From sle-updates at lists.suse.com Wed Jan 2 12:06:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Jan 2019 20:06:34 +0100 (CET) Subject: SUSE-SU-2019:0002-1: moderate: Security update for libraw Message-ID: <20190102190634.7F4D8FD20@maintenance.suse.de> SUSE Security Update: Security update for libraw ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0002-1 Rating: moderate References: #1097973 #1097974 #1118894 Cross-References: CVE-2018-5805 CVE-2018-5806 CVE-2018-5808 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-5808: Fixed a stack-based buffer overflow and code execution vulnerability in find_green() function internal/dcraw_common.cpp (bsc#1118894). - CVE-2018-5805: Fixed a boundary error within the quicktake_100_load_raw function (bsc#1097973) - CVE-2018-5806: Fixed a a NULL pointer dereference in the leaf_hdr_load_raw function (bsc#1097974) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-2=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-2=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-2=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libraw-debugsource-0.15.4-27.1 libraw9-0.15.4-27.1 libraw9-debuginfo-0.15.4-27.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libraw-debugsource-0.15.4-27.1 libraw9-0.15.4-27.1 libraw9-debuginfo-0.15.4-27.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libraw-debugsource-0.15.4-27.1 libraw-devel-0.15.4-27.1 libraw-devel-static-0.15.4-27.1 libraw9-0.15.4-27.1 libraw9-debuginfo-0.15.4-27.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libraw-debugsource-0.15.4-27.1 libraw-devel-0.15.4-27.1 libraw-devel-static-0.15.4-27.1 libraw9-0.15.4-27.1 libraw9-debuginfo-0.15.4-27.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libraw-debugsource-0.15.4-27.1 libraw9-0.15.4-27.1 libraw9-debuginfo-0.15.4-27.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libraw-debugsource-0.15.4-27.1 libraw9-0.15.4-27.1 libraw9-debuginfo-0.15.4-27.1 References: https://www.suse.com/security/cve/CVE-2018-5805.html https://www.suse.com/security/cve/CVE-2018-5806.html https://www.suse.com/security/cve/CVE-2018-5808.html https://bugzilla.suse.com/1097973 https://bugzilla.suse.com/1097974 https://bugzilla.suse.com/1118894 From sle-updates at lists.suse.com Wed Jan 2 12:07:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Jan 2019 20:07:31 +0100 (CET) Subject: SUSE-SU-2019:0005-1: moderate: Security update for libraw Message-ID: <20190102190731.3B3D4FD26@maintenance.suse.de> SUSE Security Update: Security update for libraw ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0005-1 Rating: moderate References: #1097975 #1103200 #1103206 Cross-References: CVE-2018-5804 CVE-2018-5813 CVE-2018-5815 CVE-2018-5816 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libraw fixes the following issues: Security issues fixed: The following security vulnerabilities were addressed: - CVE-2018-5813: Fixed an error within the "parse_minolta()" function (dcraw/dcraw.c) that could be exploited to trigger an infinite loop via a specially crafted file. This could be exploited to cause a DoS.(boo#1103200). - CVE-2018-5815: Fixed an integer overflow in the internal/dcraw_common.cpp:parse_qt() function, that could be exploited to cause an infinite loop via a specially crafted Apple QuickTime file. (boo#1103206) - CVE-2018-5804,CVE-2018-5816: Fixed a type confusion error in the identify function (bsc#1097975) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-5=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-5=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): libraw-debuginfo-0.18.9-3.5.1 libraw-debugsource-0.18.9-3.5.1 libraw-devel-0.18.9-3.5.1 libraw16-0.18.9-3.5.1 libraw16-debuginfo-0.18.9-3.5.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libraw-debuginfo-0.18.9-3.5.1 libraw-debugsource-0.18.9-3.5.1 libraw-devel-static-0.18.9-3.5.1 libraw-tools-0.18.9-3.5.1 libraw-tools-debuginfo-0.18.9-3.5.1 References: https://www.suse.com/security/cve/CVE-2018-5804.html https://www.suse.com/security/cve/CVE-2018-5813.html https://www.suse.com/security/cve/CVE-2018-5815.html https://www.suse.com/security/cve/CVE-2018-5816.html https://bugzilla.suse.com/1097975 https://bugzilla.suse.com/1103200 https://bugzilla.suse.com/1103206 From sle-updates at lists.suse.com Wed Jan 2 12:08:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Jan 2019 20:08:20 +0100 (CET) Subject: SUSE-SU-2019:0003-1: important: Security update for xen Message-ID: <20190102190820.627C3FD85@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0003-1 Rating: important References: #1027519 #1108940 #1111014 #1114405 #1114423 #1114988 #1115040 #1115043 #1115044 #1115045 #1115047 #1117756 Cross-References: CVE-2018-17963 CVE-2018-18849 CVE-2018-18883 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19963 CVE-2018-19964 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - Update to Xen 4.11.1 bug fix release (bsc#1027519) - CVE-2018-17963: Fixed an integer overflow issue in the QEMU emulator, which could occur when a packet with large packet size is processed. A user inside a guest could have used this flaw to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1111014) - CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423) - CVE-2018-18883: Fixed an issue related to inproper restriction of nested VT-x, which allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-278) (bsc#1114405) - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19963: Fixed the allocation of pages used to communicate with external emulators, which may have cuased Xen to crash, resulting in a Denial of Service (DoS). (XSA-276) (bsc#1115043) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047) - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - CVE-2018-19964: Fixed the incorrect error handling of p2m page removals, which allowed a guest to cause a deadlock, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-277) (bsc#1115044) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). Other bugs fixed: - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-3=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-3=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-3=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 x86_64): xen-debugsource-4.11.1_02-2.3.1 xen-devel-4.11.1_02-2.3.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): xen-4.11.1_02-2.3.1 xen-debugsource-4.11.1_02-2.3.1 xen-doc-html-4.11.1_02-2.3.1 xen-libs-32bit-4.11.1_02-2.3.1 xen-libs-4.11.1_02-2.3.1 xen-libs-debuginfo-32bit-4.11.1_02-2.3.1 xen-libs-debuginfo-4.11.1_02-2.3.1 xen-tools-4.11.1_02-2.3.1 xen-tools-debuginfo-4.11.1_02-2.3.1 xen-tools-domU-4.11.1_02-2.3.1 xen-tools-domU-debuginfo-4.11.1_02-2.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): xen-4.11.1_02-2.3.1 xen-debugsource-4.11.1_02-2.3.1 xen-libs-32bit-4.11.1_02-2.3.1 xen-libs-4.11.1_02-2.3.1 xen-libs-debuginfo-32bit-4.11.1_02-2.3.1 xen-libs-debuginfo-4.11.1_02-2.3.1 References: https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18849.html https://www.suse.com/security/cve/CVE-2018-18883.html https://www.suse.com/security/cve/CVE-2018-19665.html https://www.suse.com/security/cve/CVE-2018-19961.html https://www.suse.com/security/cve/CVE-2018-19962.html https://www.suse.com/security/cve/CVE-2018-19963.html https://www.suse.com/security/cve/CVE-2018-19964.html https://www.suse.com/security/cve/CVE-2018-19965.html https://www.suse.com/security/cve/CVE-2018-19966.html https://www.suse.com/security/cve/CVE-2018-19967.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1108940 https://bugzilla.suse.com/1111014 https://bugzilla.suse.com/1114405 https://bugzilla.suse.com/1114423 https://bugzilla.suse.com/1114988 https://bugzilla.suse.com/1115040 https://bugzilla.suse.com/1115043 https://bugzilla.suse.com/1115044 https://bugzilla.suse.com/1115045 https://bugzilla.suse.com/1115047 https://bugzilla.suse.com/1117756 From sle-updates at lists.suse.com Wed Jan 2 12:10:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Jan 2019 20:10:44 +0100 (CET) Subject: SUSE-SU-2019:13921-1: important: Security update for xen Message-ID: <20190102191044.9D889FD85@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13921-1 Rating: important References: #1027519 #1031382 #1056336 #1105528 #1108940 #1110924 #1111007 #1111011 #1111014 #1112188 #1114423 #1114988 #1115040 #1115045 #1115047 #1117756 Cross-References: CVE-2017-13672 CVE-2018-10839 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has three fixes is now available. Description: This update for xen fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047) - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423) - Fixed an integer overflow in ccid_card_vscard_read(), which allowed for memory corruption. (bsc#1112188) - CVE-2017-13672: Fixed an out of bounds read access during display update (bsc#1056336) - CVE-2018-17958: Fixed an integer overflow leading to a buffer overflow in the rtl8139 component (bsc#1111007) - CVE-2018-17962: Fixed an integer overflow leading to a buffer overflow in the pcnet component (bsc#1111011) - CVE-2018-17963: Fixed an integer overflow in relation to large packet sizes, leading to a denial of service (DoS). (bsc#1111014) - CVE-2018-10839: Fixed an integer overflow leading to a buffer overflow in the ne2000 component (bsc#1110924) Other bugs fixed: - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) - Upstream bug fixes (bsc#1027519) - Fixed crashing VMs when migrating between dom0 hosts (bsc#1031382) - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-13921=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-13921=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-13921=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_38-61.40.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_38_3.0.101_108.84-61.40.1 xen-libs-4.4.4_38-61.40.1 xen-tools-domU-4.4.4_38-61.40.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_38-61.40.1 xen-doc-html-4.4.4_38-61.40.1 xen-libs-32bit-4.4.4_38-61.40.1 xen-tools-4.4.4_38-61.40.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_38_3.0.101_108.84-61.40.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_38-61.40.1 xen-debugsource-4.4.4_38-61.40.1 References: https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18438.html https://www.suse.com/security/cve/CVE-2018-18849.html https://www.suse.com/security/cve/CVE-2018-19665.html https://www.suse.com/security/cve/CVE-2018-19961.html https://www.suse.com/security/cve/CVE-2018-19962.html https://www.suse.com/security/cve/CVE-2018-19965.html https://www.suse.com/security/cve/CVE-2018-19966.html https://www.suse.com/security/cve/CVE-2018-19967.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1031382 https://bugzilla.suse.com/1056336 https://bugzilla.suse.com/1105528 https://bugzilla.suse.com/1108940 https://bugzilla.suse.com/1110924 https://bugzilla.suse.com/1111007 https://bugzilla.suse.com/1111011 https://bugzilla.suse.com/1111014 https://bugzilla.suse.com/1112188 https://bugzilla.suse.com/1114423 https://bugzilla.suse.com/1114988 https://bugzilla.suse.com/1115040 https://bugzilla.suse.com/1115045 https://bugzilla.suse.com/1115047 https://bugzilla.suse.com/1117756 From sle-updates at lists.suse.com Wed Jan 2 16:09:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Jan 2019 00:09:06 +0100 (CET) Subject: SUSE-RU-2019:0008-1: moderate: Recommended update for python-rtslib Message-ID: <20190102230906.DAB57FD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-rtslib ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0008-1 Rating: moderate References: #1113573 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-rtslib provides the following fix: - Add srpt_wwn WWN type handling. (bsc#1113573) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-8=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-8=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): python-rtslib-2.2-31.6.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-rtslib-2.2-31.6.1 References: https://bugzilla.suse.com/1113573 From sle-updates at lists.suse.com Wed Jan 2 19:08:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Jan 2019 03:08:54 +0100 (CET) Subject: SUSE-RU-2019:0007-1: moderate: Recommended update for mirror Message-ID: <20190103020855.001FBFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for mirror ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0007-1 Rating: moderate References: #1117110 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mirror provides the following fix: - Check if a directory must be removed. In case all the previous content of a directory is removed, but new content for the directory was downloaded, do not remove it. (bsc#1117110) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-7=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-7=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): mirror-2.9-908.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): mirror-2.9-908.3.1 References: https://bugzilla.suse.com/1117110 From sle-updates at lists.suse.com Thu Jan 3 01:21:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Jan 2019 09:21:38 +0100 (CET) Subject: SUSE-RU-2019:0011-1: moderate: Recommended update for OpenIPMI Message-ID: <20190103082138.883A3FD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for OpenIPMI ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0011-1 Rating: moderate References: #1060799 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for OpenIPMI provides the following fix: - On aarch64 hardware, the IPMI hardware was detected but an incorrect driver was loaded ("ipmi_si.ko" rather than the correct "ipmi_ssif.ko"). The fix adds a new entry to /etc/sysconfig/ipmi which defines the name of the driver to load. A utility (/usr/lib/openipmi-helper) then uses this name to load the correct driveri. (bsc#1060799) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-11=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-11=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-11=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-11=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-11=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-11=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): OpenIPMI-debuginfo-2.0.21-10.6.24 OpenIPMI-debugsource-2.0.21-10.6.24 OpenIPMI-devel-2.0.21-10.6.24 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): OpenIPMI-debuginfo-2.0.21-10.6.24 OpenIPMI-debugsource-2.0.21-10.6.24 OpenIPMI-devel-2.0.21-10.6.24 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): OpenIPMI-2.0.21-10.6.24 OpenIPMI-debuginfo-2.0.21-10.6.24 OpenIPMI-debugsource-2.0.21-10.6.24 OpenIPMI-python-2.0.21-10.6.24 OpenIPMI-python-debuginfo-2.0.21-10.6.24 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): OpenIPMI-2.0.21-10.6.24 OpenIPMI-debuginfo-2.0.21-10.6.24 OpenIPMI-debugsource-2.0.21-10.6.24 OpenIPMI-python-2.0.21-10.6.24 OpenIPMI-python-debuginfo-2.0.21-10.6.24 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): OpenIPMI-2.0.21-10.6.24 OpenIPMI-debuginfo-2.0.21-10.6.24 OpenIPMI-debugsource-2.0.21-10.6.24 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): OpenIPMI-2.0.21-10.6.24 OpenIPMI-debuginfo-2.0.21-10.6.24 OpenIPMI-debugsource-2.0.21-10.6.24 References: https://bugzilla.suse.com/1060799 From sle-updates at lists.suse.com Thu Jan 3 01:22:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Jan 2019 09:22:27 +0100 (CET) Subject: SUSE-RU-2019:0013-1: moderate: Recommended update for yast2-network Message-ID: <20190103082227.4A0BFFD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0013-1 Rating: moderate References: #1039307 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-network fixes the following issues: - YaST can now obtain NTP-Servers through DHCP (fate#323454, bsc#1039307) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-13=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-network-4.0.44-3.11.1 References: https://bugzilla.suse.com/1039307 From sle-updates at lists.suse.com Thu Jan 3 01:23:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Jan 2019 09:23:06 +0100 (CET) Subject: SUSE-RU-2019:0014-1: moderate: Recommended update for yast2-registration Message-ID: <20190103082306.BBF7DFD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0014-1 Rating: moderate References: #1060151 #1091825 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-registration fixes the following issues: - Fixes an issue when the base product registration code is being used for extensions (bsc#1091825) - Improved error messages (bsc#1060151) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-14=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-registration-4.0.47-3.18.1 References: https://bugzilla.suse.com/1060151 https://bugzilla.suse.com/1091825 From sle-updates at lists.suse.com Thu Jan 3 01:23:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Jan 2019 09:23:54 +0100 (CET) Subject: SUSE-RU-2019:13922-1: important: Recommended update for ntp Message-ID: <20190103082354.D25F6FD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for ntp ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13922-1 Rating: important References: #1113663 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ntp provides the following fix: - Leave SSL enabled when compiling against an OpenSSL version that does not support CMAC. (bsc#1113663) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ntp-13922=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ntp-13922=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ntp-13922=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ntp-4.2.8p12-48.24.1 ntp-doc-4.2.8p12-48.24.