock (bsc#1121424) - Adapt Inter Server Sync code to new SCC sync backend - Fix issue raising exceptions 'with_traceback' on Python 2 - Hide Python traceback and show only error message (bsc#1110427) - Honor renamed postgresql10 log directory for supportconfig spacewalk-client-tools: - Fix XML-RPC type serialization (bsc#1116610) spacewalk-proxy-installer: - Don't write invalid values to answer file for configure-proxy.sh spacewalk-web: - Show feedback messages after using the retry option on the notification messages page - Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies - Fix wording for taskotop (cosmetical only)(bsc#1118112) - When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-341=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-341=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): smdba-1.6.3-0.3.6.13 spacewalk-branding-2.8.5.13-3.13.14 susemanager-3.2.15-3.16.13 susemanager-tools-3.2.15-3.16.13 - SUSE Manager Server 3.2 (noarch): branch-network-formula-0.1.1545038754.c983fa6-3.6.13 netty-4.1.8.Final-2.7.4 py26-compat-salt-2016.11.10-6.18.14 python-susemanager-retail-1.0.1544459934.07229ad-2.9.13 python2-spacewalk-client-tools-2.8.22.4-3.3.13 saltboot-formula-0.1.1546527519.591e925-3.9.13 spacecmd-2.8.25.8-3.12.13 spacewalk-admin-2.8.4.3-3.3.13 spacewalk-backend-2.8.57.8-3.10.14 spacewalk-backend-app-2.8.57.8-3.10.14 spacewalk-backend-applet-2.8.57.8-3.10.14 spacewalk-backend-config-files-2.8.57.8-3.10.14 spacewalk-backend-config-files-common-2.8.57.8-3.10.14 spacewalk-backend-config-files-tool-2.8.57.8-3.10.14 spacewalk-backend-iss-2.8.57.8-3.10.14 spacewalk-backend-iss-export-2.8.57.8-3.10.14 spacewalk-backend-libs-2.8.57.8-3.10.14 spacewalk-backend-package-push-server-2.8.57.8-3.10.14 spacewalk-backend-server-2.8.57.8-3.10.14 spacewalk-backend-sql-2.8.57.8-3.10.14 spacewalk-backend-sql-oracle-2.8.57.8-3.10.14 spacewalk-backend-sql-postgresql-2.8.57.8-3.10.14 spacewalk-backend-tools-2.8.57.8-3.10.14 spacewalk-backend-xml-export-libs-2.8.57.8-3.10.14 spacewalk-backend-xmlrpc-2.8.57.8-3.10.14 spacewalk-base-2.8.7.12-3.16.12 spacewalk-base-minimal-2.8.7.12-3.16.12 spacewalk-base-minimal-config-2.8.7.12-3.16.12 spacewalk-client-tools-2.8.22.4-3.3.13 spacewalk-html-2.8.7.12-3.16.12 spacewalk-java-2.8.78.18-3.21.1 spacewalk-java-config-2.8.78.18-3.21.1 spacewalk-java-lib-2.8.78.18-3.21.1 spacewalk-java-oracle-2.8.78.18-3.21.1 spacewalk-java-postgresql-2.8.78.18-3.21.1 spacewalk-setup-2.8.7.6-3.13.13 spacewalk-taskomatic-2.8.78.18-3.21.1 spacewalk-utils-2.8.18.4-3.6.13 subscription-matcher-0.22-4.9.13 susemanager-advanced-topics_en-pdf-3.2-11.15.12 susemanager-best-practices_en-pdf-3.2-11.15.12 susemanager-docs_en-3.2-11.15.12 susemanager-getting-started_en-pdf-3.2-11.15.12 susemanager-jsp_en-3.2-11.15.12 susemanager-reference_en-pdf-3.2-11.15.12 susemanager-retail-tools-1.0.1544459934.07229ad-2.9.13 susemanager-schema-3.2.16-3.16.13 susemanager-sls-3.2.20-3.18.1 susemanager-sync-data-3.2.12-3.14.2 susemanager-web-libs-2.8.7.12-3.16.12 tika-core-1.20-3.6.13 - SUSE Manager Proxy 3.2 (noarch): python2-spacewalk-check-2.8.22.4-3.3.13 python2-spacewalk-client-setup-2.8.22.4-3.3.13 python2-spacewalk-client-tools-2.8.22.4-3.3.13 spacewalk-backend-2.8.57.8-3.10.14 spacewalk-backend-libs-2.8.57.8-3.10.14 spacewalk-base-minimal-2.8.7.12-3.16.12 spacewalk-base-minimal-config-2.8.7.12-3.16.12 spacewalk-check-2.8.22.4-3.3.13 spacewalk-client-setup-2.8.22.4-3.3.13 spacewalk-client-tools-2.8.22.4-3.3.13 spacewalk-proxy-installer-2.8.6.4-3.6.13 susemanager-web-libs-2.8.7.12-3.16.12 References: https://bugzilla.suse.com/1110427 https://bugzilla.suse.com/1110772 https://bugzilla.suse.com/1116610 https://bugzilla.suse.com/1118112 https://bugzilla.suse.com/1121424 From sle-updates at lists.suse.com Wed Feb 13 07:20:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 15:20:49 +0100 (CET) Subject: SUSE-SU-2019:0341-1: moderate: Security update for SUSE Manager Server 3.2 Message-ID: <20190213142049.6DCA4FDF2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0341-1 Rating: moderate References: #1089121 #1098826 #1099988 #1104680 #1105720 #1105791 #1110427 #1110757 #1110772 #1111191 #1111686 #1111910 #1111963 #1112121 #1114029 #1114059 #1114115 #1114268 #1114877 #1115029 #1115978 #1116365 #1116566 #1116610 #1116826 #1117759 #1118112 #1118478 #1118917 #1119233 #1119271 #1119320 #1119727 #1119807 #1121038 #1121424 #1122565 #1123902 #1123983 #1124794 #1125097 #987798 Cross-References: CVE-2018-17197 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves one vulnerability and has 41 fixes is now available. Description: This update fixes the following issues: branch-network-formula: - Netconfig update requires bind directory to exists for bind forward, ensure it (bsc#1116365) - Rework network update in branch-network formula (bsc#1116365) py26-compat-salt: - Remove arch from name when pkg.list_pkgs is called with 'attr' (bsc#1114029) python-susemanager-retail: - Force one python version for SLE12 (python2) and SLE15 (python3) - Add disklabel: none to migrated RAID saltboot-formula: - Use FTP active mode for image download - Always deploy image when image is specified in partitioning pillar (bsc#1119807) - Call blockdev.formatted with force=True - Allow RAID images to be defined by saltboot formula - image information can be provided directly for disk - allow "none" disk label in formula and in that case hide partitioning information smdba: - Tuning: add cpu_tuple_cost (bsc#1105791) spacecmd: - Fix importing state channels using configchannel_import - Fix getting file info for latest revision (via configchannel_filedetails) - Add functions to merge errata (softwarechannel_errata_merge) and packages (softwarechannel_mergepackages) through spacecmd (bsc#987798) spacewalk-admin: - Use a Salt engine to process return results (bsc#1099988) spacewalk-backend: - Move channel update close to commit to avoid long lock (bsc#1121424) - Adapt Inter Server Sync code to new SCC sync backend - Fix issue raising exceptions 'with_traceback' on Python 2 - Hide Python traceback and show only error message (bsc#1110427) - Honor renamed postgresql10 log directory for supportconfig spacewalk-branding: - Better label visualization when the input is disabled. (bsc#1110772) spacewalk-client-tools: - Fix XML-RPC type serialization (bsc#1116610) spacewalk-java: - Improve salt events processing performance (bsc#1125097) - Prevent an error when onboarding a RES 6 minion (bsc#1124794) - Support products with multiple base channels - Fix ordering of base channels to prevent synchronization errors (bsc#1123902) - Support products with multiple base channels - Avoid a NullPointerException error in Taskomatic (bsc#1119271) - Reset channel assignments when base channel changes on registration (bsc#1118917) - Allow bootstrapping minions with a pending minion key being present (bsc#1119727) - Hide 'unknown virtual host manager' when virtual host manager of all hosts is known (bsc#1119320) - Disable notification types with 'java.notifications_type_disabled' in rhn.conf (bsc#1111910) - Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies (bsc#1089121) - Read OEM Orderitems from DB instead of create always new items (bsc#1098826) - Fix mgr-sync refresh when subscription was removed (bsc#1105720) - XMLRPC API: Include init.sls in channel file list (bsc#1111191) - Fix the config channels assignment via SSM (bsc#1117759) - Install product packages during bootstrapping minions (bsc#1104680) - Fix cloning channels when managing the same errata for both vendor and private orgs (bsc#1111686) - Introduce Loggerhead-module.js to store logs from the frontend - Removed 'Manage Channels' shortcut for vendor channels (bsc#1115978) - Hide already applied errata and channel entries from the output list in audit.listSystemsByPatchStatus (bsc#1111963) - Prevent failing KickstartCommand when customPosition is null (bsc#1112121) - Automatically schedule an Action to refresh minion repos after deletion of an assigned channel (bsc#1115029) - Performance improvements in channel management functionalities (bsc#1114877) - Handle with an error message if state file fails to render (bsc#1110757) - When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772) - Add check for yast autoinstall profiles when setting kickstartTree (bsc#1114115) - Use a Salt engine to process return results (bsc#1099988) - Fix handling of CVEs including multiple patches in CVE audit (bsc#1111963) - Fix synchronizing Expanded Support Channel with missing architecture (bsc#1122565) spacewalk-setup: - Use a Salt engine to process return results (bsc#1099988) spacewalk-utils: - Exit with an error if spacewalk-common-channels does not match any channel spacewalk-web: - Show feedback messages after using the retry option on the notification messages page - Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies - Fix wording for taskotop (cosmetical only)(bsc#1118112) - When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772) subscription-matcher: - Old style hard bundle merging fix (bsc#1114059) susemanager: - Add bootstrap repo definition for OES 2018 SP1 (bsc#1116826) - Rhnlib was renamed to python2-rhnlib. Change bootstrap data accordingly. - Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies - Adapt mgr-create-bootstrap-repo for Uyuni and let it create bootstrap repos for openSUSE and CentOS - Fetch packages from correct channel when creating a bootstrap repository - Fix not found package on mgr-create-bootstrap-repo for SLE-15-s390x (bsc#1116566) - Add python3-six to bootstrap repo for SLES15 (bsc#1118478) susemanager-docs_en: - Update text and image files. - Enhance forms documentation (more attributes). - Proxy: for example, migration from traditional to Salt not supported. - RAM requirements for host running kiwi OS images. - Notification properties. - Update scalability documentation. susemanager-schema: - Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies - Performance improvements in channel management functionalities (bsc#1114877) - Use a Salt engine to process return results (bsc#1099988) susemanager-sls: - Improve salt events processing performance (bsc#1125097) - Allow bootstrapping minions with a pending minion key being present (bsc#1119727) - Use a Salt engine to process return results (bsc#1099988) susemanager-sync-data: - Make SUSE Manager Tools channel mandatory (bsc#1123983) - Add sle-module-web-scripting for OES2018 (bsc#1119233) - Add new set of data for the new SCC sync backend - Enable SLE15 SP1 family (bsc#1114268) - Enable OES2018 SP1 (bsc#1116826) tika-core: - CVE-2018-17197: Fixed an infinite loop in the SQLite3Parser of Apache Tika (bsc#1121038) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-341=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-341=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): smdba-1.6.3-0.3.6.13 spacewalk-branding-2.8.5.13-3.13.14 susemanager-3.2.15-3.16.13 susemanager-tools-3.2.15-3.16.13 - SUSE Manager Server 3.2 (noarch): branch-network-formula-0.1.1545038754.c983fa6-3.6.13 netty-4.1.8.Final-2.7.4 py26-compat-salt-2016.11.10-6.18.14 python-susemanager-retail-1.0.1544459934.07229ad-2.9.13 python2-spacewalk-client-tools-2.8.22.4-3.3.13 saltboot-formula-0.1.1546527519.591e925-3.9.13 spacecmd-2.8.25.8-3.12.13 spacewalk-admin-2.8.4.3-3.3.13 spacewalk-backend-2.8.57.8-3.10.14 spacewalk-backend-app-2.8.57.8-3.10.14 spacewalk-backend-applet-2.8.57.8-3.10.14 spacewalk-backend-config-files-2.8.57.8-3.10.14 spacewalk-backend-config-files-common-2.8.57.8-3.10.14 spacewalk-backend-config-files-tool-2.8.57.8-3.10.14 spacewalk-backend-iss-2.8.57.8-3.10.14 spacewalk-backend-iss-export-2.8.57.8-3.10.14 spacewalk-backend-libs-2.8.57.8-3.10.14 spacewalk-backend-package-push-server-2.8.57.8-3.10.14 spacewalk-backend-server-2.8.57.8-3.10.14 spacewalk-backend-sql-2.8.57.8-3.10.14 spacewalk-backend-sql-oracle-2.8.57.8-3.10.14 spacewalk-backend-sql-postgresql-2.8.57.8-3.10.14 spacewalk-backend-tools-2.8.57.8-3.10.14 spacewalk-backend-xml-export-libs-2.8.57.8-3.10.14 spacewalk-backend-xmlrpc-2.8.57.8-3.10.14 spacewalk-base-2.8.7.12-3.16.12 spacewalk-base-minimal-2.8.7.12-3.16.12 spacewalk-base-minimal-config-2.8.7.12-3.16.12 spacewalk-client-tools-2.8.22.4-3.3.13 spacewalk-html-2.8.7.12-3.16.12 spacewalk-java-2.8.78.18-3.21.1 spacewalk-java-config-2.8.78.18-3.21.1 spacewalk-java-lib-2.8.78.18-3.21.1 spacewalk-java-oracle-2.8.78.18-3.21.1 spacewalk-java-postgresql-2.8.78.18-3.21.1 spacewalk-setup-2.8.7.6-3.13.13 spacewalk-taskomatic-2.8.78.18-3.21.1 spacewalk-utils-2.8.18.4-3.6.13 subscription-matcher-0.22-4.9.13 susemanager-advanced-topics_en-pdf-3.2-11.15.12 susemanager-best-practices_en-pdf-3.2-11.15.12 susemanager-docs_en-3.2-11.15.12 susemanager-getting-started_en-pdf-3.2-11.15.12 susemanager-jsp_en-3.2-11.15.12 susemanager-reference_en-pdf-3.2-11.15.12 susemanager-retail-tools-1.0.1544459934.07229ad-2.9.13 susemanager-schema-3.2.16-3.16.13 susemanager-sls-3.2.20-3.18.1 susemanager-sync-data-3.2.12-3.14.2 susemanager-web-libs-2.8.7.12-3.16.12 tika-core-1.20-3.6.13 - SUSE Manager Proxy 3.2 (noarch): python2-spacewalk-check-2.8.22.4-3.3.13 python2-spacewalk-client-setup-2.8.22.4-3.3.13 python2-spacewalk-client-tools-2.8.22.4-3.3.13 spacewalk-backend-2.8.57.8-3.10.14 spacewalk-backend-libs-2.8.57.8-3.10.14 spacewalk-base-minimal-2.8.7.12-3.16.12 spacewalk-base-minimal-config-2.8.7.12-3.16.12 spacewalk-check-2.8.22.4-3.3.13 spacewalk-client-setup-2.8.22.4-3.3.13 spacewalk-client-tools-2.8.22.4-3.3.13 spacewalk-proxy-installer-2.8.6.4-3.6.13 susemanager-web-libs-2.8.7.12-3.16.12 References: https://www.suse.com/security/cve/CVE-2018-17197.html https://bugzilla.suse.com/1089121 https://bugzilla.suse.com/1098826 https://bugzilla.suse.com/1099988 https://bugzilla.suse.com/1104680 https://bugzilla.suse.com/1105720 https://bugzilla.suse.com/1105791 https://bugzilla.suse.com/1110427 https://bugzilla.suse.com/1110757 https://bugzilla.suse.com/1110772 https://bugzilla.suse.com/1111191 https://bugzilla.suse.com/1111686 https://bugzilla.suse.com/1111910 https://bugzilla.suse.com/1111963 https://bugzilla.suse.com/1112121 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114059 https://bugzilla.suse.com/1114115 https://bugzilla.suse.com/1114268 https://bugzilla.suse.com/1114877 https://bugzilla.suse.com/1115029 https://bugzilla.suse.com/1115978 https://bugzilla.suse.com/1116365 https://bugzilla.suse.com/1116566 https://bugzilla.suse.com/1116610 https://bugzilla.suse.com/1116826 https://bugzilla.suse.com/1117759 https://bugzilla.suse.com/1118112 https://bugzilla.suse.com/1118478 https://bugzilla.suse.com/1118917 https://bugzilla.suse.com/1119233 https://bugzilla.suse.com/1119271 https://bugzilla.suse.com/1119320 https://bugzilla.suse.com/1119727 https://bugzilla.suse.com/1119807 https://bugzilla.suse.com/1121038 https://bugzilla.suse.com/1121424 https://bugzilla.suse.com/1122565 https://bugzilla.suse.com/1123902 https://bugzilla.suse.com/1123983 https://bugzilla.suse.com/1124794 https://bugzilla.suse.com/1125097 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Wed Feb 13 07:27:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 15:27:00 +0100 (CET) Subject: SUSE-RU-2019:0342-1: moderate: Recommended update for Salt Message-ID: <20190213142700.6DA85FDF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0342-1 Rating: moderate References: #1099887 #1114029 #1114474 #1116837 #1117995 #1121091 #1123044 #1123512 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.2 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Remove patch unable install salt minions on SLE 15 (bsc#1123512) - Fix integration tests in state compiler (U#2068) - Fix "pkg.list_pkgs" output when using "attr" to take the arch into account (bsc#1114029) - Fix powerpc null server_id_arch (bsc#1117995) - Fix module 'azure.storage' has no attribute '__version__' (bsc#1121091) - Add supportconfig module and states for minions and SaltSSH - Fix FIPS enabled RES clients (bsc#1099887) - Add hold/unhold functions. Fix Debian repo "signed-by". - Strip architecture from debian package names - Fix latin1 encoding problems on file module (bsc#1116837) - Don't error on retcode 0 in libcrypto.OPENSSL_init_crypto - Handle anycast IPv6 addresses on network.routes (bsc#1114474) - Debian info_installed compatibility (U#50453) - Add compatibility with other package modules for "list_repos" function - Remove MSI Azure cloud module authentication patch (bsc#1123044) - Don't encode response string from role API Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-342=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-342=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-342=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2019-342=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-342=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-342=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2019-342=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2019-342=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2019-342=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-2018.3.0-46.54.1 python3-salt-2018.3.0-46.54.1 salt-2018.3.0-46.54.1 salt-doc-2018.3.0-46.54.1 salt-minion-2018.3.0-46.54.1 - SUSE Manager Server 3.2 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.54.1 python3-salt-2018.3.0-46.54.1 salt-2018.3.0-46.54.1 salt-api-2018.3.0-46.54.1 salt-cloud-2018.3.0-46.54.1 salt-doc-2018.3.0-46.54.1 salt-master-2018.3.0-46.54.1 salt-minion-2018.3.0-46.54.1 salt-proxy-2018.3.0-46.54.1 salt-ssh-2018.3.0-46.54.1 salt-syndic-2018.3.0-46.54.1 - SUSE Manager Server 3.2 (noarch): salt-bash-completion-2018.3.0-46.54.1 salt-zsh-completion-2018.3.0-46.54.1 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.54.1 python3-salt-2018.3.0-46.54.1 salt-2018.3.0-46.54.1 salt-api-2018.3.0-46.54.1 salt-cloud-2018.3.0-46.54.1 salt-doc-2018.3.0-46.54.1 salt-master-2018.3.0-46.54.1 salt-minion-2018.3.0-46.54.1 salt-proxy-2018.3.0-46.54.1 salt-ssh-2018.3.0-46.54.1 salt-syndic-2018.3.0-46.54.1 - SUSE Manager Server 3.1 (noarch): salt-bash-completion-2018.3.0-46.54.1 salt-zsh-completion-2018.3.0-46.54.1 - SUSE Manager Server 3.0 (s390x x86_64): python2-salt-2018.3.0-46.54.1 salt-2018.3.0-46.54.1 salt-api-2018.3.0-46.54.1 salt-doc-2018.3.0-46.54.1 salt-master-2018.3.0-46.54.1 salt-minion-2018.3.0-46.54.1 salt-proxy-2018.3.0-46.54.1 salt-ssh-2018.3.0-46.54.1 salt-syndic-2018.3.0-46.54.1 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2018.3.0-46.54.1 salt-zsh-completion-2018.3.0-46.54.1 - SUSE Manager Proxy 3.2 (x86_64): python2-salt-2018.3.0-46.54.1 python3-salt-2018.3.0-46.54.1 salt-2018.3.0-46.54.1 salt-minion-2018.3.0-46.54.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): python2-salt-2018.3.0-46.54.1 python3-salt-2018.3.0-46.54.1 salt-2018.3.0-46.54.1 salt-minion-2018.3.0-46.54.1 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2018.3.0-46.54.1 salt-zsh-completion-2018.3.0-46.54.1 - SUSE Manager Proxy 3.0 (x86_64): python2-salt-2018.3.0-46.54.1 salt-2018.3.0-46.54.1 salt-api-2018.3.0-46.54.1 salt-doc-2018.3.0-46.54.1 salt-master-2018.3.0-46.54.1 salt-minion-2018.3.0-46.54.1 salt-proxy-2018.3.0-46.54.1 salt-ssh-2018.3.0-46.54.1 salt-syndic-2018.3.0-46.54.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): python2-salt-2018.3.0-46.54.1 salt-2018.3.0-46.54.1 salt-minion-2018.3.0-46.54.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-2018.3.0-46.54.1 salt-2018.3.0-46.54.1 salt-api-2018.3.0-46.54.1 salt-cloud-2018.3.0-46.54.1 salt-doc-2018.3.0-46.54.1 salt-master-2018.3.0-46.54.1 salt-minion-2018.3.0-46.54.1 salt-proxy-2018.3.0-46.54.1 salt-ssh-2018.3.0-46.54.1 salt-syndic-2018.3.0-46.54.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-2018.3.0-46.54.1 salt-zsh-completion-2018.3.0-46.54.1 - SUSE CaaS Platform 3.0 (x86_64): python2-salt-2018.3.0-46.54.1 salt-2018.3.0-46.54.1 salt-minion-2018.3.0-46.54.1 References: https://bugzilla.suse.com/1099887 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114474 https://bugzilla.suse.com/1116837 https://bugzilla.suse.com/1117995 https://bugzilla.suse.com/1121091 https://bugzilla.suse.com/1123044 https://bugzilla.suse.com/1123512 From sle-updates at lists.suse.com Wed Feb 13 07:28:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 15:28:36 +0100 (CET) Subject: SUSE-RU-2019:0343-1: moderate: Recommended update for Salt Message-ID: <20190213142836.ECAB8FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0343-1 Rating: moderate References: #1099887 #1114029 #1114474 #1116837 #1117995 #1121091 #1123044 #1123512 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Remove patch unable install salt minions on SLE 15 (bsc#1123512) - Fix integration tests in state compiler (U#2068) - Fix "pkg.list_pkgs" output when using "attr" to take the arch into account (bsc#1114029) - Fix powerpc null server_id_arch (bsc#1117995) - Fix module 'azure.storage' has no attribute '__version__' (bsc#1121091) - Add supportconfig module and states for minions and SaltSSH - Fix FIPS enabled RES clients (bsc#1099887) - Add hold/unhold functions. Fix Debian repo "signed-by". - Strip architecture from debian package names - Fix latin1 encoding problems on file module (bsc#1116837) - Don't error on retcode 0 in libcrypto.OPENSSL_init_crypto - Handle anycast IPv6 addresses on network.routes (bsc#1114474) - Debian info_installed compatibility (U#50453) - Add compatibility with other package modules for "list_repos" function - Remove MSI Azure cloud module authentication patch (bsc#1123044) - Don't encode response string from role API Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-343=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-343=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): salt-api-2018.3.0-5.30.1 salt-cloud-2018.3.0-5.30.1 salt-master-2018.3.0-5.30.1 salt-proxy-2018.3.0-5.30.1 salt-ssh-2018.3.0-5.30.1 salt-syndic-2018.3.0-5.30.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): salt-fish-completion-2018.3.0-5.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python2-salt-2018.3.0-5.30.1 python3-salt-2018.3.0-5.30.1 salt-2018.3.0-5.30.1 salt-doc-2018.3.0-5.30.1 salt-minion-2018.3.0-5.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): salt-bash-completion-2018.3.0-5.30.1 salt-zsh-completion-2018.3.0-5.30.1 References: https://bugzilla.suse.com/1099887 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114474 https://bugzilla.suse.com/1116837 https://bugzilla.suse.com/1117995 https://bugzilla.suse.com/1121091 https://bugzilla.suse.com/1123044 https://bugzilla.suse.com/1123512 From sle-updates at lists.suse.com Wed Feb 13 07:30:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 15:30:06 +0100 (CET) Subject: SUSE-RU-2019:0340-1: moderate: Recommended update for deepsea Message-ID: <20190213143006.4BEF7FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0340-1 Rating: moderate References: #1113824 #1116160 #1121629 #1122461 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for deepsea fixes the following issues: - Fix typos and function parameters in validate (bsc#1122461) - Save and restore reweight in addition to weight (bsc#1121629) - Add retry logic to readlink for seemingly stubborn systems (bsc#1116160) - monitoring/dashboard: always refresh templates on time picker change. (bsc#1113824) - Fixes auth caps for openstack.integrate - Fix unicode output error in openstack.py - Check for digit before 'p' (split_partition) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-340=1 Package List: - SUSE Enterprise Storage 5 (noarch): deepsea-0.8.9+git.0.c638bee79-2.30.1 References: https://bugzilla.suse.com/1113824 https://bugzilla.suse.com/1116160 https://bugzilla.suse.com/1121629 https://bugzilla.suse.com/1122461 From sle-updates at lists.suse.com Wed Feb 13 07:31:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 15:31:13 +0100 (CET) Subject: SUSE-RU-2019:13954-1: moderate: Recommended update for Salt Message-ID: <20190213143113.A516EFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13954-1 Rating: moderate References: #1114029 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: salt: - Remove arch from name when pkg.list_pkgs is called with 'attr' (bsc#1114029) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-salt-201901-13954=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-salt-201901-13954=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.10-43.41.1 salt-doc-2016.11.10-43.41.1 salt-minion-2016.11.10-43.41.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.10-43.41.1 salt-doc-2016.11.10-43.41.1 salt-minion-2016.11.10-43.41.1 References: https://bugzilla.suse.com/1114029 From sle-updates at lists.suse.com Wed Feb 13 07:31:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 15:31:49 +0100 (CET) Subject: SUSE-RU-2019:0347-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190213143149.ED0DCFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0347-1 Rating: moderate References: #1110427 #1116610 #1121424 #987798 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: spacecmd: - Fix importing state channels using configchannel_import - Fix getting file info for latest revision (via configchannel_filedetails) - Add functions to merge errata (softwarechannel_errata_merge) and packages (softwarechannel_mergepackages) through spacecmd (bsc#987798) spacewalk-backend: - Move channel update close to commit to avoid long lock (bsc#1121424) - Adapt Inter Server Sync code to new SCC sync backend - Fix issue raising exceptions 'with_traceback' on Python 2 - Hide Python traceback and show only error message (bsc#1110427) - Honor renamed postgresql10 log directory for supportconfig spacewalk-client-tools: - Fix XML-RPC type serialization (bsc#1116610) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2019-347=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-347=1 Package List: - SUSE Manager Tools 15 (noarch): python3-spacewalk-backend-libs-2.8.57.8-3.9.1 python3-spacewalk-check-2.8.22.4-3.3.1 python3-spacewalk-client-setup-2.8.22.4-3.3.1 python3-spacewalk-client-tools-2.8.22.4-3.3.1 spacecmd-2.8.25.8-3.10.1 spacewalk-check-2.8.22.4-3.3.1 spacewalk-client-setup-2.8.22.4-3.3.1 spacewalk-client-tools-2.8.22.4-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python2-spacewalk-check-2.8.22.4-3.3.1 python2-spacewalk-client-setup-2.8.22.4-3.3.1 python2-spacewalk-client-tools-2.8.22.4-3.3.1 spacecmd-2.8.25.8-3.10.1 spacewalk-backend-2.8.57.8-3.9.1 spacewalk-backend-app-2.8.57.8-3.9.1 spacewalk-backend-applet-2.8.57.8-3.9.1 spacewalk-backend-cdn-2.8.57.8-3.9.1 spacewalk-backend-config-files-2.8.57.8-3.9.1 spacewalk-backend-config-files-common-2.8.57.8-3.9.1 spacewalk-backend-config-files-tool-2.8.57.8-3.9.1 spacewalk-backend-iss-2.8.57.8-3.9.1 spacewalk-backend-iss-export-2.8.57.8-3.9.1 spacewalk-backend-libs-2.8.57.8-3.9.1 spacewalk-backend-package-push-server-2.8.57.8-3.9.1 spacewalk-backend-server-2.8.57.8-3.9.1 spacewalk-backend-sql-2.8.57.8-3.9.1 spacewalk-backend-sql-oracle-2.8.57.8-3.9.1 spacewalk-backend-sql-postgresql-2.8.57.8-3.9.1 spacewalk-backend-tools-2.8.57.8-3.9.1 spacewalk-backend-xml-export-libs-2.8.57.8-3.9.1 spacewalk-backend-xmlrpc-2.8.57.8-3.9.1 References: https://bugzilla.suse.com/1110427 https://bugzilla.suse.com/1116610 https://bugzilla.suse.com/1121424 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Wed Feb 13 07:32:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 15:32:49 +0100 (CET) Subject: SUSE-RU-2019:13955-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20190213143249.7E481FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13955-1 Rating: moderate References: #1110427 #1116610 #1121424 #987798 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: spacecmd: - Fix importing state channels using configchannel_import - Fix getting file info for latest revision (via configchannel_filedetails) - Add functions to merge errata (softwarechannel_errata_merge) and packages (softwarechannel_mergepackages) through spacecmd (bsc#987798) spacewalk-backend: - Move channel update close to commit to avoid long lock (bsc#1121424) - Adapt Inter Server Sync code to new SCC sync backend - Fix issue raising exceptions 'with_traceback' on Python 2 - Hide Python traceback and show only error message (bsc#1110427) - Honor renamed postgresql10 log directory for supportconfig spacewalk-client-tools: - Fix XML-RPC type serialization (bsc#1116610) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201901-13955=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201901-13955=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python2-spacewalk-check-2.8.22.4-27.12.1 python2-spacewalk-client-setup-2.8.22.4-27.12.1 python2-spacewalk-client-tools-2.8.22.4-27.12.1 spacecmd-2.8.25.8-18.35.1 spacewalk-backend-libs-2.8.57.8-28.28.1 spacewalk-check-2.8.22.4-27.12.1 spacewalk-client-setup-2.8.22.4-27.12.1 spacewalk-client-tools-2.8.22.4-27.12.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python2-spacewalk-check-2.8.22.4-27.12.1 python2-spacewalk-client-setup-2.8.22.4-27.12.1 python2-spacewalk-client-tools-2.8.22.4-27.12.1 spacecmd-2.8.25.8-18.35.1 spacewalk-backend-libs-2.8.57.8-28.28.1 spacewalk-check-2.8.22.4-27.12.1 spacewalk-client-setup-2.8.22.4-27.12.1 spacewalk-client-tools-2.8.22.4-27.12.1 References: https://bugzilla.suse.com/1110427 https://bugzilla.suse.com/1116610 https://bugzilla.suse.com/1121424 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Wed Feb 13 10:09:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:09:31 +0100 (CET) Subject: SUSE-RU-2019:0369-1: moderate: Recommended update for itstool Message-ID: <20190213170931.95D42FDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for itstool ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0369-1 Rating: moderate References: #1065270 #1111019 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for itstool and python-libxml2-python fixes the following issues: Package: itstool - Updated version to support Python3. (bnc#1111019) Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-369=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-369=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-369=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): libxml2-doc-2.9.7-3.6.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): itstool-2.0.5-3.3.3 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-3.6.1 libxml2-2-debuginfo-2.9.7-3.6.1 libxml2-debugsource-2.9.7-3.6.1 libxml2-devel-2.9.7-3.6.1 libxml2-tools-2.9.7-3.6.1 libxml2-tools-debuginfo-2.9.7-3.6.1 python-libxml2-python-debugsource-2.9.7-3.6.1 python2-libxml2-python-2.9.7-3.6.1 python2-libxml2-python-debuginfo-2.9.7-3.6.1 python3-libxml2-python-2.9.7-3.6.1 python3-libxml2-python-debuginfo-2.9.7-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libxml2-2-32bit-2.9.7-3.6.1 libxml2-2-32bit-debuginfo-2.9.7-3.6.1 References: https://bugzilla.suse.com/1065270 https://bugzilla.suse.com/1111019 From sle-updates at lists.suse.com Wed Feb 13 10:10:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:10:13 +0100 (CET) Subject: SUSE-RU-2019:0366-1: moderate: Recommended update for wireless-regdb Message-ID: <20190213171013.8B581FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for wireless-regdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0366-1 Rating: moderate References: #1121466 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wireless-regdb provides the following fixes: - Changes in version 2018.10.24 (bsc#1121466): * Remove dependency to python attr. * Sync DE with ETSI EN 301 893 V2.1.1. * Sync FR with ETSI EN 301 893 V2.1.1. - Changes in version 2018.09.07: * Update source of info for CU and ES. * Update regulatory rules for Switzerland (CH), and Liechtenstein. * Update regulatory rules for Finland (FI) on 5GHz (SRD devices). * Update rules for Hungary (HU) on 2.4/5/60G, 5725-5875MHz. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-366=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): wireless-regdb-2018.10.24-3.8.1 References: https://bugzilla.suse.com/1121466 From sle-updates at lists.suse.com Wed Feb 13 10:10:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:10:45 +0100 (CET) Subject: SUSE-SU-2019:0362-1: important: Security update for docker-runc Message-ID: <20190213171045.2C693FDF2@maintenance.suse.de> SUSE Security Update: Security update for docker-runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0362-1 Rating: important References: #1121967 Cross-References: CVE-2019-5736 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for docker-runc fixes the following issues: Security issue fixed: - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-362=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-362=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-6.9.1 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.9.1 docker-runc-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-6.9.1 References: https://www.suse.com/security/cve/CVE-2019-5736.html https://bugzilla.suse.com/1121967 From sle-updates at lists.suse.com Wed Feb 13 10:11:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:11:18 +0100 (CET) Subject: SUSE-RU-2019:0371-1: moderate: Recommended update for ypbind Message-ID: <20190213171118.2CCA9FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for ypbind ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0371-1 Rating: moderate References: #1114640 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ypbind fixes the following issues: - Fixes crash on reload. (bsc#1114640) - Enhanced yp.conf manual page Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-371=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ypbind-2.6-7.3.2 ypbind-debuginfo-2.6-7.3.2 ypbind-debugsource-2.6-7.3.2 References: https://bugzilla.suse.com/1114640 From sle-updates at lists.suse.com Wed Feb 13 10:11:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:11:55 +0100 (CET) Subject: SUSE-RU-2019:0370-1: Recommended update for openvswitch Message-ID: <20190213171155.CF148FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0370-1 Rating: low References: #1116437 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openvswitch fixes the following issues: - Fix a memory leak in the python json parser. (bsc#1116437) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-370=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-370=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_8-0-2.8.5-6.14.2 libopenvswitch-2_8-0-debuginfo-2.8.5-6.14.2 openvswitch-2.8.5-6.14.2 openvswitch-debuginfo-2.8.5-6.14.2 openvswitch-debugsource-2.8.5-6.14.2 openvswitch-devel-2.8.5-6.14.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openvswitch-debuginfo-2.8.5-6.14.2 openvswitch-debugsource-2.8.5-6.14.2 openvswitch-ovn-central-2.8.5-6.14.2 openvswitch-ovn-central-debuginfo-2.8.5-6.14.2 openvswitch-ovn-common-2.8.5-6.14.2 openvswitch-ovn-common-debuginfo-2.8.5-6.14.2 openvswitch-ovn-docker-2.8.5-6.14.2 openvswitch-ovn-host-2.8.5-6.14.2 openvswitch-ovn-host-debuginfo-2.8.5-6.14.2 openvswitch-ovn-vtep-2.8.5-6.14.2 openvswitch-ovn-vtep-debuginfo-2.8.5-6.14.2 openvswitch-pki-2.8.5-6.14.2 openvswitch-test-2.8.5-6.14.2 openvswitch-test-debuginfo-2.8.5-6.14.2 openvswitch-vtep-2.8.5-6.14.2 openvswitch-vtep-debuginfo-2.8.5-6.14.2 python2-ovs-2.8.5-6.14.2 python2-ovs-debuginfo-2.8.5-6.14.2 python3-ovs-2.8.5-6.14.2 python3-ovs-debuginfo-2.8.5-6.14.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): openvswitch-doc-2.8.5-6.14.2 References: https://bugzilla.suse.com/1116437 From sle-updates at lists.suse.com Wed Feb 13 10:12:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:12:28 +0100 (CET) Subject: SUSE-RU-2019:0372-1: moderate: Recommended update for xrdb Message-ID: <20190213171228.84BCAFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for xrdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0372-1 Rating: moderate References: #1120004 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xrdb fixes the following issues: - Now no warnings will be shown when parsing valid comments. (bsc#1120004) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-372=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-372=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-372=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-372=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): xrdb-1.1.0-5.5.1 xrdb-debuginfo-1.1.0-5.5.1 xrdb-debugsource-1.1.0-5.5.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): xrdb-1.1.0-5.5.1 xrdb-debuginfo-1.1.0-5.5.1 xrdb-debugsource-1.1.0-5.5.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): xrdb-1.1.0-5.5.1 xrdb-debuginfo-1.1.0-5.5.1 xrdb-debugsource-1.1.0-5.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xrdb-1.1.0-5.5.1 xrdb-debuginfo-1.1.0-5.5.1 xrdb-debugsource-1.1.0-5.5.1 References: https://bugzilla.suse.com/1120004 From sle-updates at lists.suse.com Wed Feb 13 10:13:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:13:32 +0100 (CET) Subject: SUSE-RU-2019:0365-1: moderate: Recommended update for ipmctl Message-ID: <20190213171332.7CECFFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0365-1 Rating: moderate References: #1091108 #1111020 #1116404 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ipmctl fixes the following issues: ipmctl was updated to v01.00.00.3394+. [FATE#326756, FATE#326917, FATE#326918] [bsc#1116404, bsc#1091108] This update brings changes necessary for current NVDIMM hardware. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-365=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-365=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (x86_64): ipmctl-debuginfo-01.00.00.3394-3.5.1 ipmctl-debugsource-01.00.00.3394-3.5.1 ipmctl-devel-01.00.00.3394-3.5.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): ipmctl-01.00.00.3394-3.5.1 ipmctl-debuginfo-01.00.00.3394-3.5.1 ipmctl-debugsource-01.00.00.3394-3.5.1 ipmctl-monitor-01.00.00.3394-3.5.1 ipmctl-monitor-debuginfo-01.00.00.3394-3.5.1 References: https://bugzilla.suse.com/1091108 https://bugzilla.suse.com/1111020 https://bugzilla.suse.com/1116404 From sle-updates at lists.suse.com Wed Feb 13 10:14:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:14:21 +0100 (CET) Subject: SUSE-RU-2019:0367-1: moderate: Recommended update for wireless-regdb Message-ID: <20190213171421.65C17FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for wireless-regdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0367-1 Rating: moderate References: #1121466 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wireless-regdb provides the following fixes: - Changes in version 2018.10.24 (bsc#1121466): * Remove dependency to python attr. * Sync DE with ETSI EN 301 893 V2.1.1. * Sync FR with ETSI EN 301 893 V2.1.1. - Changes in version 2018.09.07: * Update source of info for CU and ES. * Update regulatory rules for Switzerland (CH), and Liechtenstein. * Update regulatory rules for Finland (FI) on 5GHz (SRD devices). * Update rules for Hungary (HU) on 2.4/5/60G, 5725-5875MHz. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-367=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-367=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-367=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-367=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-367=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-367=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-367=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-367=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-367=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-367=1 Package List: - SUSE OpenStack Cloud 7 (noarch): wireless-regdb-2018.10.24-4.15.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): wireless-regdb-2018.10.24-4.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): wireless-regdb-2018.10.24-4.15.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): wireless-regdb-2018.10.24-4.15.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): wireless-regdb-2018.10.24-4.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): wireless-regdb-2018.10.24-4.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): wireless-regdb-2018.10.24-4.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): wireless-regdb-2018.10.24-4.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): wireless-regdb-2018.10.24-4.15.1 - SUSE Enterprise Storage 4 (noarch): wireless-regdb-2018.10.24-4.15.1 References: https://bugzilla.suse.com/1121466 From sle-updates at lists.suse.com Wed Feb 13 10:14:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:14:54 +0100 (CET) Subject: SUSE-RU-2019:0364-1: moderate: Recommended update for ipset Message-ID: <20190213171454.D057EFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipset ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0364-1 Rating: moderate References: #1122853 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ipset fixes the following issues: - Fixed parsing service names for ports. Parsing is attempted both for numbers and service names and the temporary stored error message triggered to reset the state parameters about the set [bsc#1122853] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-364=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ipset-6.36-3.3.1 ipset-debuginfo-6.36-3.3.1 ipset-debugsource-6.36-3.3.1 ipset-devel-6.36-3.3.1 libipset11-6.36-3.3.1 libipset11-debuginfo-6.36-3.3.1 References: https://bugzilla.suse.com/1122853 From sle-updates at lists.suse.com Wed Feb 13 10:15:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:15:30 +0100 (CET) Subject: SUSE-RU-2019:0375-1: moderate: Recommended update for boost Message-ID: <20190213171530.4DB5CFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for boost ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0375-1 Rating: moderate References: #1089363 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for boost fixes the following issues: - Fixes build issues caused by the Boost.Context library. (bnc#1089363) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-375=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-375=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-375=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-375=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-375=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-375=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-375=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-375=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libboost_locale1_54_0-1.54.0-26.6.1 libboost_locale1_54_0-debuginfo-1.54.0-26.6.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libboost_filesystem1_54_0-1.54.0-26.6.1 libboost_filesystem1_54_0-debuginfo-1.54.0-26.6.1 libboost_locale1_54_0-1.54.0-26.6.1 libboost_locale1_54_0-debuginfo-1.54.0-26.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): boost-devel-1.54.0-26.6.1 libboost_chrono1_54_0-1.54.0-26.6.1 libboost_filesystem1_54_0-1.54.0-26.6.1 libboost_graph1_54_0-1.54.0-26.6.1 libboost_graph_parallel1_54_0-1.54.0-26.6.1 libboost_locale1_54_0-1.54.0-26.6.1 libboost_log1_54_0-1.54.0-26.6.1 libboost_math1_54_0-1.54.0-26.6.1 libboost_mpi1_54_0-1.54.0-26.6.1 libboost_python1_54_0-1.54.0-26.6.1 libboost_serialization1_54_0-1.54.0-26.6.1 libboost_test1_54_0-1.54.0-26.6.1 libboost_timer1_54_0-1.54.0-26.6.1 libboost_wave1_54_0-1.54.0-26.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): libboost_chrono1_54_0-debuginfo-1.54.0-26.6.1 libboost_filesystem1_54_0-debuginfo-1.54.0-26.6.1 libboost_graph1_54_0-debuginfo-1.54.0-26.6.1 libboost_graph_parallel1_54_0-debuginfo-1.54.0-26.6.1 libboost_locale1_54_0-debuginfo-1.54.0-26.6.1 libboost_log1_54_0-debuginfo-1.54.0-26.6.1 libboost_math1_54_0-debuginfo-1.54.0-26.6.1 libboost_mpi1_54_0-debuginfo-1.54.0-26.6.1 libboost_python1_54_0-debuginfo-1.54.0-26.6.1 libboost_serialization1_54_0-debuginfo-1.54.0-26.6.1 libboost_test1_54_0-debuginfo-1.54.0-26.6.1 libboost_timer1_54_0-debuginfo-1.54.0-26.6.1 libboost_wave1_54_0-debuginfo-1.54.0-26.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le x86_64): libboost_context1_54_0-1.54.0-26.6.1 libboost_context1_54_0-debuginfo-1.54.0-26.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): boost-devel-1.54.0-26.6.1 libboost_chrono1_54_0-1.54.0-26.6.1 libboost_filesystem1_54_0-1.54.0-26.6.1 libboost_graph1_54_0-1.54.0-26.6.1 libboost_graph_parallel1_54_0-1.54.0-26.6.1 libboost_locale1_54_0-1.54.0-26.6.1 libboost_log1_54_0-1.54.0-26.6.1 libboost_math1_54_0-1.54.0-26.6.1 libboost_mpi1_54_0-1.54.0-26.6.1 libboost_python1_54_0-1.54.0-26.6.1 libboost_serialization1_54_0-1.54.0-26.6.1 libboost_test1_54_0-1.54.0-26.6.1 libboost_timer1_54_0-1.54.0-26.6.1 libboost_wave1_54_0-1.54.0-26.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): libboost_chrono1_54_0-debuginfo-1.54.0-26.6.1 libboost_filesystem1_54_0-debuginfo-1.54.0-26.6.1 libboost_graph1_54_0-debuginfo-1.54.0-26.6.1 libboost_graph_parallel1_54_0-debuginfo-1.54.0-26.6.1 libboost_locale1_54_0-debuginfo-1.54.0-26.6.1 libboost_log1_54_0-debuginfo-1.54.0-26.6.1 libboost_math1_54_0-debuginfo-1.54.0-26.6.1 libboost_mpi1_54_0-debuginfo-1.54.0-26.6.1 libboost_python1_54_0-debuginfo-1.54.0-26.6.1 libboost_serialization1_54_0-debuginfo-1.54.0-26.6.1 libboost_test1_54_0-debuginfo-1.54.0-26.6.1 libboost_timer1_54_0-debuginfo-1.54.0-26.6.1 libboost_wave1_54_0-debuginfo-1.54.0-26.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le x86_64): libboost_context1_54_0-1.54.0-26.6.1 libboost_context1_54_0-debuginfo-1.54.0-26.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libboost_atomic1_54_0-1.54.0-26.6.1 libboost_date_time1_54_0-1.54.0-26.6.1 libboost_filesystem1_54_0-1.54.0-26.6.1 libboost_iostreams1_54_0-1.54.0-26.6.1 libboost_program_options1_54_0-1.54.0-26.6.1 libboost_random1_54_0-1.54.0-26.6.1 libboost_regex1_54_0-1.54.0-26.6.1 libboost_signals1_54_0-1.54.0-26.6.1 libboost_system1_54_0-1.54.0-26.6.1 libboost_thread1_54_0-1.54.0-26.6.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): libboost_atomic1_54_0-debuginfo-1.54.0-26.6.1 libboost_date_time1_54_0-debuginfo-1.54.0-26.6.1 libboost_filesystem1_54_0-debuginfo-1.54.0-26.6.1 libboost_iostreams1_54_0-debuginfo-1.54.0-26.6.1 libboost_program_options1_54_0-debuginfo-1.54.0-26.6.1 libboost_random1_54_0-debuginfo-1.54.0-26.6.1 libboost_regex1_54_0-debuginfo-1.54.0-26.6.1 libboost_signals1_54_0-debuginfo-1.54.0-26.6.1 libboost_system1_54_0-debuginfo-1.54.0-26.6.1 libboost_thread1_54_0-debuginfo-1.54.0-26.6.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): boost-license1_54_0-1.54.0-26.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libboost_atomic1_54_0-1.54.0-26.6.1 libboost_date_time1_54_0-1.54.0-26.6.1 libboost_iostreams1_54_0-1.54.0-26.6.1 libboost_program_options1_54_0-1.54.0-26.6.1 libboost_random1_54_0-1.54.0-26.6.1 libboost_regex1_54_0-1.54.0-26.6.1 libboost_signals1_54_0-1.54.0-26.6.1 libboost_system1_54_0-1.54.0-26.6.1 libboost_thread1_54_0-1.54.0-26.6.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): libboost_atomic1_54_0-debuginfo-1.54.0-26.6.1 libboost_date_time1_54_0-debuginfo-1.54.0-26.6.1 libboost_iostreams1_54_0-debuginfo-1.54.0-26.6.1 libboost_program_options1_54_0-debuginfo-1.54.0-26.6.1 libboost_random1_54_0-debuginfo-1.54.0-26.6.1 libboost_regex1_54_0-debuginfo-1.54.0-26.6.1 libboost_signals1_54_0-debuginfo-1.54.0-26.6.1 libboost_system1_54_0-debuginfo-1.54.0-26.6.1 libboost_thread1_54_0-debuginfo-1.54.0-26.6.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): boost-license1_54_0-1.54.0-26.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libboost_atomic1_54_0-1.54.0-26.6.1 libboost_atomic1_54_0-debuginfo-1.54.0-26.6.1 libboost_date_time1_54_0-1.54.0-26.6.1 libboost_date_time1_54_0-debuginfo-1.54.0-26.6.1 libboost_filesystem1_54_0-1.54.0-26.6.1 libboost_filesystem1_54_0-debuginfo-1.54.0-26.6.1 libboost_iostreams1_54_0-1.54.0-26.6.1 libboost_iostreams1_54_0-debuginfo-1.54.0-26.6.1 libboost_locale1_54_0-1.54.0-26.6.1 libboost_locale1_54_0-debuginfo-1.54.0-26.6.1 libboost_program_options1_54_0-1.54.0-26.6.1 libboost_program_options1_54_0-debuginfo-1.54.0-26.6.1 libboost_random1_54_0-1.54.0-26.6.1 libboost_random1_54_0-debuginfo-1.54.0-26.6.1 libboost_regex1_54_0-1.54.0-26.6.1 libboost_regex1_54_0-debuginfo-1.54.0-26.6.1 libboost_signals1_54_0-1.54.0-26.6.1 libboost_signals1_54_0-debuginfo-1.54.0-26.6.1 libboost_system1_54_0-1.54.0-26.6.1 libboost_system1_54_0-debuginfo-1.54.0-26.6.1 libboost_thread1_54_0-1.54.0-26.6.1 libboost_thread1_54_0-debuginfo-1.54.0-26.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): boost-license1_54_0-1.54.0-26.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libboost_atomic1_54_0-1.54.0-26.6.1 libboost_atomic1_54_0-debuginfo-1.54.0-26.6.1 libboost_date_time1_54_0-1.54.0-26.6.1 libboost_date_time1_54_0-debuginfo-1.54.0-26.6.1 libboost_filesystem1_54_0-1.54.0-26.6.1 libboost_filesystem1_54_0-debuginfo-1.54.0-26.6.1 libboost_iostreams1_54_0-1.54.0-26.6.1 libboost_iostreams1_54_0-debuginfo-1.54.0-26.6.1 libboost_locale1_54_0-1.54.0-26.6.1 libboost_locale1_54_0-debuginfo-1.54.0-26.6.1 libboost_program_options1_54_0-1.54.0-26.6.1 libboost_program_options1_54_0-debuginfo-1.54.0-26.6.1 libboost_random1_54_0-1.54.0-26.6.1 libboost_random1_54_0-debuginfo-1.54.0-26.6.1 libboost_regex1_54_0-1.54.0-26.6.1 libboost_regex1_54_0-debuginfo-1.54.0-26.6.1 libboost_signals1_54_0-1.54.0-26.6.1 libboost_signals1_54_0-debuginfo-1.54.0-26.6.1 libboost_system1_54_0-1.54.0-26.6.1 libboost_system1_54_0-debuginfo-1.54.0-26.6.1 libboost_thread1_54_0-1.54.0-26.6.1 libboost_thread1_54_0-debuginfo-1.54.0-26.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): boost-license1_54_0-1.54.0-26.6.1 - SUSE CaaS Platform ALL (x86_64): libboost_system1_54_0-1.54.0-26.6.1 libboost_system1_54_0-debuginfo-1.54.0-26.6.1 libboost_thread1_54_0-1.54.0-26.6.1 libboost_thread1_54_0-debuginfo-1.54.0-26.6.1 - SUSE CaaS Platform ALL (noarch): boost-license1_54_0-1.54.0-26.6.1 - SUSE CaaS Platform 3.0 (x86_64): libboost_system1_54_0-1.54.0-26.6.1 libboost_system1_54_0-debuginfo-1.54.0-26.6.1 libboost_thread1_54_0-1.54.0-26.6.1 libboost_thread1_54_0-debuginfo-1.54.0-26.6.1 - SUSE CaaS Platform 3.0 (noarch): boost-license1_54_0-1.54.0-26.6.1 References: https://bugzilla.suse.com/1089363 From sle-updates at lists.suse.com Wed Feb 13 10:16:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:16:06 +0100 (CET) Subject: SUSE-RU-2019:0373-1: moderate: Recommended update for post-build-checks Message-ID: <20190213171606.89B47FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for post-build-checks ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0373-1 Rating: moderate References: #1109470 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for post-build-checks fixes the following issues: * Add suse-ignored-rpaths.conf (bsc#1109470) * 50-check-kernel-build-id: - add archs i686 ppc ppc64 s390 armv6l armv7l - regroup checks for image and debuginfo - make arch list a little more robust - Handle i586. Also improve error handling when arch not found. - Change err() to return 0. Only return 1 if we successfully compared the id's and there was a discrepancy. - change file mode to 755 for 50-check-kernel-build-id to match all other checks * make all OBS tex pdf builds reproducible by exporting FORCE_SOURCE_DATE as 1 * check for -fstack-clash-protection instead of -fmessage-length, as that one will be removed from optflags * Add kernel-build-id consistency check * Warnings for core files, no errors yet * QT_HASH_SEED has to be 0 * Mark test as broken due to GCC 8 and fortification. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-373=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (noarch): post-build-checks-84.88+git20181015.ceb5c96-3.4.1 References: https://bugzilla.suse.com/1109470 From sle-updates at lists.suse.com Wed Feb 13 10:16:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:16:37 +0100 (CET) Subject: SUSE-RU-2019:0363-1: moderate: Recommended update for openATTIC Message-ID: <20190213171637.2E43CFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for openATTIC ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0363-1 Rating: moderate References: #1098140 #1118544 #1120383 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openattic to upstream version 3.7.1 includes the following fixes: - Generation of API token for user doesn't work (bsc#1120383) - Pool free space is reported as "NaN undefined free" (bsc#1118544) - openATTIC fails when RGW is configured for 443 (bsc#1098140) - Translation of the openATTIC frontend (fate#323645) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-363=1 Package List: - SUSE Enterprise Storage 5 (noarch): openattic-3.7.1-2.15.2 openattic-debugsource-3.7.1-2.15.2 References: https://bugzilla.suse.com/1098140 https://bugzilla.suse.com/1118544 https://bugzilla.suse.com/1120383 From sle-updates at lists.suse.com Wed Feb 13 10:18:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:18:17 +0100 (CET) Subject: SUSE-RU-2019:0368-1: moderate: Recommended update for build Message-ID: <20190213171817.A5EBCFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for build ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0368-1 Rating: moderate References: #1077145 #1122895 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for build version 20190128 fixes the following issues: - Added initial SLE 15 SP1 config (bsc#1122895) - Fixed picking of right changes file for changelog generation (bsc#1077145) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-368=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-368=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): build-20190128-9.6.1 build-initvm-s390-20190128-9.6.1 build-initvm-x86_64-20190128-9.6.1 build-mkbaselibs-20190128-9.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): build-20190128-9.6.1 build-initvm-s390-20190128-9.6.1 build-initvm-x86_64-20190128-9.6.1 build-mkbaselibs-20190128-9.6.1 References: https://bugzilla.suse.com/1077145 https://bugzilla.suse.com/1122895 From sle-updates at lists.suse.com Wed Feb 13 10:20:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:20:23 +0100 (CET) Subject: SUSE-RU-2019:0374-1: moderate: Recommended update for xrdb Message-ID: <20190213172023.F3FD3FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for xrdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0374-1 Rating: moderate References: #1120004 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xrdb fixes the following issues: - Now no warnings will be shown when parsing valid comments. (bsc#1120004) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-374=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): xrdb-1.1.0-3.4.1 xrdb-debuginfo-1.1.0-3.4.1 xrdb-debugsource-1.1.0-3.4.1 References: https://bugzilla.suse.com/1120004 From sle-updates at lists.suse.com Wed Feb 13 13:10:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 21:10:44 +0100 (CET) Subject: SUSE-SU-2019:0385-1: important: Security update for docker-runc Message-ID: <20190213201044.BD028FE02@maintenance.suse.de> SUSE Security Update: Security update for docker-runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0385-1 Rating: important References: #1121967 Cross-References: CVE-2019-5736 Affected Products: SUSE OpenStack Cloud 6-LTSS SUSE Linux Enterprise Module for Containers 12 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for docker-runc fixes the following issues: Security issue fixed: - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6-LTSS: zypper in -t patch SUSE-OpenStack-Cloud-6-LTSS-2019-385=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-385=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-385=1 Package List: - SUSE OpenStack Cloud 6-LTSS (x86_64): docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-1.9.1 - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-1.9.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-1.9.1 References: https://www.suse.com/security/cve/CVE-2019-5736.html https://bugzilla.suse.com/1121967 From sle-updates at lists.suse.com Wed Feb 13 13:11:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 21:11:19 +0100 (CET) Subject: SUSE-RU-2019:0384-1: moderate: Recommended update for dom4j Message-ID: <20190213201119.37C2BFE02@maintenance.suse.de> SUSE Recommended Update: Recommended update for dom4j ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0384-1 Rating: moderate References: #1123158 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dom4j fixes the following issues: - Fix disabled STAX and datatypes. (bsc#1123158) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-384=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): dom4j-1.6.1-4.6.3 dom4j-demo-1.6.1-4.6.3 dom4j-javadoc-1.6.1-4.6.3 dom4j-manual-1.6.1-4.6.3 References: https://bugzilla.suse.com/1123158 From sle-updates at lists.suse.com Wed Feb 13 13:12:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Feb 2019 21:12:14 +0100 (CET) Subject: SUSE-SU-2019:0356-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) Message-ID: <20190213201214.88053FE02@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0356-1 Rating: important References: #1119947 Cross-References: CVE-2018-16884 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.74-60_64_104 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-353=1 SUSE-SLE-SAP-12-SP2-2019-354=1 SUSE-SLE-SAP-12-SP2-2019-355=1 SUSE-SLE-SAP-12-SP2-2019-356=1 SUSE-SLE-SAP-12-SP2-2019-357=1 SUSE-SLE-SAP-12-SP2-2019-358=1 SUSE-SLE-SAP-12-SP2-2019-359=1 SUSE-SLE-SAP-12-SP2-2019-360=1 SUSE-SLE-SAP-12-SP2-2019-361=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-353=1 SUSE-SLE-SERVER-12-SP2-2019-354=1 SUSE-SLE-SERVER-12-SP2-2019-355=1 SUSE-SLE-SERVER-12-SP2-2019-356=1 SUSE-SLE-SERVER-12-SP2-2019-357=1 SUSE-SLE-SERVER-12-SP2-2019-358=1 SUSE-SLE-SERVER-12-SP2-2019-359=1 SUSE-SLE-SERVER-12-SP2-2019-360=1 SUSE-SLE-SERVER-12-SP2-2019-361=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-376=1 SUSE-SLE-SERVER-12-SP1-2019-377=1 SUSE-SLE-SERVER-12-SP1-2019-378=1 SUSE-SLE-SERVER-12-SP1-2019-379=1 SUSE-SLE-SERVER-12-SP1-2019-380=1 SUSE-SLE-SERVER-12-SP1-2019-381=1 SUSE-SLE-SERVER-12-SP1-2019-382=1 SUSE-SLE-SERVER-12-SP1-2019-383=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_95-default-4-2.1 kgraft-patch-4_4_121-92_98-default-3-2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_114-92_64-default-11-2.1 kgraft-patch-4_4_114-92_67-default-11-2.1 kgraft-patch-4_4_120-92_70-default-10-2.1 kgraft-patch-4_4_121-92_73-default-9-2.1 kgraft-patch-4_4_121-92_80-default-9-2.1 kgraft-patch-4_4_121-92_85-default-6-2.1 kgraft-patch-4_4_121-92_92-default-5-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_95-default-4-2.1 kgraft-patch-4_4_121-92_98-default-3-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_114-92_64-default-11-2.1 kgraft-patch-4_4_114-92_67-default-11-2.1 kgraft-patch-4_4_120-92_70-default-10-2.1 kgraft-patch-4_4_121-92_73-default-9-2.1 kgraft-patch-4_4_121-92_80-default-9-2.1 kgraft-patch-4_4_121-92_85-default-6-2.1 kgraft-patch-4_4_121-92_92-default-5-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_104-default-5-2.1 kgraft-patch-3_12_74-60_64_104-xen-5-2.1 kgraft-patch-3_12_74-60_64_107-default-5-2.1 kgraft-patch-3_12_74-60_64_107-xen-5-2.1 kgraft-patch-3_12_74-60_64_82-default-11-2.1 kgraft-patch-3_12_74-60_64_82-xen-11-2.1 kgraft-patch-3_12_74-60_64_85-default-11-2.1 kgraft-patch-3_12_74-60_64_85-xen-11-2.1 kgraft-patch-3_12_74-60_64_88-default-9-2.1 kgraft-patch-3_12_74-60_64_88-xen-9-2.1 kgraft-patch-3_12_74-60_64_93-default-8-2.1 kgraft-patch-3_12_74-60_64_93-xen-8-2.1 kgraft-patch-3_12_74-60_64_96-default-8-2.1 kgraft-patch-3_12_74-60_64_96-xen-8-2.1 kgraft-patch-3_12_74-60_64_99-default-7-2.1 kgraft-patch-3_12_74-60_64_99-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-16884.html https://bugzilla.suse.com/1119947 From sle-updates at lists.suse.com Thu Feb 14 07:10:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 15:10:44 +0100 (CET) Subject: SUSE-RU-2019:0386-1: moderate: Security update for rust Message-ID: <20190214141045.00C59FFD7@maintenance.suse.de> SUSE Recommended Update: Security update for rust ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0386-1 Rating: moderate References: #1100691 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Rust was updated to version 1.31.1. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-386=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-386=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): rust-debuginfo-1.31.1-3.9.2 rust-debugsource-1.31.1-3.9.2 rust-doc-1.31.1-3.9.2 rust-gdb-1.31.1-3.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): rust-src-1.31.1-3.9.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): cargo-1.31.1-3.9.2 cargo-debuginfo-1.31.1-3.9.2 clippy-1.31.1-3.9.2 clippy-debuginfo-1.31.1-3.9.2 rls-1.31.1-3.9.2 rust-1.31.1-3.9.2 rust-analysis-1.31.1-3.9.2 rust-debuginfo-1.31.1-3.9.2 rust-debugsource-1.31.1-3.9.2 rust-gdb-1.31.1-3.9.2 rust-std-static-1.31.1-3.9.2 rustfmt-1.31.1-3.9.2 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): rust-src-1.31.1-3.9.2 References: https://www.suse.com/security/cve/CVE-2018-1000622.html https://bugzilla.suse.com/1100691 From sle-updates at lists.suse.com Thu Feb 14 07:14:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 15:14:47 +0100 (CET) Subject: SUSE-SU-2019:0387-1: moderate: Security update for build Message-ID: <20190214141447.069DCFFD7@maintenance.suse.de> SUSE Security Update: Security update for build ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0387-1 Rating: moderate References: #1069904 #1122895 Cross-References: CVE-2017-14804 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for build version 20190128 fixes the following issues: Security issue fixed: - CVE-2017-14804: Improve file name check extractbuild (bsc#1069904) Non-security issue fixed: - Add initial SLE 15 SP1 config (bsc#1122895) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-387=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-387=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): build-mkdrpms-20190128-3.3.2 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): build-20190128-3.3.2 build-mkbaselibs-20190128-3.3.2 References: https://www.suse.com/security/cve/CVE-2017-14804.html https://bugzilla.suse.com/1069904 https://bugzilla.suse.com/1122895 From sle-updates at lists.suse.com Thu Feb 14 10:09:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:09:38 +0100 (CET) Subject: SUSE-SU-2019:0393-1: moderate: Security update for podofo Message-ID: <20190214170938.17EF7FE74@maintenance.suse.de> SUSE Security Update: Security update for podofo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0393-1 Rating: moderate References: #1027779 #1032020 #1032021 #1032022 #1075021 #1075026 #1075322 #1075772 #1076962 #1096889 #1096890 Cross-References: CVE-2017-6845 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-8054 CVE-2018-11256 CVE-2018-5295 CVE-2018-5296 CVE-2018-5308 CVE-2018-5309 CVE-2018-5783 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for podofo fixes the following issues: These security issues were fixed: - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772) - CVE-2018-5295: Prevent integer overflow in the PdfXRefStreamParserObject::ParseStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075026). - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5309: Prevent integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075322). - CVE-2018-5296: Prevent uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075021). - CVE-2017-7381: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032020). - CVE-2017-7382: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032021). - CVE-2017-7383: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032022). - CVE-2018-11256: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1096889). - CVE-2018-5783: Prevent uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function that allowed remote attackers to cause a denial of service via a crafted pdf file (bsc#1076962). These non-security issues were fixed: - Prevent regression caused by the fix for CVE-2017-8054. - Prevent NULL dereferences when "Kids" array is missing (bsc#1096890) - Added to detect cycles and recursions in XRef tables Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-393=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-393=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-393=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-393=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-393=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-393=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libpodofo0_9_2-0.9.2-3.6.3 libpodofo0_9_2-debuginfo-0.9.2-3.6.3 podofo-debuginfo-0.9.2-3.6.3 podofo-debugsource-0.9.2-3.6.3 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libpodofo0_9_2-0.9.2-3.6.3 libpodofo0_9_2-debuginfo-0.9.2-3.6.3 podofo-debuginfo-0.9.2-3.6.3 podofo-debugsource-0.9.2-3.6.3 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.2-3.6.3 podofo-debuginfo-0.9.2-3.6.3 podofo-debugsource-0.9.2-3.6.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.2-3.6.3 podofo-debuginfo-0.9.2-3.6.3 podofo-debugsource-0.9.2-3.6.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpodofo0_9_2-0.9.2-3.6.3 libpodofo0_9_2-debuginfo-0.9.2-3.6.3 podofo-debuginfo-0.9.2-3.6.3 podofo-debugsource-0.9.2-3.6.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpodofo0_9_2-0.9.2-3.6.3 libpodofo0_9_2-debuginfo-0.9.2-3.6.3 podofo-debuginfo-0.9.2-3.6.3 podofo-debugsource-0.9.2-3.6.3 References: https://www.suse.com/security/cve/CVE-2017-6845.html https://www.suse.com/security/cve/CVE-2017-7381.html https://www.suse.com/security/cve/CVE-2017-7382.html https://www.suse.com/security/cve/CVE-2017-7383.html https://www.suse.com/security/cve/CVE-2017-8054.html https://www.suse.com/security/cve/CVE-2018-11256.html https://www.suse.com/security/cve/CVE-2018-5295.html https://www.suse.com/security/cve/CVE-2018-5296.html https://www.suse.com/security/cve/CVE-2018-5308.html https://www.suse.com/security/cve/CVE-2018-5309.html https://www.suse.com/security/cve/CVE-2018-5783.html https://bugzilla.suse.com/1027779 https://bugzilla.suse.com/1032020 https://bugzilla.suse.com/1032021 https://bugzilla.suse.com/1032022 https://bugzilla.suse.com/1075021 https://bugzilla.suse.com/1075026 https://bugzilla.suse.com/1075322 https://bugzilla.suse.com/1075772 https://bugzilla.suse.com/1076962 https://bugzilla.suse.com/1096889 https://bugzilla.suse.com/1096890 From sle-updates at lists.suse.com Thu Feb 14 10:13:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:13:05 +0100 (CET) Subject: SUSE-SU-2019:0390-1: important: Security update for util-linux Message-ID: <20190214171305.A4FA310015@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0390-1 Rating: important References: #1072947 #1078662 #1080740 #1084300 Cross-References: CVE-2018-7738 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for util-linux fixes the following issues: This non-security issue was fixed: - CVE-2018-7738: bash-completion/umount allowed local users to gain privileges by embedding shell commands in a mountpoint name, which was mishandled during a umount command by a different user (bsc#1084300). These non-security issues were fixed: - Fixed crash loop in lscpu (bsc#1072947). - Fixed possible segfault of umount -a - Fixed mount -a on NFS bind mounts (bsc#1080740). - Fixed lsblk on NVMe (bsc#1078662). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-390=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-390=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-390=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-390=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-390=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-390=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libblkid1-2.28-44.18.18 libblkid1-32bit-2.28-44.18.18 libblkid1-debuginfo-2.28-44.18.18 libblkid1-debuginfo-32bit-2.28-44.18.18 libfdisk1-2.28-44.18.18 libfdisk1-debuginfo-2.28-44.18.18 libmount1-2.28-44.18.18 libmount1-32bit-2.28-44.18.18 libmount1-debuginfo-2.28-44.18.18 libmount1-debuginfo-32bit-2.28-44.18.18 libsmartcols1-2.28-44.18.18 libsmartcols1-debuginfo-2.28-44.18.18 libuuid1-2.28-44.18.18 libuuid1-32bit-2.28-44.18.18 libuuid1-debuginfo-2.28-44.18.18 libuuid1-debuginfo-32bit-2.28-44.18.18 python-libmount-2.28-44.18.38 python-libmount-debuginfo-2.28-44.18.38 python-libmount-debugsource-2.28-44.18.38 util-linux-2.28-44.18.18 util-linux-debuginfo-2.28-44.18.18 util-linux-debugsource-2.28-44.18.18 util-linux-systemd-2.28-44.18.25 util-linux-systemd-debuginfo-2.28-44.18.25 util-linux-systemd-debugsource-2.28-44.18.25 uuidd-2.28-44.18.25 uuidd-debuginfo-2.28-44.18.25 - SUSE OpenStack Cloud 7 (noarch): util-linux-lang-2.28-44.18.18 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libblkid1-2.28-44.18.18 libblkid1-debuginfo-2.28-44.18.18 libfdisk1-2.28-44.18.18 libfdisk1-debuginfo-2.28-44.18.18 libmount1-2.28-44.18.18 libmount1-debuginfo-2.28-44.18.18 libsmartcols1-2.28-44.18.18 libsmartcols1-debuginfo-2.28-44.18.18 libuuid1-2.28-44.18.18 libuuid1-debuginfo-2.28-44.18.18 python-libmount-2.28-44.18.38 python-libmount-debuginfo-2.28-44.18.38 python-libmount-debugsource-2.28-44.18.38 util-linux-2.28-44.18.18 util-linux-debuginfo-2.28-44.18.18 util-linux-debugsource-2.28-44.18.18 util-linux-systemd-2.28-44.18.25 util-linux-systemd-debuginfo-2.28-44.18.25 util-linux-systemd-debugsource-2.28-44.18.25 uuidd-2.28-44.18.25 uuidd-debuginfo-2.28-44.18.25 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libblkid1-32bit-2.28-44.18.18 libblkid1-debuginfo-32bit-2.28-44.18.18 libmount1-32bit-2.28-44.18.18 libmount1-debuginfo-32bit-2.28-44.18.18 libuuid1-32bit-2.28-44.18.18 libuuid1-debuginfo-32bit-2.28-44.18.18 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): util-linux-lang-2.28-44.18.18 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libblkid1-2.28-44.18.18 libblkid1-debuginfo-2.28-44.18.18 libfdisk1-2.28-44.18.18 libfdisk1-debuginfo-2.28-44.18.18 libmount1-2.28-44.18.18 libmount1-debuginfo-2.28-44.18.18 libsmartcols1-2.28-44.18.18 libsmartcols1-debuginfo-2.28-44.18.18 libuuid1-2.28-44.18.18 libuuid1-debuginfo-2.28-44.18.18 python-libmount-2.28-44.18.38 python-libmount-debuginfo-2.28-44.18.38 python-libmount-debugsource-2.28-44.18.38 util-linux-2.28-44.18.18 util-linux-debuginfo-2.28-44.18.18 util-linux-debugsource-2.28-44.18.18 util-linux-systemd-2.28-44.18.25 util-linux-systemd-debuginfo-2.28-44.18.25 util-linux-systemd-debugsource-2.28-44.18.25 uuidd-2.28-44.18.25 uuidd-debuginfo-2.28-44.18.25 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libblkid1-32bit-2.28-44.18.18 libblkid1-debuginfo-32bit-2.28-44.18.18 libmount1-32bit-2.28-44.18.18 libmount1-debuginfo-32bit-2.28-44.18.18 libuuid1-32bit-2.28-44.18.18 libuuid1-debuginfo-32bit-2.28-44.18.18 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): util-linux-lang-2.28-44.18.18 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): util-linux-lang-2.28-44.18.18 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libblkid1-2.28-44.18.18 libblkid1-32bit-2.28-44.18.18 libblkid1-debuginfo-2.28-44.18.18 libblkid1-debuginfo-32bit-2.28-44.18.18 libfdisk1-2.28-44.18.18 libfdisk1-debuginfo-2.28-44.18.18 libmount1-2.28-44.18.18 libmount1-32bit-2.28-44.18.18 libmount1-debuginfo-2.28-44.18.18 libmount1-debuginfo-32bit-2.28-44.18.18 libsmartcols1-2.28-44.18.18 libsmartcols1-debuginfo-2.28-44.18.18 libuuid1-2.28-44.18.18 libuuid1-32bit-2.28-44.18.18 libuuid1-debuginfo-2.28-44.18.18 libuuid1-debuginfo-32bit-2.28-44.18.18 python-libmount-2.28-44.18.38 python-libmount-debuginfo-2.28-44.18.38 python-libmount-debugsource-2.28-44.18.38 util-linux-2.28-44.18.18 util-linux-debuginfo-2.28-44.18.18 util-linux-debugsource-2.28-44.18.18 util-linux-systemd-2.28-44.18.25 util-linux-systemd-debuginfo-2.28-44.18.25 util-linux-systemd-debugsource-2.28-44.18.25 uuidd-2.28-44.18.25 uuidd-debuginfo-2.28-44.18.25 - SUSE Enterprise Storage 4 (x86_64): libblkid1-2.28-44.18.18 libblkid1-32bit-2.28-44.18.18 libblkid1-debuginfo-2.28-44.18.18 libblkid1-debuginfo-32bit-2.28-44.18.18 libfdisk1-2.28-44.18.18 libfdisk1-debuginfo-2.28-44.18.18 libmount1-2.28-44.18.18 libmount1-32bit-2.28-44.18.18 libmount1-debuginfo-2.28-44.18.18 libmount1-debuginfo-32bit-2.28-44.18.18 libsmartcols1-2.28-44.18.18 libsmartcols1-debuginfo-2.28-44.18.18 libuuid1-2.28-44.18.18 libuuid1-32bit-2.28-44.18.18 libuuid1-debuginfo-2.28-44.18.18 libuuid1-debuginfo-32bit-2.28-44.18.18 python-libmount-2.28-44.18.38 python-libmount-debuginfo-2.28-44.18.38 python-libmount-debugsource-2.28-44.18.38 util-linux-2.28-44.18.18 util-linux-debuginfo-2.28-44.18.18 util-linux-debugsource-2.28-44.18.18 util-linux-systemd-2.28-44.18.25 util-linux-systemd-debuginfo-2.28-44.18.25 util-linux-systemd-debugsource-2.28-44.18.25 uuidd-2.28-44.18.25 uuidd-debuginfo-2.28-44.18.25 - SUSE Enterprise Storage 4 (noarch): util-linux-lang-2.28-44.18.18 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libblkid1-2.28-44.18.18 libblkid1-debuginfo-2.28-44.18.18 libfdisk1-2.28-44.18.18 libfdisk1-debuginfo-2.28-44.18.18 libmount1-2.28-44.18.18 libmount1-debuginfo-2.28-44.18.18 libsmartcols1-2.28-44.18.18 libsmartcols1-debuginfo-2.28-44.18.18 libuuid1-2.28-44.18.18 libuuid1-debuginfo-2.28-44.18.18 util-linux-2.28-44.18.18 util-linux-debuginfo-2.28-44.18.18 util-linux-debugsource-2.28-44.18.18 util-linux-systemd-2.28-44.18.25 util-linux-systemd-debuginfo-2.28-44.18.25 util-linux-systemd-debugsource-2.28-44.18.25 References: https://www.suse.com/security/cve/CVE-2018-7738.html https://bugzilla.suse.com/1072947 https://bugzilla.suse.com/1078662 https://bugzilla.suse.com/1080740 https://bugzilla.suse.com/1084300 From sle-updates at lists.suse.com Thu Feb 14 10:14:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:14:07 +0100 (CET) Subject: SUSE-SU-2019:0391-1: moderate: Security update for python-PyKMIP Message-ID: <20190214171407.8E44E10015@maintenance.suse.de> SUSE Security Update: Security update for python-PyKMIP ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0391-1 Rating: moderate References: #1120767 Cross-References: CVE-2018-1000872 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-PyKMIP fixes the following issues: Security issue fixed: - CVE-2018-1000872: Fixed a denial-of-service vulnerability which was caused by exhausting the available sockets. To mitigate the issue server socket timeout was decreased (bsc#1120767). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-391=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-391=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-391=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-PyKMIP-0.6.0-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-PyKMIP-0.6.0-3.3.1 - HPE Helion Openstack 8 (noarch): python-PyKMIP-0.6.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000872.html https://bugzilla.suse.com/1120767 From sle-updates at lists.suse.com Thu Feb 14 10:15:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:15:48 +0100 (CET) Subject: SUSE-RU-2019:0388-1: moderate: Recommended update for additional Python updates Message-ID: <20190214171548.05F3310016@maintenance.suse.de> SUSE Recommended Update: Recommended update for additional Python updates ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0388-1 Rating: moderate References: #1054413 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Manager Server 3.2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Module for Public Cloud 12 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update brings new versions for several python modules, needed for updates for other parts of the python stack, to enable the Python Azure SDK. It also enables and ship various modules as Python3 modules. - python-adal: was updated to 0.5.0 and python 3 enabled. - python-chardet: was updated to 3.0.4 and python 3 enabled. - python-linecache2: new version 1.0.0 as a dependency of unittest2. - python-msrestazure: was updated to 0.4.11 and python 3 enabled. - python-msrest: was updated to 0.4.11 and python 3 enabled. - python-oauthlib: was python 3 enabled. - python-PyJWT: was python 3 enabled. - python-pytest-runner: was updated to 4.2 and python 3 enabled. - python-requests-oauthlib: was python 3 enabled. - python-traceback2: was updated to 1.1.0 and python 3 enabled. - python-unittest2: was updated to 1.1.10 and python 3 enabled. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-388=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-388=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-388=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-388=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-388=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-388=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-388=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-388=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-388=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-oauthlib-0.7.2-3.4.1 - SUSE OpenStack Cloud 8 (noarch): python-oauthlib-0.7.2-3.4.1 - SUSE OpenStack Cloud 7 (noarch): python-PyJWT-1.4.2-3.6.1 python-oauthlib-0.7.2-3.4.1 - SUSE Manager Server 3.2 (noarch): python-PyJWT-1.4.2-3.6.1 python-oauthlib-0.7.2-3.4.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): python-dbus-python-1.2.4-2.3.1 python-dbus-python-debuginfo-1.2.4-2.3.1 python-dbus-python-debugsource-1.2.4-2.3.1 python3-dbus-python-1.2.4-2.3.1 python3-dbus-python-debuginfo-1.2.4-2.3.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-SecretStorage-2.3.1-2.3.1 python-keyring-5.7-8.7.1 python3-SecretStorage-2.3.1-2.3.1 python3-keyring-5.7-8.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): python-dbus-python-1.2.4-2.3.1 python-dbus-python-debuginfo-1.2.4-2.3.1 python-dbus-python-debugsource-1.2.4-2.3.1 python3-dbus-python-1.2.4-2.3.1 python3-dbus-python-debuginfo-1.2.4-2.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-SecretStorage-2.3.1-2.3.1 python-keyring-5.7-8.7.1 python3-SecretStorage-2.3.1-2.3.1 python3-keyring-5.7-8.7.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-PyJWT-1.4.2-3.6.1 python-adal-0.5.0-5.3.1 python-chardet-3.0.4-5.3.2 python-linecache2-1.0.0-2.3.1 python-msrest-0.4.11-5.3.1 python-msrestazure-0.4.11-5.3.10 python-oauthlib-0.7.2-3.4.1 python-requests-oauthlib-0.7.0-5.5.1 python-traceback2-1.4.0-2.3.1 python-unittest2-1.1.0-3.4.1 python3-PyJWT-1.4.2-3.6.1 python3-adal-0.5.0-5.3.1 python3-chardet-3.0.4-5.3.2 python3-linecache2-1.0.0-2.3.1 python3-msrest-0.4.11-5.3.1 python3-msrestazure-0.4.11-5.3.10 python3-oauthlib-0.7.2-3.4.1 python3-requests-oauthlib-0.7.0-5.5.1 python3-traceback2-1.4.0-2.3.1 python3-unittest2-1.1.0-3.4.1 - SUSE CaaS Platform ALL (noarch): python-PyJWT-1.4.2-3.6.1 python-oauthlib-0.7.2-3.4.1 - SUSE CaaS Platform 3.0 (noarch): python-PyJWT-1.4.2-3.6.1 python-oauthlib-0.7.2-3.4.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): python-PyJWT-1.4.2-3.6.1 python-oauthlib-0.7.2-3.4.1 - HPE Helion Openstack 8 (noarch): python-oauthlib-0.7.2-3.4.1 References: https://bugzilla.suse.com/1054413 From sle-updates at lists.suse.com Thu Feb 14 10:16:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:16:51 +0100 (CET) Subject: SUSE-SU-2019:0396-1: important: Security update for python-paramiko Message-ID: <20190214171651.1D92810016@maintenance.suse.de> SUSE Security Update: Security update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0396-1 Rating: important References: #1111151 #1120531 Cross-References: CVE-2018-1000805 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python-paramiko to version 2.2.4 fixes the following issues: Security issue fixed: - CVE-2018-1000805: Fixed an authentication bypass in auth_handler.py (bsc#1111151) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-396=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-396=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-396=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-paramiko-2.2.4-4.3.1 - SUSE OpenStack Cloud 8 (noarch): python-paramiko-2.2.4-4.3.1 - HPE Helion Openstack 8 (noarch): python-paramiko-2.2.4-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000805.html https://bugzilla.suse.com/1111151 https://bugzilla.suse.com/1120531 From sle-updates at lists.suse.com Thu Feb 14 10:17:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:17:32 +0100 (CET) Subject: SUSE-SU-2019:0392-1: important: Security update for couchdb Message-ID: <20190214171732.5311010016@maintenance.suse.de> SUSE Security Update: Security update for couchdb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0392-1 Rating: important References: #1104204 Cross-References: CVE-2018-11769 Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for couchdb fixes the following issues: Security issue fixed: - CVE-2018-11769: Fixed a remote code execution vulnerability by removing the _config route from default.ini (bsc#1104204) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-392=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): couchdb-1.7.2-3.6.1 couchdb-debuginfo-1.7.2-3.6.1 couchdb-debugsource-1.7.2-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-11769.html https://bugzilla.suse.com/1104204 From sle-updates at lists.suse.com Thu Feb 14 10:18:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:18:27 +0100 (CET) Subject: SUSE-RU-2019:0389-1: Recommended update for fio Message-ID: <20190214171827.ECB5610016@maintenance.suse.de> SUSE Recommended Update: Recommended update for fio ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0389-1 Rating: low References: #1117653 #1120052 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update ships "fio" for testing I/O performance. (FATE#326814) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-389=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-389=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): fio-3.10-4.7.1 fio-debuginfo-3.10-4.7.1 fio-debugsource-3.10-4.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): fio-3.10-4.7.1 fio-debuginfo-3.10-4.7.1 fio-debugsource-3.10-4.7.1 References: https://bugzilla.suse.com/1117653 https://bugzilla.suse.com/1120052 From sle-updates at lists.suse.com Thu Feb 14 10:19:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:19:11 +0100 (CET) Subject: SUSE-SU-2019:0395-1: important: Security update for nodejs6 Message-ID: <20190214171911.B089010016@maintenance.suse.de> SUSE Security Update: Security update for nodejs6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0395-1 Rating: important References: #1113534 #1113652 #1117625 #1117626 #1117627 #1117629 #1117630 Cross-References: CVE-2018-0734 CVE-2018-12116 CVE-2018-12120 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123 CVE-2018-5407 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for nodejs6 to version 6.16.0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka "PortSmash") (bsc#1113534) - CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625) - CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626) - CVE-2018-12122: Fixed the "Slowloris" HTTP Denial of Service (bsc#1117627) - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630) - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-395=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-395=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-395=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-395=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): nodejs6-6.16.0-11.21.1 nodejs6-debuginfo-6.16.0-11.21.1 nodejs6-debugsource-6.16.0-11.21.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): nodejs6-6.16.0-11.21.1 nodejs6-debuginfo-6.16.0-11.21.1 nodejs6-debugsource-6.16.0-11.21.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs6-6.16.0-11.21.1 nodejs6-debuginfo-6.16.0-11.21.1 nodejs6-debugsource-6.16.0-11.21.1 nodejs6-devel-6.16.0-11.21.1 npm6-6.16.0-11.21.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs6-docs-6.16.0-11.21.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs6-6.16.0-11.21.1 nodejs6-debuginfo-6.16.0-11.21.1 nodejs6-debugsource-6.16.0-11.21.1 References: https://www.suse.com/security/cve/CVE-2018-0734.html https://www.suse.com/security/cve/CVE-2018-12116.html https://www.suse.com/security/cve/CVE-2018-12120.html https://www.suse.com/security/cve/CVE-2018-12121.html https://www.suse.com/security/cve/CVE-2018-12122.html https://www.suse.com/security/cve/CVE-2018-12123.html https://www.suse.com/security/cve/CVE-2018-5407.html https://bugzilla.suse.com/1113534 https://bugzilla.suse.com/1113652 https://bugzilla.suse.com/1117625 https://bugzilla.suse.com/1117626 https://bugzilla.suse.com/1117627 https://bugzilla.suse.com/1117629 https://bugzilla.suse.com/1117630 From sle-updates at lists.suse.com Thu Feb 14 10:21:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:21:36 +0100 (CET) Subject: SUSE-RU-2019:0397-1: moderate: Recommended update for python-cinderlm Message-ID: <20190214172136.8D28510016@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-cinderlm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0397-1 Rating: moderate References: #1105814 Affected Products: SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-cinderlm fixes the following issues: - Refactor to match swiflm use of ssacli (bsc#1105814) - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike - SCRD-2019 Update version to 0.0.3 and add sdist foo Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-397=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-397=1 Package List: - SUSE OpenStack Cloud 8 (noarch): python-cinderlm-0.0.2+git.1541444073.4d3347c-3.3.1 - HPE Helion Openstack 8 (noarch): python-cinderlm-0.0.2+git.1541444073.4d3347c-3.3.1 References: https://bugzilla.suse.com/1105814 From sle-updates at lists.suse.com Thu Feb 14 10:22:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:22:13 +0100 (CET) Subject: SUSE-SU-2019:0394-1: moderate: Security update for rubygem-loofah Message-ID: <20190214172214.0058F10016@maintenance.suse.de> SUSE Security Update: Security update for rubygem-loofah ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0394-1 Rating: moderate References: #1085967 #1113969 Cross-References: CVE-2018-16468 CVE-2018-8048 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-loofah fixes the following issues: Security issues fixed: - CVE-2018-16468: Fixed XXS by removing the svg animate attribute `from` from the allowlist (bsc#1113969). - CVE-2018-8048: Fixed XSS vulnerability due to unescaped characters by libcxml2 (bsc#1085967). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-394=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-394=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-394=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-loofah-2.0.2-3.5.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-loofah-2.0.2-3.5.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): ruby2.1-rubygem-loofah-2.0.2-3.5.1 References: https://www.suse.com/security/cve/CVE-2018-16468.html https://www.suse.com/security/cve/CVE-2018-8048.html https://bugzilla.suse.com/1085967 https://bugzilla.suse.com/1113969 From sle-updates at lists.suse.com Thu Feb 14 10:22:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:22:53 +0100 (CET) Subject: SUSE-RU-2019:0403-1: moderate: Recommended update for rubygem-chef-expander, rubygem-eventmachine Message-ID: <20190214172253.CD88810016@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef-expander, rubygem-eventmachine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0403-1 Rating: moderate References: Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for rubygem-chef-expander, rubygem-eventmachine fixes the following issues: - Update to 1.2.0.1 which contains the fix to not crash when accepting IPv6 connections. * Fix crash when accepting IPv6 connections due to struct sockaddr_in [#698, #699] - Add a patch to increase the gemspec dependency version of eventmachine to include 1.2.0.1 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-403=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-chef-expander-10.32.2-3.3.1 ruby2.1-rubygem-eventmachine-1.2.0.1-3.3.1 ruby2.1-rubygem-eventmachine-debuginfo-1.2.0.1-3.3.1 rubygem-chef-expander-10.32.2-3.3.1 rubygem-eventmachine-debugsource-1.2.0.1-3.3.1 References: From sle-updates at lists.suse.com Thu Feb 14 10:23:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:23:17 +0100 (CET) Subject: SUSE-RU-2019:0402-1: moderate: Recommended update for ardana packages Message-ID: <20190214172317.1FF2010016@maintenance.suse.de> SUSE Recommended Update: Recommended update for ardana packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0402-1 Rating: moderate References: #1113979 #1116461 #1118336 #1118423 #1118932 #1118967 #1118989 #1119136 #1120681 #1124240 #113979 Affected Products: SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update provides ardana packages fixes for the following issues: ardana-ansible: - The ardana_tar_locations.yml and package-constants.yml files are now part of the ardana/ardana-ansible.git code base at the appropriate path location so there is no need to include them in the RPM packaging anymore. - Install ardana-init from the ardana-init.bash that is now included in the ardana/ardana-ansible.git repo, and exclude the ardana-init.bash file found under the ansible code base. Remove the embedded ardana-init.bash, retrieved from the ardana/ardana.git repo, from the package. - SCRD-5576 Merge ardana-init.bash into ardana-ansible - SCRD-5828 Include RPM packaged files - separate fernet monitoring from keystone reconfigure (bsc#1116461) ardana-cinder: - Avoid reconfiguration during restart (bsc#1118336) ardana-heat: - SCRD-5819 fix heat.conf ardana-keystone: - Separate fernet monitoring from keystone reconfigure (bsc#1116461) - Don't rotate fernet keys if they already exist (bsc#1118423) ardana-mq: - Revert couple epmd.socket with rabbitmq-server (bsc#1118989) - Don't change rabbitmq-env unless follow by restart (bsc#1120681) - Double tap epmd (bsc#1124240) - Configure TLS/SSL for distribution (bsc#1120681) - Couple epmd.socket with rabbitmq-server (bsc#1118989) ardana-nova: - Add ability to not set images_type (bsc#1113979) ardana-ses: - Add the setting for libvirt (bsc#113979) - Removed the test against hostvars (bsc#1118967) - Fix keyring filenames on disk (bsc#1118932) - Fix the setting of cinder cinder-backup keyrings (bsc#1119136) ardana-tempest: - SCRD-6681 Skip serial filter run if no test filters specified - SCRD-6681 Run contentious CI filter tests serially Pass2 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-402=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-402=1 Package List: - SUSE OpenStack Cloud 8 (noarch): ardana-ansible-8.0+git.1545140034.37557c6-3.52.1 ardana-cinder-8.0+git.1545242504.422ed1d-3.30.1 ardana-heat-8.0+git.1544194922.a666365-3.6.1 ardana-keystone-8.0+git.1544725254.b24583e-3.21.1 ardana-mq-8.0+git.1549882721.b2e8873-3.10.1 ardana-nova-8.0+git.1545398948.804be6f-3.20.1 ardana-ses-8.0+git.1545398957.b50f0a0-1.14.1 ardana-tempest-8.0+git.1547057115.840afe5-3.12.1 - HPE Helion Openstack 8 (noarch): ardana-ansible-8.0+git.1545140034.37557c6-3.52.1 ardana-cinder-8.0+git.1545242504.422ed1d-3.30.1 ardana-heat-8.0+git.1544194922.a666365-3.6.1 ardana-keystone-8.0+git.1544725254.b24583e-3.21.1 ardana-mq-8.0+git.1549882721.b2e8873-3.10.1 ardana-nova-8.0+git.1545398948.804be6f-3.20.1 ardana-ses-8.0+git.1545398957.b50f0a0-1.14.1 ardana-tempest-8.0+git.1547057115.840afe5-3.12.1 References: https://bugzilla.suse.com/1113979 https://bugzilla.suse.com/1116461 https://bugzilla.suse.com/1118336 https://bugzilla.suse.com/1118423 https://bugzilla.suse.com/1118932 https://bugzilla.suse.com/1118967 https://bugzilla.suse.com/1118989 https://bugzilla.suse.com/1119136 https://bugzilla.suse.com/1120681 https://bugzilla.suse.com/1124240 https://bugzilla.suse.com/113979 From sle-updates at lists.suse.com Thu Feb 14 10:25:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:25:22 +0100 (CET) Subject: SUSE-RU-2019:0406-1: moderate: Recommended update for crowbar packages Message-ID: <20190214172522.34FB710016@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0406-1 Rating: moderate References: #1085170 #1101154 #1103882 #1104198 #1108336 #1108398 #1114851 #1116686 #1116853 Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for crowbar packages fixes the following issues: crowbar: - Set admin server's platform to suse-12.4 during upgrade to Cloud8 - Add support for 40GbE and 56GbE network interface (bsc#1108336) crowbar-core: - upgrade: Only SIGHUP the main nova processes - upgrade: Error out when "delete-services" helper scripts fail - upgrade: Fix syntax error (missing "done") in script - upgrade: Run nova online migrations after the full upgrade - upgrade: Signal the change to nova services when the upgrade is done - upgrade: Delete nova services that are registered to unknown nodes - upgrade: Refactor excluding upgraded nodes - upgrade: Fail if no nodes can be upgraded - upgrade: Skip already upgraded nodes - travis fix for bundler problems - upgrade: Mention the name of failed node in the error message - upgrade: Reset the current nodes list before new set of nodes - upgrade: restrict the special keystone treatment - upgrade: Do not mark nodes as upgraded before the last action - upgrade: delete "clone_stateless_services_orig" a bit later - upgrade: Handle keystone separately during first node upgrade - upgrade: Keep keystone vhost running on non-upgrade nodes - upgrade: Keep galera and haproxy running during the upgrade - apache: keep vhost config when disabling apache site - upgrade: Increase delayed_job time limit - upgrade: Mark correctly the set of nodes that was selected for upgrade - Revert "upgrade: Deleting cinder services from database no longer needed" - upgrade: Improve handling of zypper prompts (bsc#1116853) - allow skip_unready_nodes for network barclamp - conduits: match base_board.serial_number as well - provisioner: validate format of additional ssh keys section - upgrade: Extend the paralel actions to reboot and crowbar_join - upgrade: In case of retry after failure, skip live migrations - upgrade: Make sure live-migration script is killed if we hit the timeout - upgrade: Introduce parallelism into the upgrade of compute nodes - upgrade: Fix condition for setting clone_stateless value - upgrade: Allow upgrade with monasca agents on compute nodes - crowbar: Do not rewrite the value of 'insecure' if it already exist - upgrade: If pacemaker is used to manage the services, don't use systemctl - upgrade: Add an initial check if there's anything running on a host - ohai: fix path to check for aacraid driver (bsc#1085170 bsc#1103882) - crowbar: move disallow chef restarts out of experimental - Removed experimental.yml because won't be necessary - crowbar: move skip unchanged batches out of experimental - upgrade: Do not start chef-client service from recipe - crowbar: move skip unready nodes out of experimental - Add crowbar.yml file as %config(noreplace) - repos: Fix product name to be SUSE OpenStack Cloud Crowbar for SMT crowbar-ha: - Update travis config to solve bundler dependency - Fix quorum policy doc link (bsc#1104198) - pacemaker: Wait more for cluster to be online crowbar-openstack: - mariadb: Set wsrep_sst_method to mariabackup (bsc#1116686) - upgrade: Do not run nova online-db-migrations from chef - database: Prevent deploying mysql-server role to monasca node - Update travis config to solve bundler dependency - nova-compute: stop installing qemu-kvm - upgrade: limit resetting db_synced for keystone - keystone: Allow to disable keystone vhost - upgrade: avoid keystone db_sync during crowbar_join after upgrade - nova: limit compute RPC version automatically for mixed environments - nova: Use internal glance and neutron endpoints - horizon: Fix SSL CA configuration for apache 2.4 - cinder: Only set up SSL on API nodes - nova/neutron: Restart immediately on keystone changes - keystone: Fix update endpoint for ha (bsc#1114851) - keystone: Refactor keystone_register retry loop - keystone: Fix path in endpoint update loop - keystone: Fix CA cert Apache config - nova: use upstream-recommended start order for services - horizon: load monasca from databag - galera: Install system tables only on the founder node - galera: Use monitoring user for observing wsrep state - ssl: Fix ACL setup in ssl_setup provider - Set a proper ACL for shared certificates (bsc#1101154) - ironic: Use ironic network for provisioning (bsc#1108398) - neutron: disable metering agent if no ceilometer - neutron: Fix "enable_metadata_proxy" setting for DVR setups - rabbitmq: Add list of tags comma separated for extra users - neutron: disable metadata proxy when metadata is forced - Gemfile: Drop crowbar-validate-databags gem version - travis: tests databags - Fix migrations - rabbitmq: change ha-sync-mode to automatic - rabbitmq: disable mirroring for several queues - rabbitmq: allow disabling queue mirroring - rabbitmq: block client port on startup - rabbitmq: Remove address from node attributes - rabbitmq: Remove management_address from node attributes - rabbitmq: Remove addresses from node attributes - rabbitmq: Remove redundant code - keystone: Move redundant code to custom resource - keystone: Reorganize HA/fernet code - nova: Increase HA resources timeout again - neutron: Increase agents_ha_resources timeout again - rabbitmq: configure notification settings also in clustered mode - ceilometer: add validation that notifications are enabled client side - nova: Only emit unversioned notfications - postgresql: Add timestamp prefix to logs crowbar-ui: - upgrade: Fix "Next" button behavior - upgrade: Add admin repochecks error title - upgrade: Add wrong_sql_engine error title Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-406=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): crowbar-5.0+git.1548257663.294324f9-3.6.1 crowbar-devel-5.0+git.1548257663.294324f9-3.6.1 crowbar-ha-5.0+git.1546543068.c40ae43-3.11.1 crowbar-openstack-5.0+git.1546859398.741661c54-4.16.1 crowbar-ui-1.2.0+git.1547500033.d0fb2bf2-3.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1548227589.9502869de-3.14.1 crowbar-core-branding-upstream-5.0+git.1548227589.9502869de-3.14.1 References: https://bugzilla.suse.com/1085170 https://bugzilla.suse.com/1101154 https://bugzilla.suse.com/1103882 https://bugzilla.suse.com/1104198 https://bugzilla.suse.com/1108336 https://bugzilla.suse.com/1108398 https://bugzilla.suse.com/1114851 https://bugzilla.suse.com/1116686 https://bugzilla.suse.com/1116853 From sle-updates at lists.suse.com Thu Feb 14 10:27:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:27:09 +0100 (CET) Subject: SUSE-RU-2019:0404-1: moderate: Recommended update for python-ovs packages Message-ID: <20190214172709.D3D8310016@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ovs packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0404-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-ovs, python-ovsdbapp fixes the following issues: python-ovsdbapp: - Improve DbListCommand operation from O(n^2) to O(n) python-ovs: - build against openvswitch-devel to enable the c extensions Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-404=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-404=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-404=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-ovsdbapp-0.4.3-3.