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ntp-4.2.8p12-48.24.1 ntp-doc-4.2.8p12-48.24.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ntp-debuginfo-4.2.8p12-48.24.1 ntp-debugsource-4.2.8p12-48.24.1 References: https://bugzilla.suse.com/1113663 From sle-updates at lists.suse.com Thu Jan 3 01:24:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Jan 2019 09:24:34 +0100 (CET) Subject: SUSE-RU-2019:0012-1: moderate: Recommended update for yast2-network Message-ID: <20190103082434.12B21FD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0012-1 Rating: moderate References: #1111925 #1113080 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-network fixes the following issues: - YaST will now propose wpa_supplicant and the most commonly used setup for WPA by default (bsc#1113080) - PEAP version will now be detected correctly (bsc#1113080) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-12=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-12=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-network-3.3.2-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-network-3.3.2-3.3.1 References: https://bugzilla.suse.com/1111925 https://bugzilla.suse.com/1113080 From sle-updates at lists.suse.com Thu Jan 3 01:25:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Jan 2019 09:25:19 +0100 (CET) Subject: SUSE-RU-2019:0006-1: moderate: Recommended update for gcc7 Message-ID: <20190103082519.1BCFEFD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0006-1 Rating: moderate References: #1099119 #1099192 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: GCC 7 was updated to the GCC 7.4 release. - Fix AVR configuration to not use __cxa_atexit or libstdc++ headers. Point to /usr/avr/sys-root/include as system header include directory. - Includes fix for build with ISL 0.20. - Pulls fix for libcpp lexing bug on ppc64le manifesting during build with gcc8. [bsc#1099119] - Pulls fix for forcing compile-time tuning even when building with -march=z13 on s390x. [bsc#1099192] - Fixes support for 32bit ASAN with glibc 2.27+ Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-6=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-6=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-6=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): cross-arm-gcc7-7.4.0+r266845-4.3.3 cross-arm-gcc7-debuginfo-7.4.0+r266845-4.3.3 cross-arm-gcc7-debugsource-7.4.0+r266845-4.3.3 cross-arm-none-gcc7-bootstrap-7.4.0+r266845-4.3.4 cross-arm-none-gcc7-bootstrap-debuginfo-7.4.0+r266845-4.3.4 cross-arm-none-gcc7-bootstrap-debugsource-7.4.0+r266845-4.3.4 cross-avr-gcc7-bootstrap-7.4.0+r266845-4.3.4 cross-avr-gcc7-bootstrap-debuginfo-7.4.0+r266845-4.3.4 cross-avr-gcc7-bootstrap-debugsource-7.4.0+r266845-4.3.4 cross-epiphany-gcc7-bootstrap-7.4.0+r266845-4.3.3 cross-epiphany-gcc7-bootstrap-debuginfo-7.4.0+r266845-4.3.3 cross-epiphany-gcc7-bootstrap-debugsource-7.4.0+r266845-4.3.3 cross-hppa-gcc7-7.4.0+r266845-4.3.3 cross-hppa-gcc7-debuginfo-7.4.0+r266845-4.3.3 cross-hppa-gcc7-debugsource-7.4.0+r266845-4.3.3 cross-hppa-gcc7-icecream-backend-7.4.0+r266845-4.3.3 cross-i386-gcc7-7.4.0+r266845-4.3.3 cross-i386-gcc7-debuginfo-7.4.0+r266845-4.3.3 cross-i386-gcc7-debugsource-7.4.0+r266845-4.3.3 cross-i386-gcc7-icecream-backend-7.4.0+r266845-4.3.3 cross-m68k-gcc7-7.4.0+r266845-4.3.3 cross-m68k-gcc7-debuginfo-7.4.0+r266845-4.3.3 cross-m68k-gcc7-debugsource-7.4.0+r266845-4.3.3 cross-m68k-gcc7-icecream-backend-7.4.0+r266845-4.3.3 cross-mips-gcc7-7.4.0+r266845-4.3.3 cross-mips-gcc7-debuginfo-7.4.0+r266845-4.3.3 cross-mips-gcc7-debugsource-7.4.0+r266845-4.3.3 cross-mips-gcc7-icecream-backend-7.4.0+r266845-4.3.3 cross-ppc64-gcc7-7.4.0+r266845-4.3.3 cross-ppc64-gcc7-debuginfo-7.4.0+r266845-4.3.3 cross-ppc64-gcc7-debugsource-7.4.0+r266845-4.3.3 cross-ppc64-gcc7-icecream-backend-7.4.0+r266845-4.3.3 cross-rx-gcc7-bootstrap-7.4.0+r266845-4.3.3 cross-rx-gcc7-bootstrap-debuginfo-7.4.0+r266845-4.3.3 cross-rx-gcc7-bootstrap-debugsource-7.4.0+r266845-4.3.3 cross-sparc-gcc7-7.4.0+r266845-4.3.3 cross-sparc-gcc7-debuginfo-7.4.0+r266845-4.3.3 cross-sparc-gcc7-debugsource-7.4.0+r266845-4.3.3 cross-sparc64-gcc7-7.4.0+r266845-4.3.3 cross-sparc64-gcc7-debuginfo-7.4.0+r266845-4.3.3 cross-sparc64-gcc7-debugsource-7.4.0+r266845-4.3.3 cross-sparc64-gcc7-icecream-backend-7.4.0+r266845-4.3.3 cross-sparcv9-gcc7-icecream-backend-7.4.0+r266845-4.3.3 gcc7-debuginfo-7.4.0+r266845-4.3.4 gcc7-debugsource-7.4.0+r266845-4.3.4 gcc7-go-7.4.0+r266845-4.3.4 gcc7-go-debuginfo-7.4.0+r266845-4.3.4 gcc7-obj-c++-7.4.0+r266845-4.3.4 gcc7-obj-c++-debuginfo-7.4.0+r266845-4.3.4 gcc7-testresults-7.4.0+r266845-4.3.3 libgo11-7.4.0+r266845-4.3.4 libgo11-debuginfo-7.4.0+r266845-4.3.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (s390x x86_64): gcc7-ada-32bit-7.4.0+r266845-4.3.4 gcc7-go-32bit-7.4.0+r266845-4.3.4 gcc7-obj-c++-32bit-7.4.0+r266845-4.3.4 gcc7-objc-32bit-7.4.0+r266845-4.3.4 libada7-32bit-7.4.0+r266845-4.3.4 libada7-7.4.0+r266845-4.3.4 libada7-debuginfo-7.4.0+r266845-4.3.4 libgo11-32bit-7.4.0+r266845-4.3.4 libobjc4-32bit-7.4.0+r266845-4.3.4 libobjc4-7.4.0+r266845-4.3.4 libobjc4-debuginfo-7.4.0+r266845-4.3.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (s390x): gcc7-32bit-7.4.0+r266845-4.3.4 gcc7-c++-32bit-7.4.0+r266845-4.3.4 gcc7-fortran-32bit-7.4.0+r266845-4.3.4 libasan4-32bit-7.4.0+r266845-4.3.4 libgfortran4-32bit-7.4.0+r266845-4.3.4 libstdc++6-devel-gcc7-32bit-7.4.0+r266845-4.3.4 libubsan0-32bit-7.4.0+r266845-4.3.4 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.4.0+r266845-4.3.4 gcc7-ada-debuginfo-7.4.0+r266845-4.3.4 gcc7-debuginfo-7.4.0+r266845-4.3.4 gcc7-debugsource-7.4.0+r266845-4.3.4 gcc7-locale-7.4.0+r266845-4.3.4 gcc7-objc-7.4.0+r266845-4.3.4 gcc7-objc-debuginfo-7.4.0+r266845-4.3.4 libada7-7.4.0+r266845-4.3.4 libada7-debuginfo-7.4.0+r266845-4.3.4 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): gcc7-info-7.4.0+r266845-4.3.4 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): cross-nvptx-gcc7-7.4.0+r266845-4.3.3 cross-nvptx-newlib7-devel-7.4.0+r266845-4.3.3 gcc7-32bit-7.4.0+r266845-4.3.4 gcc7-c++-32bit-7.4.0+r266845-4.3.4 gcc7-fortran-32bit-7.4.0+r266845-4.3.4 libasan4-32bit-7.4.0+r266845-4.3.4 libasan4-32bit-debuginfo-7.4.0+r266845-4.3.4 libcilkrts5-32bit-7.4.0+r266845-4.3.4 libcilkrts5-32bit-debuginfo-7.4.0+r266845-4.3.4 libstdc++6-devel-gcc7-32bit-7.4.0+r266845-4.3.4 libubsan0-32bit-7.4.0+r266845-4.3.4 libubsan0-32bit-debuginfo-7.4.0+r266845-4.3.4 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): cpp7-7.4.0+r266845-4.3.4 cpp7-debuginfo-7.4.0+r266845-4.3.4 gcc7-7.4.0+r266845-4.3.4 gcc7-c++-7.4.0+r266845-4.3.4 gcc7-c++-debuginfo-7.4.0+r266845-4.3.4 gcc7-debuginfo-7.4.0+r266845-4.3.4 gcc7-debugsource-7.4.0+r266845-4.3.4 gcc7-fortran-7.4.0+r266845-4.3.4 gcc7-fortran-debuginfo-7.4.0+r266845-4.3.4 libasan4-7.4.0+r266845-4.3.4 libasan4-debuginfo-7.4.0+r266845-4.3.4 libgfortran4-7.4.0+r266845-4.3.4 libgfortran4-debuginfo-7.4.0+r266845-4.3.4 libobjc4-7.4.0+r266845-4.3.4 libobjc4-debuginfo-7.4.0+r266845-4.3.4 libstdc++6-devel-gcc7-7.4.0+r266845-4.3.4 libubsan0-7.4.0+r266845-4.3.4 libubsan0-debuginfo-7.4.0+r266845-4.3.4 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libcilkrts5-7.4.0+r266845-4.3.4 libcilkrts5-debuginfo-7.4.0+r266845-4.3.4 libgfortran4-32bit-7.4.0+r266845-4.3.4 libgfortran4-32bit-debuginfo-7.4.0+r266845-4.3.4 References: https://bugzilla.suse.com/1099119 https://bugzilla.suse.com/1099192 From sle-updates at lists.suse.com Thu Jan 3 01:26:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Jan 2019 09:26:06 +0100 (CET) Subject: SUSE-RU-2019:0009-1: moderate: Recommended update for mirror Message-ID: <20190103082606.B5407FD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for mirror ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0009-1 Rating: moderate References: #1117110 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mirror provides the following fix: - Check if a directory must be removed. In case all the previous content of a directory is removed, but new content for the directory was downloaded, do not remove it. (bsc#1117110) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-9=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): mirror-2.9-3.3.1 References: https://bugzilla.suse.com/1117110 From sle-updates at lists.suse.com Thu Jan 3 07:09:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Jan 2019 15:09:00 +0100 (CET) Subject: SUSE-SU-2019:0015-1: moderate: Security update for polkit Message-ID: <20190103140900.79CC3FDCF@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0015-1 Rating: moderate References: #1118277 Cross-References: CVE-2018-19788 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-15=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-15=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): polkit-doc-0.114-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpolkit0-0.114-3.6.1 libpolkit0-debuginfo-0.114-3.6.1 polkit-0.114-3.6.1 polkit-debuginfo-0.114-3.6.1 polkit-debugsource-0.114-3.6.1 polkit-devel-0.114-3.6.1 polkit-devel-debuginfo-0.114-3.6.1 typelib-1_0-Polkit-1_0-0.114-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-19788.html https://bugzilla.suse.com/1118277 From sle-updates at lists.suse.com Thu Jan 3 10:09:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Jan 2019 18:09:14 +0100 (CET) Subject: SUSE-RU-2019:0016-1: important: Recommended update for yast2-ntp-client Message-ID: <20190103170914.27217FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ntp-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0016-1 Rating: important References: #1058510 #1075039 #1086526 #1108497 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-ntp-client provides the following fix: - Save the service status according to the user preferences (bsc#1075039) - Only write the configuration once, and do not save changes when we are only synchronizing the date. (bsc#1108497) - Add support for writing Tinker record via autoyast (bsc#1086526) - Avoid internal error during AutoYaST cloning when fudge records are present (bsc#1058510) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-16=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-16=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-ntp-client-3.2.18-2.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-ntp-client-3.2.18-2.13.1 References: https://bugzilla.suse.com/1058510 https://bugzilla.suse.com/1075039 https://bugzilla.suse.com/1086526 https://bugzilla.suse.com/1108497 From sle-updates at lists.suse.com Thu Jan 3 13:08:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Jan 2019 21:08:47 +0100 (CET) Subject: SUSE-SU-2019:13923-1: moderate: Security update for GraphicsMagick Message-ID: <20190103200847.AB9B6FCB3@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13923-1 Rating: moderate References: #1042911 #1052754 #1078433 #1112392 #1112399 #1113064 #1119822 #1119823 Cross-References: CVE-2017-10794 CVE-2017-12663 CVE-2017-14997 CVE-2017-9405 CVE-2018-18544 CVE-2018-20184 CVE-2018-20185 CVE-2018-6405 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage() (bsc#1113064). - CVE-2017-10794: Fixed buffer overflow in RGB TIFF picture processing (bsc#1112392). - CVE-2017-14997: Fixed integer underflow in ReadPICTImage in coders/pict.c (bsc#1112399). - CVE-2018-20185: Fixed heap-based buffer over-read in the ReadBMPImage function of bmp.c (bsc#1119823) - CVE-2018-20184: Fixed heap-based buffer overflow in the WriteTGAImage function of tga.c (bsc#1119822) Regressions fixed after security update: - CVE-2017-12663: Fixed memory leak in WriteMAPImage in coders/map.c (bsc#1052754). - CVE-2017-9405: Fixed memory leak in the ReadICONImage function (bsc#1042911). - CVE-2018-6405: Fixed ReadDCMImage function in coders/dcm (bsc#1078433). Non-security issues fixed: - debug_build: build more suitable for debugging Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13923=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13923=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13923=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-78.78.1 libGraphicsMagick2-1.2.5-78.78.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-78.78.1 libGraphicsMagick2-1.2.5-78.78.1 perl-GraphicsMagick-1.2.5-78.78.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-78.78.1 GraphicsMagick-debugsource-1.2.5-78.78.1 References: https://www.suse.com/security/cve/CVE-2017-10794.html https://www.suse.com/security/cve/CVE-2017-12663.html https://www.suse.com/security/cve/CVE-2017-14997.html https://www.suse.com/security/cve/CVE-2017-9405.html https://www.suse.com/security/cve/CVE-2018-18544.html https://www.suse.com/security/cve/CVE-2018-20184.html https://www.suse.com/security/cve/CVE-2018-20185.html https://www.suse.com/security/cve/CVE-2018-6405.html https://bugzilla.suse.com/1042911 https://bugzilla.suse.com/1052754 https://bugzilla.suse.com/1078433 https://bugzilla.suse.com/1112392 https://bugzilla.suse.com/1112399 https://bugzilla.suse.com/1113064 https://bugzilla.suse.com/1119822 https://bugzilla.suse.com/1119823 From sle-updates at lists.suse.com Fri Jan 4 07:09:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Jan 2019 15:09:19 +0100 (CET) Subject: SUSE-SU-2019:13924-1: important: Security update for mailman Message-ID: <20190104140919.E4B06FDCF@maintenance.suse.de> SUSE Security Update: Security update for mailman ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13924-1 Rating: important References: #1077358 #1099510 #1101288 #925502 #995352 Cross-References: CVE-2015-2775 CVE-2016-6893 CVE-2018-0618 CVE-2018-13796 CVE-2018-5950 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mailman-13924=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-mailman-13924=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mailman-13924=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mailman-13924=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mailman-13924=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): mailman-2.1.15-9.6.6.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): mailman-2.1.15-9.6.6.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): mailman-2.1.15-9.6.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mailman-debuginfo-2.1.15-9.6.6.1 mailman-debugsource-2.1.15-9.6.6.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mailman-debuginfo-2.1.15-9.6.6.1 mailman-debugsource-2.1.15-9.6.6.1 References: https://www.suse.com/security/cve/CVE-2015-2775.html https://www.suse.com/security/cve/CVE-2016-6893.html https://www.suse.com/security/cve/CVE-2018-0618.html https://www.suse.com/security/cve/CVE-2018-13796.html https://www.suse.com/security/cve/CVE-2018-5950.html https://bugzilla.suse.com/1077358 https://bugzilla.suse.com/1099510 https://bugzilla.suse.com/1101288 https://bugzilla.suse.com/925502 https://bugzilla.suse.com/995352 From sle-updates at lists.suse.com Fri Jan 4 10:11:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Jan 2019 18:11:51 +0100 (CET) Subject: SUSE-SU-2019:0020-1: important: Security update for xen Message-ID: <20190104171151.163E6FD4B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0020-1 Rating: important References: #1027519 #1105528 #1108940 #1114423 #1115040 #1115045 #1115047 #1116380 #1117756 Cross-References: CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update for xen fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423) Other bugs fixed: - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528) - Fixed an issue with live migrations, which used to fail when spectre is enabled on xen boot cmdline (bsc#1116380) - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-20=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-20=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-20=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-20=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-20=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_05-43.45.1 xen-debugsource-4.7.6_05-43.45.1 xen-doc-html-4.7.6_05-43.45.1 xen-libs-32bit-4.7.6_05-43.45.1 xen-libs-4.7.6_05-43.45.1 xen-libs-debuginfo-32bit-4.7.6_05-43.45.1 xen-libs-debuginfo-4.7.6_05-43.45.1 xen-tools-4.7.6_05-43.45.1 xen-tools-debuginfo-4.7.6_05-43.45.1 xen-tools-domU-4.7.6_05-43.45.1 xen-tools-domU-debuginfo-4.7.6_05-43.45.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.6_05-43.45.1 xen-debugsource-4.7.6_05-43.45.1 xen-doc-html-4.7.6_05-43.45.1 xen-libs-32bit-4.7.6_05-43.45.1 xen-libs-4.7.6_05-43.45.1 xen-libs-debuginfo-32bit-4.7.6_05-43.45.1 xen-libs-debuginfo-4.7.6_05-43.45.1 xen-tools-4.7.6_05-43.45.1 xen-tools-debuginfo-4.7.6_05-43.45.1 xen-tools-domU-4.7.6_05-43.45.1 xen-tools-domU-debuginfo-4.7.6_05-43.45.