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-ovs-2.7.0-3.3.1 - SUSE OpenStack Cloud 8 (x86_64): python-ovs-2.7.0-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-ovsdbapp-0.4.3-3.3.1 - HPE Helion Openstack 8 (noarch): python-ovsdbapp-0.4.3-3.3.1 - HPE Helion Openstack 8 (x86_64): python-ovs-2.7.0-3.3.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Thu Feb 14 10:27:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:27:40 +0100 (CET) Subject: SUSE-RU-2019:0400-1: moderate: Recommended update for python-ldappool Message-ID: <20190214172740.77BD610016@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ldappool ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0400-1 Rating: moderate References: #1119748 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-ldappool fixes the following issues: - update to 2.1.0 (bsc#1119748) * Updated from global requirements * Don't call start\_tls\_s() twice * [Fix gate]Update test requirement * Add Constraints support * update README to reflect actual ldap dependency * Expose SERVER\_DOWN if connection fails Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-400=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-400=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-400=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-ldappool-2.1.0-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-ldappool-2.1.0-3.3.1 - HPE Helion Openstack 8 (noarch): python-ldappool-2.1.0-3.3.1 References: https://bugzilla.suse.com/1119748 From sle-updates at lists.suse.com Thu Feb 14 10:28:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:28:11 +0100 (CET) Subject: SUSE-RU-2019:13959-1: moderate: Recommended update for build Message-ID: <20190214172811.0AA0210016@maintenance.suse.de> SUSE Recommended Update: Recommended update for build ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13959-1 Rating: moderate References: #1077145 #1122895 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for build version 20190128 fixes the following issues: - Fixed picking of right changes file for changelog generation (bsc#1077145) - Added initial SLE 15 SP1 config (bsc#1122895) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-build-13959=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): build-20190128-8.10.1 References: https://bugzilla.suse.com/1077145 https://bugzilla.suse.com/1122895 From sle-updates at lists.suse.com Thu Feb 14 10:28:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:28:47 +0100 (CET) Subject: SUSE-RU-2019:0411-1: moderate: Recommended update for python packages Message-ID: <20190214172847.A76C210016@maintenance.suse.de> SUSE Recommended Update: Recommended update for python packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0411-1 Rating: moderate References: #1115904 #1123054 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python fixes the following issues: python-amqp: - Add patch Always-treat-SSLError-timeouts-as-socket-timeouts-24. (bsc#1115904) - Add fdupes to specfile - Sending empty messages no longer hangs. Instead an empty message is sent correctly. (bsc#1123054) - Fixed compatibility issues in UTF-8 encoding behavior between Py2/Py3 - Fix implicit conversion from bytes to string on the connection object. (Issue #155) This issue has caused Celery to crash on connection to RabbitMQ. - Fix random delays in task execution. This is a bug that caused performance issues due to polling timeouts that occur when receiving incomplete AMQP frames. - Calling "conn.collect()" multiple times will no longer raise an "AttributeError" when no channels exist. - Fix compatibility code for Python 2.7.6. - When running in Windows, py-amqp will no longer use the unsupported TCP option TCP_MAXSEG. - Added support for setting the SNI hostname header. The SSL protocol version is now set to SSLv23 - Authentication mechanisms were refactored to be more modular. GSSAPI authentication is now supported. - Do not reconnect on collect. python-kombu: - RabbitMQ: Ensured safer encoding of queue arguments. - Added fallback to :func:``uuid.uuid5`` in :func:``generate_oid`` if - Added Python 3.6 to CI testing - Fixed bug around modifying dictionary size while iterating over it Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-411=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-411=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-411=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-amqp-2.2.2-3.3.1 python-kombu-4.1.0-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-amqp-2.2.2-3.3.1 python-kombu-4.1.0-3.3.1 - HPE Helion Openstack 8 (noarch): python-amqp-2.2.2-3.3.1 python-kombu-4.1.0-3.3.1 References: https://bugzilla.suse.com/1115904 https://bugzilla.suse.com/1123054 From sle-updates at lists.suse.com Thu Feb 14 10:29:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:29:29 +0100 (CET) Subject: SUSE-RU-2019:0405-1: moderate: Recommended update for release-notes-suse-openstack-cloud Message-ID: <20190214172929.69BD510016@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0405-1 Rating: moderate References: #1108938 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-suse-openstack-cloud fixes the following issues: - Reword open source phrases, add SSACLI download information (bsc#1108938) - Add note about open source only (bsc#1108938) - Add open source and SSACLI information - Add EC2 deprecation notice Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-405=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-405=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-405=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): release-notes-suse-openstack-cloud-8.20181101-3.14.1 - SUSE OpenStack Cloud 8 (noarch): release-notes-suse-openstack-cloud-8.20181101-3.14.1 - HPE Helion Openstack 8 (noarch): release-notes-hpe-helion-openstack-8.20181101-3.14.1 References: https://bugzilla.suse.com/1108938 From sle-updates at lists.suse.com Thu Feb 14 10:30:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:30:01 +0100 (CET) Subject: SUSE-RU-2019:0409-1: moderate: Recommended update for python-oslo packages Message-ID: <20190214173001.7158810016@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-oslo packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0409-1 Rating: moderate References: #1109756 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-oslo packages fixes the following issues: python-oslo.messaging: - Do not access the connection's socket during error callback - Avoid reconnect to the same AMQP server while trying to error handle the original server error (bsc#1109756) - Avoid logging passwords on connection events - import zuul job settings from project-config - Suppress excessive debug logs when consume rabbit - Revert "rabbit: Don't prefetch when batch\_size is set" - Use stable branch for upper constraints - Create doc/requirements.txt - Avoid tox\_install.sh for constraints support python-oslo.policy: - Fix sphinx-docs job for stable branch - Avoid redundant policy syntax checks python-oslo.utils - Fix sphinx-docs job for stable branch - Add private_key to the list of sanitized keys python-oslo.versionedobjects: - Use stable branch for upper constraints - Fixing UUID coerce function for unicode non uuid form - Don't force unicode strings for UUID coercion - Avoid tox_install.sh for constraints support - Follow the new PTI for document build Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-409=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-409=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-409=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-oslo.messaging-5.30.7-3.5.1 python-oslo.policy-1.25.3-3.3.1 python-oslo.utils-3.28.3-3.3.1 python-oslo.versionedobjects-1.26.2-3.3.2 - SUSE OpenStack Cloud 8 (noarch): python-oslo.messaging-5.30.7-3.5.1 python-oslo.policy-1.25.3-3.3.1 python-oslo.utils-3.28.3-3.3.1 python-oslo.versionedobjects-1.26.2-3.3.2 - HPE Helion Openstack 8 (noarch): python-oslo.messaging-5.30.7-3.5.1 python-oslo.policy-1.25.3-3.3.1 python-oslo.utils-3.28.3-3.3.1 python-oslo.versionedobjects-1.26.2-3.3.2 References: https://bugzilla.suse.com/1109756 From sle-updates at lists.suse.com Thu Feb 14 10:30:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:30:34 +0100 (CET) Subject: SUSE-RU-2019:0399-1: moderate: Recommended update for aws-cli, python-boto3, python-botocore Message-ID: <20190214173034.476DA10016@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-cli, python-boto3, python-botocore ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0399-1 Rating: moderate References: #1118024 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Module for Public Cloud 12 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aws-cli, python-boto3, python-botocore fixes the following issues: - Update aws-cli to version 1.16.61 (bsc#1118024) - Update python-botocore to version 1.12.57 (bsc#1118024) - Update python-boto3 to version 1.9.57 (bsc#1118024) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-399=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-399=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-399=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-399=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): aws-cli-1.16.61-22.3.1 python-botocore-1.12.57-28.6.1 - SUSE OpenStack Cloud 8 (noarch): aws-cli-1.16.61-22.3.1 python-botocore-1.12.57-28.6.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): aws-cli-1.16.61-22.3.1 python-boto3-1.9.57-14.3.1 python-botocore-1.12.57-28.6.1 - HPE Helion Openstack 8 (noarch): aws-cli-1.16.61-22.3.1 python-botocore-1.12.57-28.6.1 References: https://bugzilla.suse.com/1118024 From sle-updates at lists.suse.com Thu Feb 14 10:31:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:31:06 +0100 (CET) Subject: SUSE-RU-2019:0410-1: moderate: Recommended update for openstack packages Message-ID: <20190214173106.54F2E10016@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0410-1 Rating: moderate References: #1103759 #1106361 #1110331 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides the fixes for openstack packages for the following issues: openstack-aodh: - import zuul job settings from project-config openstack-barbican: - import zuul job settings from project-config - Remove tripleo newton and ocata jobs (pike branch) openstack-ceilometer: - import zuul job settings from project-config - Remove tripleo newton and ocata jobs (pike branch) openstack-cinder: - import zuul job settings from project-config - Use kafka extras for oslo.messaging - import zuul job settings from project-config - Use kafka extras for oslo.messaging - import zuul job settings from project-config - Unity: Enable ssl verification - Consume quota when importing backup resource - RBD: get provisioned capacity using same connection - Handle rbd.OSError on broken RBD image - Update unity tests to use our test base - VMAX Pike docs - no support for PowerMax OS - Avoid use of deprecated commands in lenovo driver - Added mount fstype based validation of Quobyte mounts - Fix image volume cache max size and max count limits - Storwize: self assign the SCSI lun id for volume attaching - RBD: Don't query Ceph on stats for exclusive pools - NetApp SolidFire: Fix CG snapshot deletion - NetApp SolidFire: Fix force\_detach - VMAX Driver - Initiator retrieval short hostname fix - Unity: Enable ssl verification - Consume quota when importing backup resource - RBD: get provisioned capacity using same connection - Handle rbd.OSError on broken RBD image - Update unity tests to use our test base - VMAX Pike docs - no support for PowerMax OS - Avoid use of deprecated commands in lenovo driver - Added mount fstype based validation of Quobyte mounts - Fix image volume cache max size and max count limits - Storwize: self assign the SCSI lun id for volume attaching - RBD: Don't query Ceph on stats for exclusive pools - NetApp SolidFire: Fix CG snapshot deletion - NetApp SolidFire: Fix force\_detach - cinder-volume.service: Raise rlimits significantly to increase stability in ceph/high load cases. Disable cgroup limiting by setting TasksMax to infinity (bsc#1110331) - VMAX Driver - Initiator retrieval short hostname fix openstack-dashboard: - Add enabled check in Backups panel - import zuul job settings from project-config openstack-designate: - Fix servicing IPv6 based TCP connections - Make update\_status use synchronized\_zone - Remove install-guide-jobs - Removing removed bandit plugins to fix gate - import zuul job settings from project-config - correct LOG.warning args in object\_manipulator.py openstack-ec2-api: - Remove tripleo newton and ocata jobs (pike branch) - import zuul job settings from project-config openstack-glance: - Remove use of broken bandit from tests - Avoid restarting a child when terminating - Use new devstack-plugin-ceph job - import zuul job settings from project-config openstack-heat: - Update resource definitions after legacy in-place update - Ignore spurious nested stack locks in convergence - Unit tests: Fix mock errors with too few side effects - Ignore conditions when reparsing ResourceDefinition - Fix .zuul.yaml - import zuul job settings from project-config openstack-heat-templates: - Add an example of OS::Mistral::ExternalResource - Remove docs, deprecated hooks, tests - Update the bugs link to storyboard - Fix the incorrect cirros default password - Use octavia resources for autoscaling example - Migrate the link of bug report button to storyboard - Remove setting of DEVSTACK_GATE_EXERCISES openstack-horizon-plugin-designate-ui: - import zuul job settings from project-config openstack-horizon-plugin-freezer-ui: - import zuul job settings from project-config openstack-horizon-plugin-gbp-ui: - Add 2 more conditions for juju setup while launching the instances openstack-horizon-plugin-ironic-ui: - import zuul job settings from project-config openstack-horizon-plugin-magnum-ui: - Add attributes for cluster to show - import zuul job settings from project-config - Fix horizon dependency from master to stable branch openstack-horizon-plugin-monasca-ui: - Fix the partial missing metrics in Create Alarm Definition flow - import zuul job settings from project-config openstack-horizon-plugin-neutron-fwaas-ui: - Fix gate errors - import zuul job settings from project-config openstack-horizon-plugin-neutron-lbaas-ui: - sni\_container\_refs needed if we want to use sni openstack-horizon-plugin-neutron-vpnaas-ui: - Fix gate errors - import zuul job settings from project-config openstack-horizon-plugin-sahara-ui: - import zuul job settings from project-config openstack-horizon-plugin-trove-ui: - import zuul job settings from project-config openstack-ironic: - Allow disabling instance image cache - Don't fail when node is in CLEANFAIL state - Temporarily mark multinode job non-voting - Remove wrong install-guide-jobs in zuul setup - import zuul job settings from project-config - Fix iDRAC hardware type does not work with UEFI openstack-keystone: - Mapped Groups don't exist breaks WebSSO - LDAP attribute names non-case-sensitive - import zuul job settings from project-config openstack-magnum: - [swarm-mode] Remove --live-restore from Docker daemon options - import zuul job settings from project-config openstack-manila: - Set paramiko logging to DEBUG level - Change ssh\_utils parameter to correctly send keepalive packets - Improve service instance module debug logging - Adjust ssh timeouts - Fix image\_name retrieval in custom-image jobs - remove glusterfs-nfs job from check queue - Use volume\_uuid in \_resize\_share of Quobyte Driver - After run manila tempest the share network residue openstack-murano: - import zuul job settings from project-config openstack-neutron: - DevStack: OVS: Only install kernel-\* packages when needed - DVR: Centralized FloatingIPs are not cleared after migration - Fix connection between 2 dvr routers - Add missing step for ovs deploy guides - Wait to ipv6 forwarding be really changed by L3 agent - Use system protocol assigments for iptables protocol map - Install centralized floating IP nat rules to all ha nodes - iptables-restore wait period cannot be zero - Drop strict-order flag from dnsmasq invocation - Fix iptables metering driver entrypoint - Update metering driver to load interface driver - Add permanent ARP entries for DVR fip/qrouter veth pair - Add capabilities for privsep - Allow Ipv6 addresses for nova\_metadata\_host - dhcp: serializing port delete and network rpc calls - DVR: Avoid address scope rules for dvr\_no\_external agents - Don't uninstall flow tables in setup\_dvr\_flows\_on\_integ\_br - Fix dvr ha router gateway goes wrong host - DVR: Add IPv6 csnat port address correctly - [Functional] Increase test\_timeout for db migration tests - Don't skip DVR port while neutron-openvswitch-agent is restared - DVR: Fix mac format for backward compatibility with vsctl api - Fix corner case in failure assigning MAC to SR-IOV NIC - Revert "DVR: Fix allowed\_address\_pair IP, ARP table update by neutron agent" - Do not install centralized FIP if HA port is down - Revert "DVR: Inter Tenant Traffic between networks not possible with shared net" - DVR-HA: Configure extra routes on router namespace in dvr\_snat node - [Functional] Increase test\_timeout for db migration tests - Fix bash cmd used in scenario trunk tests - Add iptables metadata marking rule on router init - Revert "DVR: Add error handling for get\_network\_info\_for\_id rpc call" openstack-neutron-vpnaas: - test: Register L3 option in L3 ext tests openstack-nova: - libvirt: Use os.stat and os.path.getsize for RAW disk inspection - libvirt: Reduce calls to qemu-img during update\_available\_resource - Add secret=true to fixed\_key configuration parameter - Make supports\_direct\_io work on 4096b sector size - compute: Ensure pre-migrating instances are destroyed during init\_host - Add regression test for bug #1764883 - Update docs for \_destroy\_evacuated\_instances - Fix NoneType error in \_notify\_volume\_usage\_detach (bsc#1106361) - Handle HostMappingNotFound when deleting a compute service - Make scheduler.utils.setup\_instance\_group query all cells - Add functional test for affinity with multiple cells - Fix the request context in ServiceFixture - Consider hostdev devices when building metadata - Refactor \_build\_device\_metadata - Enforce case-sensitive hostnames in aggregate host add - Revert "Make host\_aggregate\_map dictionary case-insensitive" - Handle volume API failure in \_post\_live\_migration - Fix service list for disabled compute using MC driver - Update RequestSpec.flavor on resize\_revert - nova-manage - fix online\_data\_migrations counts - nova-status - don't count deleted compute\_nodes - Filter deleted computes from get\_all\_by\_uuids() - Follow devstack-plugin-ceph job rename - Fix nova-status "\_check\_resource\_providers" check - Fix host validity check for live-migration - Fix unit test modifying global state - Use ironic-tempest-dsvm-ipa-wholedisk-bios-agent\_ipmitool-tinyipa in tree openstack-octavia: - Stop Logging Amphora Cert openstack-sahara: - Import the legacy grenade sahara job - Correct Hbase ports in Ambari plugin - Fixing anti-affinity for Sahara - import zuul job settings from project-config openstack-swift: - set the permissions on dispersion.conf in openstack-swift.conf so that it is owned by swift:swift instead of root:root (bsc#1103759) openstack-trove: - import zuul job settings from project-config openstack-zaqar: - import zuul job settings from project-config Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-410=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-410=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-410=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): grafana-monasca-ui-drilldown-1.8.1~dev36-3.6.1 openstack-aodh-5.1.1~dev6-3.8.1 openstack-aodh-api-5.1.1~dev6-3.8.1 openstack-aodh-doc-5.1.1~dev6-3.8.1 openstack-aodh-evaluator-5.1.1~dev6-3.8.1 openstack-aodh-expirer-5.1.1~dev6-3.8.1 openstack-aodh-listener-5.1.1~dev6-3.8.1 openstack-aodh-notifier-5.1.1~dev6-3.8.1 openstack-barbican-5.0.2~dev2-3.11.1 openstack-barbican-api-5.0.2~dev2-3.11.1 openstack-barbican-doc-5.0.2~dev2-3.11.1 openstack-barbican-keystone-listener-5.0.2~dev2-3.11.1 openstack-barbican-retry-5.0.2~dev2-3.11.1 openstack-barbican-worker-5.0.2~dev2-3.11.1 openstack-ceilometer-9.0.7~dev2-3.6.1 openstack-ceilometer-agent-central-9.0.7~dev2-3.6.1 openstack-ceilometer-agent-compute-9.0.7~dev2-3.6.1 openstack-ceilometer-agent-ipmi-9.0.7~dev2-3.6.1 openstack-ceilometer-agent-notification-9.0.7~dev2-3.6.1 openstack-ceilometer-api-9.0.7~dev2-3.6.1 openstack-ceilometer-collector-9.0.7~dev2-3.6.1 openstack-ceilometer-doc-9.0.7~dev2-3.6.1 openstack-ceilometer-polling-9.0.7~dev2-3.6.1 openstack-cinder-11.1.2~dev58-3.12.1 openstack-cinder-api-11.1.2~dev58-3.12.1 openstack-cinder-backup-11.1.2~dev58-3.12.1 openstack-cinder-doc-11.1.2~dev58-3.12.1 openstack-cinder-scheduler-11.1.2~dev58-3.12.1 openstack-cinder-volume-11.1.2~dev58-3.12.1 openstack-dashboard-12.0.4~dev3-3.11.1 openstack-designate-5.0.3~dev6-3.8.1 openstack-designate-agent-5.0.3~dev6-3.8.1 openstack-designate-api-5.0.3~dev6-3.8.1 openstack-designate-central-5.0.3~dev6-3.8.1 openstack-designate-doc-5.0.3~dev6-3.8.1 openstack-designate-producer-5.0.3~dev6-3.8.1 openstack-designate-sink-5.0.3~dev6-3.8.1 openstack-designate-worker-5.0.3~dev6-3.8.1 openstack-ec2-api-5.0.1~dev9-4.3.1 openstack-ec2-api-api-5.0.1~dev9-4.3.1 openstack-ec2-api-metadata-5.0.1~dev9-4.3.1 openstack-ec2-api-s3-5.0.1~dev9-4.3.1 openstack-glance-15.0.2~dev9-3.6.1 openstack-glance-api-15.0.2~dev9-3.6.1 openstack-glance-doc-15.0.2~dev9-3.6.1 openstack-glance-registry-15.0.2~dev9-3.6.1 openstack-heat-9.0.6~dev10-3.9.1 openstack-heat-api-9.0.6~dev10-3.9.1 openstack-heat-api-cfn-9.0.6~dev10-3.9.1 openstack-heat-api-cloudwatch-9.0.6~dev10-3.9.1 openstack-heat-doc-9.0.6~dev10-3.9.1 openstack-heat-engine-9.0.6~dev10-3.9.1 openstack-heat-plugin-heat_docker-9.0.6~dev10-3.9.1 openstack-heat-templates-0.0.0+git.1548219325.840692d-3.6.1 openstack-heat-test-9.0.6~dev10-3.9.1 openstack-horizon-plugin-designate-ui-5.0.2~dev6-3.6.1 openstack-horizon-plugin-freezer-ui-5.0.1~dev7-3.6.1 openstack-horizon-plugin-gbp-ui-7.0.1~dev1-4.6.1 openstack-horizon-plugin-ironic-ui-3.0.4~dev1-3.3.1 openstack-horizon-plugin-magnum-ui-3.0.1~dev7-3.3.1 openstack-horizon-plugin-monasca-ui-1.8.1~dev36-3.6.1 openstack-horizon-plugin-neutron-fwaas-ui-1.0.1~dev9-4.3.1 openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.11.1 openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.3.1 openstack-horizon-plugin-sahara-ui-7.0.3~dev2-3.3.1 openstack-horizon-plugin-trove-ui-9.0.1~dev8-3.6.1 openstack-ironic-9.1.7~dev4-3.9.1 openstack-ironic-api-9.1.7~dev4-3.9.1 openstack-ironic-conductor-9.1.7~dev4-3.9.1 openstack-ironic-doc-9.1.7~dev4-3.9.1 openstack-keystone-12.0.2~dev4-5.11.1 openstack-keystone-doc-12.0.2~dev4-5.11.1 openstack-magnum-5.0.2~dev29-4.6.1 openstack-magnum-api-5.0.2~dev29-4.6.1 openstack-magnum-conductor-5.0.2~dev29-4.6.1 openstack-magnum-doc-5.0.2~dev29-4.6.1 openstack-manila-5.0.3~dev10-3.12.1 openstack-manila-api-5.0.3~dev10-3.12.1 openstack-manila-data-5.0.3~dev10-3.12.1 openstack-manila-doc-5.0.3~dev10-3.12.1 openstack-manila-scheduler-5.0.3~dev10-3.12.1 openstack-manila-share-5.0.3~dev10-3.12.1 openstack-murano-4.0.1~dev4-3.3.1 openstack-murano-api-4.0.1~dev4-3.3.1 openstack-murano-doc-4.0.1~dev4-3.3.1 openstack-murano-engine-4.0.1~dev4-3.3.1 openstack-neutron-11.0.7~dev21-3.12.1 openstack-neutron-dhcp-agent-11.0.7~dev21-3.12.1 openstack-neutron-doc-11.0.7~dev21-3.12.1 openstack-neutron-ha-tool-11.0.7~dev21-3.12.1 openstack-neutron-l3-agent-11.0.7~dev21-3.12.1 openstack-neutron-linuxbridge-agent-11.0.7~dev21-3.12.1 openstack-neutron-macvtap-agent-11.0.7~dev21-3.12.1 openstack-neutron-metadata-agent-11.0.7~dev21-3.12.1 openstack-neutron-metering-agent-11.0.7~dev21-3.12.1 openstack-neutron-openvswitch-agent-11.0.7~dev21-3.12.1 openstack-neutron-server-11.0.7~dev21-3.12.1 openstack-neutron-vpn-agent-11.0.1~dev4-3.9.1 openstack-neutron-vpnaas-11.0.1~dev4-3.9.1 openstack-neutron-vpnaas-doc-11.0.1~dev4-3.9.1 openstack-neutron-vyatta-agent-11.0.1~dev4-3.9.1 openstack-nova-16.1.7~dev21-3.14.1 openstack-nova-api-16.1.7~dev21-3.14.1 openstack-nova-cells-16.1.7~dev21-3.14.1 openstack-nova-compute-16.1.7~dev21-3.14.1 openstack-nova-conductor-16.1.7~dev21-3.14.1 openstack-nova-console-16.1.7~dev21-3.14.1 openstack-nova-consoleauth-16.1.7~dev21-3.14.1 openstack-nova-doc-16.1.7~dev21-3.14.1 openstack-nova-novncproxy-16.1.7~dev21-3.14.1 openstack-nova-placement-api-16.1.7~dev21-3.14.1 openstack-nova-scheduler-16.1.7~dev21-3.14.1 openstack-nova-serialproxy-16.1.7~dev21-3.14.1 openstack-nova-vncproxy-16.1.7~dev21-3.14.1 openstack-octavia-1.0.4~dev1-4.12.1 openstack-octavia-amphora-agent-1.0.4~dev1-4.12.1 openstack-octavia-api-1.0.4~dev1-4.12.1 openstack-octavia-health-manager-1.0.4~dev1-4.12.1 openstack-octavia-housekeeping-1.0.4~dev1-4.12.1 openstack-octavia-worker-1.0.4~dev1-4.12.1 openstack-sahara-7.0.3~dev8-3.6.1 openstack-sahara-api-7.0.3~dev8-3.6.1 openstack-sahara-doc-7.0.3~dev8-3.6.1 openstack-sahara-engine-7.0.3~dev8-3.6.1 openstack-swift-2.15.2~dev31-3.3.1 openstack-swift-account-2.15.2~dev31-3.3.1 openstack-swift-container-2.15.2~dev31-3.3.1 openstack-swift-doc-2.15.2~dev31-3.3.1 openstack-swift-object-2.15.2~dev31-3.3.1 openstack-swift-proxy-2.15.2~dev31-3.3.1 openstack-trove-8.0.1~dev12-3.6.1 openstack-trove-api-8.0.1~dev12-3.6.1 openstack-trove-conductor-8.0.1~dev12-3.6.1 openstack-trove-doc-8.0.1~dev12-3.6.1 openstack-trove-guestagent-8.0.1~dev12-3.6.1 openstack-trove-taskmanager-8.0.1~dev12-3.6.1 python-aodh-5.1.1~dev6-3.8.1 python-barbican-5.0.2~dev2-3.11.1 python-ceilometer-9.0.7~dev2-3.6.1 python-cinder-11.1.2~dev58-3.12.1 python-designate-5.0.3~dev6-3.8.1 python-ec2api-5.0.1~dev9-4.3.1 python-glance-15.0.2~dev9-3.6.1 python-heat-9.0.6~dev10-3.9.1 python-horizon-12.0.4~dev3-3.11.1 python-horizon-plugin-designate-ui-5.0.2~dev6-3.6.1 python-horizon-plugin-freezer-ui-5.0.1~dev7-3.6.1 python-horizon-plugin-gbp-ui-7.0.1~dev1-4.6.1 python-horizon-plugin-ironic-ui-3.0.4~dev1-3.3.1 python-horizon-plugin-magnum-ui-3.0.1~dev7-3.3.1 python-horizon-plugin-monasca-ui-1.8.1~dev36-3.6.1 python-horizon-plugin-neutron-fwaas-ui-1.0.1~dev9-4.3.1 python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.11.1 python-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.3.1 python-horizon-plugin-sahara-ui-7.0.3~dev2-3.3.1 python-horizon-plugin-trove-ui-9.0.1~dev8-3.6.1 python-ironic-9.1.7~dev4-3.9.1 python-keystone-12.0.2~dev4-5.11.1 python-magnum-5.0.2~dev29-4.6.1 python-manila-5.0.3~dev10-3.12.1 python-murano-4.0.1~dev4-3.3.1 python-neutron-11.0.7~dev21-3.12.1 python-neutron-vpnaas-11.0.1~dev4-3.9.1 python-nova-16.1.7~dev21-3.14.1 python-octavia-1.0.4~dev1-4.12.1 python-sahara-7.0.3~dev8-3.6.1 python-swift-2.15.2~dev31-3.3.1 python-trove-8.0.1~dev12-3.6.1 - SUSE OpenStack Cloud 8 (noarch): grafana-monasca-ui-drilldown-1.8.1~dev36-3.6.1 openstack-aodh-5.1.1~dev6-3.8.1 openstack-aodh-api-5.1.1~dev6-3.8.1 openstack-aodh-doc-5.1.1~dev6-3.8.1 openstack-aodh-evaluator-5.1.1~dev6-3.8.1 openstack-aodh-expirer-5.1.1~dev6-3.8.1 openstack-aodh-listener-5.1.1~dev6-3.8.1 openstack-aodh-notifier-5.1.1~dev6-3.8.1 openstack-barbican-5.0.2~dev2-3.11.1 openstack-barbican-api-5.0.2~dev2-3.11.1 openstack-barbican-doc-5.0.2~dev2-3.11.1 openstack-barbican-keystone-listener-5.0.2~dev2-3.11.1 openstack-barbican-retry-5.0.2~dev2-3.11.1 openstack-barbican-worker-5.0.2~dev2-3.11.1 openstack-ceilometer-9.0.7~dev2-3.6.1 openstack-ceilometer-agent-central-9.0.7~dev2-3.6.1 openstack-ceilometer-agent-compute-9.0.7~dev2-3.6.1 openstack-ceilometer-agent-ipmi-9.0.7~dev2-3.6.1 openstack-ceilometer-agent-notification-9.0.7~dev2-3.6.1 openstack-ceilometer-api-9.0.7~dev2-3.6.1 openstack-ceilometer-collector-9.0.7~dev2-3.6.1 openstack-ceilometer-doc-9.0.7~dev2-3.6.1 openstack-ceilometer-polling-9.0.7~dev2-3.6.1 openstack-cinder-11.1.2~dev58-3.12.1 openstack-cinder-api-11.1.2~dev58-3.12.1 openstack-cinder-backup-11.1.2~dev58-3.12.1 openstack-cinder-doc-11.1.2~dev58-3.12.1 openstack-cinder-scheduler-11.1.2~dev58-3.12.1 openstack-cinder-volume-11.1.2~dev58-3.12.1 openstack-dashboard-12.0.4~dev3-3.11.1 openstack-designate-5.0.3~dev6-3.8.1 openstack-designate-agent-5.0.3~dev6-3.8.1 openstack-designate-api-5.0.3~dev6-3.8.1 openstack-designate-central-5.0.3~dev6-3.8.1 openstack-designate-doc-5.0.3~dev6-3.8.1 openstack-designate-producer-5.0.3~dev6-3.8.1 openstack-designate-sink-5.0.3~dev6-3.8.1 openstack-designate-worker-5.0.3~dev6-3.8.1 openstack-ec2-api-5.0.1~dev9-4.3.1 openstack-ec2-api-api-5.0.1~dev9-4.3.1 openstack-ec2-api-metadata-5.0.1~dev9-4.3.1 openstack-ec2-api-s3-5.0.1~dev9-4.3.1 openstack-glance-15.0.2~dev9-3.6.1 openstack-glance-api-15.0.2~dev9-3.6.1 openstack-glance-doc-15.0.2~dev9-3.6.1 openstack-glance-registry-15.0.2~dev9-3.6.1 openstack-heat-9.0.6~dev10-3.9.1 openstack-heat-api-9.0.6~dev10-3.9.1 openstack-heat-api-cfn-9.0.6~dev10-3.9.1 openstack-heat-api-cloudwatch-9.0.6~dev10-3.9.1 openstack-heat-doc-9.0.6~dev10-3.9.1 openstack-heat-engine-9.0.6~dev10-3.9.1 openstack-heat-plugin-heat_docker-9.0.6~dev10-3.9.1 openstack-heat-templates-0.0.0+git.1548219325.840692d-3.6.1 openstack-heat-test-9.0.6~dev10-3.9.1 openstack-horizon-plugin-designate-ui-5.0.2~dev6-3.6.1 openstack-horizon-plugin-freezer-ui-5.0.1~dev7-3.6.1 openstack-horizon-plugin-gbp-ui-7.0.1~dev1-4.6.1 openstack-horizon-plugin-ironic-ui-3.0.4~dev1-3.3.1 openstack-horizon-plugin-magnum-ui-3.0.1~dev7-3.3.1 openstack-horizon-plugin-monasca-ui-1.8.1~dev36-3.6.1 openstack-horizon-plugin-neutron-fwaas-ui-1.0.1~dev9-4.3.1 openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.11.1 openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.3.1 openstack-horizon-plugin-sahara-ui-7.0.3~dev2-3.3.1 openstack-horizon-plugin-trove-ui-9.0.1~dev8-3.6.1 openstack-ironic-9.1.7~dev4-3.9.1 openstack-ironic-api-9.1.7~dev4-3.9.1 openstack-ironic-conductor-9.1.7~dev4-3.9.1 openstack-ironic-doc-9.1.7~dev4-3.9.1 openstack-keystone-12.0.2~dev4-5.11.1 openstack-keystone-doc-12.0.2~dev4-5.11.1 openstack-magnum-5.0.2~dev29-4.6.1 openstack-magnum-api-5.0.2~dev29-4.6.1 openstack-magnum-conductor-5.0.2~dev29-4.6.1 openstack-magnum-doc-5.0.2~dev29-4.6.1 openstack-manila-5.0.3~dev10-3.12.1 openstack-manila-api-5.0.3~dev10-3.12.1 openstack-manila-data-5.0.3~dev10-3.12.1 openstack-manila-doc-5.0.3~dev10-3.12.1 openstack-manila-scheduler-5.0.3~dev10-3.12.1 openstack-manila-share-5.0.3~dev10-3.12.1 openstack-murano-4.0.1~dev4-3.3.1 openstack-murano-api-4.0.1~dev4-3.3.1 openstack-murano-doc-4.0.1~dev4-3.3.1 openstack-murano-engine-4.0.1~dev4-3.3.1 openstack-neutron-11.0.7~dev21-3.12.1 openstack-neutron-dhcp-agent-11.0.7~dev21-3.12.1 openstack-neutron-doc-11.0.7~dev21-3.12.1 openstack-neutron-ha-tool-11.0.7~dev21-3.12.1 openstack-neutron-l3-agent-11.0.7~dev21-3.12.1 openstack-neutron-linuxbridge-agent-11.0.7~dev21-3.12.1 openstack-neutron-macvtap-agent-11.0.7~dev21-3.12.1 openstack-neutron-metadata-agent-11.0.7~dev21-3.12.1 openstack-neutron-metering-agent-11.0.7~dev21-3.12.1 openstack-neutron-openvswitch-agent-11.0.7~dev21-3.12.1 openstack-neutron-server-11.0.7~dev21-3.12.1 openstack-neutron-vpn-agent-11.0.1~dev4-3.9.1 openstack-neutron-vpnaas-11.0.1~dev4-3.9.1 openstack-neutron-vpnaas-doc-11.0.1~dev4-3.9.1 openstack-neutron-vyatta-agent-11.0.1~dev4-3.9.1 openstack-nova-16.1.7~dev21-3.14.1 openstack-nova-api-16.1.7~dev21-3.14.1 openstack-nova-cells-16.1.7~dev21-3.14.1 openstack-nova-compute-16.1.7~dev21-3.14.1 openstack-nova-conductor-16.1.7~dev21-3.14.1 openstack-nova-console-16.1.7~dev21-3.14.1 openstack-nova-consoleauth-16.1.7~dev21-3.14.1 openstack-nova-doc-16.1.7~dev21-3.14.1 openstack-nova-novncproxy-16.1.7~dev21-3.14.1 openstack-nova-placement-api-16.1.7~dev21-3.14.1 openstack-nova-scheduler-16.1.7~dev21-3.14.1 openstack-nova-serialproxy-16.1.7~dev21-3.14.1 openstack-nova-vncproxy-16.1.7~dev21-3.14.1 openstack-octavia-1.0.4~dev1-4.12.1 openstack-octavia-amphora-agent-1.0.4~dev1-4.12.1 openstack-octavia-api-1.0.4~dev1-4.12.1 openstack-octavia-health-manager-1.0.4~dev1-4.12.1 openstack-octavia-housekeeping-1.0.4~dev1-4.12.1 openstack-octavia-worker-1.0.4~dev1-4.12.1 openstack-sahara-7.0.3~dev8-3.6.1 openstack-sahara-api-7.0.3~dev8-3.6.1 openstack-sahara-doc-7.0.3~dev8-3.6.1 openstack-sahara-engine-7.0.3~dev8-3.6.1 openstack-swift-2.15.2~dev31-3.3.1 openstack-swift-account-2.15.2~dev31-3.3.1 openstack-swift-container-2.15.2~dev31-3.3.1 openstack-swift-doc-2.15.2~dev31-3.3.1 openstack-swift-object-2.15.2~dev31-3.3.1 openstack-swift-proxy-2.15.2~dev31-3.3.1 openstack-trove-8.0.1~dev12-3.6.1 openstack-trove-api-8.0.1~dev12-3.6.1 openstack-trove-conductor-8.0.1~dev12-3.6.1 openstack-trove-doc-8.0.1~dev12-3.6.1 openstack-trove-guestagent-8.0.1~dev12-3.6.1 openstack-trove-taskmanager-8.0.1~dev12-3.6.1 python-aodh-5.1.1~dev6-3.8.1 python-barbican-5.0.2~dev2-3.11.1 python-ceilometer-9.0.7~dev2-3.6.1 python-cinder-11.1.2~dev58-3.12.1 python-designate-5.0.3~dev6-3.8.1 python-ec2api-5.0.1~dev9-4.3.1 python-glance-15.0.2~dev9-3.6.1 python-heat-9.0.6~dev10-3.9.1 python-horizon-12.0.4~dev3-3.11.1 python-horizon-plugin-designate-ui-5.0.2~dev6-3.6.1 python-horizon-plugin-freezer-ui-5.0.1~dev7-3.6.1 python-horizon-plugin-gbp-ui-7.0.1~dev1-4.6.1 python-horizon-plugin-ironic-ui-3.0.4~dev1-3.3.1 python-horizon-plugin-magnum-ui-3.0.1~dev7-3.3.1 python-horizon-plugin-monasca-ui-1.8.1~dev36-3.6.1 python-horizon-plugin-neutron-fwaas-ui-1.0.1~dev9-4.3.1 python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.11.1 python-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.3.1 python-horizon-plugin-sahara-ui-7.0.3~dev2-3.3.1 python-horizon-plugin-trove-ui-9.0.1~dev8-3.6.1 python-ironic-9.1.7~dev4-3.9.1 python-keystone-12.0.2~dev4-5.11.1 python-magnum-5.0.2~dev29-4.6.1 python-manila-5.0.3~dev10-3.12.1 python-murano-4.0.1~dev4-3.3.1 python-neutron-11.0.7~dev21-3.12.1 python-neutron-vpnaas-11.0.1~dev4-3.9.1 python-nova-16.1.7~dev21-3.14.1 python-octavia-1.0.4~dev1-4.12.1 python-sahara-7.0.3~dev8-3.6.1 python-swift-2.15.2~dev31-3.3.1 python-trove-8.0.1~dev12-3.6.1 venv-openstack-aodh-x86_64-5.0.1-12.9.1 venv-openstack-barbican-x86_64-5.0.1-12.10.1 venv-openstack-ceilometer-x86_64-9.0.2-12.7.1 venv-openstack-cinder-x86_64-11.0.2-14.10.1 venv-openstack-designate-x86_64-5.0.1-12.8.1 venv-openstack-freezer-x86_64-5.0.0-10.5.1 venv-openstack-glance-x86_64-15.0.1-12.8.1 venv-openstack-heat-x86_64-9.0.1-12.10.1 venv-openstack-horizon-x86_64-11.0.2-14.15.1 venv-openstack-ironic-x86_64-9.1.3-12.10.1 venv-openstack-keystone-x86_64-12.0.1-11.10.1 venv-openstack-magnum-x86_64-5.0.2-11.9.1 venv-openstack-manila-x86_64-5.0.2-12.12.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1-8.5.1 venv-openstack-monasca-x86_64-2.2.1-11.7.1 venv-openstack-murano-x86_64-4.0.1-12.5.1 venv-openstack-neutron-x86_64-11.0.2-13.13.1 venv-openstack-nova-x86_64-16.0.3-11.11.1 venv-openstack-octavia-x86_64-1.0.2-12.10.1 venv-openstack-sahara-x86_64-7.0.1-11.9.1 venv-openstack-swift-x86_64-2.15.2-11.5.1 venv-openstack-trove-x86_64-8.0.0.0-11.9.1 - HPE Helion Openstack 8 (noarch): grafana-monasca-ui-drilldown-1.8.1~dev36-3.6.1 openstack-aodh-5.1.1~dev6-3.8.1 openstack-aodh-api-5.1.1~dev6-3.8.1 openstack-aodh-doc-5.1.1~dev6-3.8.1 openstack-aodh-evaluator-5.1.1~dev6-3.8.1 openstack-aodh-expirer-5.1.1~dev6-3.8.1 openstack-aodh-listener-5.1.1~dev6-3.8.1 openstack-aodh-notifier-5.1.1~dev6-3.8.1 openstack-barbican-5.0.2~dev2-3.11.1 openstack-barbican-api-5.0.2~dev2-3.11.1 openstack-barbican-doc-5.0.2~dev2-3.11.1 openstack-barbican-keystone-listener-5.0.2~dev2-3.11.1 openstack-barbican-retry-5.0.2~dev2-3.11.1 openstack-barbican-worker-5.0.2~dev2-3.11.1 openstack-ceilometer-9.0.7~dev2-3.6.1 openstack-ceilometer-agent-central-9.0.7~dev2-3.6.1 openstack-ceilometer-agent-compute-9.0.7~dev2-3.6.1 openstack-ceilometer-agent-ipmi-9.0.7~dev2-3.6.1 openstack-ceilometer-agent-notification-9.0.7~dev2-3.6.1 openstack-ceilometer-api-9.0.7~dev2-3.6.1 openstack-ceilometer-collector-9.0.7~dev2-3.6.1 openstack-ceilometer-doc-9.0.7~dev2-3.6.1 openstack-ceilometer-polling-9.0.7~dev2-3.6.1 openstack-cinder-11.1.2~dev58-3.12.1 openstack-cinder-api-11.1.2~dev58-3.12.1 openstack-cinder-backup-11.1.2~dev58-3.12.1 openstack-cinder-doc-11.1.2~dev58-3.12.1 openstack-cinder-scheduler-11.1.2~dev58-3.12.1 openstack-cinder-volume-11.1.2~dev58-3.12.1 openstack-dashboard-12.0.4~dev3-3.11.1 openstack-designate-5.0.3~dev6-3.8.1 openstack-designate-agent-5.0.3~dev6-3.8.1 openstack-designate-api-5.0.3~dev6-3.8.1 openstack-designate-central-5.0.3~dev6-3.8.1 openstack-designate-doc-5.0.3~dev6-3.8.1 openstack-designate-producer-5.0.3~dev6-3.8.1 openstack-designate-sink-5.0.3~dev6-3.8.1 openstack-designate-worker-5.0.3~dev6-3.8.1 openstack-ec2-api-5.0.1~dev9-4.3.1 openstack-ec2-api-api-5.0.1~dev9-4.3.1 openstack-ec2-api-metadata-5.0.1~dev9-4.3.1 openstack-ec2-api-s3-5.0.1~dev9-4.3.1 openstack-glance-15.0.2~dev9-3.6.1 openstack-glance-api-15.0.2~dev9-3.6.1 openstack-glance-doc-15.0.2~dev9-3.6.1 openstack-glance-registry-15.0.2~dev9-3.6.1 openstack-heat-9.0.6~dev10-3.9.1 openstack-heat-api-9.0.6~dev10-3.9.1 openstack-heat-api-cfn-9.0.6~dev10-3.9.1 openstack-heat-api-cloudwatch-9.0.6~dev10-3.9.1 openstack-heat-doc-9.0.6~dev10-3.9.1 openstack-heat-engine-9.0.6~dev10-3.9.1 openstack-heat-plugin-heat_docker-9.0.6~dev10-3.9.1 openstack-heat-templates-0.0.0+git.1548219325.840692d-3.6.1 openstack-heat-test-9.0.6~dev10-3.9.1 openstack-horizon-plugin-designate-ui-5.0.2~dev6-3.6.1 openstack-horizon-plugin-freezer-ui-5.0.1~dev7-3.6.1 openstack-horizon-plugin-gbp-ui-7.0.1~dev1-4.6.1 openstack-horizon-plugin-ironic-ui-3.0.4~dev1-3.3.1 openstack-horizon-plugin-magnum-ui-3.0.1~dev7-3.3.1 openstack-horizon-plugin-monasca-ui-1.8.1~dev36-3.6.1 openstack-horizon-plugin-neutron-fwaas-ui-1.0.1~dev9-4.3.1 openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.11.1 openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.3.1 openstack-horizon-plugin-sahara-ui-7.0.3~dev2-3.3.1 openstack-horizon-plugin-trove-ui-9.0.1~dev8-3.6.1 openstack-ironic-9.1.7~dev4-3.9.1 openstack-ironic-api-9.1.7~dev4-3.9.1 openstack-ironic-conductor-9.1.7~dev4-3.9.1 openstack-ironic-doc-9.1.7~dev4-3.9.1 openstack-keystone-12.0.2~dev4-5.11.1 openstack-keystone-doc-12.0.2~dev4-5.11.1 openstack-magnum-5.0.2~dev29-4.6.1 openstack-magnum-api-5.0.2~dev29-4.6.1 openstack-magnum-conductor-5.0.2~dev29-4.6.1 openstack-magnum-doc-5.0.2~dev29-4.6.1 openstack-manila-5.0.3~dev10-3.12.1 openstack-manila-api-5.0.3~dev10-3.12.1 openstack-manila-data-5.0.3~dev10-3.12.1 openstack-manila-doc-5.0.3~dev10-3.12.1 openstack-manila-scheduler-5.0.3~dev10-3.12.1 openstack-manila-share-5.0.3~dev10-3.12.1 openstack-murano-4.0.1~dev4-3.3.1 openstack-murano-api-4.0.1~dev4-3.3.1 openstack-murano-doc-4.0.1~dev4-3.3.1 openstack-murano-engine-4.0.1~dev4-3.3.1 openstack-neutron-11.0.7~dev21-3.12.1 openstack-neutron-dhcp-agent-11.0.7~dev21-3.12.1 openstack-neutron-doc-11.0.7~dev21-3.12.1 openstack-neutron-ha-tool-11.0.7~dev21-3.12.1 openstack-neutron-l3-agent-11.0.7~dev21-3.12.1 openstack-neutron-linuxbridge-agent-11.0.7~dev21-3.12.1 openstack-neutron-macvtap-agent-11.0.7~dev21-3.12.1 openstack-neutron-metadata-agent-11.0.7~dev21-3.12.1 openstack-neutron-metering-agent-11.0.7~dev21-3.12.1 openstack-neutron-openvswitch-agent-11.0.7~dev21-3.12.1 openstack-neutron-server-11.0.7~dev21-3.12.1 openstack-neutron-vpn-agent-11.0.1~dev4-3.9.1 openstack-neutron-vpnaas-11.0.1~dev4-3.9.1 openstack-neutron-vpnaas-doc-11.0.1~dev4-3.9.1 openstack-neutron-vyatta-agent-11.0.1~dev4-3.9.1 openstack-nova-16.1.7~dev21-3.14.1 openstack-nova-api-16.1.7~dev21-3.14.1 openstack-nova-cells-16.1.7~dev21-3.14.1 openstack-nova-compute-16.1.7~dev21-3.14.1 openstack-nova-conductor-16.1.7~dev21-3.14.1 openstack-nova-console-16.1.7~dev21-3.14.1 openstack-nova-consoleauth-16.1.7~dev21-3.14.1 openstack-nova-doc-16.1.7~dev21-3.14.1 openstack-nova-novncproxy-16.1.7~dev21-3.14.1 openstack-nova-placement-api-16.1.7~dev21-3.14.1 openstack-nova-scheduler-16.1.7~dev21-3.14.1 openstack-nova-serialproxy-16.1.7~dev21-3.14.1 openstack-nova-vncproxy-16.1.7~dev21-3.14.1 openstack-octavia-1.0.4~dev1-4.12.1 openstack-octavia-amphora-agent-1.0.4~dev1-4.12.1 openstack-octavia-api-1.0.4~dev1-4.12.1 openstack-octavia-health-manager-1.0.4~dev1-4.12.1 openstack-octavia-housekeeping-1.0.4~dev1-4.12.1 openstack-octavia-worker-1.0.4~dev1-4.12.1 openstack-sahara-7.0.3~dev8-3.6.1 openstack-sahara-api-7.0.3~dev8-3.6.1 openstack-sahara-doc-7.0.3~dev8-3.6.1 openstack-sahara-engine-7.0.3~dev8-3.6.1 openstack-swift-2.15.2~dev31-3.3.1 openstack-swift-account-2.15.2~dev31-3.3.1 openstack-swift-container-2.15.2~dev31-3.3.1 openstack-swift-doc-2.15.2~dev31-3.3.1 openstack-swift-object-2.15.2~dev31-3.3.1 openstack-swift-proxy-2.15.2~dev31-3.3.1 openstack-trove-8.0.1~dev12-3.6.1 openstack-trove-api-8.0.1~dev12-3.6.1 openstack-trove-conductor-8.0.1~dev12-3.6.1 openstack-trove-doc-8.0.1~dev12-3.6.1 openstack-trove-guestagent-8.0.1~dev12-3.6.1 openstack-trove-taskmanager-8.0.1~dev12-3.6.1 python-aodh-5.1.1~dev6-3.8.1 python-barbican-5.0.2~dev2-3.11.1 python-ceilometer-9.0.7~dev2-3.6.1 python-cinder-11.1.2~dev58-3.12.1 python-designate-5.0.3~dev6-3.8.1 python-ec2api-5.0.1~dev9-4.3.1 python-glance-15.0.2~dev9-3.6.1 python-heat-9.0.6~dev10-3.9.1 python-horizon-12.0.4~dev3-3.11.1 python-horizon-plugin-designate-ui-5.0.2~dev6-3.6.1 python-horizon-plugin-freezer-ui-5.0.1~dev7-3.6.1 python-horizon-plugin-gbp-ui-7.0.1~dev1-4.6.1 python-horizon-plugin-ironic-ui-3.0.4~dev1-3.3.1 python-horizon-plugin-magnum-ui-3.0.1~dev7-3.3.1 python-horizon-plugin-monasca-ui-1.8.1~dev36-3.6.1 python-horizon-plugin-neutron-fwaas-ui-1.0.1~dev9-4.3.1 python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.11.1 python-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.3.1 python-horizon-plugin-sahara-ui-7.0.3~dev2-3.3.1 python-horizon-plugin-trove-ui-9.0.1~dev8-3.6.1 python-ironic-9.1.7~dev4-3.9.1 python-keystone-12.0.2~dev4-5.11.1 python-magnum-5.0.2~dev29-4.6.1 python-manila-5.0.3~dev10-3.12.1 python-murano-4.0.1~dev4-3.3.1 python-neutron-11.0.7~dev21-3.12.1 python-neutron-vpnaas-11.0.1~dev4-3.9.1 python-nova-16.1.7~dev21-3.14.1 python-octavia-1.0.4~dev1-4.12.1 python-sahara-7.0.3~dev8-3.6.1 python-swift-2.15.2~dev31-3.3.1 python-trove-8.0.1~dev12-3.6.1 venv-openstack-aodh-x86_64-5.0.1-12.9.1 venv-openstack-barbican-x86_64-5.0.1-12.10.1 venv-openstack-ceilometer-x86_64-9.0.2-12.7.1 venv-openstack-cinder-x86_64-11.0.2-14.10.1 venv-openstack-designate-x86_64-5.0.1-12.8.1 venv-openstack-freezer-x86_64-5.0.0-10.5.1 venv-openstack-glance-x86_64-15.0.1-12.8.1 venv-openstack-heat-x86_64-9.0.1-12.10.1 venv-openstack-horizon-hpe-x86_64-11.0.2-14.15.1 venv-openstack-ironic-x86_64-9.1.3-12.10.1 venv-openstack-keystone-x86_64-12.0.1-11.10.1 venv-openstack-magnum-x86_64-5.0.2-11.9.1 venv-openstack-manila-x86_64-5.0.2-12.12.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1-8.5.1 venv-openstack-monasca-x86_64-2.2.1-11.7.1 venv-openstack-murano-x86_64-4.0.1-12.5.1 venv-openstack-neutron-x86_64-11.0.2-13.13.1 venv-openstack-nova-x86_64-16.0.3-11.11.1 venv-openstack-octavia-x86_64-1.0.2-12.10.1 venv-openstack-sahara-x86_64-7.0.1-11.9.1 venv-openstack-swift-x86_64-2.15.2-11.5.1 venv-openstack-trove-x86_64-8.0.0.0-11.9.1 References: https://bugzilla.suse.com/1103759 https://bugzilla.suse.com/1106361 https://bugzilla.suse.com/1110331 From sle-updates at lists.suse.com Thu Feb 14 10:32:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:32:05 +0100 (CET) Subject: SUSE-RU-2019:0408-1: moderate: Recommended update for rabbitmq-server Message-ID: <20190214173205.ECA8810016@maintenance.suse.de> SUSE Recommended Update: Recommended update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0408-1 Rating: moderate References: #1118989 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rabbitmq-server fixes the following issues: - use bindsto for epmd.service activation (bsc#1118989) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-408=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-408=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-408=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): rabbitmq-server-3.6.16-3.9.1 rabbitmq-server-plugins-3.6.16-3.9.1 - SUSE OpenStack Cloud 8 (x86_64): rabbitmq-server-3.6.16-3.9.1 rabbitmq-server-plugins-3.6.16-3.9.1 - HPE Helion Openstack 8 (x86_64): rabbitmq-server-3.6.16-3.9.1 rabbitmq-server-plugins-3.6.16-3.9.1 References: https://bugzilla.suse.com/1118989 From sle-updates at lists.suse.com Thu Feb 14 10:32:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:32:40 +0100 (CET) Subject: SUSE-RU-2019:0407-1: moderate: Recommended update for keepalived Message-ID: <20190214173240.AB1FD10016@maintenance.suse.de> SUSE Recommended Update: Recommended update for keepalived ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0407-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for keepalived fixes the following issues: - update to 1.4.5: * Update snapcraft.yaml for 1.4.x+git * Fix generation of git-commit.h with git commit number. * Set virtual server address family correctly. * Set virtual server address family correctly when using tunnelled real servers. * Fix handling of virtual servers with no real servers at config time. * Add warning if virtual and real servers are different address families. Although normally the virtual server and real servers must have the same address family, if a real server is tunnelled, the address families can be different. However, the kernel didn't support that until 3.18, so add a check that the address families are the same if different address families are not supported by the kernel. * Send correct status in Dbus VrrpStatusChange notification. When an instance transitioned from BACKUP to FAULT, the Dbus status change message reported the old status (BACKUP) rather than the new status (FAULT). This commit attempts to resolved that. * doc: ipvs schedulers update * Fix a couple of typos in configure.ac. * Fix namespace collision with musl if_ether.h. * Check if return value from read_value_block() is null before using. * Fix reporting real server stats via SNMP. * Make checker process handle RTM_NEWLINK messages with -a option Even though the checker process doesn't subscribe to RTNLGRP_LINK messages, it appears that older kernels (certainly 2.6.32) can send RTM_NEWLINK (but not RTM_DELLINK) messages. This occurs when the link is set to up state. Only the VRRP process is interested in link messages, and so the checker process doesn't do the necessary initialisation to be able to handle RTM_NEWLINK messages. This commit makes the checker process simply discard RTM_NEWLINK and RTM_DELLINK messages, rather than assuming that if it receives an RTM_NEWLINK message it must be the VRRP process. This problem was reported in issue #848 since the checker process was segfaulting when a new interface was added when the -a command line option was specified. * Fix handling RTM_NEWLINK when building without VRRP code. * Fix building on Fedora 28. net-snmp-config output can include compiler and linker flags that refer to spec files that were used to build net-snmp but may not exist on the system building keepalived. That would cause the build done by configure to test for net-snmp support to fail; in particular on a Fedora 28 system that doesn't have the redhat-rpm-config package installed. This commit checks that any spec files in the compiler and linker flags returned by net-snmp-config exist on the system building keepalived, and if not it removes the reference(s) to the spec file(s). * keepalived-1.4.3 released. * vrrp: setting '0' as default value for ifa_flags to make gcc happy. * Add additional libraries when testing for presence of SSL_CTX_new(). It appears that some systems need -lcrypto when linking with -lssl. * Sanitise checking of libnl3 in configure.ac. * Report and handle missing '}'s in config files. * Add missing '\n' in keepalived.data output. * Stop backup taking over as master while master reloads. If a reload was initiated just before an advert, and since it took one advert interval after a reload before an advert was sent, if the reload itself took more than one advert interval, the backup could time out and take over as master. This commit makes keepalived send adverts for all instances that are master immediately before a reload, and also sends adverts immediately after a reload, thereby trippling the time available for the reload to complete. * Add route option fastopen_no_cookie and rule option l3mdev. * Fix errors in KEEPALIVED-MIB.txt. * Simplify setting on IN6_ADDR_GEN_MODE. * Cosmetic changes to keepalived(8) man page. * Don't set ipvs sync daemon to master state before becoming master If a vrrp instance which was the one specified for the ipvs sync daemon was configured with initial state master, the sync daemon was being set to master mode before the vrrp instance transitioned to master mode. This caused an error message when the vrrp instance transitioned to master and attempted to make the sync daemon go from backup to master mode. This commit stops setting the sync daemon to master mode at initialisation time, and it is set to master mode when the vrrp instance transitions to master. * Fix freeing vector which has not had any entries allocated. * Add additional mem-check disgnostics vector_alloc, vectot_alloc_slot, vector_free and alloc_strvec all call MALLOC/FREE but the functions written in the mem_check log are vector_alloc etc, not the functions that call them. This commit adds logging of the originating calling function. * Fix memory leak in parser.c. * Improve alignment of new mem-check logging. * Disable all checkers on a virtual server when ha_suspend set. Only the first checker was being disabled; this commit now disables all of them. Also, make the decision to disable a checker when starting/reloading when scheduling the checker, so that the existance of the required address can be checked. * Stop genhash segfaulting when built with --enable-mem-check. * Fix memory allocation problems in genhash. * Properly fix memory allocation problems in genhash. * Fix persistence_granularity IPv4 netmask validation. The logic test from inet_aton() appears to be inverted. * Fix segfault when checker configuration is missing expected parameter Issue #806 mentioned as an aside that "nb_get_retry" without a parameter was sigfaulting. Commit be7ae80 - "Stop segfaulting when configuration keyword is missing its parameter" missed the "hidden" uses of vector_slot() (i.e. those used via definitions in header files). This commit now updates those uses of vector_slot() to use strvec_slot() instead. * Fix compiling on Linux 2.x kernels. There were missing checks for HAVE_DECL_CLONE_NEWNET causing references to an undeclared variable if CLONE_NEWNET wasn't defined. * Improve parsing of kernel release. The kernel EXTRAVERSION can start with any character (although starting with a digit would be daft), so relax the check for it starting with a '-'. Kernels using both '+' and '.' being the first character of EXTRAVERSION have been reported. * Improve grammer. * add support for SNI in SSL_GET check. this adds a `enable_sni` parameter to SSL_GET, making sure the check passes the virtualhost in the SNI extension during SSL handshake. * Optimise setting host name for SSL_GET requests with SNI. * Allow SNI to be used with SSL_GET with OpenSSL v1.0.0 and LibreSSL. * Use configure to check for SSL_set_tlsext_host_name() Rather than checking for a specific version of the OpenSSL library (and it would also need checking the version of the LibreSSL library) let configure check for the presence of SSL_set_tlsext_host_name(). Also omit all code related to SNI of SSL_set_tlsext_host_name() is not available. * Use configure to determine available OpenSSL functionality Rather than using version numbers of the OpenSSL library to determine what functions are available, let configure determine whether the functions are supported. The also means that the same tests work for LibreSSL. * Add support for gratuitous ARPs for IP over Infiniband. * Use system header definition instead of local definition IF_HWADDR_MAX linux/netdevice.h has definition MAX_ADDR_LEN, which is 32, whereas IF_HWADDR_MAX was locally defined to be 20. Unfortunately we end up with more system header file juggling to ensure we don't have duplicate definitions. * Fix vrrp_script and check_misc scripts of type SUSE Recommended Update: Recommended update for erlang ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0401-1 Rating: moderate References: #1115904 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for erlang fixes the following issues: - Drop crypto patch as not required anymore (bsc#1115904) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-401=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-401=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-401=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): erlang-20.2.4-3.3.1 erlang-debuginfo-20.2.4-3.3.1 erlang-debugsource-20.2.4-3.3.1 erlang-epmd-20.2.4-3.3.1 erlang-epmd-debuginfo-20.2.4-3.3.1 - SUSE OpenStack Cloud 8 (x86_64): erlang-20.2.4-3.3.1 erlang-debuginfo-20.2.4-3.3.1 erlang-debugsource-20.2.4-3.3.1 erlang-epmd-20.2.4-3.3.1 erlang-epmd-debuginfo-20.2.4-3.3.1 - HPE Helion Openstack 8 (x86_64): erlang-20.2.4-3.3.1 erlang-debuginfo-20.2.4-3.3.1 erlang-debugsource-20.2.4-3.3.1 erlang-epmd-20.2.4-3.3.1 erlang-epmd-debuginfo-20.2.4-3.3.1 References: https://bugzilla.suse.com/1115904 From sle-updates at lists.suse.com Thu Feb 14 13:09:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 21:09:02 +0100 (CET) Subject: SUSE-SU-2019:13961-1: moderate: Security update for php53 Message-ID: <20190214200902.9775EFE74@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13961-1 Rating: moderate References: #1123354 #1123522 Cross-References: CVE-2019-6977 CVE-2019-6978 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-13961=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-13961=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-13961=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-112.53.1 php53-imap-5.3.17-112.53.1 php53-posix-5.3.17-112.53.1 php53-readline-5.3.17-112.53.1 php53-sockets-5.3.17-112.53.1 php53-sqlite-5.3.17-112.53.1 php53-tidy-5.3.17-112.53.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.53.1 php53-5.3.17-112.53.1 php53-bcmath-5.3.17-112.53.1 php53-bz2-5.3.17-112.53.1 php53-calendar-5.3.17-112.53.1 php53-ctype-5.3.17-112.53.1 php53-curl-5.3.17-112.53.1 php53-dba-5.3.17-112.53.1 php53-dom-5.3.17-112.53.1 php53-exif-5.3.17-112.53.1 php53-fastcgi-5.3.17-112.53.1 php53-fileinfo-5.3.17-112.53.1 php53-ftp-5.3.17-112.53.1 php53-gd-5.3.17-112.53.1 php53-gettext-5.3.17-112.53.1 php53-gmp-5.3.17-112.53.1 php53-iconv-5.3.17-112.53.1 php53-intl-5.3.17-112.53.1 php53-json-5.3.17-112.53.1 php53-ldap-5.3.17-112.53.1 php53-mbstring-5.3.17-112.53.1 php53-mcrypt-5.3.17-112.53.1 php53-mysql-5.3.17-112.53.1 php53-odbc-5.3.17-112.53.1 php53-openssl-5.3.17-112.53.1 php53-pcntl-5.3.17-112.53.1 php53-pdo-5.3.17-112.53.1 php53-pear-5.3.17-112.53.1 php53-pgsql-5.3.17-112.53.1 php53-pspell-5.3.17-112.53.1 php53-shmop-5.3.17-112.53.1 php53-snmp-5.3.17-112.53.1 php53-soap-5.3.17-112.53.1 php53-suhosin-5.3.17-112.53.1 php53-sysvmsg-5.3.17-112.53.1 php53-sysvsem-5.3.17-112.53.1 php53-sysvshm-5.3.17-112.53.1 php53-tokenizer-5.3.17-112.53.1 php53-wddx-5.3.17-112.53.1 php53-xmlreader-5.3.17-112.53.1 php53-xmlrpc-5.3.17-112.53.1 php53-xmlwriter-5.3.17-112.53.1 php53-xsl-5.3.17-112.53.1 php53-zip-5.3.17-112.53.1 php53-zlib-5.3.17-112.53.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.53.1 php53-debugsource-5.3.17-112.53.1 References: https://www.suse.com/security/cve/CVE-2019-6977.html https://www.suse.com/security/cve/CVE-2019-6978.html https://bugzilla.suse.com/1123354 https://bugzilla.suse.com/1123522 From sle-updates at lists.suse.com Thu Feb 14 13:09:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Feb 2019 21:09:42 +0100 (CET) Subject: SUSE-RU-2019:13960-1: moderate: Recommended update for slms, slms_enablement_tools, rubygem-inifile Message-ID: <20190214200942.52B0910015@maintenance.suse.de> SUSE Recommended Update: Recommended update for slms, slms_enablement_tools, rubygem-inifile ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13960-1 Rating: moderate References: #1101504 #940792 #947225 #964717 #983406 Affected Products: SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for slms, slms_enablement_tools, rubygem-inifile provides the following fixes: Fixes in slms: - Adapt to new yum updateinfo format. (bsc#1101504) - Read product name from Studio if it provides it. (bsc#947225) - Fixed some ruby warnings. Fixes in slms_enablement_tools: - Fix a typo that was causing a crash. (bsc#983406) - Fix yaml dependencies. (bsc#964717, bsc#940792) Fixes in rubygem-inifile: - Re-release the package available in SLMS repository to fix its availability on SUSE:SLE-11-SP2. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-slms-13960=1 Package List: - SUSE Lifecycle Management Server 1.3 (noarch): slms-1.3.11-10.3.4 slms-core-1.3.11-10.3.4 slms-customer-center-1.3.11-10.3.4 slms-devel-doc-1.3.11-10.3.4 slms-external-1.3.11-10.3.4 slms-registration-1.3.11-10.3.4 slms-testsuite-1.3.11-10.3.4 - SUSE Lifecycle Management Server 1.3 (x86_64): rubygem-inifile-0.1.0-0.12.4.1 slms_enablement_tools-0.12.2-5.2.4 References: https://bugzilla.suse.com/1101504 https://bugzilla.suse.com/940792 https://bugzilla.suse.com/947225 https://bugzilla.suse.com/964717 https://bugzilla.suse.com/983406 From sle-updates at lists.suse.com Fri Feb 15 04:10:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Feb 2019 12:10:28 +0100 (CET) Subject: SUSE-SU-2019:0414-1: moderate: Security update for dovecot23 Message-ID: <20190215111028.2688010016@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0414-1 Rating: moderate References: #1119850 #1123022 #1124356 Cross-References: CVE-2019-3814 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for dovecot23 fixes the following issues: dovecot was updated to 2.3.3 release, bringing lots of bugfixes (bsc#1124356). Also the following security issue was fixed: - CVE-2019-3814: A vulnerability in Dovecot related to SSL client certificate authentication was fixed (bsc#1123022) The package changes: Updated pigeonhole to 0.5.3: - Fix assertion panic occurring when managesieve service fails to open INBOX while saving a Sieve script. This was caused by a lack of cleanup after failure. - Fix specific messages causing an assert panic with actions that compose a reply (e.g. vacation). With some rather weird input from the original message, the header folding algorithm (as used for composing the References header for the reply) got confused, causing the panic. - IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command parsing. After finishing reading the Sieve script, the command parsing sometimes didn't continue with the search arguments. This is a time- critical bug that likely only occurs when the Sieve script is sent in the next TCP frame. dovecot23 was updated to 2.3.3: - doveconf hides more secrets now in the default output. - ssl_dh setting is no longer enforced at startup. If it's not set and non-ECC DH key exchange happens, error is logged and client is disconnected. - Added log_debug= setting. - Added log_core_filter= setting. - quota-clone: Write to dict asynchronously - --enable-hardening attempts to use retpoline Spectre 2 mitigations - lmtp proxy: Support source_ip passdb extra field. - doveadm stats dump: Support more fields and output stddev by default. - push-notification: Add SSL support for OX backend. - NUL bytes in mail headers can cause truncated replies when fetched. - director: Conflicting host up/down state changes may in some rare situations ended up in a loop of two directors constantly overwriting each others' changes. - director: Fix hang/crash when multiple doveadm commands are being handled concurrently. - director: Fix assert-crash if doveadm disconnects too early - virtual plugin: Some searches used 100% CPU for many seconds - dsync assert-crashed with acl plugin in some situations. (bsc#1119850) - mail_attachment_detection_options=add-flags-on-save assert-crashed with some specific Sieve scripts. - Mail snippet generation crashed with mails containing invalid Content-Type:multipart header. - Log prefix ordering was different for some log lines. - quota: With noenforcing option current quota usage wasn't updated. - auth: Kerberos authentication against Samba assert-crashed. - stats clients were unnecessarily chatty with the stats server. - imapc: Fixed various assert-crashes when reconnecting to server. - lmtp, submission: Fix potential crash if client disconnects while handling a command. - quota: Fixed compiling with glibc-2.26 / support libtirpc. - fts-solr: Empty search values resulted in 400 Bad Request errors - fts-solr: default_ns parameter couldn't be used - submission server crashed if relay server returned over 7 lines in a reply (e.g. to EHLO) dovecot was updated to 2.3.2.1: - SSL/TLS servers may have crashed during client disconnection - lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have sometimes assert-crashed. - v2.3.2: "make check" may have crashed with 32bit systems dovecot was updated to 2.3.2: - old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while opening /proc/self/io. This may still cause security problems if the process is ptrace()d at the same time. Instead, open it while still running as root. - doveadm: Added mailbox cache decision&remove commands. See doveadm-mailbox(1) man page for details. - doveadm: Added rebuild attachments command for rebuilding $HasAttachment or $HasNoAttachment flags for matching mails. See doveadm-rebuild(1) man page for details. - cassandra: Use fallback_consistency on more types of errors - lmtp proxy: Support outgoing SSL/TLS connections - lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings. - submission: Add support for rawlog_dir - submission: Add submission_client_workarounds setting. - lua auth: Add password_verify() function and additional fields in auth request. - doveadm-server: TCP connections are hanging when there is a lot of network output. This especially caused hangs in dsync-replication. - Using multiple type=shared mdbox namespaces crashed - mail_fsync setting was ignored. It was always set to "optimized". - lua auth: Fix potential crash at deinit - SSL/TLS servers may have crashed if client disconnected during handshake. - SSL/TLS servers: Don't send extraneous certificates to client when alt certs are used. - lda, lmtp: Return-Path header without '<' may have assert-crashed. - lda, lmtp: Unencoded UTF-8 in email address headers may assert-crash - lda: -f parameter didn't allow empty/null/domainless address - lmtp, submission: Message size limit was hardcoded to 40 MB. Exceeding it caused the connection to get dropped during transfer. - lmtp: Fix potential crash when delivery fails at DATA stage - lmtp: login_greeting setting was ignored - Fix to work with OpenSSL v1.0.2f - systemd unit restrictions were too strict by default - Fix potential crashes when a lot of log output was produced - SMTP client may have assert-crashed when sending mail - IMAP COMPRESS: Send "end of compression" marker when disconnecting. - cassandra: Fix consistency=quorum to work - dsync: Lock file generation failed if home directory didn't exist - Snippet generation for HTML mails didn't ignore &entities inside blockquotes, producing strange looking snippets. - imapc: Fix assert-crash if getting disconnected and after reconnection all mails in the selected mailbox are gone. - pop3c: Handle unexpected server disconnections without assert-crash - fts: Fixes to indexing mails via virtual mailboxes. - fts: If mails contained NUL characters, the text around it wasn't indexed. - Obsolete dovecot.index.cache offsets were sometimes used. Trying to fetch a field that was just added to cache file may not have always found it. pigeonhole was updated to 0.5.2: - Implement plugin for the a vendor-defined IMAP capability called "FILTER=SIEVE". It adds the ability to manually invoke Sieve filtering in IMAP. More information can be found in doc/plugins/imap_filter_sieve.txt. - The Sieve addess test caused an assertion panic for invalid addresses with UTF-8 codepoints in the localpart. Fixed by properly detecting invalid addresses with UTF-8 codepoints in the localpart and skipping these like other invalid addresses while iterating addresses for the address test. - Make the length of the subject header for the vacation response configurable and enforce the limit in UTF-8 codepoints rather than bytes. The subject header for a vacation response was statically truncated to 256 bytes, which is too limited for multi-byte UTF-8 characters. - Sieve editheader extension: Fix assertion panic occurring when it is used to manipulate a message header with a very large header field. - Properly abort execution of the sieve_discard script upon error. Before, the LDA Sieve plugin attempted to execute the sieve_discard script when an error occurs. This can lead to the message being lost. - Fix the interaction between quota and the sieve_discard script. When quota was used together with a sieve_discard script, the message delivery did not bounce when the quota was exceeded. - Fix crash for over quota users Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-414=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.3-4.7.4 dovecot23-backend-mysql-2.3.3-4.7.4 dovecot23-backend-mysql-debuginfo-2.3.3-4.7.4 dovecot23-backend-pgsql-2.3.3-4.7.4 dovecot23-backend-pgsql-debuginfo-2.3.3-4.7.4 dovecot23-backend-sqlite-2.3.3-4.7.4 dovecot23-backend-sqlite-debuginfo-2.3.3-4.7.4 dovecot23-debuginfo-2.3.3-4.7.4 dovecot23-debugsource-2.3.3-4.7.4 dovecot23-devel-2.3.3-4.7.4 dovecot23-fts-2.3.3-4.7.4 dovecot23-fts-debuginfo-2.3.3-4.7.4 dovecot23-fts-lucene-2.3.3-4.7.4 dovecot23-fts-lucene-debuginfo-2.3.3-4.7.4 dovecot23-fts-solr-2.3.3-4.7.4 dovecot23-fts-solr-debuginfo-2.3.3-4.7.4 dovecot23-fts-squat-2.3.3-4.7.4 dovecot23-fts-squat-debuginfo-2.3.3-4.7.4 References: https://www.suse.com/security/cve/CVE-2019-3814.html https://bugzilla.suse.com/1119850 https://bugzilla.suse.com/1123022 https://bugzilla.suse.com/1124356 From sle-updates at lists.suse.com Fri Feb 15 07:09:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Feb 2019 15:09:10 +0100 (CET) Subject: SUSE-RU-2019:0415-1: moderate: Recommended update for tomcat Message-ID: <20190215140910.29BA310016@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0415-1 Rating: moderate References: #1111966 #1120745 #1123407 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for tomcat provides the following fixes: - Increase maximum number of threads and open files for tomcat. (bsc#1111966) - Require Java 1.8 or later. (bsc#1123407) - Fix tomcat-digest and tomcat-tool-wrapper classpath error. (bsc#1120745) - Improve MBeans for Endpoint instances (type ThreadPool in JMX) by using explicit declaration of attributes and operations rather than relying on introspection. Add a new MBean to expose the Socketproperties values. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-415=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): tomcat-9.0.12-3.5.2 tomcat-admin-webapps-9.0.12-3.5.2 tomcat-docs-webapp-9.0.12-3.5.2 tomcat-el-3_0-api-9.0.12-3.5.2 tomcat-javadoc-9.0.12-3.5.2 tomcat-jsp-2_3-api-9.0.12-3.5.2 tomcat-lib-9.0.12-3.5.2 tomcat-servlet-4_0-api-9.0.12-3.5.2 tomcat-webapps-9.0.12-3.5.2 References: https://bugzilla.suse.com/1111966 https://bugzilla.suse.com/1120745 https://bugzilla.suse.com/1123407 From sle-updates at lists.suse.com Fri Feb 15 07:11:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Feb 2019 15:11:05 +0100 (CET) Subject: SUSE-SU-2019:0416-1: important: Security update for velum Message-ID: <20190215141105.4C34810015@maintenance.suse.de> SUSE Security Update: Security update for velum ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0416-1 Rating: important References: #1114832 #1121146 #1121147 #1121148 #1121447 #1122439 #1123291 #1123650 Cross-References: CVE-2019-3682 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This update provides the following fixes: kubernetes-salt: - Force basename on the system certificate name to prevent path traversal (bsc#1121147) - CVE-2019-3682: Disable insecure port in kube-apiserver (bsc#1121148) - Insecure API port exposed to all Master Node guest containers (bsc#1121148) - Fixes included in this change: * bsc#1121146 - Kubernetes ??? Kubelet Service allows unauthenticated access to Kubelet API * bsc#1122439 - failed to parse bool none (bsc#1122439) * bsc#1123291 - CaasP 3.0 Update Admin node, worker and master failed * bsc#1123650 - ExperimentalCriticalPodAnnotation feature not enabled * bsc#1114832 - Running supportconfig on any node can take lots of resources, even fill the hard disk on big/long-running clusters velum: - Do not allow '.' or '/' symbols in system certificate names. (bsc#1121447) - Reverting ignore_vol_az option back to Velum CPI (bsc#1122439) - Adding LDAP support to Velum that will create the requisite org units in LDAP if they are missing sles12sp3-velum-image: - Release 3.1.9 to include a fix (bsc#1122439,bsc#1121447) docker-kubic: - Add daemon.json file with rotation logs configuration (bsc#1114832) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): docker-kubic-17.09.1_ce-7.6.1 docker-kubic-debuginfo-17.09.1_ce-7.6.1 docker-kubic-debugsource-17.09.1_ce-7.6.1 sles12-velum-image-3.1.9-3.33.4 - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r931_9cdca5a-3.47.1 References: https://www.suse.com/security/cve/CVE-2019-3682.html https://bugzilla.suse.com/1114832 https://bugzilla.suse.com/1121146 https://bugzilla.suse.com/1121147 https://bugzilla.suse.com/1121148 https://bugzilla.suse.com/1121447 https://bugzilla.suse.com/1122439 https://bugzilla.suse.com/1123291 https://bugzilla.suse.com/1123650 From sle-updates at lists.suse.com Fri Feb 15 07:13:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Feb 2019 15:13:25 +0100 (CET) Subject: SUSE-SU-2019:13962-1: important: Security update for kvm Message-ID: <20190215141325.9F08C10015@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13962-1 Rating: important References: #1109544 #1116717 #1117275 #1123156 Cross-References: CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for kvm fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). Non-security issue fixed: - Fixed LAPIC TSC deadline timer save/restore (bsc#1109544) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-13962=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-60.21.1 References: https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1109544 https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1123156 From sle-updates at lists.suse.com Sat Feb 16 07:08:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Feb 2019 15:08:53 +0100 (CET) Subject: SUSE-SU-2019:0418-1: important: Security update for python-numpy Message-ID: <20190216140853.0F4D6FCD9@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0418-1 Rating: important References: #1122208 Cross-References: CVE-2019-6446 Affected Products: SUSE Linux Enterprise Module for HPC 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2019-418=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-418=1 Package List: - SUSE Linux Enterprise Module for HPC 15 (aarch64 x86_64): python-numpy_1_14_0-gnu-hpc-debuginfo-1.14.0-4.5.1 python-numpy_1_14_0-gnu-hpc-debugsource-1.14.0-4.5.1 python2-numpy-gnu-hpc-1.14.0-4.5.1 python2-numpy-gnu-hpc-devel-1.14.0-4.5.1 python2-numpy_1_14_0-gnu-hpc-1.14.0-4.5.1 python2-numpy_1_14_0-gnu-hpc-debuginfo-1.14.0-4.5.1 python2-numpy_1_14_0-gnu-hpc-devel-1.14.0-4.5.1 python3-numpy-gnu-hpc-1.14.0-4.5.1 python3-numpy-gnu-hpc-devel-1.14.0-4.5.1 python3-numpy_1_14_0-gnu-hpc-1.14.0-4.5.1 python3-numpy_1_14_0-gnu-hpc-debuginfo-1.14.0-4.5.1 python3-numpy_1_14_0-gnu-hpc-devel-1.14.0-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python-numpy-debuginfo-1.14.0-4.5.1 python-numpy-debugsource-1.14.0-4.5.1 python2-numpy-1.14.0-4.5.1 python2-numpy-debuginfo-1.14.0-4.5.1 python2-numpy-devel-1.14.0-4.5.1 python3-numpy-1.14.0-4.5.1 python3-numpy-debuginfo-1.14.0-4.5.1 python3-numpy-devel-1.14.0-4.5.1 References: https://www.suse.com/security/cve/CVE-2019-6446.html https://bugzilla.suse.com/1122208 From sle-updates at lists.suse.com Mon Feb 18 07:10:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Feb 2019 15:10:50 +0100 (CET) Subject: SUSE-SU-2019:0419-1: important: Security update for python-numpy Message-ID: <20190218141050.3F822FFF0@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0419-1 Rating: important References: #1122208 Cross-References: CVE-2019-6446 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-419=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-419=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-419=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-419=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-419=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-419=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python-numpy-debuginfo-1.8.0-5.8.1 python-numpy-debugsource-1.8.0-5.8.1 python-numpy-devel-1.8.0-5.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python-numpy-debuginfo-1.8.0-5.8.1 python-numpy-debugsource-1.8.0-5.8.1 python-numpy-devel-1.8.0-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): python-numpy-1.8.0-5.8.1 python-numpy-debuginfo-1.8.0-5.8.1 python-numpy-debugsource-1.8.0-5.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): python-numpy-1.8.0-5.8.1 python-numpy-debuginfo-1.8.0-5.8.1 python-numpy-debugsource-1.8.0-5.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): python-numpy-1.8.0-5.8.1 python-numpy-debuginfo-1.8.0-5.8.1 python-numpy-debugsource-1.8.0-5.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): python-numpy-1.8.0-5.8.1 python-numpy-debuginfo-1.8.0-5.8.1 python-numpy-debugsource-1.8.0-5.8.1 References: https://www.suse.com/security/cve/CVE-2019-6446.html https://bugzilla.suse.com/1122208 From sle-updates at lists.suse.com Mon Feb 18 07:12:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Feb 2019 15:12:46 +0100 (CET) Subject: SUSE-RU-2019:0420-1: moderate: Recommended update for texlive-specs-n Message-ID: <20190218141246.20D0AFFF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for texlive-specs-n ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0420-1 Rating: moderate References: #1118796 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for texlive-specs-n provides the following fix: - Fix one more unescaped left brace with perl. (bsc#1118796) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-420=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-420=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): texlive-latex-papersize-doc-2017.137.1.62svn42296-7.6.4 texlive-latex-tds-doc-2017.137.svn40613-7.6.4 texlive-latex2man-doc-2017.137.1.25svn43855-7.6.4 texlive-latex2nemeth-doc-2017.137.1.0svn42300-7.6.4 texlive-latexbangla-doc-2017.137.0.0.2svn42409-7.6.4 texlive-latexbug-doc-2017.137.1.0asvn44566-7.6.4 texlive-latexdemo-doc-2017.137.0.0.1svn34481-7.6.4 texlive-latexdiff-doc-2017.137.1.2.0svn41892-7.6.4 texlive-latexfileinfo-pkgs-doc-2017.137.0.0.22svn26760-7.6.4 texlive-latexfileversion-doc-2017.137.0.0.3svn29349-7.6.4 texlive-latexgit-doc-2017.137.svn41920-7.6.4 texlive-latexindent-doc-2017.137.3.1svn44492-7.6.4 texlive-latexmk-doc-2017.137.4.52csvn43099-7.6.4 texlive-latexmp-doc-2017.137.1.2.1svn15878-7.6.4 texlive-latexpand-doc-2017.137.1.3svn41873-7.6.4 texlive-lato-doc-2017.137.2.2svn24986-7.6.4 texlive-layaureo-doc-2017.137.0.0.2svn19087-7.6.4 texlive-layouts-doc-2017.137.2.6dsvn42428-7.6.4 texlive-lazylist-doc-2017.137.1.0asvn17691-7.6.4 texlive-lcd-doc-2017.137.0.0.3svn16549-7.6.4 texlive-lcg-doc-2017.137.1.3svn31474-7.6.4 texlive-lcyw-doc-2017.137.1.1svn15878-7.6.4 texlive-leading-doc-2017.137.0.0.3svn15878-7.6.4 texlive-leadsheets-doc-2017.137.0.0.5asvn43034-7.6.4 texlive-leaflet-doc-2017.137.1.1bsvn43523-7.6.4 texlive-lecturer-doc-2017.137.svn23916-7.6.4 texlive-ledmac-doc-2017.137.0.0.19.4svn41811-7.6.4 texlive-leftidx-doc-2017.137.svn15878-7.6.4 texlive-leipzig-doc-2017.137.1.1svn34902-7.6.4 texlive-lengthconvert-doc-2017.137.1.0asvn30867-7.6.4 texlive-lettre-doc-2017.137.2.353svn35145-7.6.4 texlive-lettrine-doc-2017.137.1.9svn38268-7.6.4 texlive-levy-doc-2017.137.svn21750-7.6.4 texlive-lewis-doc-2017.137.0.0.1svn15878-7.6.4 texlive-lexikon-doc-2017.137.1.0csvn17364-7.6.4 texlive-lexref-doc-2017.137.1.1asvn36026-7.6.4 texlive-lfb-doc-2017.137.1.0svn15878-7.6.4 texlive-lgreek-doc-2017.137.svn21818-7.6.4 texlive-lh-doc-2017.137.3.5gsvn15878-7.6.4 texlive-lhelp-doc-2017.137.2.0svn23638-7.6.4 texlive-libertine-doc-2017.137.5.3.0svn43603-7.6.4 texlive-libertinegc-doc-2017.137.1.00svn39746-7.6.4 texlive-libertinus-doc-2017.137.6.4svn44409-7.6.4 texlive-libertinust1math-doc-2017.137.1.0.4svn44542-7.6.4 texlive-libgreek-doc-2017.137.1.0svn27789-7.6.4 texlive-librarian-doc-2017.137.1.0svn19880-7.6.4 texlive-librebaskerville-doc-2017.137.svn31741-7.6.4 texlive-librebodoni-doc-2017.137.svn39375-7.6.4 texlive-librecaslon-doc-2017.137.svn31929-7.6.4 texlive-libris-doc-2017.137.1.007svn19409-7.6.4 texlive-lilyglyphs-doc-2017.137.0.0.2.3svn33164-7.6.4 texlive-limap-doc-2017.137.2.1svn41390-7.6.4 texlive-linearA-doc-2017.137.svn15878-7.6.4 texlive-linegoal-doc-2017.137.2.9svn21523-7.6.4 texlive-lineno-doc-2017.137.4.41svn21442-7.6.4 texlive-ling-macros-doc-2017.137.svn42268-7.6.4 texlive-linguex-doc-2017.137.4.3svn30815-7.6.4 texlive-linop-doc-2017.137.0.0.1svn41304-7.6.4 texlive-lion-msc-doc-2017.137.0.0.27svn44131-7.6.4 texlive-lipsum-doc-2017.137.1.3svn34800-7.6.4 texlive-lisp-on-tex-doc-2017.137.2.0svn38722-7.6.4 texlive-listbib-doc-2017.137.2.2svn29349-7.6.4 texlive-listing-doc-2017.137.1.2svn17373-7.6.4 texlive-listings-doc-2017.137.1.6svn37534-7.6.4 texlive-listings-ext-doc-2017.137.67svn29349-7.6.4 texlive-listlbls-doc-2017.137.1.03svn34893-7.6.4 texlive-listliketab-doc-2017.137.svn15878-7.6.4 texlive-listofitems-doc-2017.137.1.3svn42530-7.6.4 texlive-listofsymbols-doc-2017.137.0.0.2svn16134-7.6.4 texlive-lithuanian-doc-2017.137.svn22722-7.6.4 texlive-liturg-doc-2017.137.1.0svn15878-7.6.4 texlive-lkproof-doc-2017.137.3.1svn20021-7.6.4 texlive-lm-doc-2017.137.2.004svn28119-7.6.4 texlive-lm-math-doc-2017.137.1.959svn36915-7.6.4 texlive-lmake-doc-2017.137.1.0svn25552-7.6.4 texlive-lni-doc-2017.137.1.3svn44368-7.6.4 texlive-lobster2-doc-2017.137.svn32617-7.6.4 texlive-locality-doc-2017.137.0.0.2svn20422-7.6.4 texlive-localloc-doc-2017.137.svn21934-7.6.4 texlive-logbox-doc-2017.137.1.0svn24499-7.6.4 texlive-logical-markup-utils-doc-2017.137.svn15878-7.6.4 texlive-logicproof-doc-2017.137.svn33254-7.6.4 texlive-logicpuzzle-doc-2017.137.2.5svn34491-7.6.4 texlive-logpap-doc-2017.137.0.0.6svn15878-7.6.4 texlive-logreq-doc-2017.137.1.0svn19640-7.6.4 texlive-lollipop-doc-2017.137.1.07svn41438-7.6.4 texlive-longdivision-doc-2017.137.1.0svn43159-7.6.4 texlive-longfbox-doc-2017.137.1.0svn39028-7.6.4 texlive-longfigure-doc-2017.137.1.0svn34302-7.6.4 texlive-longnamefilelist-doc-2017.137.0.0.2svn27889-7.6.4 texlive-loops-doc-2017.137.1.3svn30704-7.6.4 texlive-lpform-doc-2017.137.svn36918-7.6.4 texlive-lpic-doc-2017.137.0.0.8svn20843-7.6.4 texlive-lplfitch-doc-2017.137.0.0.9svn31077-7.6.4 texlive-lps-doc-2017.137.0.0.7svn21322-7.6.4 texlive-lroundrect-doc-2017.137.1.0svn39804-7.6.4 texlive-lsc-doc-2017.137.svn15878-7.6.4 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): texlive-latex-notes-zh-cn-2017.137.1.20svn15878-7.6.4 texlive-latex-papersize-2017.137.1.62svn42296-7.6.4 texlive-latex-referenz-2017.137.2svn36671-7.6.4 texlive-latex-tabellen-2017.137.svn16979-7.6.4 texlive-latex-tds-2017.137.svn40613-7.6.4 texlive-latex-veryshortguide-2017.137.svn41844-7.6.4 texlive-latex-web-companion-2017.137.svn29349-7.6.4 texlive-latex2e-help-texinfo-2017.137.svn38709-7.6.4 texlive-latex2e-help-texinfo-fr-2017.137.svn42541-7.6.4 texlive-latex2e-help-texinfo-spanish-2017.137.svn37356-7.6.4 texlive-latex2man-2017.137.1.25svn43855-7.6.4 texlive-latex2nemeth-2017.137.1.0svn42300-7.6.4 texlive-latex4wp-2017.137.1.0.10svn35999-7.6.4 texlive-latex4wp-it-2017.137.1.0.10svn36000-7.6.4 texlive-latexbangla-2017.137.0.0.2svn42409-7.6.4 texlive-latexbug-2017.137.1.0asvn44566-7.6.4 texlive-latexcheat-2017.137.1.13svn15878-7.6.4 texlive-latexcheat-de-2017.137.svn35702-7.6.4 texlive-latexcheat-esmx-2017.137.2.00svn36866-7.6.4 texlive-latexcheat-ptbr-2017.137.1.13svn15878-7.6.4 texlive-latexconfig-2017.137.svn40274-7.6.4 texlive-latexcourse-rug-2017.137.1.1svn39026-7.6.4 texlive-latexdemo-2017.137.0.0.1svn34481-7.6.4 texlive-latexdiff-2017.137.1.2.0svn41892-7.6.4 texlive-latexfileinfo-pkgs-2017.137.0.0.22svn26760-7.6.4 texlive-latexfileversion-2017.137.0.0.3svn29349-7.6.4 texlive-latexgit-2017.137.svn41920-7.6.4 texlive-latexindent-2017.137.3.1svn44492-7.6.4 texlive-latexmk-2017.137.4.52csvn43099-7.6.4 texlive-latexmp-2017.137.1.2.1svn15878-7.6.4 texlive-latexpand-2017.137.1.3svn41873-7.6.4 texlive-lato-2017.137.2.2svn24986-7.6.4 texlive-lato-fonts-2017.137.2.2svn24986-7.6.4 texlive-layaureo-2017.137.0.0.2svn19087-7.6.4 texlive-layouts-2017.137.2.6dsvn42428-7.6.4 texlive-lazylist-2017.137.1.0asvn17691-7.6.4 texlive-lcd-2017.137.0.0.3svn16549-7.6.4 texlive-lcdftypetools-2017.137.svn44166-7.6.4 texlive-lcg-2017.137.1.3svn31474-7.6.4 texlive-lcyw-2017.137.1.1svn15878-7.6.4 texlive-leading-2017.137.0.0.3svn15878-7.6.4 texlive-leadsheets-2017.137.0.0.5asvn43034-7.6.4 texlive-leaflet-2017.137.1.1bsvn43523-7.6.4 texlive-lecturer-2017.137.svn23916-7.6.4 texlive-ledmac-2017.137.0.0.19.4svn41811-7.6.4 texlive-leftidx-2017.137.svn15878-7.6.4 texlive-leipzig-2017.137.1.1svn34902-7.6.4 texlive-lengthconvert-2017.137.1.0asvn30867-7.6.4 texlive-lettre-2017.137.2.353svn35145-7.6.4 texlive-lettrine-2017.137.1.9svn38268-7.6.4 texlive-levy-2017.137.svn21750-7.6.4 texlive-lewis-2017.137.0.0.1svn15878-7.6.4 texlive-lexikon-2017.137.1.0csvn17364-7.6.4 texlive-lexref-2017.137.1.1asvn36026-7.6.4 texlive-lfb-2017.137.1.0svn15878-7.6.4 texlive-lgreek-2017.137.svn21818-7.6.4 texlive-lh-2017.137.3.5gsvn15878-7.6.4 texlive-lhcyr-2017.137.svn31795-7.6.4 texlive-lhelp-2017.137.2.0svn23638-7.6.4 texlive-libertine-2017.137.5.3.0svn43603-7.6.4 texlive-libertine-fonts-2017.137.5.3.0svn43603-7.6.4 texlive-libertinegc-2017.137.1.00svn39746-7.6.4 texlive-libertinus-2017.137.6.4svn44409-7.6.4 texlive-libertinus-fonts-2017.137.6.4svn44409-7.6.4 texlive-libertinust1math-2017.137.1.0.4svn44542-7.6.4 texlive-libertinust1math-fonts-2017.137.1.0.4svn44542-7.6.4 texlive-libgreek-2017.137.1.0svn27789-7.6.4 texlive-librarian-2017.137.1.0svn19880-7.6.4 texlive-librebaskerville-2017.137.svn31741-7.6.4 texlive-librebaskerville-fonts-2017.137.svn31741-7.6.4 texlive-librebodoni-2017.137.svn39375-7.6.4 texlive-librebodoni-fonts-2017.137.svn39375-7.6.4 texlive-librecaslon-2017.137.svn31929-7.6.4 texlive-librecaslon-fonts-2017.137.svn31929-7.6.4 texlive-libris-2017.137.1.007svn19409-7.6.4 texlive-libris-fonts-2017.137.1.007svn19409-7.6.4 texlive-lilyglyphs-2017.137.0.0.2.3svn33164-7.6.4 texlive-lilyglyphs-fonts-2017.137.0.0.2.3svn33164-7.6.4 texlive-limap-2017.137.2.1svn41390-7.6.4 texlive-linearA-2017.137.svn15878-7.6.4 texlive-linearA-fonts-2017.137.svn15878-7.6.4 texlive-linegoal-2017.137.2.9svn21523-7.6.4 texlive-lineno-2017.137.4.41svn21442-7.6.4 texlive-ling-macros-2017.137.svn42268-7.6.4 texlive-linguex-2017.137.4.3svn30815-7.6.4 texlive-linop-2017.137.0.0.1svn41304-7.6.4 texlive-lion-msc-2017.137.0.0.27svn44131-7.6.4 texlive-lipsum-2017.137.1.3svn34800-7.6.4 texlive-lisp-on-tex-2017.137.2.0svn38722-7.6.4 texlive-listbib-2017.137.2.2svn29349-7.6.4 texlive-listing-2017.137.1.2svn17373-7.6.4 texlive-listings-2017.137.1.6svn37534-7.6.4 texlive-listings-ext-2017.137.67svn29349-7.6.4 texlive-listlbls-2017.137.1.03svn34893-7.6.4 texlive-listliketab-2017.137.svn15878-7.6.4 texlive-listofitems-2017.137.1.3svn42530-7.6.4 texlive-listofsymbols-2017.137.0.0.2svn16134-7.6.4 texlive-lithuanian-2017.137.svn22722-7.6.4 texlive-liturg-2017.137.1.0svn15878-7.6.4 texlive-lkproof-2017.137.3.1svn20021-7.6.4 texlive-lm-2017.137.2.004svn28119-7.6.4 texlive-lm-fonts-2017.137.2.004svn28119-7.6.4 texlive-lm-math-2017.137.1.959svn36915-7.6.4 texlive-lm-math-fonts-2017.137.1.959svn36915-7.6.4 texlive-lmake-2017.137.1.0svn25552-7.6.4 texlive-lni-2017.137.1.3svn44368-7.6.4 texlive-lobster2-2017.137.svn32617-7.6.4 texlive-lobster2-fonts-2017.137.svn32617-7.6.4 texlive-locality-2017.137.0.0.2svn20422-7.6.4 texlive-localloc-2017.137.svn21934-7.6.4 texlive-logbox-2017.137.1.0svn24499-7.6.4 texlive-logical-markup-utils-2017.137.svn15878-7.6.4 texlive-logicproof-2017.137.svn33254-7.6.4 texlive-logicpuzzle-2017.137.2.5svn34491-7.6.4 texlive-logpap-2017.137.0.0.6svn15878-7.6.4 texlive-logreq-2017.137.1.0svn19640-7.6.4 texlive-lollipop-2017.137.1.07svn41438-7.6.4 texlive-longdivision-2017.137.1.0svn43159-7.6.4 texlive-longfbox-2017.137.1.0svn39028-7.6.4 texlive-longfigure-2017.137.1.0svn34302-7.6.4 texlive-longnamefilelist-2017.137.0.0.2svn27889-7.6.4 texlive-loops-2017.137.1.3svn30704-7.6.4 texlive-lpform-2017.137.svn36918-7.6.4 texlive-lpic-2017.137.0.0.8svn20843-7.6.4 texlive-lplfitch-2017.137.0.0.9svn31077-7.6.4 texlive-lps-2017.137.0.0.7svn21322-7.6.4 texlive-lroundrect-2017.137.1.0svn39804-7.6.4 texlive-lsc-2017.137.svn15878-7.6.4 texlive-lshort-bulgarian-2017.137.svn15878-7.6.4 texlive-lshort-chinese-2017.137.5.10svn43606-7.6.4 texlive-lshort-czech-2017.137.4.27svn29803-7.6.4 texlive-lshort-dutch-2017.137.1.3svn15878-7.6.4 texlive-lshort-english-2017.137.5.0.5svn37892-7.6.4 texlive-lshort-estonian-2017.137.5.05svn39323-7.6.4 texlive-lshort-finnish-2017.137.svn15878-7.6.4 texlive-lshort-french-2017.137.5.01fr_0svn23332-7.6.4 texlive-lshort-german-2017.137.3.0bsvn42434-7.6.4 References: https://bugzilla.suse.com/1118796 From sle-updates at lists.suse.com Mon Feb 18 13:09:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Feb 2019 21:09:34 +0100 (CET) Subject: SUSE-SU-2019:0422-1: important: Security update for kernel-firmware Message-ID: <20190218200934.631B5FF2D@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0422-1 Rating: important References: #1104301 Cross-References: CVE-2018-5383 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-422=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-firmware-20140807git-5.11.1 ucode-amd-20140807git-5.11.1 References: https://www.suse.com/security/cve/CVE-2018-5383.html https://bugzilla.suse.com/1104301 From sle-updates at lists.suse.com Mon Feb 18 13:11:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Feb 2019 21:11:16 +0100 (CET) Subject: SUSE-SU-2019:0424-1: important: Security update for systemd Message-ID: <20190218201116.9CECDFF2D@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0424-1 Rating: important References: #1125352 Cross-References: CVE-2019-6454 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-424=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libgudev-1_0-0-210-70.77.1 libgudev-1_0-0-debuginfo-210-70.77.1 libgudev-1_0-devel-210-70.77.1 libudev-devel-210-70.77.1 libudev1-210-70.77.1 libudev1-debuginfo-210-70.77.1 systemd-210-70.77.1 systemd-debuginfo-210-70.77.1 systemd-debugsource-210-70.77.1 systemd-devel-210-70.77.1 systemd-sysvinit-210-70.77.1 typelib-1_0-GUdev-1_0-210-70.77.1 udev-210-70.77.1 udev-debuginfo-210-70.77.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libgudev-1_0-0-32bit-210-70.77.1 libgudev-1_0-0-debuginfo-32bit-210-70.77.1 libudev1-32bit-210-70.77.1 libudev1-debuginfo-32bit-210-70.77.1 systemd-32bit-210-70.77.1 systemd-debuginfo-32bit-210-70.77.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): systemd-bash-completion-210-70.77.1 References: https://www.suse.com/security/cve/CVE-2019-6454.html https://bugzilla.suse.com/1125352 From sle-updates at lists.suse.com Mon Feb 18 13:11:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Feb 2019 21:11:48 +0100 (CET) Subject: SUSE-SU-2019:0425-1: important: Security update for systemd Message-ID: <20190218201148.B64C8FF2D@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0425-1 Rating: important References: #1125352 Cross-References: CVE-2019-6454 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-425=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libgudev-1_0-0-210-116.22.1 libgudev-1_0-0-debuginfo-210-116.22.1 libgudev-1_0-devel-210-116.22.1 libudev-devel-210-116.22.1 libudev1-210-116.22.1 libudev1-debuginfo-210-116.22.1 systemd-210-116.22.1 systemd-debuginfo-210-116.22.1 systemd-debugsource-210-116.22.1 systemd-devel-210-116.22.1 systemd-sysvinit-210-116.22.1 typelib-1_0-GUdev-1_0-210-116.22.1 udev-210-116.22.1 udev-debuginfo-210-116.22.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libgudev-1_0-0-32bit-210-116.22.1 libgudev-1_0-0-debuginfo-32bit-210-116.22.1 libudev1-32bit-210-116.22.1 libudev1-debuginfo-32bit-210-116.22.1 systemd-32bit-210-116.22.1 systemd-debuginfo-32bit-210-116.22.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): systemd-bash-completion-210-116.22.1 References: https://www.suse.com/security/cve/CVE-2019-6454.html https://bugzilla.suse.com/1125352 From sle-updates at lists.suse.com Mon Feb 18 13:12:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Feb 2019 21:12:19 +0100 (CET) Subject: SUSE-SU-2019:0423-1: important: Security update for qemu Message-ID: <20190218201219.D26ACFF2D@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0423-1 Rating: important References: #1063993 #1079730 #1100408 #1101982 #1112646 #1114957 #1116717 #1117275 #1119493 #1121600 #1123156 #1123179 Cross-References: CVE-2018-16872 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 7 fixes is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-18954: Fixed a denial of service vulnerability related to PowerPC PowerNV memory operations (bsc#1114957). Non-security issues fixed: - Improved disk performance for qemu on xen (bsc#1100408). - Fixed xen offline migration (bsc#1079730, bsc#1101982, bsc#1063993). - Fixed pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600). - Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646). - Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-423=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-423=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-423=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): qemu-2.11.2-9.20.1 qemu-block-curl-2.11.2-9.20.1 qemu-block-curl-debuginfo-2.11.2-9.20.1 qemu-block-iscsi-2.11.2-9.20.1 qemu-block-iscsi-debuginfo-2.11.2-9.20.1 qemu-block-rbd-2.11.2-9.20.1 qemu-block-rbd-debuginfo-2.11.2-9.20.1 qemu-block-ssh-2.11.2-9.20.1 qemu-block-ssh-debuginfo-2.11.2-9.20.1 qemu-debuginfo-2.11.2-9.20.1 qemu-debugsource-2.11.2-9.20.1 qemu-guest-agent-2.11.2-9.20.1 qemu-guest-agent-debuginfo-2.11.2-9.20.1 qemu-lang-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (s390x x86_64): qemu-kvm-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (ppc64le): qemu-ppc-2.11.2-9.20.1 qemu-ppc-debuginfo-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64): qemu-arm-2.11.2-9.20.1 qemu-arm-debuginfo-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): qemu-x86-2.11.2-9.20.1 qemu-x86-debuginfo-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): qemu-ipxe-1.0.0+-9.20.1 qemu-seabios-1.11.0-9.20.1 qemu-sgabios-8-9.20.1 qemu-vgabios-1.11.0-9.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (s390x): qemu-s390-2.11.2-9.20.1 qemu-s390-debuginfo-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): qemu-block-dmg-2.11.2-9.20.1 qemu-block-dmg-debuginfo-2.11.2-9.20.1 qemu-debuginfo-2.11.2-9.20.1 qemu-debugsource-2.11.2-9.20.1 qemu-extra-2.11.2-9.20.1 qemu-extra-debuginfo-2.11.2-9.20.1 qemu-linux-user-2.11.2-9.20.1 qemu-linux-user-debuginfo-2.11.2-9.20.1 qemu-linux-user-debugsource-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-2.11.2-9.20.1 qemu-debugsource-2.11.2-9.20.1 qemu-tools-2.11.2-9.20.1 qemu-tools-debuginfo-2.11.2-9.20.1 References: https://www.suse.com/security/cve/CVE-2018-16872.html https://www.suse.com/security/cve/CVE-2018-18954.html https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1063993 https://bugzilla.suse.com/1079730 https://bugzilla.suse.com/1100408 https://bugzilla.suse.com/1101982 https://bugzilla.suse.com/1112646 https://bugzilla.suse.com/1114957 https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1119493 https://bugzilla.suse.com/1121600 https://bugzilla.suse.com/1123156 https://bugzilla.suse.com/1123179 From sle-updates at lists.suse.com Mon Feb 18 13:14:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Feb 2019 21:14:45 +0100 (CET) Subject: SUSE-SU-2019:0426-1: important: Security update for systemd Message-ID: <20190218201445.B7B9E10015@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0426-1 Rating: important References: #1117025 #1121563 #1122000 #1123333 #1123727 #1123892 #1124153 #1125352 Cross-References: CVE-2019-6454 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352) - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - logind: fix bad error propagation - login: log session state "closing" (as well as New/Removed) - logind: fix borked r check - login: don't remove all devices from PID1 when only one was removed - login: we only allow opening character devices - login: correct comment in session_device_free() - login: remember that fds received from PID1 need to be removed eventually - login: fix FDNAME in call to sd_pid_notify_with_fds() - logind: fd 0 is a valid fd - logind: rework sd_eviocrevoke() - logind: check file is device node before using .st_rdev - logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153) - core: add a new sd_notify() message for removing fds from the FD store again - logind: make sure we don't trip up on half-initialized session devices (bsc#1123727) - fd-util: accept that kcmp might fail with EPERM/EACCES - core: Fix use after free case in load_from_path() (bsc#1121563) - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - core: free lines after reading them (bsc#1123892) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-426=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-426=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libsystemd0-mini-234-24.25.1 libsystemd0-mini-debuginfo-234-24.25.1 libudev-mini-devel-234-24.25.1 libudev-mini1-234-24.25.1 libudev-mini1-debuginfo-234-24.25.1 nss-myhostname-234-24.25.1 nss-myhostname-debuginfo-234-24.25.1 nss-mymachines-234-24.25.1 nss-mymachines-debuginfo-234-24.25.1 nss-systemd-234-24.25.1 nss-systemd-debuginfo-234-24.25.1 systemd-debuginfo-234-24.25.1 systemd-debugsource-234-24.25.1 systemd-logger-234-24.25.1 systemd-mini-234-24.25.1 systemd-mini-container-mini-234-24.25.1 systemd-mini-container-mini-debuginfo-234-24.25.1 systemd-mini-coredump-mini-234-24.25.1 systemd-mini-coredump-mini-debuginfo-234-24.25.1 systemd-mini-debuginfo-234-24.25.1 systemd-mini-debugsource-234-24.25.1 systemd-mini-devel-234-24.25.1 systemd-mini-sysvinit-234-24.25.1 udev-mini-234-24.25.1 udev-mini-debuginfo-234-24.25.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): systemd-mini-bash-completion-234-24.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.25.1 libsystemd0-debuginfo-234-24.25.1 libudev-devel-234-24.25.1 libudev1-234-24.25.1 libudev1-debuginfo-234-24.25.1 systemd-234-24.25.1 systemd-container-234-24.25.1 systemd-container-debuginfo-234-24.25.1 systemd-coredump-234-24.25.1 systemd-coredump-debuginfo-234-24.25.1 systemd-debuginfo-234-24.25.1 systemd-debugsource-234-24.25.1 systemd-devel-234-24.25.1 systemd-sysvinit-234-24.25.1 udev-234-24.25.1 udev-debuginfo-234-24.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): systemd-bash-completion-234-24.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libsystemd0-32bit-234-24.25.1 libsystemd0-32bit-debuginfo-234-24.25.1 libudev1-32bit-234-24.25.1 libudev1-32bit-debuginfo-234-24.25.1 systemd-32bit-234-24.25.1 systemd-32bit-debuginfo-234-24.25.1 References: https://www.suse.com/security/cve/CVE-2019-6454.html https://bugzilla.suse.com/1117025 https://bugzilla.suse.com/1121563 https://bugzilla.suse.com/1122000 https://bugzilla.suse.com/1123333 https://bugzilla.suse.com/1123727 https://bugzilla.suse.com/1123892 https://bugzilla.suse.com/1124153 https://bugzilla.suse.com/1125352 From sle-updates at lists.suse.com Tue Feb 19 07:10:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2019 15:10:51 +0100 (CET) Subject: SUSE-SU-2019:0427-1: important: Security update for kernel-firmware Message-ID: <20190219141051.34E6210015@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0427-1 Rating: important References: #1104301 Cross-References: CVE-2018-5383 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-427=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-firmware-20160516git-10.16.1 ucode-amd-20160516git-10.16.1 References: https://www.suse.com/security/cve/CVE-2018-5383.html https://bugzilla.suse.com/1104301 From sle-updates at lists.suse.com Tue Feb 19 07:11:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2019 15:11:51 +0100 (CET) Subject: SUSE-RU-2019:0429-1: moderate: Recommended update for libqt5-qtdeclarative Message-ID: <20190219141151.722B5FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqt5-qtdeclarative ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0429-1 Rating: moderate References: #1114570 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libqt5-qtdeclarative provides the following fix: - Fix various issues with the JS/QML Date object. (bsc#1114570) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-429=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-429=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-429=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libqt5-qtdeclarative-debugsource-5.9.4-3.3.3 libqt5-qtdeclarative-examples-5.9.4-3.3.3 libqt5-qtdeclarative-examples-debuginfo-5.9.4-3.3.