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.6_05-43.45.1 xen-debugsource-4.7.6_05-43.45.1 xen-doc-html-4.7.6_05-43.45.1 xen-libs-32bit-4.7.6_05-43.45.1 xen-libs-4.7.6_05-43.45.1 xen-libs-debuginfo-32bit-4.7.6_05-43.45.1 xen-libs-debuginfo-4.7.6_05-43.45.1 xen-tools-4.7.6_05-43.45.1 xen-tools-debuginfo-4.7.6_05-43.45.1 xen-tools-domU-4.7.6_05-43.45.1 xen-tools-domU-debuginfo-4.7.6_05-43.45.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_05-43.45.1 xen-debugsource-4.7.6_05-43.45.1 xen-doc-html-4.7.6_05-43.45.1 xen-libs-32bit-4.7.6_05-43.45.1 xen-libs-4.7.6_05-43.45.1 xen-libs-debuginfo-32bit-4.7.6_05-43.45.1 xen-libs-debuginfo-4.7.6_05-43.45.1 xen-tools-4.7.6_05-43.45.1 xen-tools-debuginfo-4.7.6_05-43.45.1 xen-tools-domU-4.7.6_05-43.45.1 xen-tools-domU-debuginfo-4.7.6_05-43.45.1 - SUSE Enterprise Storage 4 (x86_64): xen-4.7.6_05-43.45.1 xen-debugsource-4.7.6_05-43.45.1 xen-doc-html-4.7.6_05-43.45.1 xen-libs-32bit-4.7.6_05-43.45.1 xen-libs-4.7.6_05-43.45.1 xen-libs-debuginfo-32bit-4.7.6_05-43.45.1 xen-libs-debuginfo-4.7.6_05-43.45.1 xen-tools-4.7.6_05-43.45.1 xen-tools-debuginfo-4.7.6_05-43.45.1 xen-tools-domU-4.7.6_05-43.45.1 xen-tools-domU-debuginfo-4.7.6_05-43.45.1 References: https://www.suse.com/security/cve/CVE-2018-18849.html https://www.suse.com/security/cve/CVE-2018-19665.html https://www.suse.com/security/cve/CVE-2018-19961.html https://www.suse.com/security/cve/CVE-2018-19962.html https://www.suse.com/security/cve/CVE-2018-19965.html https://www.suse.com/security/cve/CVE-2018-19966.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1105528 https://bugzilla.suse.com/1108940 https://bugzilla.suse.com/1114423 https://bugzilla.suse.com/1115040 https://bugzilla.suse.com/1115045 https://bugzilla.suse.com/1115047 https://bugzilla.suse.com/1116380 https://bugzilla.suse.com/1117756 From sle-updates at lists.suse.com Fri Jan 4 10:14:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Jan 2019 18:14:34 +0100 (CET) Subject: SUSE-SU-2019:0019-1: moderate: Security update for polkit Message-ID: <20190104171434.870BEFD4B@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0019-1 Rating: moderate References: #1118277 Cross-References: CVE-2018-19788 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-19=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-19=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-19=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-19=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-19=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-19=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-19=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-19=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-19=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-19=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-19=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-19=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-19=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-19=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-19=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libpolkit0-0.113-5.15.1 libpolkit0-debuginfo-0.113-5.15.1 polkit-0.113-5.15.1 polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 typelib-1_0-Polkit-1_0-0.113-5.15.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libpolkit0-32bit-0.113-5.15.1 libpolkit0-debuginfo-32bit-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libpolkit0-32bit-0.113-5.15.1 libpolkit0-debuginfo-32bit-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 polkit-devel-0.113-5.15.1 polkit-devel-debuginfo-0.113-5.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 polkit-devel-0.113-5.15.1 polkit-devel-debuginfo-0.113-5.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpolkit0-0.113-5.15.1 libpolkit0-debuginfo-0.113-5.15.1 polkit-0.113-5.15.1 polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 typelib-1_0-Polkit-1_0-0.113-5.15.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpolkit0-0.113-5.15.1 libpolkit0-debuginfo-0.113-5.15.1 polkit-0.113-5.15.1 polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 typelib-1_0-Polkit-1_0-0.113-5.15.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpolkit0-0.113-5.15.1 libpolkit0-debuginfo-0.113-5.15.1 polkit-0.113-5.15.1 polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 typelib-1_0-Polkit-1_0-0.113-5.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpolkit0-0.113-5.15.1 libpolkit0-debuginfo-0.113-5.15.1 polkit-0.113-5.15.1 polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 typelib-1_0-Polkit-1_0-0.113-5.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpolkit0-0.113-5.15.1 libpolkit0-debuginfo-0.113-5.15.1 polkit-0.113-5.15.1 polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 typelib-1_0-Polkit-1_0-0.113-5.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpolkit0-0.113-5.15.1 libpolkit0-debuginfo-0.113-5.15.1 polkit-0.113-5.15.1 polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 typelib-1_0-Polkit-1_0-0.113-5.15.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libpolkit0-0.113-5.15.1 libpolkit0-debuginfo-0.113-5.15.1 polkit-0.113-5.15.1 polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 typelib-1_0-Polkit-1_0-0.113-5.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpolkit0-0.113-5.15.1 libpolkit0-32bit-0.113-5.15.1 libpolkit0-debuginfo-0.113-5.15.1 libpolkit0-debuginfo-32bit-0.113-5.15.1 polkit-0.113-5.15.1 polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 typelib-1_0-Polkit-1_0-0.113-5.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpolkit0-0.113-5.15.1 libpolkit0-32bit-0.113-5.15.1 libpolkit0-debuginfo-0.113-5.15.1 libpolkit0-debuginfo-32bit-0.113-5.15.1 polkit-0.113-5.15.1 polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 typelib-1_0-Polkit-1_0-0.113-5.15.1 - SUSE Enterprise Storage 4 (x86_64): libpolkit0-0.113-5.15.1 libpolkit0-debuginfo-0.113-5.15.1 polkit-0.113-5.15.1 polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 typelib-1_0-Polkit-1_0-0.113-5.15.1 References: https://www.suse.com/security/cve/CVE-2018-19788.html https://bugzilla.suse.com/1118277 From sle-updates at lists.suse.com Mon Jan 7 07:09:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Jan 2019 15:09:07 +0100 (CET) Subject: SUSE-RU-2019:0021-1: moderate: Recommended update for gcc7 Message-ID: <20190107140907.9E95BFDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0021-1 Rating: moderate References: #1099119 #1099192 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Toolchain 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: gcc7 was updated to the GCC 7.4 release. Other bugfixes: - Fix AVR configuration to not use __cxa_atexit or libstdc++ headers. Point to /usr/avr/sys-root/include as system header include directory. - Includes fix for build with ISL 0.20. - Pulls fix for libcpp lexing bug on ppc64le manifesting during build with gcc8. [bsc#1099119] - Pulls fix for forcing compile-time tuning even when building with -march=z13 on s390x. [bsc#1099192] - Fixes support for 32bit ASAN with glibc 2.27+ Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-21=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-21=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-21=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-21=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-21=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-21=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-21=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-21=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-21=1 - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2019-21=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-21=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-21=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-21=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-21=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 libasan4-32bit-7.4.0+r266845-8.1 libasan4-7.4.0+r266845-8.1 libasan4-debuginfo-7.4.0+r266845-8.1 libgfortran4-32bit-7.4.0+r266845-8.1 libgfortran4-7.4.0+r266845-8.1 libgfortran4-debuginfo-7.4.0+r266845-8.1 libubsan0-32bit-7.4.0+r266845-8.1 libubsan0-7.4.0+r266845-8.1 libubsan0-debuginfo-7.4.0+r266845-8.1 - SUSE OpenStack Cloud 7 (x86_64): libcilkrts5-32bit-7.4.0+r266845-8.1 libcilkrts5-7.4.0+r266845-8.1 libcilkrts5-debuginfo-7.4.0+r266845-8.1 - SUSE OpenStack Cloud 7 (s390x): libasan4-32bit-debuginfo-7.4.0+r266845-8.1 libubsan0-32bit-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (s390x x86_64): gcc7-debugsource-7.4.0+r266845-8.1 libgfortran4-32bit-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 libasan4-7.4.0+r266845-8.1 libasan4-debuginfo-7.4.0+r266845-8.1 libgfortran4-7.4.0+r266845-8.1 libgfortran4-debuginfo-7.4.0+r266845-8.1 libubsan0-7.4.0+r266845-8.1 libubsan0-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libasan4-32bit-7.4.0+r266845-8.1 libcilkrts5-32bit-7.4.0+r266845-8.1 libcilkrts5-7.4.0+r266845-8.1 libcilkrts5-debuginfo-7.4.0+r266845-8.1 libgfortran4-32bit-7.4.0+r266845-8.1 libubsan0-32bit-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 libasan4-7.4.0+r266845-8.1 libasan4-debuginfo-7.4.0+r266845-8.1 libgfortran4-7.4.0+r266845-8.1 libgfortran4-debuginfo-7.4.0+r266845-8.1 libubsan0-7.4.0+r266845-8.1 libubsan0-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libasan4-32bit-7.4.0+r266845-8.1 libgfortran4-32bit-7.4.0+r266845-8.1 libubsan0-32bit-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): libcilkrts5-32bit-7.4.0+r266845-8.1 libcilkrts5-7.4.0+r266845-8.1 libcilkrts5-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 libasan4-7.4.0+r266845-8.1 libasan4-debuginfo-7.4.0+r266845-8.1 libgfortran4-7.4.0+r266845-8.1 libgfortran4-debuginfo-7.4.0+r266845-8.1 libubsan0-7.4.0+r266845-8.1 libubsan0-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libasan4-32bit-7.4.0+r266845-8.1 libgfortran4-32bit-7.4.0+r266845-8.1 libubsan0-32bit-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libcilkrts5-32bit-7.4.0+r266845-8.1 libcilkrts5-32bit-debuginfo-7.4.0+r266845-8.1 libcilkrts5-7.4.0+r266845-8.1 libcilkrts5-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): libasan4-32bit-debuginfo-7.4.0+r266845-8.1 libubsan0-32bit-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 libasan4-7.4.0+r266845-8.1 libasan4-debuginfo-7.4.0+r266845-8.1 libgfortran4-7.4.0+r266845-8.1 libgfortran4-debuginfo-7.4.0+r266845-8.1 libubsan0-7.4.0+r266845-8.1 libubsan0-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libasan4-32bit-7.4.0+r266845-8.1 libgfortran4-32bit-7.4.0+r266845-8.1 libubsan0-32bit-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libcilkrts5-32bit-7.4.0+r266845-8.1 libcilkrts5-7.4.0+r266845-8.1 libcilkrts5-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): libasan4-32bit-debuginfo-7.4.0+r266845-8.1 libubsan0-32bit-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 libasan4-32bit-7.4.0+r266845-8.1 libasan4-7.4.0+r266845-8.1 libasan4-debuginfo-7.4.0+r266845-8.1 libcilkrts5-32bit-7.4.0+r266845-8.1 libcilkrts5-7.4.0+r266845-8.1 libcilkrts5-debuginfo-7.4.0+r266845-8.1 libgfortran4-32bit-7.4.0+r266845-8.1 libgfortran4-7.4.0+r266845-8.1 libgfortran4-debuginfo-7.4.0+r266845-8.1 libubsan0-32bit-7.4.0+r266845-8.1 libubsan0-7.4.0+r266845-8.1 libubsan0-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 libasan4-7.4.0+r266845-8.1 libasan4-debuginfo-7.4.0+r266845-8.1 libgfortran4-7.4.0+r266845-8.1 libgfortran4-debuginfo-7.4.0+r266845-8.1 libubsan0-7.4.0+r266845-8.1 libubsan0-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libasan4-32bit-7.4.0+r266845-8.1 libasan4-32bit-debuginfo-7.4.0+r266845-8.1 libgfortran4-32bit-7.4.0+r266845-8.1 libgfortran4-32bit-debuginfo-7.4.0+r266845-8.1 libubsan0-32bit-7.4.0+r266845-8.1 libubsan0-32bit-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): libcilkrts5-32bit-7.4.0+r266845-8.1 libcilkrts5-32bit-debuginfo-7.4.0+r266845-8.1 libcilkrts5-7.4.0+r266845-8.1 libcilkrts5-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): gcc7-debugsource-7.4.0+r266845-8.1 libasan4-7.4.0+r266845-8.1 libasan4-debuginfo-7.4.0+r266845-8.1 libgfortran4-7.4.0+r266845-8.1 libgfortran4-debuginfo-7.4.0+r266845-8.1 libubsan0-7.4.0+r266845-8.1 libubsan0-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libasan4-32bit-7.4.0+r266845-8.1 libasan4-32bit-debuginfo-7.4.0+r266845-8.1 libgfortran4-32bit-7.4.0+r266845-8.1 libgfortran4-32bit-debuginfo-7.4.0+r266845-8.1 libubsan0-32bit-7.4.0+r266845-8.1 libubsan0-32bit-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): libcilkrts5-32bit-7.4.0+r266845-8.1 libcilkrts5-32bit-debuginfo-7.4.0+r266845-8.1 libcilkrts5-7.4.0+r266845-8.1 libcilkrts5-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Module for Toolchain 12 (aarch64 ppc64le s390x x86_64): cpp7-7.4.0+r266845-8.1 cpp7-debuginfo-7.4.0+r266845-8.1 gcc7-7.4.0+r266845-8.1 gcc7-c++-7.4.0+r266845-8.1 gcc7-c++-debuginfo-7.4.0+r266845-8.1 gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 gcc7-fortran-7.4.0+r266845-8.1 gcc7-fortran-debuginfo-7.4.0+r266845-8.1 gcc7-locale-7.4.0+r266845-8.1 libstdc++6-devel-gcc7-7.4.0+r266845-8.1 - SUSE Linux Enterprise Module for Toolchain 12 (s390x x86_64): gcc7-32bit-7.4.0+r266845-8.1 gcc7-c++-32bit-7.4.0+r266845-8.1 gcc7-fortran-32bit-7.4.0+r266845-8.1 libstdc++6-devel-gcc7-32bit-7.4.0+r266845-8.1 - SUSE Linux Enterprise Module for Toolchain 12 (noarch): gcc7-info-7.4.0+r266845-8.1 - SUSE Linux Enterprise Module for Toolchain 12 (x86_64): cross-nvptx-gcc7-7.4.0+r266845-8.1 cross-nvptx-newlib7-devel-7.4.0+r266845-8.1 gcc7-ada-32bit-7.4.0+r266845-8.1 gcc7-ada-7.4.0+r266845-8.1 gcc7-ada-debuginfo-7.4.0+r266845-8.1 libada7-32bit-7.4.0+r266845-8.1 libada7-32bit-debuginfo-7.4.0+r266845-8.1 libada7-7.4.0+r266845-8.1 libada7-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 libasan4-32bit-7.4.0+r266845-8.1 libasan4-7.4.0+r266845-8.1 libasan4-debuginfo-7.4.0+r266845-8.1 libcilkrts5-32bit-7.4.0+r266845-8.1 libcilkrts5-7.4.0+r266845-8.1 libcilkrts5-debuginfo-7.4.0+r266845-8.1 libgfortran4-32bit-7.4.0+r266845-8.1 libgfortran4-7.4.0+r266845-8.1 libgfortran4-debuginfo-7.4.0+r266845-8.1 libubsan0-32bit-7.4.0+r266845-8.1 libubsan0-7.4.0+r266845-8.1 libubsan0-debuginfo-7.4.0+r266845-8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 libasan4-32bit-7.4.0+r266845-8.1 libasan4-7.4.0+r266845-8.1 libasan4-debuginfo-7.4.0+r266845-8.1 libcilkrts5-32bit-7.4.0+r266845-8.1 libcilkrts5-7.4.0+r266845-8.1 libcilkrts5-debuginfo-7.4.0+r266845-8.1 libgfortran4-32bit-7.4.0+r266845-8.1 libgfortran4-7.4.0+r266845-8.1 libgfortran4-debuginfo-7.4.0+r266845-8.1 libubsan0-32bit-7.4.0+r266845-8.1 libubsan0-7.4.0+r266845-8.1 libubsan0-debuginfo-7.4.0+r266845-8.1 - SUSE Enterprise Storage 4 (x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 libasan4-32bit-7.4.0+r266845-8.1 libasan4-7.4.0+r266845-8.1 libasan4-debuginfo-7.4.0+r266845-8.1 libcilkrts5-32bit-7.4.0+r266845-8.1 libcilkrts5-7.4.0+r266845-8.1 libcilkrts5-debuginfo-7.4.0+r266845-8.1 libgfortran4-32bit-7.4.0+r266845-8.1 libgfortran4-7.4.0+r266845-8.1 libgfortran4-debuginfo-7.4.0+r266845-8.1 libubsan0-32bit-7.4.0+r266845-8.1 libubsan0-7.4.0+r266845-8.1 libubsan0-debuginfo-7.4.0+r266845-8.1 - SUSE CaaS Platform ALL (x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 - SUSE CaaS Platform 3.0 (x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): gcc7-debuginfo-7.4.0+r266845-8.1 gcc7-debugsource-7.4.0+r266845-8.1 References: https://bugzilla.suse.com/1099119 https://bugzilla.suse.com/1099192 From sle-updates at lists.suse.com Mon Jan 7 13:10:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Jan 2019 21:10:09 +0100 (CET) Subject: SUSE-SU-2019:0023-1: moderate: Security update for gpg2 Message-ID: <20190107201009.92B54FDF0@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0023-1 Rating: moderate References: #1120346 Cross-References: CVE-2018-1000858 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gpg2 fixes the following issue: Security issue fixed: - CVE-2018-1000858: Fixed a Cross Site Request Forgery(CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF (bsc#1120346). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-23=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gpg2-2.2.5-4.6.2 gpg2-debuginfo-2.2.5-4.6.2 gpg2-debugsource-2.2.5-4.6.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): gpg2-lang-2.2.5-4.6.2 References: https://www.suse.com/security/cve/CVE-2018-1000858.html https://bugzilla.suse.com/1120346 From sle-updates at lists.suse.com Mon Jan 7 16:08:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 00:08:59 +0100 (CET) Subject: SUSE-SU-2019:0024-1: important: Security update for libgit2 Message-ID: <20190107230859.80D3CFDCF@maintenance.suse.de> SUSE Security Update: Security update for libgit2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0024-1 Rating: important References: #1110949 #1114729 Cross-References: CVE-2018-19456 Affected Products: SUSE Manager Server 3.2 SUSE Manager Server 3.1 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libgit2 fixes the following issues: Security issues fixed: - CVE-2018-19456: Fixed a code execution by malicious .gitmodules file (bsc#1110949) - various string-to-integer and buffer handling fixes (bsc#1114729). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-24=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-24=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-24=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-24=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): libgit2-24-0.24.1-7.9.1 libgit2-24-debuginfo-0.24.1-7.9.1 libgit2-debugsource-0.24.1-7.9.1 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): libgit2-24-0.24.1-7.9.1 libgit2-24-debuginfo-0.24.1-7.9.1 libgit2-debugsource-0.24.1-7.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (x86_64): libgit2-24-0.24.1-7.9.1 libgit2-24-debuginfo-0.24.1-7.9.1 libgit2-debugsource-0.24.1-7.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (x86_64): libgit2-24-0.24.1-7.9.1 libgit2-24-debuginfo-0.24.1-7.9.1 libgit2-debugsource-0.24.1-7.9.1 References: https://www.suse.com/security/cve/CVE-2018-19456.html https://bugzilla.suse.com/1110949 https://bugzilla.suse.com/1114729 From sle-updates at lists.suse.com Tue Jan 8 07:09:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 15:09:11 +0100 (CET) Subject: SUSE-SU-2018:2204-2: moderate: Security update for libsoup Message-ID: <20190108140911.07A40FDF0@maintenance.suse.de> SUSE Security Update: Security update for libsoup ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2204-2 Rating: moderate References: #1052916 #1086036 #1100097 Cross-References: CVE-2017-2885 CVE-2018-12910 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libsoup fixes the following issues: Security issue fixed: - CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097). - CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers (bsc#1052916). Bug fixes: - bsc#1086036: translation-update-upstream commented out for Leap Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-25=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-25=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-25=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-25=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libsoup-2_4-1-2.62.2-5.7.1 libsoup-2_4-1-32bit-2.62.2-5.7.1 libsoup-2_4-1-debuginfo-2.62.2-5.7.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.7.1 libsoup-debugsource-2.62.2-5.7.1 typelib-1_0-Soup-2_4-2.62.2-5.7.1 - SUSE OpenStack Cloud 7 (noarch): libsoup-lang-2.62.2-5.7.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsoup-2_4-1-2.62.2-5.7.1 libsoup-2_4-1-debuginfo-2.62.2-5.7.1 libsoup-debugsource-2.62.2-5.7.1 typelib-1_0-Soup-2_4-2.62.2-5.7.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libsoup-lang-2.62.2-5.7.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsoup-2_4-1-32bit-2.62.2-5.7.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.7.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsoup-2_4-1-2.62.2-5.7.1 libsoup-2_4-1-debuginfo-2.62.2-5.7.1 libsoup-debugsource-2.62.2-5.7.1 typelib-1_0-Soup-2_4-2.62.2-5.7.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsoup-2_4-1-32bit-2.62.2-5.7.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.7.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libsoup-lang-2.62.2-5.7.1 - SUSE Enterprise Storage 4 (noarch): libsoup-lang-2.62.2-5.7.1 - SUSE Enterprise Storage 4 (x86_64): libsoup-2_4-1-2.62.2-5.7.1 libsoup-2_4-1-32bit-2.62.2-5.7.1 libsoup-2_4-1-debuginfo-2.62.2-5.7.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.7.1 libsoup-debugsource-2.62.2-5.7.1 typelib-1_0-Soup-2_4-2.62.2-5.7.1 References: https://www.suse.com/security/cve/CVE-2017-2885.html https://www.suse.com/security/cve/CVE-2018-12910.html https://bugzilla.suse.com/1052916 https://bugzilla.suse.com/1086036 https://bugzilla.suse.com/1100097 From sle-updates at lists.suse.com Tue Jan 8 07:10:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 15:10:14 +0100 (CET) Subject: SUSE-RU-2019:0026-1: moderate: Recommended update for python-ec2uploadimg Message-ID: <20190108141014.F3B41FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ec2uploadimg ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0026-1 Rating: moderate References: #1118028 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-ec2uploadimg fixes the following issues: - Support ARM architecture (bsc#1118028) - Use the proper subnet if no default subnet exists in the account Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-26=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-ec2uploadimg-3.0.1-28.3.1 python-ec2utilsbase-2.0.2-17.2.1 References: https://bugzilla.suse.com/1118028 From sle-updates at lists.suse.com Tue Jan 8 10:09:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:09:17 +0100 (CET) Subject: SUSE-RU-2019:0045-1: moderate: Recommended update for update-checker Message-ID: <20190108170917.35FFDFDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for update-checker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0045-1 Rating: moderate References: #1117647 #1118321 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for update-checker fixes the following changes: - syntax error in OnCalendar entry (bsc#1118321) - introduce profiles for configuration file, so that we can call the tool from commandline or from systemd with different output (bsc#1117647) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): update-checker-1.0+git20181205.79dad1e-2.8.1 References: https://bugzilla.suse.com/1117647 https://bugzilla.suse.com/1118321 From sle-updates at lists.suse.com Tue Jan 8 10:09:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:09:59 +0100 (CET) Subject: SUSE-RU-2019:0036-1: moderate: Recommended update for multipath-tools Message-ID: <20190108170959.54E12FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0036-1 Rating: moderate References: #1099007 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for multipath-tools provides the following fix: - libmpathpersist: Fix off-by-one error in PRIN length check. (bsc#1099007) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-36=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-36=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-36=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): multipath-tools-debuginfo-0.7.3+105+suse.c4be709-2.3.1 multipath-tools-debugsource-0.7.3+105+suse.c4be709-2.3.1 multipath-tools-devel-0.7.3+105+suse.c4be709-2.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kpartx-0.7.3+105+suse.c4be709-2.3.1 kpartx-debuginfo-0.7.3+105+suse.c4be709-2.3.1 multipath-tools-0.7.3+105+suse.c4be709-2.3.1 multipath-tools-debuginfo-0.7.3+105+suse.c4be709-2.3.1 multipath-tools-debugsource-0.7.3+105+suse.c4be709-2.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kpartx-0.7.3+105+suse.c4be709-2.3.1 kpartx-debuginfo-0.7.3+105+suse.c4be709-2.3.1 multipath-tools-0.7.3+105+suse.c4be709-2.3.1 multipath-tools-debuginfo-0.7.3+105+suse.c4be709-2.3.1 multipath-tools-debugsource-0.7.3+105+suse.c4be709-2.3.1 References: https://bugzilla.suse.com/1099007 From sle-updates at lists.suse.com Tue Jan 8 10:10:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:10:37 +0100 (CET) Subject: SUSE-RU-2019:0041-1: moderate: Recommended update for SUSE Manager Proxy 3.1 Message-ID: <20190108171037.40FDCFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0041-1 Rating: moderate References: #1110772 #1112839 Affected Products: SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: spacewalk-backend: - Honor renamed postgresql10 log directory for supportconfig. spacewalk-certs-tools: - Fix python3 compatibility issues. (bsc#1112839) spacewalk-web: - When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-41=1 Package List: - SUSE Manager Proxy 3.1 (noarch): spacewalk-backend-2.7.73.16-2.29.1 spacewalk-backend-libs-2.7.73.16-2.29.1 spacewalk-base-minimal-2.7.1.20-2.32.1 spacewalk-base-minimal-config-2.7.1.20-2.32.1 spacewalk-certs-tools-2.7.0.12-2.18.1 References: https://bugzilla.suse.com/1110772 https://bugzilla.suse.com/1112839 From sle-updates at lists.suse.com Tue Jan 8 10:11:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:11:24 +0100 (CET) Subject: SUSE-RU-2019:13925-1: Recommended update for elilo Message-ID: <20190108171124.C477AFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for elilo ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13925-1 Rating: low References: #1102567 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for elilo provides the following fix: - Add support for using 'ucode=' for XEN. (bsc#1102567) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-elilo-13925=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-elilo-13925=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 x86_64): elilo-3.14-0.39.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 x86_64): elilo-debuginfo-3.14-0.39.3.1 References: https://bugzilla.suse.com/1102567 From sle-updates at lists.suse.com Tue Jan 8 10:12:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:12:04 +0100 (CET) Subject: SUSE-RU-2019:0030-1: moderate: Recommended update for release-notes-sled Message-ID: <20190108171204.58855FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0030-1 Rating: moderate References: #933411 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-sled fixes the following issues: - Remove release date from document Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-30=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-30=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): release-notes-sled-12.4.20181207-2.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): release-notes-sled-12.4.20181207-2.3.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Jan 8 10:12:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:12:41 +0100 (CET) Subject: SUSE-RU-2019:0031-1: moderate: Recommended update for librdkafka Message-ID: <20190108171241.69E05FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for librdkafka ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0031-1 Rating: moderate References: #1119963 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships librdkafka 0.11.6 to SUSE Linux Enterprise Server 12 SP3 and SP4. librdkafka is a C library implementation of the Apache Kafka protocol, containing both Producer and Consumer support. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-31=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-31=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-31=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-31=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): librdkafka-devel-0.11.6-1.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): librdkafka-devel-0.11.6-1.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): librdkafka-debugsource-0.11.6-1.3.1 librdkafka1-0.11.6-1.3.1 librdkafka1-debuginfo-0.11.6-1.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): librdkafka-debugsource-0.11.6-1.3.1 librdkafka1-0.11.6-1.3.1 librdkafka1-debuginfo-0.11.6-1.3.1 References: https://bugzilla.suse.com/1119963 From sle-updates at lists.suse.com Tue Jan 8 10:13:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:13:19 +0100 (CET) Subject: SUSE-RU-2019:0038-1: moderate: Recommended update for crmsh Message-ID: <20190108171319.C161BFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0038-1 Rating: moderate References: #1111202 #1111579 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh provides the following fixes: - Fix an issue where 'crm configure edit' displayed several warnings when editing a bootstrap option. (bsc#1111202) - cibconfig: Normalize - to _ in parameter names. (bsc#1111579) - ra: Handle the obsoletes attribute. (bsc#1111579) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-38=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): crmsh-3.0.3-13.8.1 crmsh-scripts-3.0.3-13.8.1 References: https://bugzilla.suse.com/1111202 https://bugzilla.suse.com/1111579 From sle-updates at lists.suse.com Tue Jan 8 10:14:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:14:11 +0100 (CET) Subject: SUSE-RU-2019:0035-1: moderate: Recommended update for gdb Message-ID: <20190108171411.50AF5FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0035-1 Rating: moderate References: #1109013 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdb provides the following fix: - Fix a crash when reading core. (bsc#1109013) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-35=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-35=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-35=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-35=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-35=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-35=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): gdb-debuginfo-8.2-2.9.4 gdb-debugsource-8.2-2.9.4 gdbserver-8.2-2.9.4 gdbserver-debuginfo-8.2-2.9.4 - SUSE Linux Enterprise Software Development Kit 12-SP4 (s390x): gdb-debuginfo-32bit-8.2-2.9.4 gdbserver-32bit-8.2-2.9.4 gdbserver-debuginfo-32bit-8.2-2.9.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gdb-debuginfo-8.2-2.9.4 gdb-debugsource-8.2-2.9.4 gdbserver-8.2-2.9.4 gdbserver-debuginfo-8.2-2.9.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (s390x): gdb-debuginfo-32bit-8.2-2.9.4 gdbserver-32bit-8.2-2.9.4 gdbserver-debuginfo-32bit-8.2-2.9.4 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gdb-8.2-2.9.4 gdb-debuginfo-8.2-2.9.4 gdb-debugsource-8.2-2.9.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gdb-8.2-2.9.4 gdb-debuginfo-8.2-2.9.4 gdb-debugsource-8.2-2.9.4 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gdb-8.2-2.9.4 gdb-debuginfo-8.2-2.9.4 gdb-debugsource-8.2-2.9.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gdb-8.2-2.9.4 gdb-debuginfo-8.2-2.9.4 gdb-debugsource-8.2-2.9.4 References: https://bugzilla.suse.com/1109013 From sle-updates at lists.suse.com Tue Jan 8 10:14:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:14:55 +0100 (CET) Subject: SUSE-RU-2019:0042-1: moderate: Recommended update for gnome-control-center Message-ID: <20190108171455.B83B4FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-control-center ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0042-1 Rating: moderate References: #1078968 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-control-center provides the following fix: - user-accounts: Remove implicit language setting when a new user navigates to the user panel for the first time. (bsc#1078968) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-42=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-42=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-42=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-42=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-42=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-42=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-42=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-42=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): gnome-control-center-color-3.20.1-49.3.2 gnome-control-center-debuginfo-3.20.1-49.3.2 gnome-control-center-debugsource-3.20.1-49.3.2 gnome-control-center-goa-3.20.1-49.3.2 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gnome-control-center-color-3.20.1-49.3.2 gnome-control-center-debuginfo-3.20.1-49.3.2 gnome-control-center-debugsource-3.20.1-49.3.2 gnome-control-center-goa-3.20.1-49.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): gnome-control-center-debuginfo-3.20.1-49.3.2 gnome-control-center-debugsource-3.20.1-49.3.2 gnome-control-center-devel-3.20.1-49.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-control-center-debuginfo-3.20.1-49.3.2 gnome-control-center-debugsource-3.20.1-49.3.2 gnome-control-center-devel-3.20.1-49.3.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gnome-control-center-3.20.1-49.3.2 gnome-control-center-debuginfo-3.20.1-49.3.2 gnome-control-center-debugsource-3.20.1-49.3.2 gnome-control-center-user-faces-3.20.1-49.3.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): gnome-control-center-lang-3.20.1-49.3.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-control-center-3.20.1-49.3.2 gnome-control-center-debuginfo-3.20.1-49.3.2 gnome-control-center-debugsource-3.20.1-49.3.2 gnome-control-center-user-faces-3.20.1-49.3.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): gnome-control-center-lang-3.20.1-49.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): gnome-control-center-lang-3.20.1-49.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gnome-control-center-3.20.1-49.3.2 gnome-control-center-color-3.20.1-49.3.2 gnome-control-center-debuginfo-3.20.1-49.3.2 gnome-control-center-debugsource-3.20.1-49.3.2 gnome-control-center-goa-3.20.1-49.3.2 gnome-control-center-user-faces-3.20.1-49.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gnome-control-center-lang-3.20.1-49.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-control-center-3.20.1-49.3.2 gnome-control-center-color-3.20.1-49.3.2 gnome-control-center-debuginfo-3.20.1-49.3.2 gnome-control-center-debugsource-3.20.1-49.3.2 gnome-control-center-goa-3.20.1-49.3.2 gnome-control-center-user-faces-3.20.1-49.3.2 References: https://bugzilla.suse.com/1078968 From sle-updates at lists.suse.com Tue Jan 8 10:15:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:15:41 +0100 (CET) Subject: SUSE-RU-2019:0043-1: Recommended update for acl Message-ID: <20190108171541.4220DFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for acl ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0043-1 Rating: low References: #953659 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for acl fixes the following issues: - quote: Escape literal backslashes (bsc#953659). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-43=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-43=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-43=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-43=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): acl-debuginfo-2.2.52-7.3.1 acl-debugsource-2.2.52-7.3.1 libacl-devel-2.2.52-7.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): acl-2.2.52-7.3.1 acl-debuginfo-2.2.52-7.3.1 acl-debugsource-2.2.52-7.3.1 libacl1-2.2.52-7.3.1 libacl1-debuginfo-2.2.52-7.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libacl1-32bit-2.2.52-7.3.1 libacl1-debuginfo-32bit-2.2.52-7.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): acl-2.2.52-7.3.1 acl-debuginfo-2.2.52-7.3.1 acl-debugsource-2.2.52-7.3.1 libacl1-2.2.52-7.3.1 libacl1-32bit-2.2.52-7.3.1 libacl1-debuginfo-2.2.52-7.3.1 libacl1-debuginfo-32bit-2.2.52-7.3.1 - SUSE CaaS Platform ALL (x86_64): acl-debuginfo-2.2.52-7.3.1 acl-debugsource-2.2.52-7.3.1 libacl1-2.2.52-7.3.1 libacl1-debuginfo-2.2.52-7.3.1 - SUSE CaaS Platform 3.0 (x86_64): acl-debuginfo-2.2.52-7.3.1 acl-debugsource-2.2.52-7.3.1 libacl1-2.2.52-7.3.1 libacl1-debuginfo-2.2.52-7.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): acl-2.2.52-7.3.1 acl-debuginfo-2.2.52-7.3.1 acl-debugsource-2.2.52-7.3.1 libacl1-2.2.52-7.3.1 libacl1-debuginfo-2.2.52-7.3.1 References: https://bugzilla.suse.com/953659 From sle-updates at lists.suse.com Tue Jan 8 10:16:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:16:21 +0100 (CET) Subject: SUSE-RU-2019:0040-1: Recommended update for SUSE Manager 3.1 Release Notes Message-ID: <20190108171621.98B3AFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 3.1 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0040-1 Rating: low References: #1110772 #1112839 #1113747 #1114181 #1114362 #1115978 #1116566 #1116826 #1118155 #1118478 #987798 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for the SUSE Manager 3.1 Release Notes addresses content related to the following issues: - SUSE Manager Server bugs fixed by latest update: bsc#987798, bsc#1110772, bsc#1112839, bsc#1113747, bsc#1114181 bsc#1114362, bsc#1115978, bsc#1116566, bsc#1116826, bsc#1118155 bsc#1118478 - SUSE Manager Proxy bugs fixed by latest update: bsc#1110772, bsc#1112839 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-40=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-40=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): release-notes-susemanager-3.1.10-5.47.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): release-notes-susemanager-proxy-3.1.10-0.15.35.1 References: https://bugzilla.suse.com/1110772 https://bugzilla.suse.com/1112839 https://bugzilla.suse.com/1113747 https://bugzilla.suse.com/1114181 https://bugzilla.suse.com/1114362 https://bugzilla.suse.com/1115978 https://bugzilla.suse.com/1116566 https://bugzilla.suse.com/1116826 https://bugzilla.suse.com/1118155 https://bugzilla.suse.com/1118478 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Tue Jan 8 10:18:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:18:27 +0100 (CET) Subject: SUSE-RU-2019:0037-1: moderate: Recommended update for yast2 Message-ID: <20190108171827.C64BAFDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0037-1 Rating: moderate References: #1093052 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2 fixes the following issues: yast2: - When only one firewall is installed but not running, choose it instead of the default SuSEfirewall2 (bsc#1093052). yast2-firewall: - YaST now installs SuSEFirewall2 when it is selected as the firewall backend (bsc#1093052) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-37=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-37=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-37=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-37=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-firewall-3.2.1-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-3.2.46-3.26.6 - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-firewall-3.2.1-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-firewall-3.2.1-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-firewall-3.2.1-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-3.2.46-3.26.6 References: https://bugzilla.suse.com/1093052 From sle-updates at lists.suse.com Tue Jan 8 10:19:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:19:06 +0100 (CET) Subject: SUSE-RU-2019:0034-1: moderate: Recommended update for yast2-network Message-ID: <20190108171906.0875BFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0034-1 Rating: moderate References: #1103712 #1105230 #1107470 #1108852 Affected Products: SUSE Linux Enterprise Server for SAP Installer 12-SP3 SUSE Linux Enterprise Server Installer 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop Installer 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-network provides the following fixes: - Fixes to the networking AutoYaST schema. (bsc#1103712, bsc#1108852) * Permitted the use of 'listentry' element in list entries. * Added missed s390 device 'layer2' boolean element. - Does no longer crash with internal error when 0.0.0.0 netmask is used in the routing tab. (bsc#1105230) - Fix a problem that was causing duplicate entry for network devices in 70-persistent-net-rules. (bsc#1107470) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP Installer 12-SP3: zypper in -t patch SUSE-SLE-SAP-INSTALLER-12-SP3-2019-34=1 - SUSE Linux Enterprise Server Installer 12-SP3: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP3-2019-34=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-34=1 - SUSE Linux Enterprise Desktop Installer 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-INSTALLER-12-SP3-2019-34=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-34=1 Package List: - SUSE Linux Enterprise Server for SAP Installer 12-SP3 (noarch): yast2-network-3.2.55-2.42.1 - SUSE Linux Enterprise Server Installer 12-SP3 (noarch): yast2-network-3.2.55-2.42.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-network-3.2.55-2.42.1 - SUSE Linux Enterprise Desktop Installer 12-SP3 (noarch): yast2-network-3.2.55-2.42.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-network-3.2.55-2.42.1 References: https://bugzilla.suse.com/1103712 https://bugzilla.suse.com/1105230 https://bugzilla.suse.com/1107470 https://bugzilla.suse.com/1108852 From sle-updates at lists.suse.com Tue Jan 8 10:20:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:20:15 +0100 (CET) Subject: SUSE-RU-2019:0028-1: moderate: Recommended update for release-notes-ha-geo Message-ID: <20190108172015.2802AFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ha-geo ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0028-1 Rating: moderate References: #933411 Affected Products: SUSE Linux Enterprise High Availability GEO 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-ha-geo fixes the following issues: - Remove product release date from document Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability GEO 12-SP4: zypper in -t patch SUSE-SLE-HA-GEO-12-SP4-2019-28=1 Package List: - SUSE Linux Enterprise High Availability GEO 12-SP4 (noarch): release-notes-ha-geo-12.4.20181207-2.3.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Jan 8 10:20:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:20:51 +0100 (CET) Subject: SUSE-RU-2019:0029-1: moderate: Recommended update for release-notes-sdk Message-ID: <20190108172051.45097FDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0029-1 Rating: moderate References: #933411 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-sdk fixes the following issues: - Remove product release date from document Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-29=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): release-notes-sdk-12.4.20181207-2.3.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Jan 8 10:21:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 18:21:28 +0100 (CET) Subject: SUSE-RU-2019:0044-1: Recommended update for acl Message-ID: <20190108172128.D46DEFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for acl ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0044-1 Rating: low References: #953659 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-44=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): acl-2.2.52-4.3.1 acl-debuginfo-2.2.52-4.3.1 acl-debugsource-2.2.52-4.3.1 libacl-devel-2.2.52-4.3.1 libacl1-2.2.52-4.3.1 libacl1-debuginfo-2.2.52-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libacl1-32bit-2.2.52-4.3.1 libacl1-32bit-debuginfo-2.2.52-4.3.1 References: https://bugzilla.suse.com/953659 From sle-updates at lists.suse.com Tue Jan 8 13:09:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 21:09:14 +0100 (CET) Subject: SUSE-RU-2019:0039-1: moderate: Recommended update for crmsh Message-ID: <20190108200914.F17E6FDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0039-1 Rating: moderate References: #1052088 #1111579 #1112593 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crmsh provides the following fixes: - cibconfig: Normalize - to _ in parameter names. (bsc#1111579) - ra: Handle the obsoletes attribute. (bsc#1111579) - ui_cluster: Add restart cluster to the systemd unit. (bsc#1052088) - Automatically commit enabling/disabling maintenance mode for a whole cluster. (bsc#1112593) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-39=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.0.0+git.1542103310.dd114188-2.3.1 crmsh-scripts-4.0.0+git.1542103310.dd114188-2.3.1 References: https://bugzilla.suse.com/1052088 https://bugzilla.suse.com/1111579 https://bugzilla.suse.com/1112593 From sle-updates at lists.suse.com Tue Jan 8 13:10:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Jan 2019 21:10:12 +0100 (CET) Subject: SUSE-RU-2019:0041-1: moderate: Recommended update for SUSE Manager Server 3.1 Message-ID: <20190108201012.7D382FDF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0041-1 Rating: moderate References: #1110772 #1112839 #1113747 #1114181 #1114362 #1115978 #1116566 #1116826 #1118155 #1118478 #987798 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Fix service restart after logrotate for cobblerd. (bsc#1113747) - Rotate cobbler logs at higher frequency to prevent disk fillup. (bsc#1113747) spacecmd: - Add functions to merge errata (softwarechannel_errata_merge) and packages (softwarechannel_mergepackages) through spacecmd. (bsc#987798) spacewalk-backend: - Honor renamed postgresql10 log directory for supportconfig. spacewalk-branding: - Better label visualization when the input is disabled. (bsc#1110772) spacewalk-certs-tools: - Fix python3 compatibility issues. (bsc#1112839) spacewalk-java: - Removed 'Manage Channels' shortcut for vendor channels. (bsc#1115978) - Add OES 2018 SP1. (bsc#1116826) - When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772) - Fix wrong counts of systems currency reports when a system belongs to more than one group. (bsc#1114362) - Add check to make sure ssh-file permissions are correct. (bsc#1114181) spacewalk-setup: - Add permissions for tomcat & apache to check bootstrap ssh file. (bsc#1114181) spacewalk-utils: - Exit with an error if spacewalk-common-channels does not match any channel. spacewalk-web: - When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772) susemanager: - Fetch packages from correct channel when creating a bootstrap repository. - Add bootstrap repo definition for OES 2018 SP1. (bsc#1116826) - Fix not found package on mgr-create-bootstrap-repo for SLE-15-s390x. (bsc#1116566) - Add python3-six to bootstrap repo for SLES15. (bsc#1118478) susemanager-docs_en: - Update text and image files. - Make SLE 12 SP4 supported as a server system. susemanager-sync-data: - Remove SES 6 Beta as it was moved to SLES15 SP1. - Add OES 2018 SP1. (bsc#1116826) - Add Toolchain Module for CaaSP 3.0. (bsc#1118155) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-41=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-41=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): spacewalk-branding-2.7.2.16-2.28.1 susemanager-3.1.17-2.29.1 susemanager-tools-3.1.17-2.29.1 - SUSE Manager Server 3.1 (noarch): cobbler-2.6.6-5.20.1 spacecmd-2.7.8.14-2.29.1 spacewalk-backend-2.7.73.16-2.29.1 spacewalk-backend-app-2.7.73.16-2.29.1 spacewalk-backend-applet-2.7.73.16-2.29.1 spacewalk-backend-config-files-2.7.73.16-2.29.1 spacewalk-backend-config-files-common-2.7.73.16-2.29.1 spacewalk-backend-config-files-tool-2.7.73.16-2.29.1 spacewalk-backend-iss-2.7.73.16-2.29.1 spacewalk-backend-iss-export-2.7.73.16-2.29.1 spacewalk-backend-libs-2.7.73.16-2.29.1 spacewalk-backend-package-push-server-2.7.73.16-2.29.1 spacewalk-backend-server-2.7.73.16-2.29.1 spacewalk-backend-sql-2.7.73.16-2.29.1 spacewalk-backend-sql-oracle-2.7.73.16-2.29.1 spacewalk-backend-sql-postgresql-2.7.73.16-2.29.1 spacewalk-backend-tools-2.7.73.16-2.29.1 spacewalk-backend-xml-export-libs-2.7.73.16-2.29.1 spacewalk-backend-xmlrpc-2.7.73.16-2.29.1 spacewalk-base-2.7.1.20-2.32.1 spacewalk-base-minimal-2.7.1.20-2.32.1 spacewalk-base-minimal-config-2.7.1.20-2.32.1 spacewalk-certs-tools-2.7.0.12-2.18.1 spacewalk-html-2.7.1.20-2.32.1 spacewalk-java-2.7.46.18-2.38.1 spacewalk-java-config-2.7.46.18-2.38.1 spacewalk-java-lib-2.7.46.18-2.38.1 spacewalk-java-oracle-2.7.46.18-2.38.1 spacewalk-java-postgresql-2.7.46.18-2.38.1 spacewalk-setup-2.7.4.3-3.3.1 spacewalk-taskomatic-2.7.46.18-2.38.1 spacewalk-utils-2.7.10.10-2.20.1 susemanager-advanced-topics_en-pdf-3.1-10.26.1 susemanager-best-practices_en-pdf-3.1-10.26.1 susemanager-docs_en-3.1-10.26.1 susemanager-getting-started_en-pdf-3.1-10.26.1 susemanager-jsp_en-3.1-10.26.1 susemanager-reference_en-pdf-3.1-10.26.1 susemanager-sync-data-3.1.17-2.32.1 - SUSE Manager Proxy 3.1 (noarch): spacewalk-backend-2.7.73.16-2.29.1 spacewalk-backend-libs-2.7.73.16-2.29.1 spacewalk-base-minimal-2.7.1.20-2.32.1 spacewalk-base-minimal-config-2.7.1.20-2.32.1 spacewalk-certs-tools-2.7.0.12-2.18.1 References: https://bugzilla.suse.com/1110772 https://bugzilla.suse.com/1112839 https://bugzilla.suse.com/1113747 https://bugzilla.suse.com/1114181 https://bugzilla.suse.com/1114362 https://bugzilla.suse.com/1115978 https://bugzilla.suse.com/1116566 https://bugzilla.suse.com/1116826 https://bugzilla.suse.com/1118155 https://bugzilla.suse.com/1118478 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Wed Jan 9 07:09:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Jan 2019 15:09:11 +0100 (CET) Subject: SUSE-RU-2019:0046-1: important: Recommended update for yast2-bootloader Message-ID: <20190109140911.28C11FDF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0046-1 Rating: important References: #1070233 #1093838 #1119781 #1119919 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-bootloader fixes the following issues: - Do not crash when clicking on booting during upgrade (bsc#1070233,bsc#1093838,bsc#1119919,bsc#1119781) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-46=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-46=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-bootloader-3.2.27.3-2.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-bootloader-3.2.27.3-2.12.1 References: https://bugzilla.suse.com/1070233 https://bugzilla.suse.com/1093838 https://bugzilla.suse.com/1119781 https://bugzilla.suse.com/1119919 From sle-updates at lists.suse.com Wed Jan 9 10:09:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Jan 2019 18:09:13 +0100 (CET) Subject: SUSE-RU-2019:0047-1: moderate: Recommended update for rollback-helper Message-ID: <20190109170913.BFD53FDF4@maintenance.suse.de> SUSE Recommended Update: Recommended update for rollback-helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0047-1 Rating: moderate References: #1088552 #1108618 #1113048 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rollback-helper fixes the following issues: - Run before any other services calling zypper (bsc#1113048) - Retry network connection if it doesn't work yet (bsc#1108618) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-47=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-47=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-47=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-47=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): rollback-helper-1.0+git20181112.65db4d0-11.6.4 - SUSE Linux Enterprise Server 12-SP3 (noarch): rollback-helper-1.0+git20181112.65db4d0-11.6.4 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): rollback-helper-1.0+git20181112.65db4d0-11.6.4 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): rollback-helper-1.0+git20181112.65db4d0-11.6.4 - SUSE CaaS Platform ALL (noarch): rollback-helper-1.0+git20181112.65db4d0-11.6.4 - SUSE CaaS Platform 3.0 (noarch): rollback-helper-1.0+git20181112.65db4d0-11.6.4 References: https://bugzilla.suse.com/1088552 https://bugzilla.suse.com/1108618 https://bugzilla.suse.com/1113048 From sle-updates at lists.suse.com Wed Jan 9 13:09:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Jan 2019 21:09:04 +0100 (CET) Subject: SUSE-RU-2019:0052-1: moderate: Recommended update for apparmor Message-ID: <20190109200904.57134FDF7@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0052-1 Rating: moderate References: #1111344 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apparmor fixes the following issues: - The dnsmasq profile was adjusted to better handle the logfile pattern. (bsc#1111344) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-52=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-52=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-52=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-52=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-52=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-52=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-52=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-52=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): apache2-mod_apparmor-2.8.2-55.15.1 apache2-mod_apparmor-debuginfo-2.8.2-55.15.1 apparmor-debugsource-2.8.2-55.15.1 apparmor-parser-2.8.2-55.15.1 apparmor-parser-debuginfo-2.8.2-55.15.1 libapparmor1-2.8.2-55.15.1 libapparmor1-32bit-2.8.2-55.15.1 libapparmor1-debuginfo-2.8.2-55.15.1 libapparmor1-debuginfo-32bit-2.8.2-55.15.1 pam_apparmor-2.8.2-55.15.1 pam_apparmor-32bit-2.8.2-55.15.1 pam_apparmor-debuginfo-2.8.2-55.15.1 pam_apparmor-debuginfo-32bit-2.8.2-55.15.1 perl-apparmor-2.8.2-55.15.1 perl-apparmor-debuginfo-2.8.2-55.15.1 - SUSE OpenStack Cloud 7 (noarch): apparmor-docs-2.8.2-55.15.1 apparmor-profiles-2.8.2-55.15.1 apparmor-utils-2.8.2-55.