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): libqt5-qtdeclarative-private-headers-devel-5.9.4-3.3.3 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libQtQuick5-5.9.4-3.3.3 libQtQuick5-debuginfo-5.9.4-3.3.3 libqt5-qtdeclarative-debugsource-5.9.4-3.3.3 libqt5-qtdeclarative-devel-5.9.4-3.3.3 libqt5-qtdeclarative-devel-debuginfo-5.9.4-3.3.3 libqt5-qtdeclarative-tools-5.9.4-3.3.3 libqt5-qtdeclarative-tools-debuginfo-5.9.4-3.3.3 References: https://bugzilla.suse.com/1114570 From sle-updates at lists.suse.com Tue Feb 19 07:12:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2019 15:12:28 +0100 (CET) Subject: SUSE-SU-2019:0428-1: important: Security update for systemd Message-ID: <20190219141228.CE0C8FF2D@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0428-1 Rating: important References: #1111498 #1117025 #1117382 #1120658 #1122000 #1122344 #1123333 #1123892 #1125352 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Other bug fixes and changes: - journal-remote: set a limit on the number of fields in a message - journal-remote: verify entry length from header - journald: set a limit on the number of fields (1k) - journald: do not store the iovec entry for process commandline on stack - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - manager: don't skip sigchld handler for main and control pid for services (#3738) - core: Add helper functions unit_{main, control}_pid - manager: Fixing a debug printf formatting mistake (#3640) - manager: Only invoke a single sigchld per unit within a cleanup cycle (bsc#1117382) - core: update invoke_sigchld_event() to handle NULL ->sigchld_event() - sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#3631) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (bsc#1122344) - core: when restarting services, don't close fds - cryptsetup: Add dependency on loopback setup to generated units - journal-gateway: use localStorage["cursor"] only when it has valid value - journal-gateway: explicitly declare local variables - analyze: actually select longest activated-time of services - sd-bus: fix implicit downcast of bitfield reported by LGTM - core: free lines after reading them (bsc#1123892) - pam_systemd: reword message about not creating a session (bsc#1111498) - pam_systemd: suppress LOG_DEBUG log messages if debugging is off (bsc#1111498) - main: improve RLIMIT_NOFILE handling (#5795) (bsc#1120658) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) (bsc#1123333) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-428=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-428=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-428=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-428=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-428=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-428=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-428=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-428=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-428=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-428=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-428=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-428=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libsystemd0-228-150.63.1 libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE OpenStack Cloud 7 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-devel-228-150.63.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-devel-228-150.63.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsystemd0-228-150.63.1 libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsystemd0-228-150.63.1 libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsystemd0-228-150.63.1 libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Enterprise Storage 4 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Enterprise Storage 4 (x86_64): libsystemd0-228-150.63.1 libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE CaaS Platform ALL (x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE CaaS Platform 3.0 (x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 References: https://bugzilla.suse.com/1111498 https://bugzilla.suse.com/1117025 https://bugzilla.suse.com/1117382 https://bugzilla.suse.com/1120658 https://bugzilla.suse.com/1122000 https://bugzilla.suse.com/1122344 https://bugzilla.suse.com/1123333 https://bugzilla.suse.com/1123892 https://bugzilla.suse.com/1125352 From sle-updates at lists.suse.com Tue Feb 19 10:09:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2019 18:09:34 +0100 (CET) Subject: SUSE-RU-2019:0430-1: Recommended update for vino Message-ID: <20190219170934.3A64EFE74@maintenance.suse.de> SUSE Recommended Update: Recommended update for vino ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0430-1 Rating: low References: #1122549 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vino provides the following fix: - Print an error instead of segfaulting if wayland is detected. (bsc#1122549) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-430=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): vino-3.22.0-3.3.1 vino-debuginfo-3.22.0-3.3.1 vino-debugsource-3.22.0-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): vino-lang-3.22.0-3.3.1 References: https://bugzilla.suse.com/1122549 From sle-updates at lists.suse.com Tue Feb 19 10:10:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2019 18:10:04 +0100 (CET) Subject: SUSE-RU-2019:0431-1: moderate: Recommended update for mutter Message-ID: <20190219171004.7288DFF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for mutter ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0431-1 Rating: moderate References: #1120372 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mutter provides the following fixes: - When a Wayland client issues a shortcut inhibit request which is granted by the user, the Super key should be passed to the surface instead of being handled by the compositor (bsc#1120372) - Make mutter exit instead of crash if Xwayland goes away unexpectedly. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-431=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libmutter-1-0-3.26.2+20180207.4b2d21ff0-5.8.1 libmutter-1-0-debuginfo-3.26.2+20180207.4b2d21ff0-5.8.1 mutter-3.26.2+20180207.4b2d21ff0-5.8.1 mutter-data-3.26.2+20180207.4b2d21ff0-5.8.1 mutter-debuginfo-3.26.2+20180207.4b2d21ff0-5.8.1 mutter-debugsource-3.26.2+20180207.4b2d21ff0-5.8.1 mutter-devel-3.26.2+20180207.4b2d21ff0-5.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): mutter-lang-3.26.2+20180207.4b2d21ff0-5.8.1 References: https://bugzilla.suse.com/1120372 From sle-updates at lists.suse.com Tue Feb 19 10:10:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2019 18:10:40 +0100 (CET) Subject: SUSE-RU-2019:0433-1: moderate: Recommended update for open-iscsi Message-ID: <20190219171040.0845DFF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0433-1 Rating: moderate References: #1116711 #1122938 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for open-iscsi provides the following fixes: - qedi: Set buf_size in case of ICMP and ARP packet. (bsc#1116711) - qedi: Use uio BD index instead on buffer index. (bsc#1116711) - Fix the output for iscsiadm node/iface print level P1. (bsc#1122938) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-433=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.2-13.23.1 iscsiuio-debuginfo-0.7.8.2-13.23.1 libopeniscsiusr0_2_0-2.0.876-13.23.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.23.1 open-iscsi-2.0.876-13.23.1 open-iscsi-debuginfo-2.0.876-13.23.1 open-iscsi-debugsource-2.0.876-13.23.1 open-iscsi-devel-2.0.876-13.23.1 References: https://bugzilla.suse.com/1116711 https://bugzilla.suse.com/1122938 From sle-updates at lists.suse.com Tue Feb 19 10:11:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2019 18:11:28 +0100 (CET) Subject: SUSE-RU-2019:0434-1: moderate: Recommended update for libsemanage Message-ID: <20190219171128.52C06FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsemanage ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0434-1 Rating: moderate References: #1115500 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libsemanage provides the following fix: - Prevent an error message when reading module version if the directory does not exist. (bsc#1115500) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-434=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-434=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-434=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-434=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-434=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-434=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-434=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libsemanage-debugsource-2.5-9.3.1 libsemanage-devel-2.5-9.3.1 libsemanage-devel-static-2.5-9.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsemanage-debugsource-2.5-9.3.1 libsemanage-devel-2.5-9.3.1 libsemanage-devel-static-2.5-9.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsemanage-debugsource-2.5-9.3.1 libsemanage1-2.5-9.3.1 libsemanage1-debuginfo-2.5-9.3.1 python-semanage-2.5-9.3.1 python-semanage-debuginfo-2.5-9.3.1 python-semanage-debugsource-2.5-9.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsemanage1-32bit-2.5-9.3.1 libsemanage1-debuginfo-32bit-2.5-9.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsemanage-debugsource-2.5-9.3.1 libsemanage1-2.5-9.3.1 libsemanage1-debuginfo-2.5-9.3.1 python-semanage-2.5-9.3.1 python-semanage-debuginfo-2.5-9.3.1 python-semanage-debugsource-2.5-9.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsemanage1-32bit-2.5-9.3.1 libsemanage1-debuginfo-32bit-2.5-9.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsemanage-debugsource-2.5-9.3.1 libsemanage1-2.5-9.3.1 libsemanage1-32bit-2.5-9.3.1 libsemanage1-debuginfo-2.5-9.3.1 libsemanage1-debuginfo-32bit-2.5-9.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsemanage-debugsource-2.5-9.3.1 libsemanage1-2.5-9.3.1 libsemanage1-32bit-2.5-9.3.1 libsemanage1-debuginfo-2.5-9.3.1 libsemanage1-debuginfo-32bit-2.5-9.3.1 - SUSE CaaS Platform ALL (x86_64): libsemanage-debugsource-2.5-9.3.1 libsemanage1-2.5-9.3.1 libsemanage1-debuginfo-2.5-9.3.1 - SUSE CaaS Platform 3.0 (x86_64): libsemanage-debugsource-2.5-9.3.1 libsemanage1-2.5-9.3.1 libsemanage1-debuginfo-2.5-9.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsemanage-debugsource-2.5-9.3.1 libsemanage1-2.5-9.3.1 libsemanage1-debuginfo-2.5-9.3.1 References: https://bugzilla.suse.com/1115500 From sle-updates at lists.suse.com Tue Feb 19 10:12:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2019 18:12:05 +0100 (CET) Subject: SUSE-RU-2019:13963-1: Recommended update for sbd Message-ID: <20190219171205.AC97FFF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13963-1 Rating: low References: #993032 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sbd fixes the following issues: - Update man page to use pcmk_delay_max over start-delay (bsc#993032) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-sbd-13963=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sbd-13963=1 Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): sbd-1.2.1-16.3.48 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sbd-debuginfo-1.2.1-16.3.48 sbd-debugsource-1.2.1-16.3.48 References: https://bugzilla.suse.com/993032 From sle-updates at lists.suse.com Tue Feb 19 10:12:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2019 18:12:38 +0100 (CET) Subject: SUSE-SU-2019:0435-1: important: Security update for qemu Message-ID: <20190219171238.3CD78FF2D@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0435-1 Rating: important References: #1063993 #1079730 #1100408 #1101982 #1112646 #1114957 #1116717 #1117275 #1119493 #1121600 #1123156 #1123179 Cross-References: CVE-2018-16872 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 7 fixes is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-18954: Fixed a denial of service vulnerability related to PowerPC PowerNV memory operations (bsc#1114957). Non-security issues fixed: - Improved disk performance for qemu on xen (bsc#1100408). - Fixed xen offline migration (bsc#1079730, bsc#1101982, bsc#1063993). - Fixed pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600). - Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646). - Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-435=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-435=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): qemu-2.11.2-5.8.1 qemu-block-curl-2.11.2-5.8.1 qemu-block-curl-debuginfo-2.11.2-5.8.1 qemu-block-iscsi-2.11.2-5.8.1 qemu-block-iscsi-debuginfo-2.11.2-5.8.1 qemu-block-ssh-2.11.2-5.8.1 qemu-block-ssh-debuginfo-2.11.2-5.8.1 qemu-debugsource-2.11.2-5.8.1 qemu-guest-agent-2.11.2-5.8.1 qemu-guest-agent-debuginfo-2.11.2-5.8.1 qemu-lang-2.11.2-5.8.1 qemu-tools-2.11.2-5.8.1 qemu-tools-debuginfo-2.11.2-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): qemu-block-rbd-2.11.2-5.8.1 qemu-block-rbd-debuginfo-2.11.2-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): qemu-kvm-2.11.2-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64): qemu-arm-2.11.2-5.8.1 qemu-arm-debuginfo-2.11.2-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le): qemu-ppc-2.11.2-5.8.1 qemu-ppc-debuginfo-2.11.2-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): qemu-x86-2.11.2-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): qemu-ipxe-1.0.0+-5.8.1 qemu-seabios-1.11.0-5.8.1 qemu-sgabios-8-5.8.1 qemu-vgabios-1.11.0-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): qemu-s390-2.11.2-5.8.1 qemu-s390-debuginfo-2.11.2-5.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): qemu-2.11.2-5.8.1 qemu-block-curl-2.11.2-5.8.1 qemu-block-curl-debuginfo-2.11.2-5.8.1 qemu-debugsource-2.11.2-5.8.1 qemu-kvm-2.11.2-5.8.1 qemu-tools-2.11.2-5.8.1 qemu-tools-debuginfo-2.11.2-5.8.1 qemu-x86-2.11.2-5.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): qemu-ipxe-1.0.0+-5.8.1 qemu-seabios-1.11.0-5.8.1 qemu-sgabios-8-5.8.1 qemu-vgabios-1.11.0-5.8.1 References: https://www.suse.com/security/cve/CVE-2018-16872.html https://www.suse.com/security/cve/CVE-2018-18954.html https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1063993 https://bugzilla.suse.com/1079730 https://bugzilla.suse.com/1100408 https://bugzilla.suse.com/1101982 https://bugzilla.suse.com/1112646 https://bugzilla.suse.com/1114957 https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1119493 https://bugzilla.suse.com/1121600 https://bugzilla.suse.com/1123156 https://bugzilla.suse.com/1123179 From sle-updates at lists.suse.com Tue Feb 19 10:14:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2019 18:14:54 +0100 (CET) Subject: SUSE-RU-2019:0432-1: moderate: Recommended update for libvpd2 Message-ID: <20190219171454.E911810015@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvpd2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0432-1 Rating: moderate References: #1121687 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libvpd2 fixes the following issues: - Move pid file from /var to /run (bsc#1121687) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-432=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libvpd2-2.2.5-3.3.1 libvpd2-debuginfo-2.2.5-3.3.1 libvpd2-debugsource-2.2.5-3.3.1 libvpd2-devel-2.2.5-3.3.1 References: https://bugzilla.suse.com/1121687 From sle-updates at lists.suse.com Tue Feb 19 10:15:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2019 18:15:26 +0100 (CET) Subject: SUSE-RU-2019:0436-1: moderate: Recommended update for yast2-registration Message-ID: <20190219171526.C19D9FF2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0436-1 Rating: moderate References: #1110246 #1122608 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-registration fixes the following issues: - Do not try to remove services which have already been deleted. (bsc#1110246) - Improved the message in the registration skipping dialog (bsc#1122608) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-436=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2019-436=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-registration-4.0.49-3.23.1 - SUSE Linux Enterprise Installer 15 (noarch): yast2-registration-4.0.49-3.23.1 References: https://bugzilla.suse.com/1110246 https://bugzilla.suse.com/1122608 From sle-updates at lists.suse.com Tue Feb 19 13:09:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2019 21:09:38 +0100 (CET) Subject: SUSE-SU-2019:0438-1: important: Security update for gvfs Message-ID: <20190219200938.28BEEF7BB@maintenance.suse.de> SUSE Security Update: Security update for gvfs ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0438-1 Rating: important References: #1125084 Cross-References: CVE-2019-3827 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gvfs fixes the following issues: Security vulnerability fixed: - CVE-2019-3827: Fixed an issue whereby an unprivileged user was not prompted to give a password when acessing root owned files. (bsc#1125084) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-438=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gvfs-1.34.2.1-4.6.1 gvfs-backend-afc-1.34.2.1-4.6.1 gvfs-backend-afc-debuginfo-1.34.2.1-4.6.1 gvfs-backend-samba-1.34.2.1-4.6.1 gvfs-backend-samba-debuginfo-1.34.2.1-4.6.1 gvfs-backends-1.34.2.1-4.6.1 gvfs-backends-debuginfo-1.34.2.1-4.6.1 gvfs-debuginfo-1.34.2.1-4.6.1 gvfs-debugsource-1.34.2.1-4.6.1 gvfs-devel-1.34.2.1-4.6.1 gvfs-fuse-1.34.2.1-4.6.1 gvfs-fuse-debuginfo-1.34.2.1-4.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gvfs-lang-1.34.2.1-4.6.1 References: https://www.suse.com/security/cve/CVE-2019-3827.html https://bugzilla.suse.com/1125084 From sle-updates at lists.suse.com Tue Feb 19 13:10:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Feb 2019 21:10:12 +0100 (CET) Subject: SUSE-SU-2019:0439-1: important: Security update for the Linux Kernel Message-ID: <20190219201012.0A4C1F7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0439-1 Rating: important References: #1012382 #1023175 #1042286 #1065600 #1065726 #1070805 #1084721 #1086095 #1086535 #1091158 #1091171 #1091197 #1094825 #1095344 #1098996 #1099523 #1099597 #1100105 #1101555 #1103624 #1104731 #1105025 #1105931 #1106293 #1107256 #1107299 #1107385 #1107866 #1108145 #1108498 #1109330 #1110286 #1110837 #1111062 #1113192 #1113751 #1113769 #1114190 #1114648 #1114763 #1115433 #1115440 #1116027 #1116183 #1116345 #1117186 #1117187 #1118152 #1118319 #1119714 #1119946 #1119947 #1120743 #1120758 #1121621 #1123161 Cross-References: CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18386 CVE-2018-18690 CVE-2018-18710 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9516 CVE-2018-9568 CVE-2019-3459 CVE-2019-3460 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 43 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bnc#1108498). - CVE-2019-3459, CVE-2019-3460: The Blutooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). The following non-security bugs were fixed: - aio: hold an extra file reference over AIO read/write operations (bsc#1116027). - ata: Fix racy link clearance (bsc#1107866). - btrfs: Fix wrong first_key parameter in replace_path (follow up fixes for bsc#1084721). - cgroup, netclassid: add a preemption point to write_classid (bnc#1098996). - cifs: Fix infinite loop when using hard mount option (bsc#1091171). - dm round robin: revert "use percpu 'repeat_count' and 'current_path'" (bsc#1113192) - fscache: fix race between enablement and dropping of object (bsc#1107385). - ibmvnic: fix index in release_rx_pools (bsc#1115440). - ip: hash fragments consistently (bsc#1042286 bsc#1108145). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105). - ixgbe: Add support for build_skb (bsc#1100105). - ixgbe: Add support for padding packet (bsc#1100105). - ixgbe: Break out Rx buffer page management (bsc#1100105). - ixgbe: Fix output from ixgbe_dump (bsc#1100105). - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105). - ixgbe: Only DMA sync frame length (bsc#1100105). - ixgbe: Update code to better handle incrementing page count (bsc#1100105). - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105). - ixgbe: Use length to determine if descriptor is done (bsc#1100105). - libfc: sync strings with upstream versions (bsc#1114763). - md: reorder flag_bits to match upstream commits The ordering in the patches was backward. - mm: add support for releasing multiple instances of a page (bsc#1100105). - mm: rename __page_frag functions to __page_frag_cache, drop order from drain (bsc#1100105). - net: ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - NFS: add nostatflush mount option (bsc#1065726). - nospec: Include dependency (bsc#1114648). - ovl: after setting xattributes, you need to copy the attributes in order to make sure the mode and ctime/mtime is set (bsc#1107299). - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805). - Revert "kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)" This reverts commit 54da5757cbbb39ab15b3cd09cf922a8a9e32209c. - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1042286 bsc#1108145). - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1091197). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1103624, bsc#1104731). - sd: disable logical block provisioning if 'lpbme' is not set (bsc#1086095). - tcp: prevent bogus FRTO undos with non-SACK flows (bsc#1086535). - Update ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433). - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bsc#1105931). - x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface (bsc#1105931). - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bsc#1105931). - x86/entry/64: sanitize extra registers on syscall entry (bsc#1105931). - x86/kaiser: Avoid loosing NMIs when using trampoline stack (bsc#1106293 bsc#1099597). - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158, bsc#1101555, bsc#1117187). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen/blkfront: correct purging of persistent grants (bnc#1065600). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netback: dont overflow meta array (bnc#1099523). - xen/netfront: do not bug in case of too many frags (bnc#1012382). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs/dmapi: restore event in xfs_getbmap (bsc#1095344, bsc#1114763). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-439=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-439=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-439=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-439=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-439=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-439=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-439=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.101.1 kernel-default-base-4.4.121-92.101.1 kernel-default-base-debuginfo-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 kernel-default-devel-4.4.121-92.101.1 kernel-syms-4.4.121-92.101.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.101.1 kernel-macros-4.4.121-92.101.1 kernel-source-4.4.121-92.101.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_101-default-1-3.3.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.101.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.101.1 kernel-default-base-4.4.121-92.101.1 kernel-default-base-debuginfo-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 kernel-default-devel-4.4.121-92.101.1 kernel-syms-4.4.121-92.101.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.101.1 kernel-macros-4.4.121-92.101.1 kernel-source-4.4.121-92.101.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_101-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.101.1 kernel-default-base-4.4.121-92.101.1 kernel-default-base-debuginfo-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 kernel-default-devel-4.4.121-92.101.1 kernel-syms-4.4.121-92.101.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_101-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.101.1 kernel-macros-4.4.121-92.101.1 kernel-source-4.4.121-92.101.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.101.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.101.1 kernel-default-base-4.4.121-92.101.1 kernel-default-base-debuginfo-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 kernel-default-devel-4.4.121-92.101.1 kernel-syms-4.4.121-92.101.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.101.1 kernel-macros-4.4.121-92.101.1 kernel-source-4.4.121-92.101.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.101.1 cluster-md-kmp-default-debuginfo-4.4.121-92.101.1 cluster-network-kmp-default-4.4.121-92.101.1 cluster-network-kmp-default-debuginfo-4.4.121-92.101.1 dlm-kmp-default-4.4.121-92.101.1 dlm-kmp-default-debuginfo-4.4.121-92.101.1 gfs2-kmp-default-4.4.121-92.101.1 gfs2-kmp-default-debuginfo-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 ocfs2-kmp-default-4.4.121-92.101.1 ocfs2-kmp-default-debuginfo-4.4.121-92.101.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.101.1 kernel-default-base-4.4.121-92.101.1 kernel-default-base-debuginfo-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 kernel-default-devel-4.4.121-92.101.1 kernel-syms-4.4.121-92.101.1 kgraft-patch-4_4_121-92_101-default-1-3.3.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.101.1 kernel-macros-4.4.121-92.101.1 kernel-source-4.4.121-92.101.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 References: https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18386.html https://www.suse.com/security/cve/CVE-2018-18690.html https://www.suse.com/security/cve/CVE-2018-18710.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9516.html https://www.suse.com/security/cve/CVE-2018-9568.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065726 https://bugzilla.suse.com/1070805 https://bugzilla.suse.com/1084721 https://bugzilla.suse.com/1086095 https://bugzilla.suse.com/1086535 https://bugzilla.suse.com/1091158 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1091197 https://bugzilla.suse.com/1094825 https://bugzilla.suse.com/1095344 https://bugzilla.suse.com/1098996 https://bugzilla.suse.com/1099523 https://bugzilla.suse.com/1099597 https://bugzilla.suse.com/1100105 https://bugzilla.suse.com/1101555 https://bugzilla.suse.com/1103624 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1105025 https://bugzilla.suse.com/1105931 https://bugzilla.suse.com/1106293 https://bugzilla.suse.com/1107256 https://bugzilla.suse.com/1107299 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1108145 https://bugzilla.suse.com/1108498 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1110286 https://bugzilla.suse.com/1110837 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1113192 https://bugzilla.suse.com/1113751 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1114190 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114763 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1116027 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116345 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117187 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119947 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1123161 From sle-updates at lists.suse.com Tue Feb 19 16:09:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 00:09:16 +0100 (CET) Subject: SUSE-RU-2019:0446-1: moderate: Recommended update for python-azure-agent Message-ID: <20190219230916.EEE1FFFD0@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0446-1 Rating: moderate References: #1094420 #1119542 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-azure-agent fixes the following issues: python-azure-agent was updated to 2.2.36 (bsc#1119542) + [#1451] Do not utf-8 encode telemetry messages + [#1434] Use files instead of pipes to capture stdout/stderr + [#1431] Prevent multiple downloads of zips + [#1418] Add main module to Python's egg + [#1416] Fix UTF-8 encoding for telemetry payload + [#1408] Honor the 'no_proxy' flag + [#1391, #1401, #1441] Azure Stack improvements + [#1384] Write status file in WALinuxAgent lib folder + [#1375] Add support for Redhat + [#1373] Handle different kernel builds on SUSE Linux Enterprise + [#1365, #1385, #1389] Fixes for RDMA + [#1397] Send events when extensions fail to complete operation + [#1394/#1366] Fix the threshold telemetry issue + [#1298] Implementing extension sequencing in azure Linux agent + [#1340] Allow Clear Linux detection in python2 and python3 + [#1345] FreeBSD swap issues fix (#1144) + [#1349] Use append_file in Redhat6xOSUtil.openssl_to_openssh() + [#1355] Ensure 'value' for authorized ssh keys end in "\n" + [#1361] Remove main module + [#1325] Enable cgroups by default on all distros + [#1327, #1347] Allow enforcing of cgroups limits + [#1337] Allow configuration for cgroups + [#1333] Add support for NSBSD + [#1319] Stream extension downloads to disk (do not buffer the download in memory) + [#1303] Fix to support custom DNS servers + [#1306] Log extension stdout and stderr + [#1302] Better of cloud-init configuration during deprovisioning + [#1295] Fix to report the correct extension error code + [#1289] Allow disabling the agent or extensions + [#1290] Use the "ip route" command instead of the "route" comand during network configuration + [#1281] Delete JIT accounts + [#1234] Fix for reading KVP values from host + [#1287] Add UDEV rule in azure disk encryption + [#1196] Health store integration + [#1199] CGroups support + [#1194] Use host for status reporting + [#1188] Fix for sentinel and signal handlers + [#1182] Telemetry updates + [#1171] Add support for JIT + [#1164] Fix for name resolution in Ubuntu 18.04 + [#1154] Set connection close header + [#1143] Remove extension packages after extraction + Revert extension manifest caching to prevent downgrade issues. + [#929] wire.py#update_goal_state does not handle out-of-date GoalState errors + [#908] Set Files to 0400 in /var/lib/waagent + [#906] Hardcoded value for sshd's ClientAliveInterval (180) + [#899] Improve HeartBeat Event + [#898] Send dummy status if extension fails to write a #.status file + [#897] 'Target handler state' wall of errors + [#896] End of Line Comments are Not Supported nor Handled + [#891] Create a Telemetry Event to Track Custom Data Execution + [#884] Cleanup Old Goal State and Extension Cache + [#876] The agent should use a scaling back-off when retrying HTTP requests + [#869] The agent should report OS information in the correct JSON format. + [#822] Update docs Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-446=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-446=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python-azure-agent-2.2.36-7.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-azure-agent-test-2.2.36-7.3.1 References: https://bugzilla.suse.com/1094420 https://bugzilla.suse.com/1119542 From sle-updates at lists.suse.com Tue Feb 19 16:10:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 00:10:02 +0100 (CET) Subject: SUSE-RU-2019:0445-1: moderate: Recommended update for s390-tools Message-ID: <20190219231002.2AF88FFD0@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0445-1 Rating: moderate References: #1112018 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - Updated the spec file to regenerate the initrd in the post, postrun, and poststrans scriptlets. (bsc#1112018) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-445=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (s390x): osasnmpd-2.1.0-12.11.7 osasnmpd-debuginfo-2.1.0-12.11.7 s390-tools-2.1.0-12.11.7 s390-tools-debuginfo-2.1.0-12.11.7 s390-tools-debugsource-2.1.0-12.11.7 s390-tools-hmcdrvfs-2.1.0-12.11.7 s390-tools-hmcdrvfs-debuginfo-2.1.0-12.11.7 s390-tools-zdsfs-2.1.0-12.11.7 s390-tools-zdsfs-debuginfo-2.1.0-12.11.7 References: https://bugzilla.suse.com/1112018 From sle-updates at lists.suse.com Tue Feb 19 16:10:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 00:10:37 +0100 (CET) Subject: SUSE-RU-2019:0444-1: moderate: Recommended update for wicked Message-ID: <20190219231037.8F402FFD0@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0444-1 Rating: moderate References: #1118378 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wicked fixes the following issues: - Wicked test command now displays the hostname. (bsc#1118378) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-444=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwicked-0-6-0.6.53-3.8.1 libwicked-0-6-debuginfo-0.6.53-3.8.1 wicked-0.6.53-3.8.1 wicked-debuginfo-0.6.53-3.8.1 wicked-debugsource-0.6.53-3.8.1 wicked-service-0.6.53-3.8.1 References: https://bugzilla.suse.com/1118378 From sle-updates at lists.suse.com Tue Feb 19 16:11:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 00:11:15 +0100 (CET) Subject: SUSE-RU-2019:0443-1: moderate: Recommended update for google-compute-engine Message-ID: <20190219231115.8C735FFD0@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0443-1 Rating: moderate References: #1123671 #1123672 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-compute-engine fixes the following issues: Google Compute Engine was updated to version 20190124 (bsc#1123671, bsc#1123672) * Fix metadata script retrieval to support Python 3. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-443=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20190124-4.11.1 google-compute-engine-oslogin-debuginfo-20190124-4.11.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): google-compute-engine-init-20190124-4.11.1 References: https://bugzilla.suse.com/1123671 https://bugzilla.suse.com/1123672 From sle-updates at lists.suse.com Tue Feb 19 16:11:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 00:11:55 +0100 (CET) Subject: SUSE-RU-2019:0442-1: moderate: Recommended update for s390-tools Message-ID: <20190219231155.65AA6FFD0@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0442-1 Rating: moderate References: #1112018 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - regenerate the initrd in the post, postun, and posttrans scriptlets of this package. (bsc#1112018) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-442=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (s390x): osasnmpd-2.1.0-13.3.1 osasnmpd-debuginfo-2.1.0-13.3.1 s390-tools-2.1.0-13.3.1 s390-tools-debuginfo-2.1.0-13.3.1 s390-tools-debugsource-2.1.0-13.3.1 s390-tools-hmcdrvfs-2.1.0-13.3.1 s390-tools-hmcdrvfs-debuginfo-2.1.0-13.3.1 s390-tools-zdsfs-2.1.0-13.3.1 s390-tools-zdsfs-debuginfo-2.1.0-13.3.1 References: https://bugzilla.suse.com/1112018 From sle-updates at lists.suse.com Tue Feb 19 16:12:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 00:12:28 +0100 (CET) Subject: SUSE-RU-2019:0440-1: moderate: Recommended update for dmidecode Message-ID: <20190219231228.DF8A3FFD0@maintenance.suse.de> SUSE Recommended Update: Recommended update for dmidecode ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0440-1 Rating: moderate References: #1120149 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dmidecode fixes the following issues: - Extensions to Memory Device (Type 17) (FATE#326831 bsc#1120149) - Add "Logical non-volatile device" to the memory device types (FATE#326831 bsc#1120149) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-440=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-440=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-440=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-440=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-440=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): dmidecode-3.0-10.3.1 dmidecode-debuginfo-3.0-10.3.1 dmidecode-debugsource-3.0-10.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): dmidecode-3.0-10.3.1 dmidecode-debuginfo-3.0-10.3.1 dmidecode-debugsource-3.0-10.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dmidecode-3.0-10.3.1 dmidecode-debuginfo-3.0-10.3.1 dmidecode-debugsource-3.0-10.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): dmidecode-3.0-10.3.1 dmidecode-debuginfo-3.0-10.3.1 dmidecode-debugsource-3.0-10.3.1 - SUSE CaaS Platform ALL (x86_64): dmidecode-3.0-10.3.1 dmidecode-debuginfo-3.0-10.3.1 dmidecode-debugsource-3.0-10.3.1 - SUSE CaaS Platform 3.0 (x86_64): dmidecode-3.0-10.3.1 dmidecode-debuginfo-3.0-10.3.1 dmidecode-debugsource-3.0-10.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): dmidecode-3.0-10.3.1 dmidecode-debuginfo-3.0-10.3.1 dmidecode-debugsource-3.0-10.3.1 References: https://bugzilla.suse.com/1120149 From sle-updates at lists.suse.com Tue Feb 19 16:13:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 00:13:03 +0100 (CET) Subject: SUSE-RU-2019:0441-1: moderate: Recommended update for dmidecode Message-ID: <20190219231303.9BDDCFFD0@maintenance.suse.de> SUSE Recommended Update: Recommended update for dmidecode ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0441-1 Rating: moderate References: #1120149 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dmidecode fixes the following issues: - Extensions to Memory Device (Type 17) (FATE#326830 bsc#1120149) - Add "Logical non-volatile device" to the memory device types (FATE#326830 bsc#1120149) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-441=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 x86_64): dmidecode-3.1-4.3.1 dmidecode-debuginfo-3.1-4.3.1 dmidecode-debugsource-3.1-4.3.1 References: https://bugzilla.suse.com/1120149 From sle-updates at lists.suse.com Wed Feb 20 04:10:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 12:10:29 +0100 (CET) Subject: SUSE-SU-2019:0447-1: moderate: Security update for libqt5-qtbase Message-ID: <20190220111029.820E4FFD4@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0447-1 Rating: moderate References: #1096328 #1099874 #1108889 #1118595 #1118596 #1120639 Cross-References: CVE-2018-15518 CVE-2018-19873 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for libqt5-qtbase provides the following fixes: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Non-security issues fixed: - Fix dynamic loading of libGL. (bsc#1099874) - Make sure printer settings are properly remembered. (bsc#1096328) - Add patch to fix fails to load pixmap cursors on XRender less system (bsc#1108889) - Fix krita pop-up palette not working properly (bsc#1120639) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-447=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-447=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-447=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.9.4-8.11.13 libqt5-qtbase-debugsource-5.9.4-8.11.13 libqt5-qtbase-examples-5.9.4-8.11.13 libqt5-qtbase-examples-debuginfo-5.9.4-8.11.13 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libQt5OpenGLExtensions-devel-static-5.9.4-8.11.13 libQt5Sql5-mysql-5.9.4-8.11.13 libQt5Sql5-mysql-debuginfo-5.9.4-8.11.13 libQt5Sql5-postgresql-5.9.4-8.11.13 libQt5Sql5-postgresql-debuginfo-5.9.4-8.11.13 libQt5Sql5-unixODBC-5.9.4-8.11.13 libQt5Sql5-unixODBC-debuginfo-5.9.4-8.11.13 libqt5-qtbase-debugsource-5.9.4-8.11.13 libqt5-qtbase-platformtheme-gtk3-5.9.4-8.11.13 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-8.11.13 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libQt5Concurrent-devel-5.9.4-8.11.13 libQt5Concurrent5-5.9.4-8.11.13 libQt5Concurrent5-debuginfo-5.9.4-8.11.13 libQt5Core-devel-5.9.4-8.11.13 libQt5Core5-5.9.4-8.11.13 libQt5Core5-debuginfo-5.9.4-8.11.13 libQt5DBus-devel-5.9.4-8.11.13 libQt5DBus-devel-debuginfo-5.9.4-8.11.13 libQt5DBus5-5.9.4-8.11.13 libQt5DBus5-debuginfo-5.9.4-8.11.13 libQt5Gui-devel-5.9.4-8.11.13 libQt5Gui5-5.9.4-8.11.13 libQt5Gui5-debuginfo-5.9.4-8.11.13 libQt5KmsSupport-devel-static-5.9.4-8.11.13 libQt5Network-devel-5.9.4-8.11.13 libQt5Network5-5.9.4-8.11.13 libQt5Network5-debuginfo-5.9.4-8.11.13 libQt5OpenGL-devel-5.9.4-8.11.13 libQt5OpenGL5-5.9.4-8.11.13 libQt5OpenGL5-debuginfo-5.9.4-8.11.13 libQt5PlatformHeaders-devel-5.9.4-8.11.13 libQt5PlatformSupport-devel-static-5.9.4-8.11.13 libQt5PrintSupport-devel-5.9.4-8.11.13 libQt5PrintSupport5-5.9.4-8.11.13 libQt5PrintSupport5-debuginfo-5.9.4-8.11.13 libQt5Sql-devel-5.9.4-8.11.13 libQt5Sql5-5.9.4-8.11.13 libQt5Sql5-debuginfo-5.9.4-8.11.13 libQt5Sql5-sqlite-5.9.4-8.11.13 libQt5Sql5-sqlite-debuginfo-5.9.4-8.11.13 libQt5Test-devel-5.9.4-8.11.13 libQt5Test5-5.9.4-8.11.13 libQt5Test5-debuginfo-5.9.4-8.11.13 libQt5Widgets-devel-5.9.4-8.11.13 libQt5Widgets5-5.9.4-8.11.13 libQt5Widgets5-debuginfo-5.9.4-8.11.13 libQt5Xml-devel-5.9.4-8.11.13 libQt5Xml5-5.9.4-8.11.13 libQt5Xml5-debuginfo-5.9.4-8.11.13 libqt5-qtbase-common-devel-5.9.4-8.11.13 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.11.13 libqt5-qtbase-debugsource-5.9.4-8.11.13 libqt5-qtbase-devel-5.9.4-8.11.13 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libQt5Core-private-headers-devel-5.9.4-8.11.13 libQt5DBus-private-headers-devel-5.9.4-8.11.13 libQt5Gui-private-headers-devel-5.9.4-8.11.13 libQt5KmsSupport-private-headers-devel-5.9.4-8.11.13 libQt5Network-private-headers-devel-5.9.4-8.11.13 libQt5OpenGL-private-headers-devel-5.9.4-8.11.13 libQt5PlatformSupport-private-headers-devel-5.9.4-8.11.13 libQt5PrintSupport-private-headers-devel-5.9.4-8.11.13 libQt5Sql-private-headers-devel-5.9.4-8.11.13 libQt5Test-private-headers-devel-5.9.4-8.11.13 libQt5Widgets-private-headers-devel-5.9.4-8.11.13 libqt5-qtbase-private-headers-devel-5.9.4-8.11.13 References: https://www.suse.com/security/cve/CVE-2018-15518.html https://www.suse.com/security/cve/CVE-2018-19873.html https://bugzilla.suse.com/1096328 https://bugzilla.suse.com/1099874 https://bugzilla.suse.com/1108889 https://bugzilla.suse.com/1118595 https://bugzilla.suse.com/1118596 https://bugzilla.suse.com/1120639 From sle-updates at lists.suse.com Wed Feb 20 04:13:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 12:13:22 +0100 (CET) Subject: SUSE-SU-2019:0448-1: important: Security update for python-numpy Message-ID: <20190220111322.BDC49FFD4@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0448-1 Rating: important References: #1122208 Cross-References: CVE-2019-6446 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2019-448=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): python-numpy_1_13_3-gnu-hpc-1.13.3-4.9.1 python-numpy_1_13_3-gnu-hpc-debuginfo-1.13.3-4.9.1 python-numpy_1_13_3-gnu-hpc-debugsource-1.13.3-4.9.1 python-numpy_1_13_3-gnu-hpc-devel-1.13.3-4.9.1 python2-numpy-gnu-hpc-1.13.3-4.9.1 python2-numpy-gnu-hpc-devel-1.13.3-4.9.1 python3-numpy-gnu-hpc-1.13.3-4.9.1 python3-numpy-gnu-hpc-devel-1.13.3-4.9.1 python3-numpy_1_13_3-gnu-hpc-1.13.3-4.9.1 python3-numpy_1_13_3-gnu-hpc-debuginfo-1.13.3-4.9.1 python3-numpy_1_13_3-gnu-hpc-devel-1.13.3-4.9.1 References: https://www.suse.com/security/cve/CVE-2019-6446.html https://bugzilla.suse.com/1122208 From sle-updates at lists.suse.com Wed Feb 20 10:09:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 18:09:33 +0100 (CET) Subject: SUSE-SU-2019:0449-1: moderate: Security update for php5 Message-ID: <20190220170933.8C9EEFD0D@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0449-1 Rating: moderate References: #1123354 Cross-References: CVE-2019-6977 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php5 fixes the following issues: Security vulnerability fixed: - CVE-2019-6977: Fixed a heap buffer overflow in gdImageColorMatch in gd_color_match.c (bsc#1123354) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-449=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-449=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-449=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.48.1 php5-debugsource-5.5.14-109.48.1 php5-devel-5.5.14-109.48.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.48.1 php5-debugsource-5.5.14-109.48.1 php5-devel-5.5.14-109.48.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.48.1 apache2-mod_php5-debuginfo-5.5.14-109.48.1 php5-5.5.14-109.48.1 php5-bcmath-5.5.14-109.48.1 php5-bcmath-debuginfo-5.5.14-109.48.1 php5-bz2-5.5.14-109.48.1 php5-bz2-debuginfo-5.5.14-109.48.1 php5-calendar-5.5.14-109.48.1 php5-calendar-debuginfo-5.5.14-109.48.1 php5-ctype-5.5.14-109.48.1 php5-ctype-debuginfo-5.5.14-109.48.1 php5-curl-5.5.14-109.48.1 php5-curl-debuginfo-5.5.14-109.48.1 php5-dba-5.5.14-109.48.1 php5-dba-debuginfo-5.5.14-109.48.1 php5-debuginfo-5.5.14-109.48.1 php5-debugsource-5.5.14-109.48.1 php5-dom-5.5.14-109.48.1 php5-dom-debuginfo-5.5.14-109.48.1 php5-enchant-5.5.14-109.48.1 php5-enchant-debuginfo-5.5.14-109.48.1 php5-exif-5.5.14-109.48.1 php5-exif-debuginfo-5.5.14-109.48.1 php5-fastcgi-5.5.14-109.48.1 php5-fastcgi-debuginfo-5.5.14-109.48.1 php5-fileinfo-5.5.14-109.48.1 php5-fileinfo-debuginfo-5.5.14-109.48.1 php5-fpm-5.5.14-109.48.1 php5-fpm-debuginfo-5.5.14-109.48.1 php5-ftp-5.5.14-109.48.1 php5-ftp-debuginfo-5.5.14-109.48.1 php5-gd-5.5.14-109.48.1 php5-gd-debuginfo-5.5.14-109.48.1 php5-gettext-5.5.14-109.48.1 php5-gettext-debuginfo-5.5.14-109.48.1 php5-gmp-5.5.14-109.48.1 php5-gmp-debuginfo-5.5.14-109.48.1 php5-iconv-5.5.14-109.48.1 php5-iconv-debuginfo-5.5.14-109.48.1 php5-imap-5.5.14-109.48.1 php5-imap-debuginfo-5.5.14-109.48.1 php5-intl-5.5.14-109.48.1 php5-intl-debuginfo-5.5.14-109.48.1 php5-json-5.5.14-109.48.1 php5-json-debuginfo-5.5.14-109.48.1 php5-ldap-5.5.14-109.48.1 php5-ldap-debuginfo-5.5.14-109.48.1 php5-mbstring-5.5.14-109.48.1 php5-mbstring-debuginfo-5.5.14-109.48.1 php5-mcrypt-5.5.14-109.48.1 php5-mcrypt-debuginfo-5.5.14-109.48.1 php5-mysql-5.5.14-109.48.1 php5-mysql-debuginfo-5.5.14-109.48.1 php5-odbc-5.5.14-109.48.1 php5-odbc-debuginfo-5.5.14-109.48.1 php5-opcache-5.5.14-109.48.1 php5-opcache-debuginfo-5.5.14-109.48.1 php5-openssl-5.5.14-109.48.1 php5-openssl-debuginfo-5.5.14-109.48.1 php5-pcntl-5.5.14-109.48.1 php5-pcntl-debuginfo-5.5.14-109.48.1 php5-pdo-5.5.14-109.48.1 php5-pdo-debuginfo-5.5.14-109.48.1 php5-pgsql-5.5.14-109.48.1 php5-pgsql-debuginfo-5.5.14-109.48.1 php5-phar-5.5.14-109.48.1 php5-phar-debuginfo-5.5.14-109.48.1 php5-posix-5.5.14-109.48.1 php5-posix-debuginfo-5.5.14-109.48.1 php5-pspell-5.5.14-109.48.1 php5-pspell-debuginfo-5.5.14-109.48.1 php5-shmop-5.5.14-109.48.1 php5-shmop-debuginfo-5.5.14-109.48.1 php5-snmp-5.5.14-109.48.1 php5-snmp-debuginfo-5.5.14-109.48.1 php5-soap-5.5.14-109.48.1 php5-soap-debuginfo-5.5.14-109.48.1 php5-sockets-5.5.14-109.48.1 php5-sockets-debuginfo-5.5.14-109.48.1 php5-sqlite-5.5.14-109.48.1 php5-sqlite-debuginfo-5.5.14-109.48.1 php5-suhosin-5.5.14-109.48.1 php5-suhosin-debuginfo-5.5.14-109.48.1 php5-sysvmsg-5.5.14-109.48.1 php5-sysvmsg-debuginfo-5.5.14-109.48.1 php5-sysvsem-5.5.14-109.48.1 php5-sysvsem-debuginfo-5.5.14-109.48.1 php5-sysvshm-5.5.14-109.48.1 php5-sysvshm-debuginfo-5.5.14-109.48.1 php5-tokenizer-5.5.14-109.48.1 php5-tokenizer-debuginfo-5.5.14-109.48.1 php5-wddx-5.5.14-109.48.1 php5-wddx-debuginfo-5.5.14-109.48.1 php5-xmlreader-5.5.14-109.48.1 php5-xmlreader-debuginfo-5.5.14-109.48.1 php5-xmlrpc-5.5.14-109.48.1 php5-xmlrpc-debuginfo-5.5.14-109.48.1 php5-xmlwriter-5.5.14-109.48.1 php5-xmlwriter-debuginfo-5.5.14-109.48.1 php5-xsl-5.5.14-109.48.1 php5-xsl-debuginfo-5.5.14-109.48.1 php5-zip-5.5.14-109.48.1 php5-zip-debuginfo-5.5.14-109.48.1 php5-zlib-5.5.14-109.48.1 php5-zlib-debuginfo-5.5.14-109.48.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.48.1 References: https://www.suse.com/security/cve/CVE-2019-6977.html https://bugzilla.suse.com/1123354 From sle-updates at lists.suse.com Wed Feb 20 13:09:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 21:09:18 +0100 (CET) Subject: SUSE-RU-2019:0454-1: moderate: Recommended update for google-compute-engine Message-ID: <20190220200918.9DA67FDEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0454-1 Rating: moderate References: #1123671 #1123672 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-compute-engine fixes the following issues: Google Compute Engine was updated to version 20190124 (bsc#1123671, bsc#1123672) * Fix metadata script retrieval to support Python 3. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-454=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20190124-27.1 google-compute-engine-oslogin-debuginfo-20190124-27.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-compute-engine-init-20190124-27.1 References: https://bugzilla.suse.com/1123671 https://bugzilla.suse.com/1123672 From sle-updates at lists.suse.com Wed Feb 20 13:09:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 21:09:56 +0100 (CET) Subject: SUSE-RU-2019:0452-1: moderate: Recommended update for wicked Message-ID: <20190220200956.40B35FD4A@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0452-1 Rating: moderate References: #1022872 #1026807 #1027099 #1036675 #1057007 #1061051 #1069468 #1072343 #1078245 #1083670 #1084462 #1084527 #1085020 #1085786 #1095818 #1102871 #1107579 #1109147 #954758 #972463 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This update for wicked fixes the following issues: - wickedd: fix netdev detection bootstrap race (bsc#1107579) - compat: fix ifcfg parsing crash if network/config is missed - wireless: fix eap peap auth mapping for wpa-supplicant (bsc#1026807) - firewall: do not assign default zone, but pass as is (bsc#1109147) - nanny: fix memory leaks on fast create-delete calls (bsc#1095818) - extensions: do not use /etc/HOSTNAME artifact (bsc#972463) - man: improved create-cid docs in wicked-config(5) (bsc#1084527) - ethtool: streamline options available on all devices (bsc#1085786) - ipoib: do not fail setup on mode or umcast set failure (bsc#1084462) - bond: avoid reenslave failure in fail_over_mac mode (bsc#1083670) - Fix show-xml filtering by interface name (bsc#954758) - ifconfig: refresh state before link reenslave hotfix (bsc#1061051) - ethtool: query priv-flags bitmap first (bsc#1085020) - client: refactor arp utility to add missed arp ping (bsc#1078245) - ibft: no IP setup on bnx2x storage-only interfaces (bsc#1072343) - client: fixed broken wicked arp utility command (bsc#1078245) - wickedd: clear master references on slaves when a master gets deleted and the deletion event arrives before unenslave event to avoid a bridge reenslave failure on restart (bsc#1061051) - dhcp: clear hostname on lease recovery/reboot (bsc#1057007) - firewall: add firewalld and zone support (fate#320794) - ifconfig: cleanup slaves before enslaving (bsc#1036675) - dhcp4: fix to use rfc4361 client-id on infiniband (bsc#1022872) - dhcp: cleanup common option update flags (bsc#1027099) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-452=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libwicked-0-6-0.6.52-28.14.1 libwicked-0-6-debuginfo-0.6.52-28.14.1 wicked-0.6.52-28.14.1 wicked-debuginfo-0.6.52-28.14.1 wicked-debugsource-0.6.52-28.14.1 wicked-service-0.6.52-28.14.1 References: https://bugzilla.suse.com/1022872 https://bugzilla.suse.com/1026807 https://bugzilla.suse.com/1027099 https://bugzilla.suse.com/1036675 https://bugzilla.suse.com/1057007 https://bugzilla.suse.com/1061051 https://bugzilla.suse.com/1069468 https://bugzilla.suse.com/1072343 https://bugzilla.suse.com/1078245 https://bugzilla.suse.com/1083670 https://bugzilla.suse.com/1084462 https://bugzilla.suse.com/1084527 https://bugzilla.suse.com/1085020 https://bugzilla.suse.com/1085786 https://bugzilla.suse.com/1095818 https://bugzilla.suse.com/1102871 https://bugzilla.suse.com/1107579 https://bugzilla.suse.com/1109147 https://bugzilla.suse.com/954758 https://bugzilla.suse.com/972463 From sle-updates at lists.suse.com Wed Feb 20 13:14:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 21:14:57 +0100 (CET) Subject: SUSE-RU-2019:0456-1: moderate: Recommended update for susemanager-sync-data Message-ID: <20190220201457.CDF54FDEF@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0456-1 Rating: moderate References: #1119233 #1123376 #1123989 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for susemanager-sync-data fixes the following issues: - Add SLES11 SP4 LTSS channels (bsc#1123989) - Fix parent channel for Cloud 9 (bsc#1123376) - Add Web-Scripting Module to OES 2018 (bsc#1119233) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-456=1 Package List: - SUSE Manager Server 3.1 (noarch): susemanager-sync-data-3.1.18-2.35.1 References: https://bugzilla.suse.com/1119233 https://bugzilla.suse.com/1123376 https://bugzilla.suse.com/1123989 From sle-updates at lists.suse.com Wed Feb 20 13:15:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 21:15:44 +0100 (CET) Subject: SUSE-RU-2019:0453-1: moderate: Recommended update for s390-tools Message-ID: <20190220201544.A54C7FD4A@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0453-1 Rating: moderate References: #1112018 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - updated the package to regenerate the initrd in the post, postun, and posttrans scriptlets during installation. (bsc#1112018) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-453=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (s390x): osasnmpd-1.34.0-65.17.1 osasnmpd-debuginfo-1.34.0-65.17.1 s390-tools-1.34.0-65.17.1 s390-tools-debuginfo-1.34.0-65.17.1 s390-tools-debugsource-1.34.0-65.17.1 s390-tools-hmcdrvfs-1.34.0-65.17.1 s390-tools-hmcdrvfs-debuginfo-1.34.0-65.17.1 s390-tools-zdsfs-1.34.0-65.17.1 s390-tools-zdsfs-debuginfo-1.34.0-65.17.1 References: https://bugzilla.suse.com/1112018 From sle-updates at lists.suse.com Wed Feb 20 13:16:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 21:16:21 +0100 (CET) Subject: SUSE-SU-2019:0450-1: important: Security update for procps Message-ID: <20190220201621.1B9D6FD4A@maintenance.suse.de> SUSE Security Update: Security update for procps ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0450-1 Rating: important References: #1092100 #1121753 Cross-References: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-450=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-450=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-450=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-450=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-450=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-450=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-450=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-450=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-450=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-450=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-450=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-450=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-450=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-450=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 procps-devel-3.3.9-11.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 procps-devel-3.3.9-11.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Enterprise Storage 4 (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE CaaS Platform ALL (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE CaaS Platform 3.0 (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 References: https://www.suse.com/security/cve/CVE-2018-1122.html https://www.suse.com/security/cve/CVE-2018-1123.html https://www.suse.com/security/cve/CVE-2018-1124.html https://www.suse.com/security/cve/CVE-2018-1125.html https://www.suse.com/security/cve/CVE-2018-1126.html https://bugzilla.suse.com/1092100 https://bugzilla.suse.com/1121753 From sle-updates at lists.suse.com Wed Feb 20 13:18:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 21:18:02 +0100 (CET) Subject: SUSE-RU-2019:0451-1: moderate: Recommended update for tomcat Message-ID: <20190220201802.0838BFD4A@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0451-1 Rating: moderate References: #1111966 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tomcat provides the following fixes: - Increase the maximum number of threads and open files for tomcat. (bsc#1111966) - Fix the JMX error: ThreadPool.socketProperties is not Serializable. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-451=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): tomcat-8.0.53-29.19.2 tomcat-admin-webapps-8.0.53-29.19.2 tomcat-docs-webapp-8.0.53-29.19.2 tomcat-el-3_0-api-8.0.53-29.19.2 tomcat-javadoc-8.0.53-29.19.2 tomcat-jsp-2_3-api-8.0.53-29.19.2 tomcat-lib-8.0.53-29.19.2 tomcat-servlet-3_1-api-8.0.53-29.19.2 tomcat-webapps-8.0.53-29.19.2 References: https://bugzilla.suse.com/1111966 From sle-updates at lists.suse.com Wed Feb 20 13:18:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Feb 2019 21:18:34 +0100 (CET) Subject: SUSE-RU-2019:0455-1: Recommended update for tuned Message-ID: <20190220201834.DDAFFFD4A@maintenance.suse.de> SUSE Recommended Update: Recommended update for tuned ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0455-1 Rating: low References: #1098395 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tuned fixes the following issues: - Fix logrotation to be configurable (bsc#1098395) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-455=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-455=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): tuned-2.8.0-5.3.17 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): tuned-gtk-2.8.0-5.3.17 tuned-profiles-atomic-2.8.0-5.3.17 tuned-profiles-nfv-2.8.0-5.3.17 tuned-profiles-oracle-2.8.0-5.3.17 tuned-profiles-realtime-2.8.0-5.3.17 tuned-utils-2.8.0-5.3.17 tuned-utils-systemtap-2.8.0-5.3.17 References: https://bugzilla.suse.com/1098395 From sle-updates at lists.suse.com Thu Feb 21 04:10:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Feb 2019 12:10:34 +0100 (CET) Subject: SUSE-SU-2019:0457-1: important: Security update for qemu Message-ID: <20190221111034.1B467FD2C@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0457-1 Rating: important References: #1116717 #1117275 #1123156 Cross-References: CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). * CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-457=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): qemu-2.0.2-48.49.3 qemu-block-curl-2.0.2-48.49.3 qemu-block-curl-debuginfo-2.0.2-48.49.3 qemu-debugsource-2.0.2-48.49.3 qemu-guest-agent-2.0.2-48.49.3 qemu-guest-agent-debuginfo-2.0.2-48.49.3 qemu-lang-2.0.2-48.49.3 qemu-tools-2.0.2-48.49.3 qemu-tools-debuginfo-2.0.2-48.49.3 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): qemu-kvm-2.0.2-48.49.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le): qemu-ppc-2.0.2-48.49.3 qemu-ppc-debuginfo-2.0.2-48.49.3 - SUSE Linux Enterprise Server 12-LTSS (noarch): qemu-ipxe-1.0.0-48.49.3 qemu-seabios-1.7.4-48.49.3 qemu-sgabios-8-48.49.3 qemu-vgabios-1.7.4-48.49.3 - SUSE Linux Enterprise Server 12-LTSS (x86_64): qemu-block-rbd-2.0.2-48.49.3 qemu-block-rbd-debuginfo-2.0.2-48.49.3 qemu-x86-2.0.2-48.49.3 qemu-x86-debuginfo-2.0.2-48.49.3 - SUSE Linux Enterprise Server 12-LTSS (s390x): qemu-s390-2.0.2-48.49.3 qemu-s390-debuginfo-2.0.2-48.49.3 References: https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1123156 From sle-updates at lists.suse.com Thu Feb 21 10:09:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Feb 2019 18:09:20 +0100 (CET) Subject: SUSE-SU-2018:3033-2: important: Security update for texlive Message-ID: <20190221170920.904E0FFD7@maintenance.suse.de> SUSE Security Update: Security update for texlive ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3033-2 Rating: important References: #1109673 Cross-References: CVE-2018-17407 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-458=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-458=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-458=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-458=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-458=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-458=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-458=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Enterprise Storage 4 (x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 References: https://www.suse.com/security/cve/CVE-2018-17407.html https://bugzilla.suse.com/1109673 From sle-updates at lists.suse.com Thu Feb 21 13:09:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Feb 2019 21:09:03 +0100 (CET) Subject: SUSE-RU-2019:0461-1: moderate: Recommended update for yast2-storage-ng Message-ID: <20190221200903.B7980FD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0461-1 Rating: moderate References: #1099485 #1121442 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-storage-ng fixes the following issues: - Allows to cancel Guided Setup. (bsc#1121442) - Adds link to storage client from installation summary. (bsc#1099485) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-461=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2019-461=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.0.217-3.38.4 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.0.217-3.38.4 References: https://bugzilla.suse.com/1099485 https://bugzilla.suse.com/1121442 From sle-updates at lists.suse.com Thu Feb 21 13:09:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Feb 2019 21:09:41 +0100 (CET) Subject: SUSE-RU-2019:0459-1: important: Recommended update for drbd Message-ID: <20190221200941.D9400FD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0459-1 Rating: important References: #1118732 #1118974 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for drbd to version 9.0.15-1 and drbd-utils fixes the following issues: - split brain handles malfunction when 2 primaries (bsc#1118732) - remove the deprecated comment about drbd-overview (bsc#1118974) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-459=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): drbd-9.0.15+git.c46d2790-3.5.10 drbd-debugsource-9.0.15+git.c46d2790-3.5.10 drbd-kmp-default-9.0.15+git.c46d2790_k4.12.14_25.28-3.5.10 drbd-kmp-default-debuginfo-9.0.15+git.c46d2790_k4.12.14_25.28-3.5.10 drbd-utils-9.3.1-3.3.8 drbd-utils-debuginfo-9.3.1-3.3.8 drbd-utils-debugsource-9.3.1-3.3.8 References: https://bugzilla.suse.com/1118732 https://bugzilla.suse.com/1118974 From sle-updates at lists.suse.com Thu Feb 21 13:10:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Feb 2019 21:10:21 +0100 (CET) Subject: SUSE-RU-2019:0460-1: moderate: Recommended update for libstorage-ng Message-ID: <20190221201021.4E0ACFD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for libstorage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0460-1 Rating: moderate References: #1101870 #1120070 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libstorage-ng fixes the following issues: - Fix partitioning error by relaxing the check for luks correctness. (bsc#1120070, bsc#1101870) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-460=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-460=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2019-460=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-3.3.317-3.22.5 libstorage-ng-debugsource-3.3.317-3.22.5 libstorage-ng-integration-tests-3.3.317-3.22.5 libstorage-ng-python3-3.3.317-3.22.5 libstorage-ng-python3-debuginfo-3.3.317-3.22.5 libstorage-ng-utils-3.3.317-3.22.5 libstorage-ng-utils-debuginfo-3.3.317-3.22.5 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-3.3.317-3.22.5 libstorage-ng-debugsource-3.3.317-3.22.5 libstorage-ng-devel-3.3.317-3.22.5 libstorage-ng-ruby-3.3.317-3.22.5 libstorage-ng-ruby-debuginfo-3.3.317-3.22.5 libstorage-ng1-3.3.317-3.22.5 libstorage-ng1-debuginfo-3.3.317-3.22.5 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libstorage-ng-lang-3.3.317-3.22.5 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libstorage-ng-ruby-3.3.317-3.22.5 libstorage-ng1-3.3.317-3.22.5 - SUSE Linux Enterprise Installer 15 (noarch): libstorage-ng-lang-3.3.317-3.22.5 References: https://bugzilla.suse.com/1101870 https://bugzilla.suse.com/1120070 From sle-updates at lists.suse.com Fri Feb 22 07:14:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2019 15:14:17 +0100 (CET) Subject: SUSE-RU-2019:0463-1: moderate: Recommended update for tomcat Message-ID: <20190222141417.74E6EFD0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0463-1 Rating: moderate References: #1120745 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tomcat provides the following fix: - Fix tomcat-tool-wrapper classpath error. (bsc#1120745) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-463=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-463=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): tomcat-9.0.12-3.18.3 tomcat-admin-webapps-9.0.12-3.18.3 tomcat-el-3_0-api-9.0.12-3.18.3 tomcat-jsp-2_3-api-9.0.12-3.18.3 tomcat-lib-9.0.12-3.18.3 tomcat-servlet-4_0-api-9.0.12-3.18.3 tomcat-webapps-9.0.12-3.18.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): tomcat-docs-webapp-9.0.12-3.18.3 tomcat-embed-9.0.12-3.18.3 tomcat-javadoc-9.0.12-3.18.3 tomcat-jsvc-9.0.12-3.18.3 References: https://bugzilla.suse.com/1120745 From sle-updates at lists.suse.com Fri Feb 22 07:15:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2019 15:15:18 +0100 (CET) Subject: SUSE-RU-2018:4080-2: moderate: Recommended update for yast2-installation Message-ID: <20190222141518.3572AFD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-installation ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:4080-2 Rating: moderate References: #1098571 #1105758 #1112769 Affected Products: SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-installation provides the following fixes: - Writing security settings in first AY installation stage, So other modules can rely on these settings now. (bsc#1112769) - Updated document for add_on_products.xml: Added tag "confirm_license" to handle Add-On-products licenses which will be added while installation. (bsc#1105758) - Dialog complex_welcome: Translate the help button if the language has been changed. (bsc#1098571) - Remember the selected role. (fate#325834) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2019-468=1 Package List: - SUSE Linux Enterprise Installer 15 (noarch): yast2-installation-4.0.74-3.13.1 References: https://bugzilla.suse.com/1098571 https://bugzilla.suse.com/1105758 https://bugzilla.suse.com/1112769 From sle-updates at lists.suse.com Fri Feb 22 07:17:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2019 15:17:50 +0100 (CET) Subject: SUSE-RU-2019:0462-1: moderate: Recommended update for open-iscsi Message-ID: <20190222141750.ABC7FFD0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0462-1 Rating: moderate References: #1102589 #1107753 #1116712 #1122938 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for open-iscsi fixes the following issues: - iscsiuio: No longer flush tx queue on each uio interrupt. This makes ping to such NICs work better. (bsc#1102589) - Do not allow multiple sessions just because they were started in parallel. (bsc#1107753) - qedi: Use uio BD index instead on buffer index. (bsc#1116712) - qedi: Set buf_size in case of ICMP and ARP packet. (bsc#1116712) - Fix output for iscsiadm node/iface print level P1. (bsc#1122938) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-462=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-462=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.2-12.7.2 iscsiuio-debuginfo-0.7.8.2-12.7.2 libopeniscsiusr0_2_0-2.0.876-12.7.2 libopeniscsiusr0_2_0-debuginfo-2.0.876-12.7.2 open-iscsi-2.0.876-12.7.2 open-iscsi-debuginfo-2.0.876-12.7.2 open-iscsi-debugsource-2.0.876-12.7.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): iscsiuio-0.7.8.2-12.7.2 iscsiuio-debuginfo-0.7.8.2-12.7.2 libopeniscsiusr0_2_0-2.0.876-12.7.2 libopeniscsiusr0_2_0-debuginfo-2.0.876-12.7.2 open-iscsi-2.0.876-12.7.2 open-iscsi-debuginfo-2.0.876-12.7.2 open-iscsi-debugsource-2.0.876-12.7.2 References: https://bugzilla.suse.com/1102589 https://bugzilla.suse.com/1107753 https://bugzilla.suse.com/1116712 https://bugzilla.suse.com/1122938 From sle-updates at lists.suse.com Fri Feb 22 07:20:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2019 15:20:41 +0100 (CET) Subject: SUSE-RU-2019:0467-1: moderate: Recommended update for supportutils-plugin-ses Message-ID: <20190222142041.A51FAFD0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0467-1 Rating: moderate References: #1125266 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-ses fixes the following issues: * prometheus: add size of metrics store (bsc#1125266) * ceph: add `pg dump` command (bsc#1125266) * ceph: add `osd dump` command (bsc#1125266) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-467=1 Package List: - SUSE Enterprise Storage 5 (noarch): supportutils-plugin-ses-5.0+git.1550033876.fa9bb29-3.6.1 References: https://bugzilla.suse.com/1125266 From sle-updates at lists.suse.com Fri Feb 22 07:23:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2019 15:23:53 +0100 (CET) Subject: SUSE-RU-2019:0464-1: moderate: Recommended update for xkeyboard-config Message-ID: <20190222142353.D993AFD0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for xkeyboard-config ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0464-1 Rating: moderate References: #1123784 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xkeyboard-config fixes the following issues: - Fixes missing mappings for evdev keys KEY_RFKILL and KEY_WWAN. (bsc#1123784) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-464=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): xkeyboard-config-2.23.1-3.3.1 xkeyboard-config-lang-2.23.1-3.3.1 References: https://bugzilla.suse.com/1123784 From sle-updates at lists.suse.com Fri Feb 22 07:25:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2019 15:25:03 +0100 (CET) Subject: SUSE-SU-2019:0466-1: important: Security update for kernel-firmware Message-ID: <20190222142503.9778CFD0D@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0466-1 Rating: important References: #1104301 Cross-References: CVE-2018-5383 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-466=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-466=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-466=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-466=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-466=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-466=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-466=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE Enterprise Storage 4 (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE CaaS Platform ALL (noarch): kernel-firmware-20170530-21.28.1 - SUSE CaaS Platform 3.0 (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 References: https://www.suse.com/security/cve/CVE-2018-5383.html https://bugzilla.suse.com/1104301 From sle-updates at lists.suse.com Fri Feb 22 07:28:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2019 15:28:36 +0100 (CET) Subject: SUSE-RU-2019:0465-1: Recommended update for desktop-translations Message-ID: <20190222142836.2EB50FD0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for desktop-translations ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0465-1 Rating: low References: #1037823 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for desktop-translations provides the following fixes: - Make sure the 'Add System Extensions or Modules' is translated in yast2. (bsc#1037823) - Many other translation fixes and updates. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-465=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): desktop-translations-84.87.20181111.c8592d84-3.3.2 References: https://bugzilla.suse.com/1037823 From sle-updates at lists.suse.com Fri Feb 22 10:09:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2019 18:09:16 +0100 (CET) Subject: SUSE-RU-2019:0472-1: moderate: Recommended update for yast2-smt Message-ID: <20190222170916.9F887FD0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0472-1 Rating: moderate References: #1106550 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-smt provides the following fix: - Make sure the module correctly starts and stops SMT again via the corresponding services. The associated checkbox was renamed to "Run ..." to better reflect the behavior. (bsc#1106550) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-472=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-472=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-smt-3.0.17-3.11.3 - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-smt-3.0.17-3.11.3 References: https://bugzilla.suse.com/1106550 From sle-updates at lists.suse.com Fri Feb 22 10:09:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2019 18:09:48 +0100 (CET) Subject: SUSE-SU-2019:0471-1: important: Security update for qemu Message-ID: <20190222170948.52662FD0B@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0471-1 Rating: important References: #1116717 #1117275 #1119493 #1123156 Cross-References: CVE-2018-16872 CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issue fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-471=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): qemu-2.3.1-33.20.1 qemu-block-curl-2.3.1-33.20.1 qemu-block-curl-debuginfo-2.3.1-33.20.1 qemu-debugsource-2.3.1-33.20.1 qemu-guest-agent-2.3.1-33.20.1 qemu-guest-agent-debuginfo-2.3.1-33.20.1 qemu-lang-2.3.1-33.20.1 qemu-tools-2.3.1-33.20.1 qemu-tools-debuginfo-2.3.1-33.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): qemu-kvm-2.3.1-33.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le): qemu-ppc-2.3.1-33.20.1 qemu-ppc-debuginfo-2.3.1-33.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): qemu-ipxe-1.0.0-33.20.1 qemu-seabios-1.8.1-33.20.1 qemu-sgabios-8-33.20.1 qemu-vgabios-1.8.1-33.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): qemu-block-rbd-2.3.1-33.20.1 qemu-block-rbd-debuginfo-2.3.1-33.20.1 qemu-x86-2.3.1-33.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): qemu-s390-2.3.1-33.20.1 qemu-s390-debuginfo-2.3.1-33.20.1 References: https://www.suse.com/security/cve/CVE-2018-16872.html https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1119493 https://bugzilla.suse.com/1123156 From sle-updates at lists.suse.com Fri Feb 22 10:10:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2019 18:10:41 +0100 (CET) Subject: SUSE-RU-2019:0473-1: moderate: Recommended update for yast2-instserver Message-ID: <20190222171041.C784FFD0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-instserver ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0473-1 Rating: moderate References: #1122003 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-instserver provides the following fix: - Fix parsing DISTRO from 'content' file. (bsc#1122003) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-473=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-473=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-instserver-3.1.7-8.6.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-instserver-3.1.7-8.6.1 References: https://bugzilla.suse.com/1122003 From sle-updates at lists.suse.com Fri Feb 22 10:11:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2019 18:11:19 +0100 (CET) Subject: SUSE-SU-2019:0470-1: important: Security update for the Linux Kernel Message-ID: <20190222171119.956C7FD0B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0470-1 Rating: important References: #1012382 #1023175 #1087036 #1094823 #1102875 #1102877 #1102879 #1102882 #1102896 #1106105 #1106929 #1107866 #1109695 #1114893 #1116653 #1119680 #1120722 #1120758 #1120902 #1121726 #1122650 #1122651 #1122779 #1122885 #1123321 #1123323 #1123357 Cross-References: CVE-2017-18249 CVE-2019-3459 CVE-2019-3460 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has 24 fixes is now available. Description: The SUSE Linux Enterprise 12 realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18249: Fixed tracking on allocated nid in the add_free_nid function fs/f2fs/node.c, which previously allowed local users to cause a denial of service (bnc#1087036). - CVE-2019-3459: Fixed remote heap address information leak in use of l2cap_get_conf_opt (bnc#1120758). - CVE-2019-3460: Fixed remote data leak in multiple location in the function l2cap_parse_conf_rsp (bnc#1120758). The following non-security bugs were fixed: - Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - Yama: Check for pid death before checking ancestry (bnc#1012382). - acpi / processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)). - acpi/nfit: Block function zero DSMs (bsc#1123321). - acpi/nfit: Fix command-supported detection (bsc#1123323). - acpi: power: Skip duplicate power resource references in _PRx (bnc#1012382). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382). - arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382). - arm64: Do not trap host pointer auth use to EL2 (bnc#1012382). - arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382). - ata: Fix racy link clearance (bsc#1107866). - block/loop: Use global lock for ioctl() operation (bnc#1012382). - block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes). - Btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382). - Btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382). - Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896). - Btrfs: tree-checker: Fix misleading group system information (bnc#1012382). - Btrfs: validate type when reading a chunk (bnc#1012382). - Btrfs: wait on ordered extents on abort cleanup (bnc#1012382). - can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382). - cifs: Do not hide EINTR after sending network packets (bnc#1012382). - cifs: Fix potential OOB access of lock element array (bnc#1012382). - clk: imx6q: reset exclusive gates on init (bnc#1012382). - crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382). - crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382). - crypto: cts - fix crash on short inputs (bnc#1012382). - crypto: user - support incremental algorithm dumps (bsc#1120902). - dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes). - dm crypt: factor IV constructor out to separate function (Git-fixes). - dm crypt: fix crash by adding missing check for auth key size (git-fixes). - dm crypt: fix error return code in crypt_ctr() (git-fixes). - dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes). - dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes). - dm crypt: wipe kernel key copy after IV initialization (Git-fixes). - dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382). - dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382). - dm: do not allow readahead to limit IO size (git fixes (readahead)). - e1000e: allow non-monotonic SYSTIM readings (bnc#1012382). - edac: Raise the maximum number of memory controllers (bsc#1120722). - efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382). - f2fs: Add sanity_check_inode() function (bnc#1012382). - f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382). - f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382). - f2fs: clean up argument of recover_data (bnc#1012382). - f2fs: clean up with is_valid_blkaddr() (bnc#1012382). - f2fs: detect wrong layout (bnc#1012382). - f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382). - f2fs: factor out fsync inode entry operations (bnc#1012382). - f2fs: fix inode cache leak (bnc#1012382). - f2fs: fix invalid memory access (bnc#1012382). - f2fs: fix missing up_read (bnc#1012382). - f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382). - f2fs: fix to convert inline directory correctly (bnc#1012382). - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382). - f2fs: fix to do sanity check with block address in main area (bnc#1012382). - f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382). - f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382). - f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382). - f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382). - f2fs: fix to do sanity check with secs_per_zone (bnc#1012382). - f2fs: fix to do sanity check with user_block_count (bnc#1012382). - f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382). - f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382). - f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382). - f2fs: introduce and spread verify_blkaddr (bnc#1012382). - f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382). - f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382). - f2fs: not allow to write illegal blkaddr (bnc#1012382). - f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382). - f2fs: remove an obsolete variable (bnc#1012382). - f2fs: return error during fill_super (bnc#1012382). - f2fs: sanity check on sit entry (bnc#1012382). - f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes). - i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382). - ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382). - ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382). - kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653). - kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382). - kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382). - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382). - loop: Fold __loop_release into loop_release (bnc#1012382). - loop: Get rid of loop_index_mutex (bnc#1012382). - lsm: Check for NULL cred-security on free (bnc#1012382). - md: batch flush requests (bsc#1119680). - media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382). - media: vb2: be sure to unlock mutex on errors (bnc#1012382). - media: vb2: vb2_mmap: move lock up (bnc#1012382). - media: vivid: fix error handling of kthread_run (bnc#1012382). - media: vivid: set min width/height to a value > 0 (bnc#1012382). - mfd: tps6586x: Handle interrupts on suspend (bnc#1012382). - mips: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur (bnc#1012382). - mips: fix n32 compat_ipc_parse_version (bnc#1012382). - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps (bnc#1012382). - mm, slab: faster active and free stats (bsc#1116653, VM Performance). - mm, slab: maintain total slab count instead of active count (bsc#1116653, VM Performance). - mm/page-writeback.c: do not break integrity writeback on ->writepage() error (bnc#1012382). - mm/slab: improve performance of gathering slabinfo stats (bsc#1116653, VM Performance). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (bnc#1012382). - net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382). - net: speed up skb_rbtree_purge() (bnc#1012382). - ocfs2: fix panic due to unrecovered local alloc (bnc#1012382). - omap2fb: Fix stack memory disclosure (bsc#1106929) - packet: Do not leak dev refcounts on error exit (bnc#1012382). - pci: altera: Check link status before retrain link (bnc#1012382). - pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382). - pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#1012382). - pci: altera: Poll for link training status after retraining the link (bnc#1012382). - pci: altera: Poll for link up status after retraining the link (bnc#1012382). - pci: altera: Reorder read/write functions (bnc#1012382). - pci: altera: Rework config accessors for use without a struct pci_bus (bnc#1012382). - perf intel-pt: Fix error with config term "pt=0" (bnc#1012382). - perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382). - perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bnc#1012382). - powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - powerpc: Detect the presence of big-cores via "ibm, thread-groups" (bsc#1109695). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823). - pstore/ram: Do not treat empty buffers as valid (bnc#1012382). - r8169: Add support for new Realtek Ethernet (bnc#1012382). - scsi: megaraid: fix out-of-bound array accesses (bnc#1012382). - scsi: sd: Fix cache_type_store() (bnc#1012382). - scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382). - sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382). - selinux: fix GPF on invalid policy (bnc#1012382). - slab: alien caches must not be initialized if the allocation of the alien cache failed (bnc#1012382). - sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382). - sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382). - usb: storage: add quirk for SMI SM3350 (bnc#1012382). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#1012382). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86/pkeys: Properly copy pkey state at fork() (bsc#1106105). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP3: zypper in -t patch SUSE-SLE-RT-12-SP3-2019-470=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch): kernel-devel-rt-4.4.172-3.35.1 kernel-source-rt-4.4.172-3.35.1 - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64): cluster-md-kmp-rt-4.4.172-3.35.1 cluster-md-kmp-rt-debuginfo-4.4.172-3.35.1 dlm-kmp-rt-4.4.172-3.35.1 dlm-kmp-rt-debuginfo-4.4.172-3.35.1 gfs2-kmp-rt-4.4.172-3.35.1 gfs2-kmp-rt-debuginfo-4.4.172-3.35.1 kernel-rt-4.4.172-3.35.1 kernel-rt-base-4.4.172-3.35.1 kernel-rt-base-debuginfo-4.4.172-3.35.1 kernel-rt-debuginfo-4.4.172-3.35.1 kernel-rt-debugsource-4.4.172-3.35.1 kernel-rt-devel-4.4.172-3.35.1 kernel-rt_debug-debuginfo-4.4.172-3.35.1 kernel-rt_debug-debugsource-4.4.172-3.35.1 kernel-rt_debug-devel-4.4.172-3.35.1 kernel-rt_debug-devel-debuginfo-4.4.172-3.35.1 kernel-syms-rt-4.4.172-3.35.1 ocfs2-kmp-rt-4.4.172-3.35.1 ocfs2-kmp-rt-debuginfo-4.4.172-3.35.1 References: https://www.suse.com/security/cve/CVE-2017-18249.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1087036 https://bugzilla.suse.com/1094823 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1116653 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1120722 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1121726 https://bugzilla.suse.com/1122650 https://bugzilla.suse.com/1122651 https://bugzilla.suse.com/1122779 https://bugzilla.suse.com/1122885 https://bugzilla.suse.com/1123321 https://bugzilla.suse.com/1123323 https://bugzilla.suse.com/1123357 From sle-updates at lists.suse.com Fri Feb 22 10:15:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Feb 2019 18:15:57 +0100 (CET) Subject: SUSE-SU-2019:0469-1: important: Security update for MozillaThunderbird Message-ID: <20190222171557.75287FD09@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0469-1 Rating: important References: #1125330 Cross-References: CVE-2018-18335 CVE-2018-18356 CVE-2018-18509 CVE-2019-5785 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaThunderbird to version 60.5.1 fixes the following issues: Security issues fixed (MFSA 2019-06 bsc#1125330): - CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D. This issue does not affect Linuc distributions. - CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures showing mistakenly that emails bring a valid sugnature. - CVE-2018-18356: Fixed a Use-after-free in Skia. - CVE-2019-5785: Fixed an Integer overflow in Skia. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-469=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.5.1-3.24.1 MozillaThunderbird-debuginfo-60.5.1-3.24.1 MozillaThunderbird-debugsource-60.5.1-3.24.1 MozillaThunderbird-translations-common-60.5.1-3.24.1 MozillaThunderbird-translations-other-60.5.1-3.24.1 References: https://www.suse.com/security/cve/CVE-2018-18335.html https://www.suse.com/security/cve/CVE-2018-18356.html https://www.suse.com/security/cve/CVE-2018-18509.html https://www.suse.com/security/cve/CVE-2019-5785.html https://bugzilla.suse.com/1125330 From sle-updates at lists.suse.com Mon Feb 25 07:09:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2019 15:09:24 +0100 (CET) Subject: SUSE-SU-2019:0483-1: moderate: Security update for python-Django Message-ID: <20190225140924.10BDCF7C9@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0483-1 Rating: moderate References: #1120932 Cross-References: CVE-2019-3498 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django fixes the following issues: Security issue fixed: - CVE-2019-3498: Fixed a content spoofing attack in the default 404 page (bsc#1120932) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-483=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-Django-1.8.19-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-3498.html https://bugzilla.suse.com/1120932 From sle-updates at lists.suse.com Mon Feb 25 07:09:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2019 15:09:53 +0100 (CET) Subject: SUSE-RU-2019:0476-1: moderate: Recommended update for erlang Message-ID: <20190225140953.42A5EFD4A@maintenance.suse.de> SUSE Recommended Update: Recommended update for erlang ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0476-1 Rating: moderate References: #1115904 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for erlang fixes the following issues: - Drop crypto patch isn't required anymore (bsc#1115904) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-476=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-476=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): erlang-17.5.6-3.6.1 erlang-debuginfo-17.5.6-3.6.1 erlang-debugsource-17.5.6-3.6.1 erlang-epmd-17.5.6-3.6.1 erlang-epmd-debuginfo-17.5.6-3.6.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): erlang-17.5.6-3.6.1 erlang-debuginfo-17.5.6-3.6.1 erlang-debugsource-17.5.6-3.6.1 erlang-epmd-17.5.6-3.6.1 erlang-epmd-debuginfo-17.5.6-3.6.1 References: https://bugzilla.suse.com/1115904 From sle-updates at lists.suse.com Mon Feb 25 07:10:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2019 15:10:34 +0100 (CET) Subject: SUSE-RU-2019:0478-1: moderate: Recommended update for crowbar packages Message-ID: <20190225141034.D7946FD4A@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0478-1 Rating: moderate References: #1085170 #1103882 #1114851 #1116686 #1116853 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for crowbar packages fixes the following issues: crowbar: - upgrade: rabbitmq and epmd packages need to go in the right order crowbar-core: - upgrade: Map jsonapi for respond_to - travis fix for bundler problems - upgrade: Increase delayed_job time limit - provisioner: validate format of additional ssh keys section - upgrade: Improve handling of zypper prompts (bsc#1116853) - upgrade: Allow upgrade with monasca agents on compute nodes - ohai: fix path to check for aacraid driver (bsc#1085170 bsc#1103882) - upgrade: Precheck for unsaved proposals - crowbar: move disallow chef restarts out of experimental - Removed experimental.yml because won't be necessary crowbar-ha: - Update travis config to solve bundler dependency crowbar-openstack: - mariadb: Set wsrep_sst_method to mariabackup (bsc#1116686) - Update travis config to solve bundler dependency - nova: Use internal glance and neutron endpoints - horizon: Fix SSL CA configuration for apache 2.4 - cinder: Only set up SSL on API nodes - nova/neutron: Restart immediately on keystone changes - keystone: Fix update endpoint for ha (bsc#1114851) - keystone: Refactor keystone_register retry loop - keystone: Fix CA cert Apache config - database: Prevent deploying mysql-server role to monasca node - ssl: Fix ACL setup in ssl_setup provider - horizon: load monasca from databag - galera: Install system tables only on the founder node - galera: Use monitoring user for observing wsrep state - neutron: disable metering agent if no ceilometer - neutron: Fix "enable_metadata_proxy" setting for DVR setups - rabbitmq: Add list of tags comma separated for extra users - neutron/nova: allow overriding default_log_levels - neutron: disable metadata proxy when metadata is forced - Gemfile: Drop crowbar-validate-databags gem version - travis: tests databags - database: fix duplicated number migration - Fix migrations - rabbitmq: block client port on startup - rabbitmq: change ha-sync-mode to automatic - rabbitmq: disable mirroring for several queues - rabbitmq: allow disabling queue mirroring crowbar-ui: - upgrade: Fix "Next" button behavior - upgrade: Add admin repochecks error title Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-478=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-478=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): crowbar-core-4.0+git.1548102928.52fb95504-9.43.1 crowbar-core-branding-upstream-4.0+git.1548102928.52fb95504-9.43.1 - SUSE OpenStack Cloud 7 (noarch): crowbar-4.0+git.1547721131.2ffa282d-7.26.1 crowbar-devel-4.0+git.1547721131.2ffa282d-7.26.1 crowbar-ha-4.0+git.1546543083.abaa442-4.43.1 crowbar-openstack-4.0+git.1548443137.480904fb4-9.48.1 crowbar-ui-1.1.0+git.1547500033.d0fb2bf2-4.9.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): crowbar-core-4.0+git.1548102928.52fb95504-9.43.1 - SUSE Enterprise Storage 4 (noarch): crowbar-4.0+git.1547721131.2ffa282d-7.26.1 References: https://bugzilla.suse.com/1085170 https://bugzilla.suse.com/1103882 https://bugzilla.suse.com/1114851 https://bugzilla.suse.com/1116686 https://bugzilla.suse.com/1116853 From sle-updates at lists.suse.com Mon Feb 25 10:09:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2019 18:09:31 +0100 (CET) Subject: SUSE-SU-2019:0482-1: important: Security update for python Message-ID: <20190225170931.C55D7FDEF@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0482-1 Rating: important References: #1073748 #1109847 #1122191 Cross-References: CVE-2018-14647 CVE-2019-5010 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191). - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847). Non-security issue fixed: - Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-482=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-482=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-482=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-482=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-482=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-482=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-482=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-482=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-482=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-482=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-482=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-482=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-482=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-482=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-482=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-482=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE OpenStack Cloud 7 (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-strict-tls-check-2.7.13-28.21.1 - SUSE Enterprise Storage 4 (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Enterprise Storage 4 (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE CaaS Platform ALL (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE CaaS Platform 3.0 (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 References: https://www.suse.com/security/cve/CVE-2018-14647.html https://www.suse.com/security/cve/CVE-2019-5010.html https://bugzilla.suse.com/1073748 https://bugzilla.suse.com/1109847 https://bugzilla.suse.com/1122191 From sle-updates at lists.suse.com Mon Feb 25 10:10:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2019 18:10:24 +0100 (CET) Subject: SUSE-SU-2019:0481-1: important: Security update for python-amqp, python-oslo.messaging, python-ovs, python-paramiko, python-psql2mysql Message-ID: <20190225171024.7BA4FFD4A@maintenance.suse.de> SUSE Security Update: Security update for python-amqp, python-oslo.messaging, python-ovs, python-paramiko, python-psql2mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0481-1 Rating: important References: #1111151 #1115099 #1116437 #1123054 Cross-References: CVE-2018-1000805 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for python-amqp, python-oslo.messaging, python-ovs, python-paramiko, python-psql2mysql fixes the following issues: Security issue fixed for python-paramiko: - CVE-2018-1000805: Fixed an authentication bypass (bnc#1111151). Non-security issues fixed: - python-oslo.messaging: Fixed an issue if the client tries to reconnect after connection was lost (bsc#1123054). - python-ovs: Fixed memory leak in c parser (bsc#1116437). - python-ovs: Switched away from noarch and build the C based backend (bsc#1115099). - python-psql2mysql: Update to version 0.5.0+git.1539592188.13e5d0f. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-481=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-481=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-481=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-ovs-2.5.0-3.3.1 - SUSE OpenStack Cloud 7 (noarch): python-amqp-1.4.9-3.3.1 python-oslo.messaging-5.10.2-3.9.1 python-paramiko-2.0.9-3.6.1 python-psql2mysql-0.5.0+git.1539592188.13e5d0f-1.9.1 - SUSE Enterprise Storage 4 (noarch): python-paramiko-2.0.9-3.6.