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): apache2-mod_apparmor-2.8.2-55.15.1 apache2-mod_apparmor-debuginfo-2.8.2-55.15.1 apparmor-debugsource-2.8.2-55.15.1 apparmor-parser-2.8.2-55.15.1 apparmor-parser-debuginfo-2.8.2-55.15.1 libapparmor1-2.8.2-55.15.1 libapparmor1-debuginfo-2.8.2-55.15.1 pam_apparmor-2.8.2-55.15.1 pam_apparmor-debuginfo-2.8.2-55.15.1 perl-apparmor-2.8.2-55.15.1 perl-apparmor-debuginfo-2.8.2-55.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libapparmor1-32bit-2.8.2-55.15.1 libapparmor1-debuginfo-32bit-2.8.2-55.15.1 pam_apparmor-32bit-2.8.2-55.15.1 pam_apparmor-debuginfo-32bit-2.8.2-55.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): apparmor-docs-2.8.2-55.15.1 apparmor-profiles-2.8.2-55.15.1 apparmor-utils-2.8.2-55.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-55.15.1 apache2-mod_apparmor-debuginfo-2.8.2-55.15.1 apparmor-debugsource-2.8.2-55.15.1 apparmor-parser-2.8.2-55.15.1 apparmor-parser-debuginfo-2.8.2-55.15.1 libapparmor1-2.8.2-55.15.1 libapparmor1-debuginfo-2.8.2-55.15.1 pam_apparmor-2.8.2-55.15.1 pam_apparmor-debuginfo-2.8.2-55.15.1 perl-apparmor-2.8.2-55.15.1 perl-apparmor-debuginfo-2.8.2-55.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libapparmor1-32bit-2.8.2-55.15.1 libapparmor1-debuginfo-32bit-2.8.2-55.15.1 pam_apparmor-32bit-2.8.2-55.15.1 pam_apparmor-debuginfo-32bit-2.8.2-55.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): apparmor-docs-2.8.2-55.15.1 apparmor-profiles-2.8.2-55.15.1 apparmor-utils-2.8.2-55.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apparmor-docs-2.8.2-55.15.1 apparmor-profiles-2.8.2-55.15.1 apparmor-utils-2.8.2-55.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-mod_apparmor-2.8.2-55.15.1 apache2-mod_apparmor-debuginfo-2.8.2-55.15.1 apparmor-debugsource-2.8.2-55.15.1 apparmor-parser-2.8.2-55.15.1 apparmor-parser-debuginfo-2.8.2-55.15.1 libapparmor1-2.8.2-55.15.1 libapparmor1-32bit-2.8.2-55.15.1 libapparmor1-debuginfo-2.8.2-55.15.1 libapparmor1-debuginfo-32bit-2.8.2-55.15.1 pam_apparmor-2.8.2-55.15.1 pam_apparmor-32bit-2.8.2-55.15.1 pam_apparmor-debuginfo-2.8.2-55.15.1 pam_apparmor-debuginfo-32bit-2.8.2-55.15.1 perl-apparmor-2.8.2-55.15.1 perl-apparmor-debuginfo-2.8.2-55.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-55.15.1 apache2-mod_apparmor-debuginfo-2.8.2-55.15.1 apparmor-debugsource-2.8.2-55.15.1 apparmor-parser-2.8.2-55.15.1 apparmor-parser-debuginfo-2.8.2-55.15.1 libapparmor1-2.8.2-55.15.1 libapparmor1-debuginfo-2.8.2-55.15.1 pam_apparmor-2.8.2-55.15.1 pam_apparmor-debuginfo-2.8.2-55.15.1 perl-apparmor-2.8.2-55.15.1 perl-apparmor-debuginfo-2.8.2-55.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libapparmor1-32bit-2.8.2-55.15.1 libapparmor1-debuginfo-32bit-2.8.2-55.15.1 pam_apparmor-32bit-2.8.2-55.15.1 pam_apparmor-debuginfo-32bit-2.8.2-55.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): apparmor-docs-2.8.2-55.15.1 apparmor-profiles-2.8.2-55.15.1 apparmor-utils-2.8.2-55.15.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-55.15.1 apache2-mod_apparmor-debuginfo-2.8.2-55.15.1 apparmor-debugsource-2.8.2-55.15.1 apparmor-parser-2.8.2-55.15.1 apparmor-parser-debuginfo-2.8.2-55.15.1 libapparmor1-2.8.2-55.15.1 libapparmor1-debuginfo-2.8.2-55.15.1 pam_apparmor-2.8.2-55.15.1 pam_apparmor-debuginfo-2.8.2-55.15.1 perl-apparmor-2.8.2-55.15.1 perl-apparmor-debuginfo-2.8.2-55.15.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libapparmor1-32bit-2.8.2-55.15.1 libapparmor1-debuginfo-32bit-2.8.2-55.15.1 pam_apparmor-32bit-2.8.2-55.15.1 pam_apparmor-debuginfo-32bit-2.8.2-55.15.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): apparmor-docs-2.8.2-55.15.1 apparmor-profiles-2.8.2-55.15.1 apparmor-utils-2.8.2-55.15.1 - SUSE Enterprise Storage 4 (noarch): apparmor-docs-2.8.2-55.15.1 apparmor-profiles-2.8.2-55.15.1 apparmor-utils-2.8.2-55.15.1 - SUSE Enterprise Storage 4 (x86_64): apache2-mod_apparmor-2.8.2-55.15.1 apache2-mod_apparmor-debuginfo-2.8.2-55.15.1 apparmor-debugsource-2.8.2-55.15.1 apparmor-parser-2.8.2-55.15.1 apparmor-parser-debuginfo-2.8.2-55.15.1 libapparmor1-2.8.2-55.15.1 libapparmor1-32bit-2.8.2-55.15.1 libapparmor1-debuginfo-2.8.2-55.15.1 libapparmor1-debuginfo-32bit-2.8.2-55.15.1 pam_apparmor-2.8.2-55.15.1 pam_apparmor-32bit-2.8.2-55.15.1 pam_apparmor-debuginfo-2.8.2-55.15.1 pam_apparmor-debuginfo-32bit-2.8.2-55.15.1 perl-apparmor-2.8.2-55.15.1 perl-apparmor-debuginfo-2.8.2-55.15.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): apparmor-debugsource-2.8.2-55.15.1 apparmor-parser-2.8.2-55.15.1 apparmor-parser-debuginfo-2.8.2-55.15.1 libapparmor1-2.8.2-55.15.1 libapparmor1-debuginfo-2.8.2-55.15.1 References: https://bugzilla.suse.com/1111344 From sle-updates at lists.suse.com Wed Jan 9 13:09:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Jan 2019 21:09:46 +0100 (CET) Subject: SUSE-SU-2019:0049-1: important: Security update for java-1_7_0-openjdk Message-ID: <20190109200946.41217FDF6@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0049-1 Rating: important References: #1101644 #1101645 #1101651 #1101656 #1112142 #1112143 #1112144 #1112146 #1112147 #1112152 #1112153 Cross-References: CVE-2018-13785 CVE-2018-16435 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-3639 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk to version 7u201 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile - CVE-2018-2938: Support Derby connections (bsc#1101644) - CVE-2018-2940: Better stack walking (bsc#1101645) - CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) - CVE-2018-2973: Improve LDAP support (bsc#1101656) - CVE-2018-3639 cpu speculative store bypass mitigation Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-49=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-49=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-49=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-49=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-49=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-49=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-49=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-49=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-49=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-49=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-49=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_0-openjdk-1.7.0.201-43.18.1 java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_0-openjdk-1.7.0.201-43.18.1 java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.201-43.18.1 java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.201-43.18.1 java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.201-43.18.1 java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_0-openjdk-1.7.0.201-43.18.1 java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.201-43.18.1 java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.201-43.18.1 java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): java-1_7_0-openjdk-1.7.0.201-43.18.1 java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): java-1_7_0-openjdk-1.7.0.201-43.18.1 java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1 - SUSE Enterprise Storage 4 (x86_64): java-1_7_0-openjdk-1.7.0.201-43.18.1 java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2018-16435.html https://www.suse.com/security/cve/CVE-2018-2938.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://www.suse.com/security/cve/CVE-2018-3136.html https://www.suse.com/security/cve/CVE-2018-3139.html https://www.suse.com/security/cve/CVE-2018-3149.html https://www.suse.com/security/cve/CVE-2018-3169.html https://www.suse.com/security/cve/CVE-2018-3180.html https://www.suse.com/security/cve/CVE-2018-3214.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1101644 https://bugzilla.suse.com/1101645 https://bugzilla.suse.com/1101651 https://bugzilla.suse.com/1101656 https://bugzilla.suse.com/1112142 https://bugzilla.suse.com/1112143 https://bugzilla.suse.com/1112144 https://bugzilla.suse.com/1112146 https://bugzilla.suse.com/1112147 https://bugzilla.suse.com/1112152 https://bugzilla.suse.com/1112153 From sle-updates at lists.suse.com Wed Jan 9 13:12:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Jan 2019 21:12:24 +0100 (CET) Subject: SUSE-RU-2019:0050-1: moderate: Recommended update for azure-li-services Message-ID: <20190109201224.86212FDF6@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-li-services ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0050-1 Rating: moderate References: #1119702 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for azure-li-services fixes the following issues: - Fixed group processing in setup_ssh_authorization The change in the schema to specify group names/id was not handled in the code processing the setup of the ssh authorization. As there was a group key before and after the change in the schema but with a different result and used only as parameters to a mocked grp.getgrnam() system call the unit tests did not uncover the issue. This Fixes #98 - Write workload log file In case of a deployment error, a log file in addition to the status flag files is written which contains the systemd service log information from all services ran so far. The log file is written to the storage location from which the yaml config file was read from. It is expected that this location is writable and offers enough space to store the logfile. In case of an error writing the log we will treat this as "bad luck" and continue with the cleanup. This Fixes #96 - Cleanup code to make flake8 happy The new version of flake8 is more strict on code checking and complained at several places. This commit fixes the code smells such that flake8 is happy again - Added workload status flag file At the time of the cleanup service a file named: workload_success_is_true or workload_success_is_false will be written on the storage location the config file was read from. At the time this file appears it's also safe to release the config file storage location from the system. This Fixes #93 - Refactor group schema The description of a user group must be connected to a name, whereas the group id is an optional information. This should be also reflected in the schema - Allow optional group_id in user data This Fixes #90 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-50=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): azure-li-services-1.1.17-1.8.1 References: https://bugzilla.suse.com/1119702 From sle-updates at lists.suse.com Wed Jan 9 13:12:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Jan 2019 21:12:58 +0100 (CET) Subject: SUSE-SU-2019:0048-1: moderate: Security update for helm-mirror Message-ID: <20190109201258.07195FDF6@maintenance.suse.de> SUSE Security Update: Security update for helm-mirror ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0048-1 Rating: moderate References: #1116182 #1118897 #1118898 #1118899 #1120762 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Affected Products: SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for helm-mirror to version 0.2.1 fixes the following issues: Security issues fixed: - CVE-2018-16873: Fixed a remote command execution (bsc#1118897) - CVE-2018-16874: Fixed a directory traversal in "go get" via curly braces in import path (bsc#1118898) - CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899) Non-security issue fixed: - Update to v0.2.1 (bsc#1120762) - Include helm-mirror into the containers module (bsc#1116182) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-48=1 Package List: - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): helm-mirror-0.2.1-1.7.1 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://bugzilla.suse.com/1116182 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 https://bugzilla.suse.com/1120762 From sle-updates at lists.suse.com Wed Jan 9 13:14:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Jan 2019 21:14:05 +0100 (CET) Subject: SUSE-RU-2019:0051-1: moderate: Recommended update for python3-ec2uploadimg Message-ID: <20190109201405.50B79FDF6@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-ec2uploadimg ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0051-1 Rating: moderate References: #1118027 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python3-ec2uploadimg fixes the following issues: - Support ARM architecture (bsc#1118027) - Use the proper subnet if no default subnet exists in the account Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-51=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-ec2uploadimg-5.0.1-3.3.1 References: https://bugzilla.suse.com/1118027 From sle-updates at lists.suse.com Wed Jan 9 19:08:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Jan 2019 03:08:52 +0100 (CET) Subject: SUSE-SU-2019:0054-1: important: Security update for systemd Message-ID: <20190110020852.B7AFCFDF6@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0054-1 Rating: important References: #1068588 #1071558 #1113665 #1120323 Cross-References: CVE-2018-15686 CVE-2018-16864 CVE-2018-16865 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for systemd fixes the following issues: * Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 (bsc#1120323): Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker. * Fix security vulnerability CVE-2018-15686 (bsc#1113665): A vulnerability in unit_deserialize of systemd used to allow an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This could have been used to improperly influence systemd execution and possibly lead to root privilege escalation. * Remedy 2048 character line-length limit in systemd-sysctl code that would cause parser failures if /etc/sysctl.conf contained lines that exceeded this length (bsc#1071558). * Fix a bug in systemd's core timer code that would cause timer looping under certain conditions, resulting in hundreds of syslog messages being written to the journal (bsc#1068588). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-54=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libgudev-1_0-0-210-116.19.1 libgudev-1_0-0-debuginfo-210-116.19.1 libgudev-1_0-devel-210-116.19.1 libudev-devel-210-116.19.1 libudev1-210-116.19.1 libudev1-debuginfo-210-116.19.1 systemd-210-116.19.1 systemd-debuginfo-210-116.19.1 systemd-debugsource-210-116.19.1 systemd-devel-210-116.19.1 systemd-sysvinit-210-116.19.1 typelib-1_0-GUdev-1_0-210-116.19.1 udev-210-116.19.1 udev-debuginfo-210-116.19.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libgudev-1_0-0-32bit-210-116.19.1 libgudev-1_0-0-debuginfo-32bit-210-116.19.1 libudev1-32bit-210-116.19.1 libudev1-debuginfo-32bit-210-116.19.1 systemd-32bit-210-116.19.1 systemd-debuginfo-32bit-210-116.19.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): systemd-bash-completion-210-116.19.1 References: https://www.suse.com/security/cve/CVE-2018-15686.html https://www.suse.com/security/cve/CVE-2018-16864.html https://www.suse.com/security/cve/CVE-2018-16865.html https://bugzilla.suse.com/1068588 https://bugzilla.suse.com/1071558 https://bugzilla.suse.com/1113665 https://bugzilla.suse.com/1120323 From sle-updates at lists.suse.com Wed Jan 9 19:10:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Jan 2019 03:10:12 +0100 (CET) Subject: SUSE-SU-2019:0053-1: important: Security update for systemd Message-ID: <20190110021012.481B4FDF6@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0053-1 Rating: important References: #1068588 #1071558 #1113665 #1120323 Cross-References: CVE-2018-15686 CVE-2018-16864 CVE-2018-16865 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for systemd fixes the following issues: * Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 (bsc#1120323): Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker. * Fix security vulnerability CVE-2018-15686 (bsc#1113665): A vulnerability in unit_deserialize of systemd used to allow an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This could have been used to improperly influence systemd execution and possibly lead to root privilege escalation. * Remedy 2048 character line-length limit in systemd-sysctl code that would cause parser failures if /etc/sysctl.conf contained lines that exceeded this length (bsc#1071558). * Fix a bug in systemd's core timer code that would cause timer looping under certain conditions, resulting in hundreds of syslog messages being written to the journal (bsc#1068588). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-53=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libgudev-1_0-0-210-70.74.1 libgudev-1_0-0-debuginfo-210-70.74.1 libgudev-1_0-devel-210-70.74.1 libudev-devel-210-70.74.1 libudev1-210-70.74.1 libudev1-debuginfo-210-70.74.1 systemd-210-70.74.1 systemd-debuginfo-210-70.74.1 systemd-debugsource-210-70.74.1 systemd-devel-210-70.74.1 systemd-sysvinit-210-70.74.1 typelib-1_0-GUdev-1_0-210-70.74.1 udev-210-70.74.1 udev-debuginfo-210-70.74.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libgudev-1_0-0-32bit-210-70.74.1 libgudev-1_0-0-debuginfo-32bit-210-70.74.1 libudev1-32bit-210-70.74.1 libudev1-debuginfo-32bit-210-70.74.1 systemd-32bit-210-70.74.1 systemd-debuginfo-32bit-210-70.74.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): systemd-bash-completion-210-70.74.1 References: https://www.suse.com/security/cve/CVE-2018-15686.html https://www.suse.com/security/cve/CVE-2018-16864.html https://www.suse.com/security/cve/CVE-2018-16865.html https://bugzilla.suse.com/1068588 https://bugzilla.suse.com/1071558 https://bugzilla.suse.com/1113665 https://bugzilla.suse.com/1120323 From sle-updates at lists.suse.com Thu Jan 10 10:09:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Jan 2019 18:09:23 +0100 (CET) Subject: SUSE-RU-2019:0056-1: moderate: Recommended update for apparmor Message-ID: <20190110170923.678D7FDF7@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0056-1 Rating: moderate References: #1111345 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apparmor fixes the following issues: - Update the last dnsmasq fix for logfiles when running under apparmor (bsc#1111345) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-56=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-56=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-56=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.12-7.6.2 apache2-mod_apparmor-debuginfo-2.12-7.6.2 apparmor-debugsource-2.12-7.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.12-7.6.2 ruby-apparmor-2.12-7.6.2 ruby-apparmor-debuginfo-2.12-7.6.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.12-7.6.2 apparmor-parser-2.12-7.6.2 apparmor-parser-debuginfo-2.12-7.6.2 libapparmor-debugsource-2.12-7.6.2 libapparmor-devel-2.12-7.6.2 libapparmor1-2.12-7.6.2 libapparmor1-debuginfo-2.12-7.6.2 pam_apparmor-2.12-7.6.2 pam_apparmor-debuginfo-2.12-7.6.2 perl-apparmor-2.12-7.6.2 perl-apparmor-debuginfo-2.12-7.6.2 python3-apparmor-2.12-7.6.2 python3-apparmor-debuginfo-2.12-7.6.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libapparmor1-32bit-2.12-7.6.2 libapparmor1-32bit-debuginfo-2.12-7.6.2 pam_apparmor-32bit-2.12-7.6.2 pam_apparmor-32bit-debuginfo-2.12-7.6.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): apparmor-abstractions-2.12-7.6.2 apparmor-docs-2.12-7.6.2 apparmor-parser-lang-2.12-7.6.2 apparmor-profiles-2.12-7.6.2 apparmor-utils-2.12-7.6.2 apparmor-utils-lang-2.12-7.6.2 References: https://bugzilla.suse.com/1111345 From sle-updates at lists.suse.com Thu Jan 10 13:09:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Jan 2019 21:09:43 +0100 (CET) Subject: SUSE-SU-2019:0060-1: important: Security update for LibVNCServer Message-ID: <20190110200943.6A908FDF7@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0060-1 Rating: important References: #1120114 #1120115 #1120116 #1120117 #1120118 #1120119 #1120120 #1120121 #1120122 Cross-References: CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-6307 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-60=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-60=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-60=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-60=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-60=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-60=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-60=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-60=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-60=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-60=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-60=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): LibVNCServer-debugsource-0.9.9-17.8.1 libvncclient0-0.9.9-17.8.1 libvncclient0-debuginfo-0.9.9-17.8.1 libvncserver0-0.9.9-17.8.1 libvncserver0-debuginfo-0.9.9-17.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.8.1 LibVNCServer-devel-0.9.9-17.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.8.1 LibVNCServer-devel-0.9.9-17.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): LibVNCServer-debugsource-0.9.9-17.8.1 libvncclient0-0.9.9-17.8.1 libvncclient0-debuginfo-0.9.9-17.8.1 libvncserver0-0.9.9-17.8.1 libvncserver0-debuginfo-0.9.9-17.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.8.1 libvncclient0-0.9.9-17.8.1 libvncclient0-debuginfo-0.9.9-17.8.1 libvncserver0-0.9.9-17.8.1 libvncserver0-debuginfo-0.9.9-17.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.8.1 libvncclient0-0.9.9-17.8.1 libvncclient0-debuginfo-0.9.9-17.8.1 libvncserver0-0.9.9-17.8.1 libvncserver0-debuginfo-0.9.9-17.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.8.1 libvncclient0-0.9.9-17.8.1 libvncclient0-debuginfo-0.9.9-17.8.1 libvncserver0-0.9.9-17.8.1 libvncserver0-debuginfo-0.9.9-17.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): LibVNCServer-debugsource-0.9.9-17.8.1 libvncclient0-0.9.9-17.8.1 libvncclient0-debuginfo-0.9.9-17.8.1 libvncserver0-0.9.9-17.8.1 libvncserver0-debuginfo-0.9.9-17.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.8.1 libvncclient0-0.9.9-17.8.1 libvncclient0-debuginfo-0.9.9-17.8.1 libvncserver0-0.9.9-17.8.1 libvncserver0-debuginfo-0.9.9-17.8.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.8.1 libvncclient0-0.9.9-17.8.1 libvncclient0-debuginfo-0.9.9-17.8.1 libvncserver0-0.9.9-17.8.1 libvncserver0-debuginfo-0.9.9-17.8.1 - SUSE Enterprise Storage 4 (x86_64): LibVNCServer-debugsource-0.9.9-17.8.1 libvncclient0-0.9.9-17.8.1 libvncclient0-debuginfo-0.9.9-17.8.1 libvncserver0-0.9.9-17.8.1 libvncserver0-debuginfo-0.9.9-17.8.1 References: https://www.suse.com/security/cve/CVE-2018-15126.html https://www.suse.com/security/cve/CVE-2018-15127.html https://www.suse.com/security/cve/CVE-2018-20019.html https://www.suse.com/security/cve/CVE-2018-20020.html https://www.suse.com/security/cve/CVE-2018-20021.html https://www.suse.com/security/cve/CVE-2018-20022.html https://www.suse.com/security/cve/CVE-2018-20023.html https://www.suse.com/security/cve/CVE-2018-20024.html https://www.suse.com/security/cve/CVE-2018-6307.html https://bugzilla.suse.com/1120114 https://bugzilla.suse.com/1120115 https://bugzilla.suse.com/1120116 https://bugzilla.suse.com/1120117 https://bugzilla.suse.com/1120118 https://bugzilla.suse.com/1120119 https://bugzilla.suse.com/1120120 https://bugzilla.suse.com/1120121 https://bugzilla.suse.com/1120122 From sle-updates at lists.suse.com Thu Jan 10 13:12:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Jan 2019 21:12:45 +0100 (CET) Subject: SUSE-SU-2019:0057-1: important: Security update for java-1_8_0-openjdk Message-ID: <20190110201245.146DEFD85@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0057-1 Rating: important References: #1112142 #1112143 #1112144 #1112146 #1112147 #1112148 #1112152 #1112153 Cross-References: CVE-2018-13785 CVE-2018-16435 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-3183: Improve script engine support (bsc#1112148) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-57=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-57=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-57=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-57=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-57=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-57=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-57=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-57=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-57=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-57=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-openjdk-1.8.0.191-27.29.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.191-27.29.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.191-27.29.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.191-27.29.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.191-27.29.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.191-27.29.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.191-27.29.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): java-1_8_0-openjdk-1.8.0.191-27.29.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): java-1_8_0-openjdk-1.8.0.191-27.29.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1 - SUSE Enterprise Storage 4 (x86_64): java-1_8_0-openjdk-1.8.0.191-27.29.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2018-16435.html https://www.suse.com/security/cve/CVE-2018-3136.html https://www.suse.com/security/cve/CVE-2018-3139.html https://www.suse.com/security/cve/CVE-2018-3149.html https://www.suse.com/security/cve/CVE-2018-3169.html https://www.suse.com/security/cve/CVE-2018-3180.html https://www.suse.com/security/cve/CVE-2018-3183.html https://www.suse.com/security/cve/CVE-2018-3214.html https://bugzilla.suse.com/1112142 https://bugzilla.suse.com/1112143 https://bugzilla.suse.com/1112144 https://bugzilla.suse.com/1112146 https://bugzilla.suse.com/1112147 https://bugzilla.suse.com/1112148 https://bugzilla.suse.com/1112152 https://bugzilla.suse.com/1112153 From sle-updates at lists.suse.com Thu Jan 10 13:14:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Jan 2019 21:14:51 +0100 (CET) Subject: SUSE-SU-2019:0058-1: important: Security update for java-1_8_0-openjdk Message-ID: <20190110201451.E797CFD85@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0058-1 Rating: important References: #1112142 #1112143 #1112144 #1112146 #1112147 #1112148 #1112152 #1112153 Cross-References: CVE-2018-13785 CVE-2018-16435 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-3183: Improve script engine support (bsc#1112148) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-58=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-58=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-58=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.191-3.13.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-accessibility-1.8.0.191-3.13.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-3.13.1 java-1_8_0-openjdk-debugsource-1.8.0.191-3.13.1 java-1_8_0-openjdk-src-1.8.0.191-3.13.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.191-3.13.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.191-3.13.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-3.13.1 java-1_8_0-openjdk-debugsource-1.8.0.191-3.13.1 java-1_8_0-openjdk-demo-1.8.0.191-3.13.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-3.13.1 java-1_8_0-openjdk-devel-1.8.0.191-3.13.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.191-3.13.1 java-1_8_0-openjdk-headless-1.8.0.191-3.13.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-3.13.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2018-16435.html https://www.suse.com/security/cve/CVE-2018-3136.html https://www.suse.com/security/cve/CVE-2018-3139.html https://www.suse.com/security/cve/CVE-2018-3149.html https://www.suse.com/security/cve/CVE-2018-3169.html https://www.suse.com/security/cve/CVE-2018-3180.html https://www.suse.com/security/cve/CVE-2018-3183.html https://www.suse.com/security/cve/CVE-2018-3214.html https://bugzilla.suse.com/1112142 https://bugzilla.suse.com/1112143 https://bugzilla.suse.com/1112144 https://bugzilla.suse.com/1112146 https://bugzilla.suse.com/1112147 https://bugzilla.suse.com/1112148 https://bugzilla.suse.com/1112152 https://bugzilla.suse.com/1112153 From sle-updates at lists.suse.com Thu Jan 10 13:16:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Jan 2019 21:16:50 +0100 (CET) Subject: SUSE-SU-2019:0061-1: important: Security update for haproxy Message-ID: <20190110201650.F0828FD85@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0061-1 Rating: important References: #1119368 #1119419 Cross-References: CVE-2018-20102 CVE-2018-20103 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for haproxy to version 1.8.15 fixes the following issues: Security issues fixed: - CVE-2018-20102: Fixed an out-of-bounds read in dns_validate_dns_response(), which allowed for memory disclosure (bsc#1119368) - CVE-2018-20103: Fixed an infinite recursion via crafted packet allows stack exhaustion and denial of service (bsc#1119419) Other notable bug fixes: - Fix off-by-one write in dns_validate_dns_response() - Fix out-of-bounds read via signedness error in dns_validate_dns_response() - Prevent out-of-bounds read in dns_validate_dns_response() - Prevent out-of-bounds read in dns_read_name() - Prevent stack-exhaustion via recursion loop in dns_read_name For a full list of changes, please refer to: https://www.haproxy.org/download/1.8/src/CHANGELOG Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-61=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): haproxy-1.8.15~git0.6b6a350a-3.6.2 haproxy-debuginfo-1.8.15~git0.6b6a350a-3.6.2 haproxy-debugsource-1.8.15~git0.6b6a350a-3.6.2 References: https://www.suse.com/security/cve/CVE-2018-20102.html https://www.suse.com/security/cve/CVE-2018-20103.html https://bugzilla.suse.com/1119368 https://bugzilla.suse.com/1119419 From sle-updates at lists.suse.com Thu Jan 10 13:17:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Jan 2019 21:17:38 +0100 (CET) Subject: SUSE-SU-2019:0059-1: important: Security update for webkit2gtk3 Message-ID: <20190110201738.F276AFD85@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0059-1 Rating: important References: #1110279 #1116998 Cross-References: CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 45 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.22.4 fixes the following issues: Security issues fixed: CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-59=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-59=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-59=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-59=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-59=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-59=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-59=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-59=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-59=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-59=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-59=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-59=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-59=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.4-2.29.3 libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3 libwebkit2gtk-4_0-37-2.22.4-2.29.3 libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3 typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3 typelib-1_0-WebKit2-4_0-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3 webkit2gtk3-debugsource-2.22.4-2.29.3 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libwebkit2gtk3-lang-2.22.4-2.29.3 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libwebkit2gtk3-lang-2.22.4-2.29.3 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.22.4-2.29.3 webkit2gtk3-debugsource-2.22.4-2.29.3 webkit2gtk3-devel-2.22.4-2.29.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.22.4-2.29.3 webkit2gtk3-debugsource-2.22.4-2.29.3 webkit2gtk3-devel-2.22.4-2.29.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.22.4-2.29.3 libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3 libwebkit2gtk-4_0-37-2.22.4-2.29.3 libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3 typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3 typelib-1_0-WebKit2-4_0-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3 webkit2gtk3-debugsource-2.22.4-2.29.3 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.4-2.29.3 libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3 libwebkit2gtk-4_0-37-2.22.4-2.29.3 libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3 typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3 typelib-1_0-WebKit2-4_0-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3 webkit2gtk3-debugsource-2.22.4-2.29.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.4-2.29.3 libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3 libwebkit2gtk-4_0-37-2.22.4-2.29.3 libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3 typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3 typelib-1_0-WebKit2-4_0-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3 webkit2gtk3-debugsource-2.22.4-2.29.