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): python-paramiko-2.0.9-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-1000805.html https://bugzilla.suse.com/1111151 https://bugzilla.suse.com/1115099 https://bugzilla.suse.com/1116437 https://bugzilla.suse.com/1123054 From sle-updates at lists.suse.com Mon Feb 25 13:09:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2019 21:09:22 +0100 (CET) Subject: SUSE-RU-2019:0475-1: moderate: Recommended update for several ardana packages Message-ID: <20190225200922.5BA50100FD@maintenance.suse.de> SUSE Recommended Update: Recommended update for several ardana packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0475-1 Rating: moderate References: #1102789 #1104702 #1105119 #1105689 Affected Products: SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for ardana packages fixes the following issues: ardana-installer-server: - SCRD-3497 Add connection_test api - SCRD-3455 Change default UI port from 3000 to 2209 - Handle ardana-service running with SSL - Switch to stable/pike branch - Fixed delete issue (bsc#1104702) ardana-installer-ui: - SCRD-5073 bootstrap 4 due to xss issue with bs3 - Removed jquery as drag and drop was updated to not require it - SCRD-3455 - implement constants changes in stable/pike - SCRD-3478 Update OpenStack and Ardana Packages pages with new API. - Add servers topology tab - SCRD-3489 Add Update Service Configuration page - Part One - SCRD-4679 - fix redirect to login when using bad SUMA or OV creds - SCRD-3478 Add search capabilty to Ardana Packages page - Add network topology tab - SCRD-3484 Fix endpoint sorting in Service Info page - SCRD-3490 added loadingmask - SCRD-3476 added check against deployed servers - Updated to handle edit for adding a new compute server - Add OpenStack Packages and SUSE Cloud Packages pages - SCRD-4430 Update Servers column in Services Per Role page - SCRD-4737 Add error handing when api call fails - Cleanup lints complaints - Fix lint errors - SCRD-4750 Add logout button to Day 2 UI - Add services topology table - Update Day2 Login page per UX guidelines - Adjust classname on ErrorBanner parent div - Added initial adding compute node landing page - Restore routing to regions page - Fixed close issue for error msg of login - Add Run Status Playbook action for services - Hide unfinished functionality in the Day2 UI (bsc#1105689) - Show loading mask, error banner - Add region topology page - Add control plane topology page - Make the server provisioning failure msg more generic - Fixed the error message close issues - Updated to simplify the rendering loading errors from wizard. - updated todo comments to illustrate placeholder purpose. - Removed the condition of creating loadingErrors.modelError - Updated code based on comments. - Restore drag and drop highlighting (bsc#1105119) - Updated messages with proper English. - Update to use includes instead of indexOf - Handle errors when wizard has loading errors - SCRD-4476 Fix selenium test in ardana-installer-ui - add react-router-hash-link to node_modules for SCRD-3111 - restore jquery to node_modules for drag & drop (bsc#1105119) - switch to stable/pike branch - Fixed issue when installation progress.json is present - Remove extra padding below the graph - Enlarge the stroke width of critical alarms - Add alarm summary graph component - Update several out-of-date references in the README - Mention new build_deps.sh in readme - Implement framework for replacing servers - Updated css class for tab content - Add Service Information page - Fixed discover tab margin issue ardana-opsconsole: - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike ardana-opsconsole-ui: - Fix log location and make message wording more generic (bsc#1102789) - SCPL-409 Fix .gitreview for stable/pike Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-475=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-475=1 Package List: - SUSE OpenStack Cloud 8 (noarch): ardana-installer-server-8.0+git.1542817521.6bc7c3b-3.13.2 ardana-installer-server-debugsource-8.0+git.1542817521.6bc7c3b-3.13.2 ardana-installer-ui-8.0+git.1542817507.16e348d-3.16.2 ardana-installer-ui-debugsource-8.0+git.1542817507.16e348d-3.16.2 ardana-opsconsole-8.0+git.1534267103.829be13-3.7.2 ardana-opsconsole-ui-8.0+git.1537201508.68c32e6-3.13.2 - HPE Helion Openstack 8 (noarch): ardana-installer-server-8.0+git.1542817521.6bc7c3b-3.13.2 ardana-installer-server-debugsource-8.0+git.1542817521.6bc7c3b-3.13.2 ardana-installer-ui-hpe-8.0+git.1542817507.16e348d-3.16.2 ardana-installer-ui-hpe-debugsource-8.0+git.1542817507.16e348d-3.16.2 ardana-opsconsole-8.0+git.1534267103.829be13-3.7.2 ardana-opsconsole-ui-hpe-8.0+git.1537201508.68c32e6-3.13.2 References: https://bugzilla.suse.com/1102789 https://bugzilla.suse.com/1104702 https://bugzilla.suse.com/1105119 https://bugzilla.suse.com/1105689 From sle-updates at lists.suse.com Mon Feb 25 13:10:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2019 21:10:15 +0100 (CET) Subject: SUSE-RU-2019:0477-1: moderate: Recommended update for python packages Message-ID: <20190225201015.F0B43100FD@maintenance.suse.de> SUSE Recommended Update: Recommended update for python packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0477-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python packages fixes the following issues: python-barbicanclient: - Pass OSC interface through to barbican plugin - Update .gitreview for stable/pike - Updated from global requirements - Update UPPER_CONSTRAINTS_FILE for stable/pike python-novaclient: - Move zuulv3 jobs to project repo - Use generic user for both zuul v2 and v3 - Zuul: Remove project name - Correct typo in deprecation for floating-ip commands - Avoid tox_install.sh for constraints support - Updated from global requirements Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-477=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-477=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-477=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-barbicanclient-4.5.3-4.6.1 python-barbicanclient-doc-4.5.3-4.6.1 python-novaclient-9.1.2-3.3.1 python-novaclient-doc-9.1.2-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-barbicanclient-4.5.3-4.6.1 python-barbicanclient-doc-4.5.3-4.6.1 python-novaclient-9.1.2-3.3.1 python-novaclient-doc-9.1.2-3.3.1 - HPE Helion Openstack 8 (noarch): python-barbicanclient-4.5.3-4.6.1 python-barbicanclient-doc-4.5.3-4.6.1 python-novaclient-9.1.2-3.3.1 python-novaclient-doc-9.1.2-3.3.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Mon Feb 25 13:10:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2019 21:10:45 +0100 (CET) Subject: SUSE-RU-2019:0485-1: important: Recommended update for drbd-utils Message-ID: <20190225201045.5E191100FD@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0485-1 Rating: important References: #1118732 #1118974 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for drbd and drbd-utils fixes the following issues: - split brain handles malfunction with 2 primaries (bsc#1118732) - remove the deprecated comment about drbd-overview (bsc#1118974) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-485=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): drbd-9.0.11+git.1e2bccdc-10.14.5 drbd-debugsource-9.0.11+git.1e2bccdc-10.14.5 drbd-kmp-default-9.0.11+git.1e2bccdc_k4.4.121_92.101-10.14.5 drbd-kmp-default-debuginfo-9.0.11+git.1e2bccdc_k4.4.121_92.101-10.14.5 drbd-utils-9.4.0-8.21.5 drbd-utils-debuginfo-9.4.0-8.21.5 drbd-utils-debugsource-9.4.0-8.21.5 References: https://bugzilla.suse.com/1118732 https://bugzilla.suse.com/1118974 From sle-updates at lists.suse.com Mon Feb 25 13:11:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2019 21:11:24 +0100 (CET) Subject: SUSE-SU-2019:0480-1: important: Security update for supportutils Message-ID: <20190225201124.36C0C100FD@maintenance.suse.de> SUSE Security Update: Security update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0480-1 Rating: important References: #1043311 #1046681 #1051797 #1071545 #1105849 #1112461 #1115245 #1117776 #1118460 #1118462 #1118463 #1125609 #1125666 Cross-References: CVE-2018-19637 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 9 fixes is now available. Description: This update for supportutils fixes the following issues: Security issues fixed: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). Other issues fixed: - Fixed invalid exit code commands (bsc#1125666). - Included additional SUSE separation (bsc#1125609). - Merged added listing of locked packes by zypper. - Exclude pam.txt per GDPR by default (bsc#1112461). - Clarified -x functionality in supportconfig(8) (bsc#1115245). - udev service and provide the whole journal content in supportconfig (bsc#1051797). - supportconfig collects tuned profile settings (bsc#1071545). - sfdisk -d no disk device specified (bsc#1043311). - Added vulnerabilites status check in basic-health.txt (bsc#1105849). - Added only sched_domain from cpu0. - Blacklist sched_domain from proc.txt (bsc#1046681). - Added firewall-cmd info. - Add ls -lA --time-style=long-iso /etc/products.d/ - Dump lsof errors. - Added corosync status to ha_info. - Dump find errors in ib_info. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-480=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): supportutils-3.1-5.7.1 References: https://www.suse.com/security/cve/CVE-2018-19637.html https://www.suse.com/security/cve/CVE-2018-19638.html https://www.suse.com/security/cve/CVE-2018-19639.html https://www.suse.com/security/cve/CVE-2018-19640.html https://bugzilla.suse.com/1043311 https://bugzilla.suse.com/1046681 https://bugzilla.suse.com/1051797 https://bugzilla.suse.com/1071545 https://bugzilla.suse.com/1105849 https://bugzilla.suse.com/1112461 https://bugzilla.suse.com/1115245 https://bugzilla.suse.com/1117776 https://bugzilla.suse.com/1118460 https://bugzilla.suse.com/1118462 https://bugzilla.suse.com/1118463 https://bugzilla.suse.com/1125609 https://bugzilla.suse.com/1125666 From sle-updates at lists.suse.com Mon Feb 25 13:13:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2019 21:13:29 +0100 (CET) Subject: SUSE-RU-2019:0487-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20190225201329.5BE7D100FD@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0487-1 Rating: moderate References: #1029162 #1114985 #1120980 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: Updated to version 8.1.3 + Fix file permissions for generated credentials rw root only + Generate instance data as string as expected by zypper plugin handling + Write the proper credentials file when switching back to RIS service + Support registration against RMT + Implement URL resolver to facilitate instance verification for zypper access + Fixes related to bsc#1120980 also need server side support + IPv6 support + Fix handling of older cached SMT objects loaded from cached file Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-487=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-8.1.3-6.3.1 cloud-regionsrv-client-generic-config-1.0.0-6.3.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.3.1 cloud-regionsrv-client-plugin-ec2-1.0.0-6.3.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.3.1 References: https://bugzilla.suse.com/1029162 https://bugzilla.suse.com/1114985 https://bugzilla.suse.com/1120980 From sle-updates at lists.suse.com Mon Feb 25 13:14:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2019 21:14:14 +0100 (CET) Subject: SUSE-RU-2019:0486-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20190225201414.A49A5100FD@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0486-1 Rating: moderate References: #1029162 #1058616 #1072973 #1086356 #1093688 #1114985 #1120980 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: Update to version 8.1.3: - Fix file permissions for generated credentials rw root only - Generate instance data as string as expected by zypper plugin handling - Write the proper credentials file when switching back to RIS service - Support registration against RMT - Implement URL resolver to facilitate instance verification for zypper access - Fixes related to bsc#1120980 also need server side support - IPv6 support - Fix handling of older cached SMT objects loaded from cached file - Fix variable name issue in plugin to avoid always falling back to the wire server in the exception handling block. Found and fixed by jmason - Azure plugin, use proper URL to get region information from metadata server - systemd order, only start after the network is online - systemd order start before GCE user scripts are executed - Update to version 7.0.7 (bsc#1058616, 1058719) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-486=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-8.1.3-52.10.1 cloud-regionsrv-client-generic-config-1.0.0-52.10.1 cloud-regionsrv-client-plugin-azure-1.0.1-52.10.1 cloud-regionsrv-client-plugin-ec2-1.0.0-52.10.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.10.1 python-dnspython-1.12.0-9.5.1 python3-dnspython-1.12.0-9.5.1 References: https://bugzilla.suse.com/1029162 https://bugzilla.suse.com/1058616 https://bugzilla.suse.com/1072973 https://bugzilla.suse.com/1086356 https://bugzilla.suse.com/1093688 https://bugzilla.suse.com/1114985 https://bugzilla.suse.com/1120980 From sle-updates at lists.suse.com Mon Feb 25 13:15:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2019 21:15:50 +0100 (CET) Subject: SUSE-RU-2019:0488-1: moderate: Recommended update for powerpc-utils Message-ID: <20190225201550.14430100FD@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0488-1 Rating: moderate References: #1120474 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: powerpc-utils was updated to upstream v1.3.6 (FATE#326519, bsc#1120474) - ibmvscsis module we ship no longer needs support in powerpc-utils (bsc#1120474). - Patched to preserve compatibility with v1.3.4, v1.3.5 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-488=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (ppc64le): powerpc-utils-1.3.6-5.3.1 powerpc-utils-debuginfo-1.3.6-5.3.1 powerpc-utils-debugsource-1.3.6-5.3.1 References: https://bugzilla.suse.com/1120474 From sle-updates at lists.suse.com Mon Feb 25 13:16:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Feb 2019 21:16:20 +0100 (CET) Subject: SUSE-RU-2019:0474-1: moderate: Recommended update for rubygem-chef-expander, rubygem-eventmachine Message-ID: <20190225201620.B724C100FD@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef-expander, rubygem-eventmachine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0474-1 Rating: moderate References: #1111504 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-chef-expander, rubygem-eventmachine fixes the following issues: - Fix crash when accepting IPv6 connections due to struct sockaddr_in [#698, #699] (bsc#1111504) - Add a patch to increase the gemspec dependency version of eventmachine to include 1.2.0.1 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-474=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-474=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-chef-expander-10.32.2-3.3.1 ruby2.1-rubygem-eventmachine-1.2.0.1-3.3.1 ruby2.1-rubygem-eventmachine-debuginfo-1.2.0.1-3.3.1 rubygem-chef-expander-10.32.2-3.3.1 rubygem-eventmachine-debugsource-1.2.0.1-3.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): ruby2.1-rubygem-chef-expander-10.32.2-3.3.1 ruby2.1-rubygem-eventmachine-1.2.0.1-3.3.1 ruby2.1-rubygem-eventmachine-debuginfo-1.2.0.1-3.3.1 rubygem-chef-expander-10.32.2-3.3.1 rubygem-eventmachine-debugsource-1.2.0.1-3.3.1 References: https://bugzilla.suse.com/1111504 From sle-updates at lists.suse.com Tue Feb 26 04:13:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2019 12:13:00 +0100 (CET) Subject: SUSE-SU-2019:0489-1: important: Security update for qemu Message-ID: <20190226111300.C9FECFBBB@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0489-1 Rating: important References: #1084604 #1113231 #1116717 #1117275 #1119493 #1123156 Cross-References: CVE-2017-13672 CVE-2017-13673 CVE-2018-16872 CVE-2018-19364 CVE-2018-19489 CVE-2018-7858 CVE-2019-6778 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-7858: Fixed a denial of service which could occur while updating the VGA display, after guest has adjusted the display dimensions (bsc#1084604). - CVE-2017-13673: Fixed a denial of service in the cpu_physical_memory_snapshot_get_dirty function. - CVE-2017-13672: Fixed a denial of service via vectors involving display update. Non-security issues fixed: - Fixed bad guest time after migration (bsc#1113231). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-489=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-489=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-489=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-489=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-489=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): qemu-2.6.2-41.49.1 qemu-block-curl-2.6.2-41.49.1 qemu-block-curl-debuginfo-2.6.2-41.49.1 qemu-block-ssh-2.6.2-41.49.1 qemu-block-ssh-debuginfo-2.6.2-41.49.1 qemu-debugsource-2.6.2-41.49.1 qemu-guest-agent-2.6.2-41.49.1 qemu-guest-agent-debuginfo-2.6.2-41.49.1 qemu-kvm-2.6.2-41.49.1 qemu-lang-2.6.2-41.49.1 qemu-tools-2.6.2-41.49.1 qemu-tools-debuginfo-2.6.2-41.49.1 - SUSE OpenStack Cloud 7 (noarch): qemu-ipxe-1.0.0-41.49.1 qemu-seabios-1.9.1-41.49.1 qemu-sgabios-8-41.49.1 qemu-vgabios-1.9.1-41.49.1 - SUSE OpenStack Cloud 7 (x86_64): qemu-block-rbd-2.6.2-41.49.1 qemu-block-rbd-debuginfo-2.6.2-41.49.1 qemu-x86-2.6.2-41.49.1 qemu-x86-debuginfo-2.6.2-41.49.1 - SUSE OpenStack Cloud 7 (s390x): qemu-s390-2.6.2-41.49.1 qemu-s390-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): qemu-2.6.2-41.49.1 qemu-block-curl-2.6.2-41.49.1 qemu-block-curl-debuginfo-2.6.2-41.49.1 qemu-block-ssh-2.6.2-41.49.1 qemu-block-ssh-debuginfo-2.6.2-41.49.1 qemu-debugsource-2.6.2-41.49.1 qemu-guest-agent-2.6.2-41.49.1 qemu-guest-agent-debuginfo-2.6.2-41.49.1 qemu-lang-2.6.2-41.49.1 qemu-tools-2.6.2-41.49.1 qemu-tools-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): qemu-ppc-2.6.2-41.49.1 qemu-ppc-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): qemu-ipxe-1.0.0-41.49.1 qemu-seabios-1.9.1-41.49.1 qemu-sgabios-8-41.49.1 qemu-vgabios-1.9.1-41.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): qemu-block-rbd-2.6.2-41.49.1 qemu-block-rbd-debuginfo-2.6.2-41.49.1 qemu-kvm-2.6.2-41.49.1 qemu-x86-2.6.2-41.49.1 qemu-x86-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): qemu-2.6.2-41.49.1 qemu-block-curl-2.6.2-41.49.1 qemu-block-curl-debuginfo-2.6.2-41.49.1 qemu-block-ssh-2.6.2-41.49.1 qemu-block-ssh-debuginfo-2.6.2-41.49.1 qemu-debugsource-2.6.2-41.49.1 qemu-guest-agent-2.6.2-41.49.1 qemu-guest-agent-debuginfo-2.6.2-41.49.1 qemu-lang-2.6.2-41.49.1 qemu-tools-2.6.2-41.49.1 qemu-tools-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): qemu-kvm-2.6.2-41.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le): qemu-ppc-2.6.2-41.49.1 qemu-ppc-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): qemu-ipxe-1.0.0-41.49.1 qemu-seabios-1.9.1-41.49.1 qemu-sgabios-8-41.49.1 qemu-vgabios-1.9.1-41.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): qemu-block-rbd-2.6.2-41.49.1 qemu-block-rbd-debuginfo-2.6.2-41.49.1 qemu-x86-2.6.2-41.49.1 qemu-x86-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): qemu-s390-2.6.2-41.49.1 qemu-s390-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): qemu-ipxe-1.0.0-41.49.1 qemu-seabios-1.9.1-41.49.1 qemu-sgabios-8-41.49.1 qemu-vgabios-1.9.1-41.49.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): qemu-2.6.2-41.49.1 qemu-block-curl-2.6.2-41.49.1 qemu-block-curl-debuginfo-2.6.2-41.49.1 qemu-block-rbd-2.6.2-41.49.1 qemu-block-rbd-debuginfo-2.6.2-41.49.1 qemu-block-ssh-2.6.2-41.49.1 qemu-block-ssh-debuginfo-2.6.2-41.49.1 qemu-debugsource-2.6.2-41.49.1 qemu-guest-agent-2.6.2-41.49.1 qemu-guest-agent-debuginfo-2.6.2-41.49.1 qemu-kvm-2.6.2-41.49.1 qemu-lang-2.6.2-41.49.1 qemu-tools-2.6.2-41.49.1 qemu-tools-debuginfo-2.6.2-41.49.1 qemu-x86-2.6.2-41.49.1 qemu-x86-debuginfo-2.6.2-41.49.1 - SUSE Enterprise Storage 4 (noarch): qemu-ipxe-1.0.0-41.49.1 qemu-seabios-1.9.1-41.49.1 qemu-sgabios-8-41.49.1 qemu-vgabios-1.9.1-41.49.1 - SUSE Enterprise Storage 4 (x86_64): qemu-2.6.2-41.49.1 qemu-block-curl-2.6.2-41.49.1 qemu-block-curl-debuginfo-2.6.2-41.49.1 qemu-block-rbd-2.6.2-41.49.1 qemu-block-rbd-debuginfo-2.6.2-41.49.1 qemu-block-ssh-2.6.2-41.49.1 qemu-block-ssh-debuginfo-2.6.2-41.49.1 qemu-debugsource-2.6.2-41.49.1 qemu-guest-agent-2.6.2-41.49.1 qemu-guest-agent-debuginfo-2.6.2-41.49.1 qemu-kvm-2.6.2-41.49.1 qemu-lang-2.6.2-41.49.1 qemu-tools-2.6.2-41.49.1 qemu-tools-debuginfo-2.6.2-41.49.1 qemu-x86-2.6.2-41.49.1 qemu-x86-debuginfo-2.6.2-41.49.1 References: https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2017-13673.html https://www.suse.com/security/cve/CVE-2018-16872.html https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2018-7858.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1084604 https://bugzilla.suse.com/1113231 https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1119493 https://bugzilla.suse.com/1123156 From sle-updates at lists.suse.com Tue Feb 26 07:09:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2019 15:09:58 +0100 (CET) Subject: SUSE-RU-2019:0490-1: moderate: Recommended update for systemd-presets-branding-SLE Message-ID: <20190226140958.9270EFDF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-presets-branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0490-1 Rating: moderate References: #1121219 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd-presets-branding-SLE fixes the following issues: - branding-preset-states: Apply preset to all unit types. (bsc#1121219) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-490=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): systemd-presets-branding-SLE-15.1-13.3.4 References: https://bugzilla.suse.com/1121219 From sle-updates at lists.suse.com Tue Feb 26 07:10:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2019 15:10:45 +0100 (CET) Subject: SUSE-RU-2019:0491-1: moderate: Recommended update for aws-vpc-move-ip Message-ID: <20190226141045.D0AC0FDF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-vpc-move-ip ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0491-1 Rating: moderate References: #1125138 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aws-vpc-move-ip fixes the following issues: - Add support for multiple VPC routing tables in the routing_tables parameter (bsc#1125138) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-491=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): aws-vpc-move-ip-0.2.20171113-3.6.1 References: https://bugzilla.suse.com/1125138 From sle-updates at lists.suse.com Tue Feb 26 10:09:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2019 18:09:30 +0100 (CET) Subject: SUSE-RU-2019:0493-1: moderate: Recommended update for supportutils-plugin-suse-caasp Message-ID: <20190226170930.A75FBFDF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-caasp ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0493-1 Rating: moderate References: #1067999 #1069457 #1080093 #1094656 #1094988 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for supportutils-plugin-suse-caasp provides the following fixes: - Add support for cri-o. (bsc#1094988) - Fix salt events file names. Raw salt events are now in JSON format, so use .json instead of .yml. Additionally, these are no longer fetched via Velum, so remove velum from the filename. - Add timeout for docker exec command. (bsc#1094656) - Remove coloring from salt event summary output. Additionally fixed a bug that was preventing the debug-salt from being run directly against an input XML fail using the '-i' option. - Improved salt event extraction. Altered the salt event extraction to use a standalone script to pull the events rather than the Ruby stack. This is much faster less error prone. Additionally added processing of the salt events to create a readable summary of what happened. (bsc#1080093, bsc#1067999) - Add Housekeeping Job. - Include TX update logs from /tmp in output. - Gather transactional-update logs. - Check docker rpm package name properly. Docker package in Devel:CASP:Head:ControllerNode is named docker_1_12_6, check if this package was installed and provide containers information for supportconfig. (bsc#1069457) - Make sure kubectl runs only on master. The admin node has kubectl but it won't find anything on localhost:8080, it has to be run on the master. Also kubectl should always be installed there, so no check is necessary. - Gather Pillar data. Pillar data can be vital to understanding why a failure occurs, so gather this info as part of the standard supportconfig dump. - Gather the Salt Minion's grains file. The grains file provides some useful information, for example the roles assigned to a minion, and several CaaSP specific state flags. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-493=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): supportutils-plugin-suse-caasp-1.0+20180625.git_r56_5c649d3-3.3.1 References: https://bugzilla.suse.com/1067999 https://bugzilla.suse.com/1069457 https://bugzilla.suse.com/1080093 https://bugzilla.suse.com/1094656 https://bugzilla.suse.com/1094988 From sle-updates at lists.suse.com Tue Feb 26 10:14:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2019 18:14:58 +0100 (CET) Subject: SUSE-RU-2019:0492-1: moderate: Recommended update for xdg-desktop-portal Message-ID: <20190226171458.7B14BFDF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for xdg-desktop-portal ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0492-1 Rating: moderate References: #1118121 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xdg-desktop-portal provides the following fix: - Prevent a crash when xdg-desktop-portal-gtk times out. (bsc#1118121) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-492=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): xdg-desktop-portal-0.10-3.3.1 xdg-desktop-portal-debuginfo-0.10-3.3.1 xdg-desktop-portal-debugsource-0.10-3.3.1 xdg-desktop-portal-devel-0.10-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): xdg-desktop-portal-lang-0.10-3.3.1 References: https://bugzilla.suse.com/1118121 From sle-updates at lists.suse.com Tue Feb 26 10:15:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2019 18:15:34 +0100 (CET) Subject: SUSE-RU-2019:0494-1: Recommended update for openvswitch Message-ID: <20190226171534.1C912FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0494-1 Rating: low References: #1116437 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openvswitch provides the following fix: - Fix a memory leak in the python json parser. (bsc#1116437) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-494=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_8-0-2.8.5-4.9.1 libopenvswitch-2_8-0-debuginfo-2.8.5-4.9.1 openvswitch-2.8.5-4.9.1 openvswitch-debuginfo-2.8.5-4.9.1 openvswitch-debugsource-2.8.5-4.9.1 References: https://bugzilla.suse.com/1116437 From sle-updates at lists.suse.com Tue Feb 26 13:09:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2019 21:09:32 +0100 (CET) Subject: SUSE-SU-2019:0499-1: important: Security update for ceph Message-ID: <20190226200932.1D972FDD3@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0499-1 Rating: important References: #1111177 #1113246 #1114710 #1121567 Cross-References: CVE-2018-14662 CVE-2018-16846 CVE-2018-16889 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-14662: mon: limit caps allowed to access the config store (bsc#1111177) - CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (bsc#1114710) - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567) Non-security issue fixed: - os/bluestore: avoid frequent allocator dump on bluefs rebalance failure (bsc#1113246) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-499=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-499=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-499=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-499=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-499=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-499=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-499=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs-devel-12.2.10+git.1549630712.bb089269ea-2.27.2 librados-devel-12.2.10+git.1549630712.bb089269ea-2.27.2 librados-devel-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd-devel-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs-devel-12.2.10+git.1549630712.bb089269ea-2.27.2 librados-devel-12.2.10+git.1549630712.bb089269ea-2.27.2 librados-devel-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd-devel-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE Enterprise Storage 5 (aarch64 x86_64): ceph-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-base-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-base-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-fuse-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-fuse-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-mds-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-mds-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-mgr-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-mgr-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-mon-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-mon-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-osd-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-osd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-radosgw-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-radosgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-ceph-compat-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-ceph-argparse-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 rbd-fuse-12.2.10+git.1549630712.bb089269ea-2.27.2 rbd-fuse-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 rbd-mirror-12.2.10+git.1549630712.bb089269ea-2.27.2 rbd-mirror-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 rbd-nbd-12.2.10+git.1549630712.bb089269ea-2.27.2 rbd-nbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE CaaS Platform ALL (x86_64): ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE CaaS Platform 3.0 (x86_64): ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 References: https://www.suse.com/security/cve/CVE-2018-14662.html https://www.suse.com/security/cve/CVE-2018-16846.html https://www.suse.com/security/cve/CVE-2018-16889.html https://bugzilla.suse.com/1111177 https://bugzilla.suse.com/1113246 https://bugzilla.suse.com/1114710 https://bugzilla.suse.com/1121567 From sle-updates at lists.suse.com Tue Feb 26 13:10:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2019 21:10:41 +0100 (CET) Subject: SUSE-SU-2019:0495-1: important: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc Message-ID: <20190226201041.B0806FD4B@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0495-1 Rating: important References: #1048046 #1051429 #1114832 #1118897 #1118898 #1118899 #1121967 #1124308 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-5736 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues: Security issues fixed: - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-495=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-495=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): containerd-ctr-1.2.2-5.9.1 docker-debuginfo-18.09.1_ce-6.14.1 docker-debugsource-18.09.1_ce-6.14.1 docker-test-18.09.1_ce-6.14.1 docker-test-debuginfo-18.09.1_ce-6.14.1 golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): containerd-test-1.2.2-5.9.1 docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1 docker-zsh-completion-18.09.1_ce-6.14.1 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): containerd-1.2.2-5.9.1 docker-18.09.1_ce-6.14.1 docker-debuginfo-18.09.1_ce-6.14.1 docker-debugsource-18.09.1_ce-6.14.1 docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1 docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1 docker-runc-debuginfo-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1 - SUSE Linux Enterprise Module for Containers 15 (noarch): docker-bash-completion-18.09.1_ce-6.14.1 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://www.suse.com/security/cve/CVE-2019-5736.html https://bugzilla.suse.com/1048046 https://bugzilla.suse.com/1051429 https://bugzilla.suse.com/1114832 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 https://bugzilla.suse.com/1121967 https://bugzilla.suse.com/1124308 From sle-updates at lists.suse.com Tue Feb 26 13:12:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2019 21:12:40 +0100 (CET) Subject: SUSE-SU-2019:0498-1: moderate: Security update for apache2 Message-ID: <20190226201240.A8BE1FD4B@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0498-1 Rating: moderate References: #1121086 #1122838 #1122839 Cross-References: CVE-2018-17189 CVE-2018-17199 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies (bsc#1122838) - CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time (bsc#1122839) Non-security issue fixed: - sysconfig.d is not created anymore if it already exists (bsc#1121086) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-498=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-498=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-498=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-498=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.34.4 apache2-debugsource-2.4.23-29.34.4 apache2-devel-2.4.23-29.34.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.34.4 apache2-debugsource-2.4.23-29.34.4 apache2-devel-2.4.23-29.34.4 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.34.4 apache2-debuginfo-2.4.23-29.34.4 apache2-debugsource-2.4.23-29.34.4 apache2-example-pages-2.4.23-29.34.4 apache2-prefork-2.4.23-29.34.4 apache2-prefork-debuginfo-2.4.23-29.34.4 apache2-utils-2.4.23-29.34.4 apache2-utils-debuginfo-2.4.23-29.34.4 apache2-worker-2.4.23-29.34.4 apache2-worker-debuginfo-2.4.23-29.34.4 - SUSE Linux Enterprise Server 12-SP4 (noarch): apache2-doc-2.4.23-29.34.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.34.4 apache2-debuginfo-2.4.23-29.34.4 apache2-debugsource-2.4.23-29.34.4 apache2-example-pages-2.4.23-29.34.4 apache2-prefork-2.4.23-29.34.4 apache2-prefork-debuginfo-2.4.23-29.34.4 apache2-utils-2.4.23-29.34.4 apache2-utils-debuginfo-2.4.23-29.34.4 apache2-worker-2.4.23-29.34.4 apache2-worker-debuginfo-2.4.23-29.34.4 - SUSE Linux Enterprise Server 12-SP3 (noarch): apache2-doc-2.4.23-29.34.4 References: https://www.suse.com/security/cve/CVE-2018-17189.html https://www.suse.com/security/cve/CVE-2018-17199.html https://bugzilla.suse.com/1121086 https://bugzilla.suse.com/1122838 https://bugzilla.suse.com/1122839 From sle-updates at lists.suse.com Tue Feb 26 13:13:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2019 21:13:39 +0100 (CET) Subject: SUSE-SU-2019:0496-1: moderate: Security update for openssh Message-ID: <20190226201339.44A5DFD4B@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0496-1 Rating: moderate References: #1121816 #1121821 #1125687 Cross-References: CVE-2019-6109 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816) - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821) Other bug fixes and changes: - Handle brace expansion in scp when checking that filenames sent by the server side match what the client requested (bsc#1125687) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-496=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-496=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-496=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-496=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-7.6p1-9.23.1 openssh-debugsource-7.6p1-9.23.1 openssh-fips-7.6p1-9.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openssh-cavs-7.6p1-9.23.1 openssh-cavs-debuginfo-7.6p1-9.23.1 openssh-debuginfo-7.6p1-9.23.1 openssh-debugsource-7.6p1-9.23.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-7.6p1-9.23.1 openssh-askpass-gnome-debuginfo-7.6p1-9.23.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): openssh-7.6p1-9.23.1 openssh-debuginfo-7.6p1-9.23.1 openssh-debugsource-7.6p1-9.23.1 openssh-helpers-7.6p1-9.23.1 openssh-helpers-debuginfo-7.6p1-9.23.1 References: https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121821 https://bugzilla.suse.com/1125687 From sle-updates at lists.suse.com Tue Feb 26 13:14:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Feb 2019 21:14:36 +0100 (CET) Subject: SUSE-SU-2019:0497-1: moderate: Security update for webkit2gtk3 Message-ID: <20190226201436.EFE32FD4B@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0497-1 Rating: moderate References: #1119553 #1119554 #1119555 #1119556 #1119557 #1119558 Cross-References: CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.22.6 fixes the following issues (boo#1124937 boo#1119558): Security vulnerabilities fixed: - CVE-2018-4437: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119553) - CVE-2018-4438: Processing maliciously crafted web content may lead to arbitrary code execution. A logic issue existed resulting in memory corruption. This was addressed with improved state management. (boo#1119554) - CVE-2018-4441: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119555) - CVE-2018-4442: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119556) - CVE-2018-4443: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119557) - CVE-2018-4464: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119558) - CVE-2019-6212: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6215: Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling. - CVE-2019-6216: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6217: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6226: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6227: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2019-6229: Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue was addressed with improved validation. - CVE-2019-6233: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2019-6234: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. Other bug fixes and changes: - Make kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fix Web inspector magnifier under Wayland. - Fix garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fix several crashes, race conditions, and rendering issues. For a detailed list of changes, please refer to: - https://webkitgtk.org/security/WSA-2019-0001.html - https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html - https://webkitgtk.org/security/WSA-2018-0009.html - https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-497=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-497=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-497=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): webkit-jsc-4-2.22.6-3.18.2 webkit-jsc-4-debuginfo-2.22.6-3.18.2 webkit2gtk3-debugsource-2.22.6-3.18.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.22.6-3.18.2 typelib-1_0-WebKit2-4_0-2.22.6-3.18.2 typelib-1_0-WebKit2WebExtension-4_0-2.22.6-3.18.2 webkit2gtk3-debugsource-2.22.6-3.18.2 webkit2gtk3-devel-2.22.6-3.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.6-3.18.2 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-3.18.2 libwebkit2gtk-4_0-37-2.22.6-3.18.2 libwebkit2gtk-4_0-37-debuginfo-2.22.6-3.18.2 webkit2gtk-4_0-injected-bundles-2.22.6-3.18.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-3.18.2 webkit2gtk3-debugsource-2.22.6-3.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libwebkit2gtk3-lang-2.22.6-3.18.2 References: https://www.suse.com/security/cve/CVE-2018-4437.html https://www.suse.com/security/cve/CVE-2018-4438.html https://www.suse.com/security/cve/CVE-2018-4441.html https://www.suse.com/security/cve/CVE-2018-4442.html https://www.suse.com/security/cve/CVE-2018-4443.html https://www.suse.com/security/cve/CVE-2018-4464.html https://www.suse.com/security/cve/CVE-2019-6212.html https://www.suse.com/security/cve/CVE-2019-6215.html https://www.suse.com/security/cve/CVE-2019-6216.html https://www.suse.com/security/cve/CVE-2019-6217.html https://www.suse.com/security/cve/CVE-2019-6226.html https://www.suse.com/security/cve/CVE-2019-6227.html https://www.suse.com/security/cve/CVE-2019-6229.html https://www.suse.com/security/cve/CVE-2019-6233.html https://www.suse.com/security/cve/CVE-2019-6234.html https://bugzilla.suse.com/1119553 https://bugzilla.suse.com/1119554 https://bugzilla.suse.com/1119555 https://bugzilla.suse.com/1119556 https://bugzilla.suse.com/1119557 https://bugzilla.suse.com/1119558 From sle-updates at lists.suse.com Tue Feb 26 16:09:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Feb 2019 00:09:18 +0100 (CET) Subject: SUSE-RU-2019:0500-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20190226230918.4086BFD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0500-1 Rating: moderate References: #1020320 #1126443 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Fixed package names in the data file. (bsc#1126443) - Added data for 4_12_14-25_28. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-500=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-4.6.1 References: https://bugzilla.suse.com/1020320 https://bugzilla.suse.com/1126443 From sle-updates at lists.suse.com Tue Feb 26 16:09:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Feb 2019 00:09:54 +0100 (CET) Subject: SUSE-RU-2019:0502-1: moderate: Recommended update for python-azure-agent Message-ID: <20190226230954.6A273FD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0502-1 Rating: moderate References: #1061584 #1087764 #1092831 #1094420 #1119542 #997614 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for python-azure-agent fixes the following issues: python-azure-agent was updated to 2.2.36 (bsc#1119542): + [#1451] Do not utf-8 encode telemetry messages + [#1434] Use files instead of pipes to capture stdout/stderr + [#1431] Prevent multiple downloads of zips + [#1418] Add main module to Python's egg + [#1416] Fix UTF-8 encoding for telemetry payload + [#1408] Honor the 'no_proxy' flag + [#1391, #1401, #1441] Azure Stack improvements + [#1384] Write status file in WALinuxAgent lib folder + [#1375] Add support for Redhat + [#1373] Handle different kernel builds on SUSE Linux Enterprise + [#1365, #1385, #1389] Fixes for RDMA + [#1397] Send events when extensions fail to complete operation + [#1394/#1366] Fix the threshold telemetry issue + [#1298] Implementing extension sequencing in azure Linux agent + [#1340] Allow Clear Linux detection in python2 and python3 + [#1345] FreeBSD swap issues fix (#1144) + [#1349] Use append_file in Redhat6xOSUtil.openssl_to_openssh() + [#1355] Ensure 'value' for authorized ssh keys end in "\n" + [#1361] Remove main module + [#1325] Enable cgroups by default on all distros + [#1327, #1347] Allow enforcing of cgroups limits + [#1337] Allow configuration for cgroups + [#1333] Add support for NSBSD + [#1319] Stream extension downloads to disk (do not buffer the download in memory) + [#1303] Fix to support custom DNS servers + [#1306] Log extension stdout and stderr + [#1302] Better of cloud-init configuration during deprovisioning + [#1295] Fix to report the correct extension error code + [#1289] Allow disabling the agent or extensions + [#1290] Use the "ip route" command instead of the "route" comand during network configuration + [#1281] Delete JIT accounts + [#1234] Fix for reading KVP values from host + [#1287] Add UDEV rule in azure disk encryption + [#1196] Health store integration + [#1199] CGroups support + [#1194] Use host for status reporting + [#1188] Fix for sentinel and signal handlers + [#1182] Telemetry updates + [#1171] Add support for JIT + [#1164] Fix for name resolution in Ubuntu 18.04 + [#1154] Set connection close header + [#1143] Remove extension packages after extraction + Revert extension manifest caching to prevent downgrade issues. + This is a hotfix release for #945, details and mitigation are available in the wiki. + [#929] wire.py#update_goal_state does not handle out-of-date GoalState errors + [#908] Set Files to 0400 in /var/lib/waagent + [#906] Hardcoded value for sshd's ClientAliveInterval (180) + [#899] Improve HeartBeat Event + [#898] Send dummy status if extension fails to write a #.status file + [#897] 'Target handler state' wall of errors + [#896] End of Line Comments are Not Supported nor Handled + [#891] Create a Telemetry Event to Track Custom Data Execution + [#884] Cleanup Old Goal State and Extension Cache + [#876] The agent should use a scaling back-off when retrying HTTP requests + [#869] The agent should report OS information in the correct JSON format. + [#822] Update docs + Switch to using "ip route" command + Work around issue where SLE 15 will not accept the user password when using sudo, cause unknown, needed to time constraints w.r.t. release + Properly detect SLES 15 for RDMA support + Properly detect SLES 15 and openSUSE Leap 15 in Python 3 + Another reference to python, which points to python2 + Force use of Python 3 for SLE 15 and later Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-502=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-agent-2.2.36-34.17.1 References: https://bugzilla.suse.com/1061584 https://bugzilla.suse.com/1087764 https://bugzilla.suse.com/1092831 https://bugzilla.suse.com/1094420 https://bugzilla.suse.com/1119542 https://bugzilla.suse.com/997614 From sle-updates at lists.suse.com Tue Feb 26 16:11:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Feb 2019 00:11:42 +0100 (CET) Subject: SUSE-RU-2019:0501-1: moderate: Recommended update for crash Message-ID: <20190226231142.3AB32FD0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0501-1 Rating: moderate References: #1090127 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash fixes the following issues: - Fix crash utility printing "bt:seek" and "bt:read" errors. (bsc#1090127) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-501=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-501=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): crash-debuginfo-7.2.1-3.8.8 crash-debugsource-7.2.1-3.8.8 crash-doc-7.2.1-3.8.8 crash-eppic-7.2.1-3.8.8 crash-eppic-debuginfo-7.2.1-3.8.8 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): crash-7.2.1-3.8.8 crash-debuginfo-7.2.1-3.8.8 crash-debugsource-7.2.1-3.8.8 crash-devel-7.2.1-3.8.8 crash-kmp-default-7.2.1_k4.12.14_25.28-3.8.8 crash-kmp-default-debuginfo-7.2.1_k4.12.14_25.28-3.8.8 References: https://bugzilla.suse.com/1090127 From sle-updates at lists.suse.com Tue Feb 26 16:12:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Feb 2019 00:12:22 +0100 (CET) Subject: SUSE-RU-2019:0503-1: moderate: Recommended update for polkit-default-privs Message-ID: <20190226231222.D81D1FD4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for polkit-default-privs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0503-1 Rating: moderate References: #1122116 #1123653 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for polkit-default-privs fixes the following issues: - soften a flatpak permissions rule (bsc#1122116) - add an additional flatpak rule (bsc#1123653) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-503=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): polkit-default-privs-13.2-10.19.1 References: https://bugzilla.suse.com/1122116 https://bugzilla.suse.com/1123653 From sle-updates at lists.suse.com Wed Feb 27 04:11:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Feb 2019 12:11:15 +0100 (CET) Subject: SUSE-SU-2019:0505-1: moderate: Security update for amavisd-new Message-ID: <20190227111115.C74A5FD4B@maintenance.suse.de> SUSE Security Update: Security update for amavisd-new ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0505-1 Rating: moderate References: #1123389 #987887 Cross-References: CVE-2016-1238 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for amavisd-new fixes the following issues: wmavisd-new was updated to version 2.11.1 (bsc#1123389): * removed a trailing dot element from @INC, as a workaround for a perl vulnerability CVE-2016-1238 (bsc#987887) * amavis-services: bumping up syslog level from LOG_NOTICE to LOG_ERR for a message "PID went away", and removed redundant newlines from some log messages * safe_decode() and safe_decode_utf8(): avoid warning messages "Use of uninitialized value in subroutine entry" in Encode::MIME::Header when the $check argument is undefined * @sa_userconf_maps has been extended to allow loading of per-recipient (or per-policy bank, or global) SpamAssassin configuration set from LDAP. For consistency with SQL a @sa_userconf_maps entry prefixed with 'ldap:' will load SpamAssassin configuration set using the load_scoreonly_ldap() method; a patch by Atanas Karashenski * add some Sanesecurity.Foxhole false positives to the default list @virus_name_to_spam_score_maps * updated some comments Update amavis-milter to version 2.6.1: * Fixed bug when creating amavisd-new policy bank names Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-505=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): amavisd-new-2.11.1-6.3.1 amavisd-new-debuginfo-2.11.1-6.3.1 amavisd-new-debugsource-2.11.1-6.3.1 amavisd-new-docs-2.11.1-6.3.1 References: https://www.suse.com/security/cve/CVE-2016-1238.html https://bugzilla.suse.com/1123389 https://bugzilla.suse.com/987887 From sle-updates at lists.suse.com Wed Feb 27 04:12:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Feb 2019 12:12:29 +0100 (CET) Subject: SUSE-SU-2019:0504-1: moderate: Security update for apache2 Message-ID: <20190227111229.99FA3FD4B@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0504-1 Rating: moderate References: #1121086 #1122838 #1122839 Cross-References: CVE-2018-17189 CVE-2018-17199 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies (bsc#1122838) - CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time (bsc#1122839) Non-security issue fixed: - sysconfig.d is not created anymore if it already exists (bsc#1121086) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-504=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-504=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.9.7 apache2-debuginfo-2.4.33-3.9.7 apache2-debugsource-2.4.33-3.9.7 apache2-devel-2.4.33-3.9.7 apache2-prefork-2.4.33-3.9.7 apache2-prefork-debuginfo-2.4.33-3.9.7 apache2-utils-2.4.33-3.9.7 apache2-utils-debuginfo-2.4.33-3.9.7 apache2-worker-2.4.33-3.9.7 apache2-worker-debuginfo-2.4.33-3.9.7 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): apache2-doc-2.4.33-3.9.7 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.33-3.9.7 apache2-debugsource-2.4.33-3.9.7 apache2-event-2.4.33-3.9.7 apache2-event-debuginfo-2.4.33-3.9.7 apache2-example-pages-2.4.33-3.9.7 References: https://www.suse.com/security/cve/CVE-2018-17189.html https://www.suse.com/security/cve/CVE-2018-17199.html https://bugzilla.suse.com/1121086 https://bugzilla.suse.com/1122838 https://bugzilla.suse.com/1122839 From sle-updates at lists.suse.com Wed Feb 27 07:09:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Feb 2019 15:09:51 +0100 (CET) Subject: SUSE-RU-2019:0506-1: moderate: Recommended update for permissions Message-ID: <20190227140951.A0804100C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0506-1 Rating: moderate References: #1120650 #1123886 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for permissions fixes the following issues: - New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale entries for VirtualBox(bsc#1120650) - Ensure consistency of entries, otherwise switching between settings becomes problematic - Whitelist for postgresql. Currently the checker doesn't complain because the directories aren't packaged, but that might change and/or our checkers might improve (bsc#1123886) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-506=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): permissions-20180125-3.6.1 permissions-debuginfo-20180125-3.6.1 permissions-debugsource-20180125-3.6.1 References: https://bugzilla.suse.com/1120650 https://bugzilla.suse.com/1123886 From sle-updates at lists.suse.com Wed Feb 27 10:09:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Feb 2019 18:09:15 +0100 (CET) Subject: SUSE-OU-2019:13965-1: Initial release of package salt for Ubuntu 18.04 Message-ID: <20190227170915.90C35100C9@maintenance.suse.de> SUSE Optional Update: Initial release of package salt for Ubuntu 18.04 ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:13965-1 Rating: low References: #1002529 #1004047 #1004260 #1004723 #1008933 #1011304 #1011800 #1012398 #1012999 #1017078 #1019386 #1020831 #1022562 #1022841 #1023535 #1025896 #1027044 #1027240 #1027722 #1030009 #1030073 #1032213 #1032452 #1032931 #1035914 #1036125 #1038855 #1039370 #1040886 #1041993 #1042749 #1043111 #1050003 #1051948 #1052264 #1053376 #1053955 #1057635 #1059291 #1059758 #1060230 #1061407 #1062462 #1062464 #1063419 #1064520 #1065792 #1068446 #1068566 #1071322 #1072599 #1075950 #1079048 #1081592 #1087055 #1087278 #1087581 #1087891 #1088888 #1089112 #1089362 #1089526 #1091371 #1092161 #1092373 #1094055 #1095507 #1095651 #1095942 #1096514 #1097174 #1097413 #1098394 #1099323 #1099460 #1099887 #1099945 #1100142 #1100225 #1100697 #1101812 #1101880 #1102013 #1102218 #1102265 #1103530 #1104154 #1104491 #1106164 #1107333 #1108557 #1108834 #1108969 #1108995 #1109893 #1110938 #1112874 #1113698 #1113699 #1113784 #1114029 #1114197 #1114474 #1114824 #1116837 #1117995 #1121091 #1123044 #1123512 #1123865 #849184 #849204 #849205 #955373 #958350 #959572 #963322 #965403 #967803 #969320 #970669 #971372 #972311 #972490 #975093 #975303 #975306 #975733 #975757 #976148 #978150 #978833 #979448 #979676 #980313 #983017 #983512 #985112 #985661 #986019 #988506 #989193 #989798 #990029 #990439 #990440 #991048 #993039 #993549 #996455 #999852 Affected Products: Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 144 fixes is now available. Description: This update provides package salt for Ubuntu 18.04 Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-salt-201902-13965=1 Package List: - Ubuntu 18.04-CLIENT-TOOLS (all): salt-minion-2018.3.0+ds-1 References: https://www.suse.com/security/cve/CVE-2016-1866.html https://www.suse.com/security/cve/CVE-2016-9639.html https://www.suse.com/security/cve/CVE-2017-12791.html https://www.suse.com/security/cve/CVE-2017-14695.html https://www.suse.com/security/cve/CVE-2017-14696.html https://www.suse.com/security/cve/CVE-2018-15750.html https://www.suse.com/security/cve/CVE-2018-15751.html https://bugzilla.suse.com/1002529 https://bugzilla.suse.com/1004047 https://bugzilla.suse.com/1004260 https://bugzilla.suse.com/1004723 https://bugzilla.suse.com/1008933 https://bugzilla.suse.com/1011304 https://bugzilla.suse.com/1011800 https://bugzilla.suse.com/1012398 https://bugzilla.suse.com/1012999 https://bugzilla.suse.com/1017078 https://bugzilla.suse.com/1019386 https://bugzilla.suse.com/1020831 https://bugzilla.suse.com/1022562 https://bugzilla.suse.com/1022841 https://bugzilla.suse.com/1023535 https://bugzilla.suse.com/1025896 https://bugzilla.suse.com/1027044 https://bugzilla.suse.com/1027240 https://bugzilla.suse.com/1027722 https://bugzilla.suse.com/1030009 https://bugzilla.suse.com/1030073 https://bugzilla.suse.com/1032213 https://bugzilla.suse.com/1032452 https://bugzilla.suse.com/1032931 https://bugzilla.suse.com/1035914 https://bugzilla.suse.com/1036125 https://bugzilla.suse.com/1038855 https://bugzilla.suse.com/1039370 https://bugzilla.suse.com/1040886 https://bugzilla.suse.com/1041993 https://bugzilla.suse.com/1042749 https://bugzilla.suse.com/1043111 https://bugzilla.suse.com/1050003 https://bugzilla.suse.com/1051948 https://bugzilla.suse.com/1052264 https://bugzilla.suse.com/1053376 https://bugzilla.suse.com/1053955 https://bugzilla.suse.com/1057635 https://bugzilla.suse.com/1059291 https://bugzilla.suse.com/1059758 https://bugzilla.suse.com/1060230 https://bugzilla.suse.com/1061407 https://bugzilla.suse.com/1062462 https://bugzilla.suse.com/1062464 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1064520 https://bugzilla.suse.com/1065792 https://bugzilla.suse.com/1068446 https://bugzilla.suse.com/1068566 https://bugzilla.suse.com/1071322 https://bugzilla.suse.com/1072599 https://bugzilla.suse.com/1075950 https://bugzilla.suse.com/1079048 https://bugzilla.suse.com/1081592 https://bugzilla.suse.com/1087055 https://bugzilla.suse.com/1087278 https://bugzilla.suse.com/1087581 https://bugzilla.suse.com/1087891 https://bugzilla.suse.com/1088888 https://bugzilla.suse.com/1089112 https://bugzilla.suse.com/1089362 https://bugzilla.suse.com/1089526 https://bugzilla.suse.com/1091371 https://bugzilla.suse.com/1092161 https://bugzilla.suse.com/1092373 https://bugzilla.suse.com/1094055 https://bugzilla.suse.com/1095507 https://bugzilla.suse.com/1095651 https://bugzilla.suse.com/1095942 https://bugzilla.suse.com/1096514 https://bugzilla.suse.com/1097174 https://bugzilla.suse.com/1097413 https://bugzilla.suse.com/1098394 https://bugzilla.suse.com/1099323 https://bugzilla.suse.com/1099460 https://bugzilla.suse.com/1099887 https://bugzilla.suse.com/1099945 https://bugzilla.suse.com/1100142 https://bugzilla.suse.com/1100225 https://bugzilla.suse.com/1100697 https://bugzilla.suse.com/1101812 https://bugzilla.suse.com/1101880 https://bugzilla.suse.com/1102013 https://bugzilla.suse.com/1102218 https://bugzilla.suse.com/1102265 https://bugzilla.suse.com/1103530 https://bugzilla.suse.com/1104154 https://bugzilla.suse.com/1104491 https://bugzilla.suse.com/1106164 https://bugzilla.suse.com/1107333 https://bugzilla.suse.com/1108557 https://bugzilla.suse.com/1108834 https://bugzilla.suse.com/1108969 https://bugzilla.suse.com/1108995 https://bugzilla.suse.com/1109893 https://bugzilla.suse.com/1110938 https://bugzilla.suse.com/1112874 https://bugzilla.suse.com/1113698 https://bugzilla.suse.com/1113699 https://bugzilla.suse.com/1113784 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114197 https://bugzilla.suse.com/1114474 https://bugzilla.suse.com/1114824 https://bugzilla.suse.com/1116837 https://bugzilla.suse.com/1117995 https://bugzilla.suse.com/1121091 https://bugzilla.suse.com/1123044 https://bugzilla.suse.com/1123512 https://bugzilla.suse.com/1123865 https://bugzilla.suse.com/849184 https://bugzilla.suse.com/849204 https://bugzilla.suse.com/849205 https://bugzilla.suse.com/955373 https://bugzilla.suse.com/958350 https://bugzilla.suse.com/959572 https://bugzilla.suse.com/963322 https://bugzilla.suse.com/965403 https://bugzilla.suse.com/967803 https://bugzilla.suse.com/969320 https://bugzilla.suse.com/970669 https://bugzilla.suse.com/971372 https://bugzilla.suse.com/972311 https://bugzilla.suse.com/972490 https://bugzilla.suse.com/975093 https://bugzilla.suse.com/975303 https://bugzilla.suse.com/975306 https://bugzilla.suse.com/975733 https://bugzilla.suse.com/975757 https://bugzilla.suse.com/976148 https://bugzilla.suse.com/978150 https://bugzilla.suse.com/978833 https://bugzilla.suse.com/979448 https://bugzilla.suse.com/979676 https://bugzilla.suse.com/980313 https://bugzilla.suse.com/983017 https://bugzilla.suse.com/983512 https://bugzilla.suse.com/985112 https://bugzilla.suse.com/985661 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/988506 https://bugzilla.suse.com/989193 https://bugzilla.suse.com/989798 https://bugzilla.suse.com/990029 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/990440 https://bugzilla.suse.com/991048 https://bugzilla.suse.com/993039 https://bugzilla.suse.com/993549 https://bugzilla.suse.com/996455 https://bugzilla.suse.com/999852 From sle-updates at lists.suse.com Wed Feb 27 10:36:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Feb 2019 18:36:27 +0100 (CET) Subject: SUSE-OU-2019:13964-1: Initial release of package salt for Ubuntu 16.04 Message-ID: <20190227173627.EB9FBFDD3@maintenance.suse.de> SUSE Optional Update: Initial release of package salt for Ubuntu 16.04 ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:13964-1 Rating: low References: #1002529 #1004047 #1004260 #1004723 #1008933 #1011304 #1011800 #1012398 #1012999 #1017078 #1019386 #1020831 #1022562 #1022841 #1023535 #1025896 #1027044 #1027240 #1027722 #1030009 #1030073 #1032213 #1032452 #1032931 #1035914 #1036125 #1038855 #1039370 #1040886 #1041993 #1042749 #1043111 #1050003 #1051948 #1052264 #1053376 #1053955 #1057635 #1059291 #1059758 #1060230 #1061407 #1062462 #1062464 #1063419 #1064520 #1065792 #1068446 #1068566 #1071322 #1072599 #1075950 #1079048 #1081592 #1087055 #1087278 #1087581 #1087891 #1088888 #1089112 #1089362 #1089526 #1091371 #1092161 #1092373 #1094055 #1095507 #1095651 #1095942 #1096514 #1097174 #1097413 #1098394 #1099323 #1099460 #1099887 #1099945 #1100142 #1100225 #1100697 #1101812 #1101880 #1102013 #1102218 #1102265 #1103530 #1104154 #1104491 #1106164 #1107333 #1108557 #1108834 #1108969 #1108995 #1109893 #1110938 #1112874 #1113698 #1113699 #1113784 #1114029 #1114197 #1114474 #1114824 #1116837 #1117995 #1121091 #1123044 #1123512 #1123865 #849184 #849204 #849205 #955373 #958350 #959572 #963322 #965403 #967803 #969320 #970669 #971372 #972311 #972490 #975093 #975303 #975306 #975733 #975757 #976148 #978150 #978833 #979448 #979676 #980313 #983017 #983512 #985112 #985661 #986019 #988506 #989193 #989798 #990029 #990439 #990440 #991048 #993039 #993549 #996455 #999852 Affected Products: Ubuntu 16.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 144 fixes is now available. Description: This update provides package salt for Ubuntu 16.04 Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - Ubuntu 16.04-CLIENT-TOOLS: zypper in -t patch suse-ubu164ct-salt-201902-13964=1 Package List: - Ubuntu 16.04-CLIENT-TOOLS (all): salt-minion-2018.3.0+ds-1 References: https://www.suse.com/security/cve/CVE-2016-1866.html https://www.suse.com/security/cve/CVE-2016-9639.html https://www.suse.com/security/cve/CVE-2017-12791.html https://www.suse.com/security/cve/CVE-2017-14695.html https://www.suse.com/security/cve/CVE-2017-14696.html https://www.suse.com/security/cve/CVE-2018-15750.html https://www.suse.com/security/cve/CVE-2018-15751.html https://bugzilla.suse.com/1002529 https://bugzilla.suse.com/1004047 https://bugzilla.suse.com/1004260 https://bugzilla.suse.com/1004723 https://bugzilla.suse.com/1008933 https://bugzilla.suse.com/1011304 https://bugzilla.suse.com/1011800 https://bugzilla.suse.com/1012398 https://bugzilla.suse.com/1012999 https://bugzilla.suse.com/1017078 https://bugzilla.suse.com/1019386 https://bugzilla.suse.com/1020831 https://bugzilla.suse.com/1022562 https://bugzilla.suse.com/1022841 https://bugzilla.suse.com/1023535 https://bugzilla.suse.com/1025896 https://bugzilla.suse.com/1027044 https://bugzilla.suse.com/1027240 https://bugzilla.suse.com/1027722 https://bugzilla.suse.com/1030009 https://bugzilla.suse.com/1030073 https://bugzilla.suse.com/1032213 https://bugzilla.suse.com/1032452 https://bugzilla.suse.com/1032931 https://bugzilla.suse.com/1035914 https://bugzilla.suse.com/1036125 https://bugzilla.suse.com/1038855 https://bugzilla.suse.com/1039370 https://bugzilla.suse.com/1040886 https://bugzilla.suse.com/1041993 https://bugzilla.suse.com/1042749 https://bugzilla.suse.com/1043111 https://bugzilla.suse.com/1050003 https://bugzilla.suse.com/1051948 https://bugzilla.suse.com/1052264 https://bugzilla.suse.com/1053376 https://bugzilla.suse.com/1053955 https://bugzilla.suse.com/1057635 https://bugzilla.suse.com/1059291 https://bugzilla.suse.com/1059758 https://bugzilla.suse.com/1060230 https://bugzilla.suse.com/1061407 https://bugzilla.suse.com/1062462 https://bugzilla.suse.com/1062464 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1064520 https://bugzilla.suse.com/1065792 https://bugzilla.suse.com/1068446 https://bugzilla.suse.com/1068566 https://bugzilla.suse.com/1071322 https://bugzilla.suse.com/1072599 https://bugzilla.suse.com/1075950 https://bugzilla.suse.com/1079048 https://bugzilla.suse.com/1081592 https://bugzilla.suse.com/1087055 https://bugzilla.suse.com/1087278 https://bugzilla.suse.com/1087581 https://bugzilla.suse.com/1087891 https://bugzilla.suse.com/1088888 https://bugzilla.suse.com/1089112 https://bugzilla.suse.com/1089362 https://bugzilla.suse.com/1089526 https://bugzilla.suse.com/1091371 https://bugzilla.suse.com/1092161 https://bugzilla.suse.com/1092373 https://bugzilla.suse.com/1094055 https://bugzilla.suse.com/1095507 https://bugzilla.suse.com/1095651 https://bugzilla.suse.com/1095942 https://bugzilla.suse.com/1096514 https://bugzilla.suse.com/1097174 https://bugzilla.suse.com/1097413 https://bugzilla.suse.com/1098394 https://bugzilla.suse.com/1099323 https://bugzilla.suse.com/1099460 https://bugzilla.suse.com/1099887 https://bugzilla.suse.com/1099945 https://bugzilla.suse.com/1100142 https://bugzilla.suse.com/1100225 https://bugzilla.suse.com/1100697 https://bugzilla.suse.com/1101812 https://bugzilla.suse.com/1101880 https://bugzilla.suse.com/1102013 https://bugzilla.suse.com/1102218 https://bugzilla.suse.com/1102265 https://bugzilla.suse.com/1103530 https://bugzilla.suse.com/1104154 https://bugzilla.suse.com/1104491 https://bugzilla.suse.com/1106164 https://bugzilla.suse.com/1107333 https://bugzilla.suse.com/1108557 https://bugzilla.suse.com/1108834 https://bugzilla.suse.com/1108969 https://bugzilla.suse.com/1108995 https://bugzilla.suse.com/1109893 https://bugzilla.suse.com/1110938 https://bugzilla.suse.com/1112874 https://bugzilla.suse.com/1113698 https://bugzilla.suse.com/1113699 https://bugzilla.suse.com/1113784 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114197 https://bugzilla.suse.com/1114474 https://bugzilla.suse.com/1114824 https://bugzilla.suse.com/1116837 https://bugzilla.suse.com/1117995 https://bugzilla.suse.com/1121091 https://bugzilla.suse.com/1123044 https://bugzilla.suse.com/1123512 https://bugzilla.suse.com/1123865 https://bugzilla.suse.com/849184 https://bugzilla.suse.com/849204 https://bugzilla.suse.com/849205 https://bugzilla.suse.com/955373 https://bugzilla.suse.com/958350 https://bugzilla.suse.com/959572 https://bugzilla.suse.com/963322 https://bugzilla.suse.com/965403 https://bugzilla.suse.com/967803 https://bugzilla.suse.com/969320 https://bugzilla.suse.com/970669 https://bugzilla.suse.com/971372 https://bugzilla.suse.com/972311 https://bugzilla.suse.com/972490 https://bugzilla.suse.com/975093 https://bugzilla.suse.com/975303 https://bugzilla.suse.com/975306 https://bugzilla.suse.com/975733 https://bugzilla.suse.com/975757 https://bugzilla.suse.com/976148 https://bugzilla.suse.com/978150 https://bugzilla.suse.com/978833 https://bugzilla.suse.com/979448 https://bugzilla.suse.com/979676 https://bugzilla.suse.com/980313 https://bugzilla.suse.com/983017 https://bugzilla.suse.com/983512 https://bugzilla.suse.com/985112 https://bugzilla.suse.com/985661 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/988506 https://bugzilla.suse.com/989193 https://bugzilla.suse.com/989798 https://bugzilla.suse.com/990029 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/990440 https://bugzilla.suse.com/991048 https://bugzilla.suse.com/993039 https://bugzilla.suse.com/993549 https://bugzilla.suse.com/996455 https://bugzilla.suse.com/999852 From sle-updates at lists.suse.com Wed Feb 27 16:24:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2019 00:24:46 +0100 (CET) Subject: SUSE-RU-2019:0509-1: moderate: Recommended update for powerpc-utils Message-ID: <20190227232446.C60C9FDD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0509-1 Rating: moderate References: #1120474 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: powerpc-utils was updated to upstream v1.3.6 (FATE#326519, bsc#1120474) - Patched to preserve compatibility with v1.3.4, v1.3.5 - ibmvscsis module we ship no longer needs support in powerpc-utils (bsc#1120474). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-509=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (ppc64le): powerpc-utils-1.3.6-7.9.1 powerpc-utils-debuginfo-1.3.6-7.9.1 powerpc-utils-debugsource-1.3.6-7.9.1 References: https://bugzilla.suse.com/1120474 From sle-updates at lists.suse.com Thu Feb 28 07:09:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2019 15:09:17 +0100 (CET) Subject: SUSE-SU-2019:0510-1: moderate: Security update for bluez Message-ID: <20190228140917.E4A37FDD3@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0510-1 Rating: moderate References: #1013721 #1013732 #1013877 #1015173 #1026652 #1057342 Cross-References: CVE-2016-7837 CVE-2016-9800 CVE-2016-9801 CVE-2016-9804 CVE-2016-9918 CVE-2017-1000250 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for bluez fixes the following issues: Security issues fixed: - CVE-2016-7837: Fixed possible buffer overflow, make sure we don't write past the end of the array.(bsc#1026652) - CVE-2016-9800: Fix hcidump memory leak in pin_code_reply_dump() (bsc#1013721). - CVE-2016-9801: Fixed a buffer overflow in set_ext_ctrl function (bsc#1013732) - CVE-2016-9804: Fix hcidump buffer overflow in commands_dump() (bsc#1013877). - CVE-2016-9918: Fixed an out-of-bounds read in packet_hexdump() (bsc#1015173) - CVE-2017-1000250: Fixed a information leak in SDP (part of the recently published BlueBorne vulnerabilities) (bsc#1057342) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-510=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-510=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-510=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): bluez-5.13-3.10.1 bluez-debuginfo-5.13-3.10.1 bluez-debugsource-5.13-3.10.1 libbluetooth3-5.13-3.10.1 libbluetooth3-debuginfo-5.13-3.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): bluez-5.13-3.10.1 bluez-debuginfo-5.13-3.10.1 bluez-debugsource-5.13-3.10.1 libbluetooth3-5.13-3.10.1 libbluetooth3-debuginfo-5.13-3.10.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bluez-5.13-3.10.1 bluez-debuginfo-5.13-3.10.1 bluez-debugsource-5.13-3.10.1 libbluetooth3-5.13-3.10.1 libbluetooth3-debuginfo-5.13-3.10.1 References: https://www.suse.com/security/cve/CVE-2016-7837.html https://www.suse.com/security/cve/CVE-2016-9800.html https://www.suse.com/security/cve/CVE-2016-9801.html https://www.suse.com/security/cve/CVE-2016-9804.html https://www.suse.com/security/cve/CVE-2016-9918.html https://www.suse.com/security/cve/CVE-2017-1000250.html https://bugzilla.suse.com/1013721 https://bugzilla.suse.com/1013732 https://bugzilla.suse.com/1013877 https://bugzilla.suse.com/1015173 https://bugzilla.suse.com/1026652 https://bugzilla.suse.com/1057342 From sle-updates at lists.suse.com Thu Feb 28 10:09:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2019 18:09:46 +0100 (CET) Subject: SUSE-SU-2019:0511-1: important: Security update for webkit2gtk3 Message-ID: <20190228170946.F0FE8FDD3@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0511-1 Rating: important References: #1124937 Cross-References: CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.22.6 fixes the following issues: Security issues fixed: - CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. Other issues addressed: - Update to version 2.22.6 (bsc#1124937). - Kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fixed Web inspector magnifier under Wayland. - Fixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fixed several crashes, race conditions, and rendering issues. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-511=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-511=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-511=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-511=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-511=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-511=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-511=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-511=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-511=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-511=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-511=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-511=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-511=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 - SUSE OpenStack Cloud 7 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 - SUSE Enterprise Storage 4 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Enterprise Storage 4 (x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 References: https://www.suse.com/security/cve/CVE-2019-6212.html https://www.suse.com/security/cve/CVE-2019-6215.html https://www.suse.com/security/cve/CVE-2019-6216.html https://www.suse.com/security/cve/CVE-2019-6217.html https://www.suse.com/security/cve/CVE-2019-6226.html https://www.suse.com/security/cve/CVE-2019-6227.html https://www.suse.com/security/cve/CVE-2019-6229.html https://www.suse.com/security/cve/CVE-2019-6233.html https://www.suse.com/security/cve/CVE-2019-6234.html https://bugzilla.suse.com/1124937 From sle-updates at lists.suse.com Thu Feb 28 10:10:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2019 18:10:23 +0100 (CET) Subject: SUSE-SU-2019:0512-1: moderate: Security update for openssl-1_1 Message-ID: <20190228171023.8F062FD4B@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0512-1 Rating: moderate References: #1117951 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for openssl-1_1 fixes the following issues: - The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations (bsc#1117951) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-512=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-512=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-512=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1-2.6.1 openssl-1_1-debuginfo-1.1.1-2.6.1 openssl-1_1-debugsource-1.1.1-2.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1-2.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1-2.6.1 libopenssl1_1-debuginfo-1.1.1-2.6.1 openssl-1_1-debuginfo-1.1.1-2.6.1 openssl-1_1-debugsource-1.1.1-2.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libopenssl1_1-32bit-1.1.1-2.6.1 libopenssl1_1-debuginfo-32bit-1.1.1-2.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libopenssl1_1-1.1.1-2.6.1 libopenssl1_1-32bit-1.1.1-2.6.1 libopenssl1_1-debuginfo-1.1.1-2.6.1 libopenssl1_1-debuginfo-32bit-1.1.1-2.6.1 openssl-1_1-debuginfo-1.1.1-2.6.1 openssl-1_1-debugsource-1.1.1-2.6.1 References: https://bugzilla.suse.com/1117951 From sle-updates at lists.suse.com Thu Feb 28 13:09:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2019 21:09:16 +0100 (CET) Subject: SUSE-RU-2019:0517-1: moderate: Recommended update for libapr-util1 Message-ID: <20190228200916.2509AFDF1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libapr-util1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0517-1 Rating: moderate References: #1125331 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libapr-util1 fixes the following issues: - build against the threadsafe libldap_r instead of libldap to avoid potential crashes (bsc#1125331) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-517=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-517=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-517=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-517=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-517=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-517=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libapr-util1-1.5.3-2.8.1 libapr-util1-debuginfo-1.5.3-2.8.1 libapr-util1-debugsource-1.5.3-2.8.1 libapr-util1-devel-1.5.3-2.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libapr-util1-1.5.3-2.8.1 libapr-util1-debuginfo-1.5.3-2.8.1 libapr-util1-debugsource-1.5.3-2.8.1 libapr-util1-devel-1.5.3-2.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libapr-util1-1.5.3-2.8.1 libapr-util1-dbd-sqlite3-1.5.3-2.8.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-2.8.1 libapr-util1-debuginfo-1.5.3-2.8.1 libapr-util1-debugsource-1.5.3-2.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libapr-util1-1.5.3-2.8.1 libapr-util1-dbd-sqlite3-1.5.3-2.8.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-2.8.1 libapr-util1-debuginfo-1.5.3-2.8.1 libapr-util1-debugsource-1.5.3-2.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libapr-util1-1.5.3-2.8.1 libapr-util1-dbd-sqlite3-1.5.3-2.8.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-2.8.1 libapr-util1-debuginfo-1.5.3-2.8.1 libapr-util1-debugsource-1.5.3-2.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libapr-util1-1.5.3-2.8.1 libapr-util1-dbd-sqlite3-1.5.3-2.8.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-2.8.1 libapr-util1-debuginfo-1.5.3-2.8.1 libapr-util1-debugsource-1.5.3-2.8.1 References: https://bugzilla.suse.com/1125331 From sle-updates at lists.suse.com Thu Feb 28 13:09:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2019 21:09:48 +0100 (CET) Subject: SUSE-RU-2019:0515-1: moderate: Recommended update for fence-agents Message-ID: <20190228200948.871E1FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0515-1 Rating: moderate References: #1088358 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents adds support for Google Compute Engine images (fate#325539) (bsc#1088358). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2019-515=1 Package List: - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): fence-agents-4.0.17-7.7.1 fence-agents-debuginfo-4.0.17-7.7.1 fence-agents-debugsource-4.0.17-7.7.1 References: https://bugzilla.suse.com/1088358 From sle-updates at lists.suse.com Thu Feb 28 13:10:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2019 21:10:25 +0100 (CET) Subject: SUSE-RU-2019:0514-1: moderate: Recommended update for apparmor Message-ID: <20190228201025.681AEFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0514-1 Rating: moderate References: #1112300 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apparmor fixes the following issues: - Fix erroneously generated audit records: include status* files in dnsmasq. (bsc#1112300) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-514=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-514=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-514=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-514=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-514=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-514=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.8.2-51.18.3 libapparmor-devel-2.8.2-51.18.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.8.2-51.18.3 libapparmor-devel-2.8.2-51.18.3 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-51.18.3 apache2-mod_apparmor-debuginfo-2.8.2-51.18.3 apparmor-debugsource-2.8.2-51.18.3 apparmor-parser-2.8.2-51.18.3 apparmor-parser-debuginfo-2.8.2-51.18.3 libapparmor1-2.8.2-51.18.3 libapparmor1-debuginfo-2.8.2-51.18.3 pam_apparmor-2.8.2-51.18.3 perl-apparmor-2.8.2-51.18.3 perl-apparmor-debuginfo-2.8.2-51.18.3 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): pam_apparmor-debuginfo-2.8.2-51.18.3 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libapparmor1-32bit-2.8.2-51.18.3 libapparmor1-debuginfo-32bit-2.8.2-51.18.3 pam_apparmor-32bit-2.8.2-51.18.3 pam_apparmor-debuginfo-32bit-2.8.2-51.18.3 - SUSE Linux Enterprise Server 12-SP4 (noarch): apparmor-docs-2.8.2-51.18.3 apparmor-profiles-2.8.2-51.18.3 apparmor-utils-2.8.2-51.18.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-51.18.3 apache2-mod_apparmor-debuginfo-2.8.2-51.18.3 apparmor-debugsource-2.8.2-51.18.3 apparmor-parser-2.8.2-51.18.3 apparmor-parser-debuginfo-2.8.2-51.18.3 libapparmor1-2.8.2-51.18.3 libapparmor1-debuginfo-2.8.2-51.18.3 pam_apparmor-2.8.2-51.18.3 perl-apparmor-2.8.2-51.18.3 perl-apparmor-debuginfo-2.8.2-51.18.3 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): pam_apparmor-debuginfo-2.8.2-51.18.3 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libapparmor1-32bit-2.8.2-51.18.3 libapparmor1-debuginfo-32bit-2.8.2-51.18.3 pam_apparmor-32bit-2.8.2-51.18.3 pam_apparmor-debuginfo-32bit-2.8.2-51.18.3 - SUSE Linux Enterprise Server 12-SP3 (noarch): apparmor-docs-2.8.2-51.18.3 apparmor-profiles-2.8.2-51.18.3 apparmor-utils-2.8.2-51.18.3 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): apparmor-docs-2.8.2-51.18.3 apparmor-profiles-2.8.2-51.18.3 apparmor-utils-2.8.2-51.18.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): apparmor-debugsource-2.8.2-51.18.3 apparmor-parser-2.8.2-51.18.3 apparmor-parser-debuginfo-2.8.2-51.18.3 libapparmor1-2.8.2-51.18.3 libapparmor1-32bit-2.8.2-51.18.3 libapparmor1-debuginfo-2.8.2-51.18.3 libapparmor1-debuginfo-32bit-2.8.2-51.18.3 pam_apparmor-2.8.2-51.18.3 pam_apparmor-32bit-2.8.2-51.18.3 pam_apparmor-debuginfo-2.8.2-51.18.3 pam_apparmor-debuginfo-32bit-2.8.2-51.18.3 perl-apparmor-2.8.2-51.18.3 perl-apparmor-debuginfo-2.8.2-51.18.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): apparmor-debugsource-2.8.2-51.18.3 apparmor-parser-2.8.2-51.18.3 apparmor-parser-debuginfo-2.8.2-51.18.3 libapparmor1-2.8.2-51.18.3 libapparmor1-32bit-2.8.2-51.18.3 libapparmor1-debuginfo-2.8.2-51.18.3 libapparmor1-debuginfo-32bit-2.8.2-51.18.3 pam_apparmor-2.8.2-51.18.3 pam_apparmor-32bit-2.8.2-51.18.3 pam_apparmor-debuginfo-2.8.2-51.18.3 pam_apparmor-debuginfo-32bit-2.8.2-51.18.3 perl-apparmor-2.8.2-51.18.3 perl-apparmor-debuginfo-2.8.2-51.18.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): apparmor-docs-2.8.2-51.18.3 apparmor-profiles-2.8.2-51.18.3 apparmor-utils-2.8.2-51.18.3 - SUSE CaaS Platform ALL (x86_64): apparmor-debugsource-2.8.2-51.18.3 apparmor-parser-2.8.2-51.18.3 apparmor-parser-debuginfo-2.8.2-51.18.3 libapparmor1-2.8.2-51.18.3 libapparmor1-debuginfo-2.8.2-51.18.3 perl-apparmor-2.8.2-51.18.3 perl-apparmor-debuginfo-2.8.2-51.18.3 - SUSE CaaS Platform ALL (noarch): apparmor-profiles-2.8.2-51.18.3 apparmor-utils-2.8.2-51.18.3 - SUSE CaaS Platform 3.0 (x86_64): apparmor-debugsource-2.8.2-51.18.3 apparmor-parser-2.8.2-51.18.3 apparmor-parser-debuginfo-2.8.2-51.18.3 libapparmor1-2.8.2-51.18.3 libapparmor1-debuginfo-2.8.2-51.18.3 perl-apparmor-2.8.2-51.18.3 perl-apparmor-debuginfo-2.8.2-51.18.3 - SUSE CaaS Platform 3.0 (noarch): apparmor-profiles-2.8.2-51.18.3 apparmor-utils-2.8.2-51.18.3 References: https://bugzilla.suse.com/1112300 From sle-updates at lists.suse.com Thu Feb 28 13:11:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2019 21:11:05 +0100 (CET) Subject: SUSE-RU-2019:0521-1: moderate: Recommended update for smt Message-ID: <20190228201105.63D3DFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0521-1 Rating: moderate References: #1123974 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for smt fixes the following issues: SMT was updated to 3.0.40: - Fix registration sharing to make SMT to RMT sharing possible (bsc#1123974) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-521=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-521=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-521=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): res-signingkeys-3.0.40-52.32.1 smt-3.0.40-52.32.1 smt-debuginfo-3.0.40-52.32.1 smt-debugsource-3.0.40-52.32.1 smt-support-3.0.40-52.32.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): res-signingkeys-3.0.40-52.32.1 smt-3.0.40-52.32.1 smt-debuginfo-3.0.40-52.32.1 smt-debugsource-3.0.40-52.32.1 smt-support-3.0.40-52.32.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): smt-ha-3.0.40-52.32.1 References: https://bugzilla.suse.com/1123974 From sle-updates at lists.suse.com Thu Feb 28 13:11:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2019 21:11:40 +0100 (CET) Subject: SUSE-RU-2019:0513-1: moderate: Recommended update for crash Message-ID: <20190228201140.ECB5CFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0513-1 Rating: moderate References: #1104743 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash fixes the following issues: - Fix crash utility printing "bt:seek" and "bt:read" errors. (bsc#1104743) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-513=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-513=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): crash-debuginfo-7.2.1-4.3.4 crash-debugsource-7.2.1-4.3.4 crash-devel-7.2.1-4.3.4 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): crash-7.2.1-4.3.4 crash-debuginfo-7.2.1-4.3.4 crash-debugsource-7.2.1-4.3.4 crash-kmp-default-7.2.1_k4.12.14_95.6-4.3.4 crash-kmp-default-debuginfo-7.2.1_k4.12.14_95.6-4.3.4 References: https://bugzilla.suse.com/1104743 From sle-updates at lists.suse.com Thu Feb 28 13:12:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2019 21:12:17 +0100 (CET) Subject: SUSE-RU-2019:0519-1: moderate: Recommended update for dracut Message-ID: <20190228201217.52E0AFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0519-1 Rating: moderate References: #1008352 #1053248 #1112327 #1119037 #1121251 #1124088 #937555 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - 91zipl: Don't use contents of commented lines (osc#1119499) - emergency mode: bring shell and all vital information to all ttys specified as console devices (FATE#325386, bsc#1053248, bsc#937555) - Fix displaying text on emergency consoles (bsc#1124088) - Remove invalid "FONT_MAP=none" from vconsole.conf (osc#1013573) - Ensure mmc host modules get included properly (bsc#1119037) - Fix a missing space in example configs (bsc#1121251) - 95zfcp_rules/parse-zfcp.sh: remove rule existence check (bsc#1008352). - dracut-installkernel: Stop keeping old kernel files as .old (bsc#1112327) The .old kernel files are confusing grub2 which can't find a matching directory under /lib/modules. Furthermore, there is no guarantee that the new modules are fully compatible with the old kernel. If anything goes wrong with a new self-compiled kernel, the user can always boot back to the distribution kernel, so the .old backup files are not needed in the first place. Get rid of them to simplify and speed up the whole process. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-519=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-519=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dracut-044.1-10.6.1 dracut-debuginfo-044.1-10.6.1 dracut-debugsource-044.1-10.6.1 dracut-fips-044.1-10.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dracut-044.1-10.6.1 dracut-debuginfo-044.1-10.6.1 dracut-debugsource-044.1-10.6.1 References: https://bugzilla.suse.com/1008352 https://bugzilla.suse.com/1053248 https://bugzilla.suse.com/1112327 https://bugzilla.suse.com/1119037 https://bugzilla.suse.com/1121251 https://bugzilla.suse.com/1124088 https://bugzilla.suse.com/937555 From sle-updates at lists.suse.com Thu Feb 28 13:14:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2019 21:14:16 +0100 (CET) Subject: SUSE-RU-2019:0518-1: moderate: Recommended update for dracut Message-ID: <20190228201416.1DCA4FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0518-1 Rating: moderate References: #1113712 #1124088 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - Correct fix for displaying text on emergency consoles (bsc#1124088) - 95iscsi: handle qedi like bnx2i (bsc#1113712) - 91zipl: Don't use contents of commented lines (osc#1119499) - Fix displaying text on emergency consoles (bsc#1124088) - Remove invalid "FONT_MAP=none" from vconsole.conf (osc#1013573) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-518=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-518=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): dracut-debuginfo-044.1-18.18.1 dracut-debugsource-044.1-18.18.1 dracut-tools-044.1-18.18.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): dracut-044.1-18.18.1 dracut-debuginfo-044.1-18.18.1 dracut-debugsource-044.1-18.18.1 dracut-fips-044.1-18.18.1 dracut-ima-044.1-18.18.1 References: https://bugzilla.suse.com/1113712 https://bugzilla.suse.com/1124088 From sle-updates at lists.suse.com Thu Feb 28 13:14:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2019 21:14:57 +0100 (CET) Subject: SUSE-RU-2019:0520-1: moderate: Recommended update for libreoffice Message-ID: <20190228201457.E14C5FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0520-1 Rating: moderate References: #1079744 #1088266 #1095755 #1107012 #1110345 #1110348 #1112112 #1112113 #1112114 #1117195 #1117300 #1124658 #882383 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for libreoffice fixes the following issues: LibreOffice was updated to the 6.1.5.2 release, containing lots of bugfixes. Various improvements to PPTX were also done: - SmartArt: Basic rendering of the Organizational Chart (bsc#1112114) - SmartArt: Basic rendering of Accent Process and Continuous Block Process (bsc#1112113) - Chart in PPTX lacks color and is too large (bsc#882383) - SmartArt: Basic rendering of several list types (bsc#1112112) - Charts having weird/darker/ugly background versus Office 365 and strange artefacts where overlapping (bsc#1110348) - Text on arc feature, export to PPTX (bsc#1088266) - PPTX Labels in chart change (from white and other colors) to black when saving as PPTX (bsc#1095755) - Chart showing numbers with post-comma digits versus rounded with Office 365 (bsc#1110345) - Font sizes and text position way off (too small,...) (bsc#1107012) Additional fixes: - [DATA LOSS] Saving a new document can silently (bsc#1117300) - Install also C++ libreofficekit headers (bsc#1117195) - unoil.jar does not contain any content in LibreOffice 5.4.4.2 update (bsc#1079744) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-520=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-520=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-520=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-520=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-520=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-520=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libreoffice-branding-upstream-6.1.5.2-43.44.3 libreoffice-icon-themes-6.1.5.2-43.44.3 libreoffice-l10n-af-6.1.5.2-43.44.3 libreoffice-l10n-ar-6.1.5.2-43.44.3 libreoffice-l10n-bg-6.1.5.2-43.44.3 libreoffice-l10n-ca-6.1.5.2-43.44.3 libreoffice-l10n-cs-6.1.5.2-43.44.3 libreoffice-l10n-da-6.1.5.2-43.44.3 libreoffice-l10n-de-6.1.5.2-43.44.3 libreoffice-l10n-en-6.1.5.2-43.44.3 libreoffice-l10n-es-6.1.5.2-43.44.3 libreoffice-l10n-fi-6.1.5.2-43.44.3 libreoffice-l10n-fr-6.1.5.2-43.44.3 libreoffice-l10n-gu-6.1.5.2-43.44.3 libreoffice-l10n-hi-6.1.5.2-43.44.3 libreoffice-l10n-hr-6.1.5.2-43.44.3 libreoffice-l10n-hu-6.1.5.2-43.44.3 libreoffice-l10n-it-6.1.5.2-43.44.3 libreoffice-l10n-ja-6.1.5.2-43.44.3 libreoffice-l10n-ko-6.1.5.2-43.44.3 libreoffice-l10n-lt-6.1.5.2-43.44.3 libreoffice-l10n-nb-6.1.5.2-43.44.3 libreoffice-l10n-nl-6.1.5.2-43.44.3 libreoffice-l10n-nn-6.1.5.2-43.44.3 libreoffice-l10n-pl-6.1.5.2-43.44.3 libreoffice-l10n-pt_BR-6.1.5.2-43.44.3 libreoffice-l10n-pt_PT-6.1.5.2-43.44.3 libreoffice-l10n-ro-6.1.5.2-43.44.3 libreoffice-l10n-ru-6.1.5.2-43.44.3 libreoffice-l10n-sk-6.1.5.2-43.44.3 libreoffice-l10n-sv-6.1.5.2-43.44.3 libreoffice-l10n-uk-6.1.5.2-43.44.3 libreoffice-l10n-xh-6.1.5.2-43.44.3 libreoffice-l10n-zh_CN-6.1.5.2-43.44.3 libreoffice-l10n-zh_TW-6.1.5.2-43.44.3 libreoffice-l10n-zu-6.1.5.2-43.44.3 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libreoffice-6.1.5.2-43.44.3 libreoffice-base-6.1.5.2-43.44.3 libreoffice-base-debuginfo-6.1.5.2-43.44.3 libreoffice-base-drivers-postgresql-6.1.5.2-43.44.3 libreoffice-base-drivers-postgresql-debuginfo-6.1.5.2-43.44.3 libreoffice-calc-6.1.5.2-43.44.3 libreoffice-calc-debuginfo-6.1.5.2-43.44.3 libreoffice-calc-extensions-6.1.5.2-43.44.3 libreoffice-debuginfo-6.1.5.2-43.44.3 libreoffice-debugsource-6.1.5.2-43.44.3 libreoffice-draw-6.1.5.2-43.44.3 libreoffice-draw-debuginfo-6.1.5.2-43.44.3 libreoffice-filters-optional-6.1.5.2-43.44.3 libreoffice-gnome-6.1.5.2-43.44.3 libreoffice-gnome-debuginfo-6.1.5.2-43.44.3 libreoffice-gtk2-6.1.5.2-43.44.3 libreoffice-gtk2-debuginfo-6.1.5.2-43.44.3 libreoffice-impress-6.1.5.2-43.44.3 libreoffice-impress-debuginfo-6.1.5.2-43.44.3 libreoffice-mailmerge-6.1.5.2-43.44.3 libreoffice-math-6.1.5.2-43.44.3 libreoffice-math-debuginfo-6.1.5.2-43.44.3 libreoffice-officebean-6.1.5.2-43.44.3 libreoffice-officebean-debuginfo-6.1.5.2-43.44.3 libreoffice-pyuno-6.1.5.2-43.44.3 libreoffice-pyuno-debuginfo-6.1.5.2-43.44.3 libreoffice-writer-6.1.5.2-43.44.3 libreoffice-writer-debuginfo-6.1.5.2-43.44.3 libreoffice-writer-extensions-6.1.5.2-43.44.3 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libreoffice-branding-upstream-6.1.5.2-43.44.3 libreoffice-icon-themes-6.1.5.2-43.44.3 libreoffice-l10n-af-6.1.5.2-43.44.3 libreoffice-l10n-ar-6.1.5.2-43.44.3 libreoffice-l10n-bg-6.1.5.2-43.44.3 libreoffice-l10n-ca-6.1.5.2-43.44.3 libreoffice-l10n-cs-6.1.5.2-43.44.3 libreoffice-l10n-da-6.1.5.2-43.44.3 libreoffice-l10n-de-6.1.5.2-43.44.3 libreoffice-l10n-en-6.1.5.2-43.44.3 libreoffice-l10n-es-6.1.5.2-43.44.3 libreoffice-l10n-fi-6.1.5.2-43.44.3 libreoffice-l10n-fr-6.1.5.2-43.44.3 libreoffice-l10n-gu-6.1.5.2-43.44.3 libreoffice-l10n-hi-6.1.5.2-43.44.3 libreoffice-l10n-hr-6.1.5.2-43.44.3 libreoffice-l10n-hu-6.1.5.2-43.44.3 libreoffice-l10n-it-6.1.5.2-43.44.3 libreoffice-l10n-ja-6.1.5.2-43.44.3 libreoffice-l10n-ko-6.1.5.2-43.44.3 libreoffice-l10n-lt-6.1.5.2-43.44.3 libreoffice-l10n-nb-6.1.5.2-43.44.3 libreoffice-l10n-nl-6.1.5.2-43.44.3 libreoffice-l10n-nn-6.1.5.2-43.44.3 libreoffice-l10n-pl-6.1.5.2-43.44.3 libreoffice-l10n-pt_BR-6.1.5.2-43.44.3 libreoffice-l10n-pt_PT-6.1.5.2-43.44.3 libreoffice-l10n-ro-6.1.5.2-43.44.3 libreoffice-l10n-ru-6.1.5.2-43.44.3 libreoffice-l10n-sk-6.1.5.2-43.44.3 libreoffice-l10n-sv-6.1.5.2-43.44.3 libreoffice-l10n-uk-6.1.5.2-43.44.3 libreoffice-l10n-xh-6.1.5.2-43.44.3 libreoffice-l10n-zh_CN-6.1.5.2-43.44.3 libreoffice-l10n-zh_TW-6.1.5.2-43.44.3 libreoffice-l10n-zu-6.1.5.2-43.44.3 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libreoffice-6.1.5.2-43.44.3 libreoffice-base-6.1.5.2-43.44.3 libreoffice-base-debuginfo-6.1.5.2-43.44.3 libreoffice-base-drivers-postgresql-6.1.5.2-43.44.3 libreoffice-base-drivers-postgresql-debuginfo-6.1.5.2-43.44.3 libreoffice-calc-6.1.5.2-43.44.3 libreoffice-calc-debuginfo-6.1.5.2-43.44.3 libreoffice-calc-extensions-6.1.5.2-43.44.3 libreoffice-debuginfo-6.1.5.2-43.44.3 libreoffice-debugsource-6.1.5.2-43.44.3 libreoffice-draw-6.1.5.2-43.44.3 libreoffice-draw-debuginfo-6.1.5.2-43.44.3 libreoffice-filters-optional-6.1.5.2-43.44.3 libreoffice-gnome-6.1.5.2-43.44.3 libreoffice-gnome-debuginfo-6.1.5.2-43.44.3 libreoffice-gtk2-6.1.5.2-43.44.3 libreoffice-gtk2-debuginfo-6.1.5.2-43.44.3 libreoffice-impress-6.1.5.2-43.44.3 libreoffice-impress-debuginfo-6.1.5.2-43.44.3 libreoffice-mailmerge-6.1.5.2-43.44.3 libreoffice-math-6.1.5.2-43.44.3 libreoffice-math-debuginfo-6.1.5.2-43.44.3 libreoffice-officebean-6.1.5.2-43.44.3 libreoffice-officebean-debuginfo-6.1.5.2-43.44.3 libreoffice-pyuno-6.1.5.2-43.44.3 libreoffice-pyuno-debuginfo-6.1.5.2-43.44.3 libreoffice-writer-6.1.5.2-43.44.3 libreoffice-writer-debuginfo-6.1.5.2-43.44.3 libreoffice-writer-extensions-6.1.5.2-43.44.3 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 x86_64): libreoffice-debuginfo-6.1.5.2-43.44.3 libreoffice-debugsource-6.1.5.2-43.44.3 libreoffice-sdk-6.1.5.2-43.44.3 libreoffice-sdk-debuginfo-6.1.5.2-43.44.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): libreoffice-debuginfo-6.1.5.2-43.44.3 libreoffice-debugsource-6.1.5.2-43.44.3 libreoffice-sdk-6.1.5.2-43.44.3 libreoffice-sdk-debuginfo-6.1.5.2-43.44.3 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): libreoffice-branding-upstream-6.1.5.2-43.44.3 libreoffice-icon-themes-6.1.5.2-43.44.3 libreoffice-l10n-af-6.1.5.2-43.44.3 libreoffice-l10n-ar-6.1.5.2-43.44.3 libreoffice-l10n-ca-6.1.5.2-43.44.3 libreoffice-l10n-cs-6.1.5.2-43.44.3 libreoffice-l10n-da-6.1.5.2-43.44.3 libreoffice-l10n-de-6.1.5.2-43.44.3 libreoffice-l10n-en-6.1.5.2-43.44.3 libreoffice-l10n-es-6.1.5.2-43.44.3 libreoffice-l10n-fi-6.1.5.2-43.44.3 libreoffice-l10n-fr-6.1.5.2-43.44.3 libreoffice-l10n-gu-6.1.5.2-43.44.3 libreoffice-l10n-hi-6.1.5.2-43.44.3 libreoffice-l10n-hu-6.1.5.2-43.44.3 libreoffice-l10n-it-6.1.5.2-43.44.3 libreoffice-l10n-ja-6.1.5.2-43.44.3 libreoffice-l10n-ko-6.1.5.2-43.44.3 libreoffice-l10n-nb-6.1.5.2-43.44.3 libreoffice-l10n-nl-6.1.5.2-43.44.3 libreoffice-l10n-nn-6.1.5.2-43.44.3 libreoffice-l10n-pl-6.1.5.2-43.44.3 libreoffice-l10n-pt_BR-6.1.5.2-43.44.3 libreoffice-l10n-pt_PT-6.1.5.2-43.44.3 libreoffice-l10n-ro-6.1.5.2-43.44.3 libreoffice-l10n-ru-6.1.5.2-43.44.3 libreoffice-l10n-sk-6.1.5.2-43.44.3 libreoffice-l10n-sv-6.1.5.2-43.44.3 libreoffice-l10n-xh-6.1.5.2-43.44.3 libreoffice-l10n-zh_CN-6.1.5.2-43.44.3 libreoffice-l10n-zh_TW-6.1.5.2-43.44.3 libreoffice-l10n-zu-6.1.5.2-43.44.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libreoffice-6.1.5.2-43.44.3 libreoffice-base-6.1.5.2-43.44.3 libreoffice-base-debuginfo-6.1.5.2-43.44.3 libreoffice-base-drivers-postgresql-6.1.5.2-43.44.3 libreoffice-base-drivers-postgresql-debuginfo-6.1.5.2-43.44.3 libreoffice-calc-6.1.5.2-43.44.3 libreoffice-calc-debuginfo-6.1.5.2-43.44.3 libreoffice-calc-extensions-6.1.5.2-43.44.3 libreoffice-debuginfo-6.1.5.2-43.44.3 libreoffice-debugsource-6.1.5.2-43.44.3 libreoffice-draw-6.1.5.2-43.44.3 libreoffice-draw-debuginfo-6.1.5.2-43.44.3 libreoffice-filters-optional-6.1.5.2-43.44.3 libreoffice-gnome-6.1.5.2-43.44.3 libreoffice-gnome-debuginfo-6.1.5.2-43.44.3 libreoffice-gtk2-6.1.5.2-43.44.3 libreoffice-gtk2-debuginfo-6.1.5.2-43.44.3 libreoffice-impress-6.1.5.2-43.44.3 libreoffice-impress-debuginfo-6.1.5.2-43.44.3 libreoffice-mailmerge-6.1.5.2-43.44.3 libreoffice-math-6.1.5.2-43.44.3 libreoffice-math-debuginfo-6.1.5.2-43.44.3 libreoffice-officebean-6.1.5.2-43.44.3 libreoffice-officebean-debuginfo-6.1.5.2-43.44.3 libreoffice-pyuno-6.1.5.2-43.44.3 libreoffice-pyuno-debuginfo-6.1.5.2-43.44.3 libreoffice-writer-6.1.5.2-43.44.3 libreoffice-writer-debuginfo-6.1.5.2-43.44.3 libreoffice-writer-extensions-6.1.5.2-43.44.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libreoffice-6.1.5.2-43.44.3 libreoffice-base-6.1.5.2-43.44.3 libreoffice-base-debuginfo-6.1.5.2-43.44.3 libreoffice-base-drivers-postgresql-6.1.5.2-43.44.3 libreoffice-base-drivers-postgresql-debuginfo-6.1.5.2-43.44.3 libreoffice-calc-6.1.5.2-43.44.3 libreoffice-calc-debuginfo-6.1.5.2-43.44.3 libreoffice-calc-extensions-6.1.5.2-43.44.3 libreoffice-debuginfo-6.1.5.2-43.44.3 libreoffice-debugsource-6.1.5.2-43.44.3 libreoffice-draw-6.1.5.2-43.44.3 libreoffice-draw-debuginfo-6.1.5.2-43.44.3 libreoffice-filters-optional-6.1.5.2-43.44.3 libreoffice-gnome-6.1.5.2-43.44.3 libreoffice-gnome-debuginfo-6.1.5.2-43.44.3 libreoffice-gtk2-6.1.5.2-43.44.3 libreoffice-gtk2-debuginfo-6.1.5.2-43.44.3 libreoffice-impress-6.1.5.2-43.44.3 libreoffice-impress-debuginfo-6.1.5.2-43.44.3 libreoffice-mailmerge-6.1.5.2-43.44.3 libreoffice-math-6.1.5.2-43.44.3 libreoffice-math-debuginfo-6.1.5.2-43.44.3 libreoffice-officebean-6.1.5.2-43.44.3 libreoffice-officebean-debuginfo-6.1.5.2-43.44.3 libreoffice-pyuno-6.1.5.2-43.44.3 libreoffice-pyuno-debuginfo-6.1.5.2-43.44.3 libreoffice-writer-6.1.5.2-43.44.3 libreoffice-writer-debuginfo-6.1.5.2-43.44.3 libreoffice-writer-extensions-6.1.5.2-43.44.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libreoffice-branding-upstream-6.1.5.2-43.44.3 libreoffice-icon-themes-6.1.5.2-43.44.3 libreoffice-l10n-af-6.1.5.2-43.44.3 libreoffice-l10n-ar-6.1.5.2-43.44.3 libreoffice-l10n-ca-6.1.5.2-43.44.3 libreoffice-l10n-cs-6.1.5.2-43.44.3 libreoffice-l10n-da-6.1.5.2-43.44.3 libreoffice-l10n-de-6.1.5.2-43.44.3 libreoffice-l10n-en-6.1.5.2-43.44.3 libreoffice-l10n-es-6.1.5.2-43.44.3 libreoffice-l10n-fi-6.1.5.2-43.44.3 libreoffice-l10n-fr-6.1.5.2-43.44.3 libreoffice-l10n-gu-6.1.5.2-43.44.3 libreoffice-l10n-hi-6.1.5.2-43.44.3 libreoffice-l10n-hu-6.1.5.2-43.44.3 libreoffice-l10n-it-6.1.5.2-43.44.3 libreoffice-l10n-ja-6.1.5.2-43.44.3 libreoffice-l10n-ko-6.1.5.2-43.44.3 libreoffice-l10n-nb-6.1.5.2-43.44.3 libreoffice-l10n-nl-6.1.5.2-43.44.3 libreoffice-l10n-nn-6.1.5.2-43.44.3 libreoffice-l10n-pl-6.1.5.2-43.44.3 libreoffice-l10n-pt_BR-6.1.5.2-43.44.3 libreoffice-l10n-pt_PT-6.1.5.2-43.44.3 libreoffice-l10n-ro-6.1.5.2-43.44.3 libreoffice-l10n-ru-6.1.5.2-43.44.3 libreoffice-l10n-sk-6.1.5.2-43.44.3 libreoffice-l10n-sv-6.1.5.2-43.44.3 libreoffice-l10n-xh-6.1.5.2-43.44.3 libreoffice-l10n-zh_CN-6.1.5.2-43.44.3 libreoffice-l10n-zh_TW-6.1.5.2-43.44.3 libreoffice-l10n-zu-6.1.5.2-43.44.3 References: https://bugzilla.suse.com/1079744 https://bugzilla.suse.com/1088266 https://bugzilla.suse.com/1095755 https://bugzilla.suse.com/1107012 https://bugzilla.suse.com/1110345 https://bugzilla.suse.com/1110348 https://bugzilla.suse.com/1112112 https://bugzilla.suse.com/1112113 https://bugzilla.suse.com/1112114 https://bugzilla.suse.com/1117195 https://bugzilla.suse.com/1117300 https://bugzilla.suse.com/1124658 https://bugzilla.suse.com/882383 From sle-updates at lists.suse.com Thu Feb 28 13:16:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Feb 2019 21:16:57 +0100 (CET) Subject: SUSE-RU-2019:0516-1: moderate: Recommended update for fence-agents Message-ID: <20190228201657.1D124FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0516-1 Rating: moderate References: #1049852 #1088358 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for fence-agents provides the following fix: This update includes fence agent for Google Compute Engine images (fate#325539) (bsc#1088358) Other fixes: - fencing: Include timestamps when logging to STDERR and debug file. (bsc#1049852) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-516=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (s390x): fence-agents-4.0.22+git.1455008135.15c5e92-9.9.1 fence-agents-debuginfo-4.0.22+git.1455008135.15c5e92-9.9.1 fence-agents-debugsource-4.0.22+git.1455008135.15c5e92-9.9.1 References: https://bugzilla.suse.com/1049852 https://bugzilla.suse.com/1088358