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.4-2.29.3 libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3 libwebkit2gtk-4_0-37-2.22.4-2.29.3 libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3 typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3 typelib-1_0-WebKit2-4_0-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3 webkit2gtk3-debugsource-2.22.4-2.29.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.22.4-2.29.3 libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3 libwebkit2gtk-4_0-37-2.22.4-2.29.3 libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3 typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3 typelib-1_0-WebKit2-4_0-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3 webkit2gtk3-debugsource-2.22.4-2.29.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libjavascriptcoregtk-4_0-18-2.22.4-2.29.3 libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3 libwebkit2gtk-4_0-37-2.22.4-2.29.3 libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3 typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3 typelib-1_0-WebKit2-4_0-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3 webkit2gtk3-debugsource-2.22.4-2.29.3 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): libwebkit2gtk3-lang-2.22.4-2.29.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libjavascriptcoregtk-4_0-18-2.22.4-2.29.3 libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3 libwebkit2gtk-4_0-37-2.22.4-2.29.3 libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3 typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3 typelib-1_0-WebKit2-4_0-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3 webkit2gtk3-debugsource-2.22.4-2.29.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libwebkit2gtk3-lang-2.22.4-2.29.3 - SUSE Enterprise Storage 4 (x86_64): libjavascriptcoregtk-4_0-18-2.22.4-2.29.3 libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3 libwebkit2gtk-4_0-37-2.22.4-2.29.3 libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3 typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3 typelib-1_0-WebKit2-4_0-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3 webkit2gtk3-debugsource-2.22.4-2.29.3 References: https://www.suse.com/security/cve/CVE-2018-4191.html https://www.suse.com/security/cve/CVE-2018-4197.html https://www.suse.com/security/cve/CVE-2018-4207.html https://www.suse.com/security/cve/CVE-2018-4208.html https://www.suse.com/security/cve/CVE-2018-4209.html https://www.suse.com/security/cve/CVE-2018-4210.html https://www.suse.com/security/cve/CVE-2018-4212.html https://www.suse.com/security/cve/CVE-2018-4213.html https://www.suse.com/security/cve/CVE-2018-4261.html https://www.suse.com/security/cve/CVE-2018-4262.html https://www.suse.com/security/cve/CVE-2018-4263.html https://www.suse.com/security/cve/CVE-2018-4264.html https://www.suse.com/security/cve/CVE-2018-4265.html https://www.suse.com/security/cve/CVE-2018-4266.html https://www.suse.com/security/cve/CVE-2018-4267.html https://www.suse.com/security/cve/CVE-2018-4270.html https://www.suse.com/security/cve/CVE-2018-4272.html https://www.suse.com/security/cve/CVE-2018-4273.html https://www.suse.com/security/cve/CVE-2018-4278.html https://www.suse.com/security/cve/CVE-2018-4284.html https://www.suse.com/security/cve/CVE-2018-4299.html https://www.suse.com/security/cve/CVE-2018-4306.html https://www.suse.com/security/cve/CVE-2018-4309.html https://www.suse.com/security/cve/CVE-2018-4312.html https://www.suse.com/security/cve/CVE-2018-4314.html https://www.suse.com/security/cve/CVE-2018-4315.html https://www.suse.com/security/cve/CVE-2018-4316.html https://www.suse.com/security/cve/CVE-2018-4317.html https://www.suse.com/security/cve/CVE-2018-4318.html https://www.suse.com/security/cve/CVE-2018-4319.html https://www.suse.com/security/cve/CVE-2018-4323.html https://www.suse.com/security/cve/CVE-2018-4328.html https://www.suse.com/security/cve/CVE-2018-4345.html https://www.suse.com/security/cve/CVE-2018-4358.html https://www.suse.com/security/cve/CVE-2018-4359.html https://www.suse.com/security/cve/CVE-2018-4361.html https://www.suse.com/security/cve/CVE-2018-4372.html https://www.suse.com/security/cve/CVE-2018-4373.html https://www.suse.com/security/cve/CVE-2018-4375.html https://www.suse.com/security/cve/CVE-2018-4376.html https://www.suse.com/security/cve/CVE-2018-4378.html https://www.suse.com/security/cve/CVE-2018-4382.html https://www.suse.com/security/cve/CVE-2018-4386.html https://www.suse.com/security/cve/CVE-2018-4392.html https://www.suse.com/security/cve/CVE-2018-4416.html https://bugzilla.suse.com/1110279 https://bugzilla.suse.com/1116998 From sle-updates at lists.suse.com Thu Jan 10 16:09:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 00:09:17 +0100 (CET) Subject: SUSE-RU-2019:0069-1: moderate: Recommended update for ceph Message-ID: <20190110230917.07364FD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0069-1 Rating: moderate References: #1109009 #1110415 #1110416 #1110419 #1112872 #1114414 #1116205 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for ceph fixes the following issues: * rgw: resharding produces invalid values of bucket stats (bsc#1110419) * rgw: Fix log level of gc_iterate_entries (bsc#1114414) * rgw: dynamic reshard fixe (bsc#1109009) * bsc#1110415, bsc#1110416 # rgw: es module: set compression type correctly # rgw: ES sync: be more restrictive on object system attrs # rgw: ES sync: wrap all the decode bls in try block # rgw: librgw: initialize curl and http client for multisite * bsc#1116205, bsc#1112872 # rgw: allow init complete to proceed in case of erroneus zone deletes # rgw: period update: check for dangling master zone references # tests: tests for master zone deletion # tests: rgw: test_multi: python 2-3 compatibility Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-69=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-69=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-69=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-69=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-69=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-69=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-69=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs-devel-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados-devel-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados-devel-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd-devel-12.2.10+git.1544718327.fc6f0c7299-2.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs-devel-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados-devel-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados-devel-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd-devel-12.2.10+git.1544718327.fc6f0c7299-2.18.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-common-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-debugsource-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-common-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-debugsource-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ceph-common-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-common-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-debugsource-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ceph-common-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-common-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-debugsource-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ceph-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-base-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-base-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-common-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-common-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-debugsource-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-fuse-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-fuse-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-mds-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-mds-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-mgr-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-mgr-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-mon-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-mon-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-osd-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-osd-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-radosgw-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-radosgw-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-ceph-compat-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python3-ceph-argparse-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python3-cephfs-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python3-cephfs-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python3-rados-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python3-rados-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python3-rbd-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python3-rbd-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python3-rgw-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python3-rgw-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 rbd-fuse-12.2.10+git.1544718327.fc6f0c7299-2.18.1 rbd-fuse-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 rbd-mirror-12.2.10+git.1544718327.fc6f0c7299-2.18.1 rbd-mirror-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 rbd-nbd-12.2.10+git.1544718327.fc6f0c7299-2.18.1 rbd-nbd-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 - SUSE CaaS Platform ALL (x86_64): ceph-common-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-common-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-debugsource-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 - SUSE CaaS Platform 3.0 (x86_64): ceph-common-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-common-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 ceph-debugsource-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libcephfs2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librados2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 libradosstriper1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librbd1-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-12.2.10+git.1544718327.fc6f0c7299-2.18.1 librgw2-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-cephfs-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rados-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rbd-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-12.2.10+git.1544718327.fc6f0c7299-2.18.1 python-rgw-debuginfo-12.2.10+git.1544718327.fc6f0c7299-2.18.1 References: https://bugzilla.suse.com/1109009 https://bugzilla.suse.com/1110415 https://bugzilla.suse.com/1110416 https://bugzilla.suse.com/1110419 https://bugzilla.suse.com/1112872 https://bugzilla.suse.com/1114414 https://bugzilla.suse.com/1116205 From sle-updates at lists.suse.com Thu Jan 10 16:11:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 00:11:05 +0100 (CET) Subject: SUSE-RU-2019:0067-1: moderate: Recommended update for openvswitch Message-ID: <20190110231105.D886FFD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0067-1 Rating: moderate References: #1115085 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openvswitch provides the following fixes: - Improve python packaging (bsc#1115085): * Rename python*-openvswitch subpackages to python*-ovs to follow the openSUSE policy that packages should be named after the modules they install. * Build the JSON C bindings and as a result the 'noarch' BuildArch needs to be removed. * Drop the python*-openvswitch-test packages and merge them with the test subpackage. * Build the python bindings using setuptools. * Include the egg-info package. * Use libopenvswitch as dependency to python bindings. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-67=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-67=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libopenvswitch-2_8-0-2.8.5-6.11.4 libopenvswitch-2_8-0-debuginfo-2.8.5-6.11.4 openvswitch-2.8.5-6.11.4 openvswitch-debuginfo-2.8.5-6.11.4 openvswitch-debugsource-2.8.5-6.11.4 openvswitch-devel-2.8.5-6.11.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openvswitch-debuginfo-2.8.5-6.11.4 openvswitch-debugsource-2.8.5-6.11.4 openvswitch-ovn-central-2.8.5-6.11.4 openvswitch-ovn-central-debuginfo-2.8.5-6.11.4 openvswitch-ovn-common-2.8.5-6.11.4 openvswitch-ovn-common-debuginfo-2.8.5-6.11.4 openvswitch-ovn-docker-2.8.5-6.11.4 openvswitch-ovn-host-2.8.5-6.11.4 openvswitch-ovn-host-debuginfo-2.8.5-6.11.4 openvswitch-ovn-vtep-2.8.5-6.11.4 openvswitch-ovn-vtep-debuginfo-2.8.5-6.11.4 openvswitch-pki-2.8.5-6.11.4 openvswitch-test-2.8.5-6.11.4 openvswitch-test-debuginfo-2.8.5-6.11.4 openvswitch-vtep-2.8.5-6.11.4 openvswitch-vtep-debuginfo-2.8.5-6.11.4 python2-ovs-2.8.5-6.11.4 python2-ovs-debuginfo-2.8.5-6.11.4 python3-ovs-2.8.5-6.11.4 python3-ovs-debuginfo-2.8.5-6.11.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): openvswitch-doc-2.8.5-6.11.4 References: https://bugzilla.suse.com/1115085 From sle-updates at lists.suse.com Thu Jan 10 16:11:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 00:11:49 +0100 (CET) Subject: SUSE-RU-2019:0068-1: moderate: Recommended update for mutter Message-ID: <20190110231149.D4BAFFD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for mutter ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0068-1 Rating: moderate References: #1017412 #1024748 #1045440 #1052058 #1093541 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for mutter provides the following fix: - Memory leak in gnome-shell (bsc#1093541) - Drop stray assert to avoid crash when static workspace number is decreased. (bsc#1045440) - Add RGB16_565 format to support 16-bit color depth sessions. (fate#323412, bsc#1024748) - Fix memory leak in meta_prop_get_values(). (bsc#1017412) - Implement _NET_RESTACK_WINDOW and respect the sibling field of XConfigureRequestEvent. This way X11 window stack operations work as expected. (bsc#1052058) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-68=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-68=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-68=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-68=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-68=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-68=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): mutter-debuginfo-3.20.3-16.12.1 mutter-debugsource-3.20.3-16.12.1 mutter-devel-3.20.3-16.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): mutter-debuginfo-3.20.3-16.12.1 mutter-debugsource-3.20.3-16.12.1 mutter-devel-3.20.3-16.12.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libmutter0-3.20.3-16.12.1 libmutter0-debuginfo-3.20.3-16.12.1 mutter-3.20.3-16.12.1 mutter-data-3.20.3-16.12.1 mutter-debuginfo-3.20.3-16.12.1 mutter-debugsource-3.20.3-16.12.1 typelib-1_0-Meta-3_0-3.20.3-16.12.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): mutter-lang-3.20.3-16.12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libmutter0-3.20.3-16.12.1 libmutter0-debuginfo-3.20.3-16.12.1 mutter-3.20.3-16.12.1 mutter-data-3.20.3-16.12.1 mutter-debuginfo-3.20.3-16.12.1 mutter-debugsource-3.20.3-16.12.1 typelib-1_0-Meta-3_0-3.20.3-16.12.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): mutter-lang-3.20.3-16.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): mutter-lang-3.20.3-16.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libmutter0-3.20.3-16.12.1 libmutter0-debuginfo-3.20.3-16.12.1 mutter-3.20.3-16.12.1 mutter-data-3.20.3-16.12.1 mutter-debuginfo-3.20.3-16.12.1 mutter-debugsource-3.20.3-16.12.1 typelib-1_0-Meta-3_0-3.20.3-16.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): mutter-lang-3.20.3-16.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libmutter0-3.20.3-16.12.1 libmutter0-debuginfo-3.20.3-16.12.1 mutter-3.20.3-16.12.1 mutter-data-3.20.3-16.12.1 mutter-debuginfo-3.20.3-16.12.1 mutter-debugsource-3.20.3-16.12.1 typelib-1_0-Meta-3_0-3.20.3-16.12.1 References: https://bugzilla.suse.com/1017412 https://bugzilla.suse.com/1024748 https://bugzilla.suse.com/1045440 https://bugzilla.suse.com/1052058 https://bugzilla.suse.com/1093541 From sle-updates at lists.suse.com Thu Jan 10 16:13:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 00:13:24 +0100 (CET) Subject: SUSE-RU-2019:0072-1: moderate: Recommended update for apache2 Message-ID: <20190110231324.E19A1FD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0072-1 Rating: moderate References: #1108989 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2 provides the following fix: - Fix full scoreboard error. (bsc#1108989) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-72=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-72=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-72=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-72=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.30.1 apache2-debugsource-2.4.23-29.30.1 apache2-devel-2.4.23-29.30.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.30.1 apache2-debugsource-2.4.23-29.30.1 apache2-devel-2.4.23-29.30.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.30.1 apache2-debuginfo-2.4.23-29.30.1 apache2-debugsource-2.4.23-29.30.1 apache2-example-pages-2.4.23-29.30.1 apache2-prefork-2.4.23-29.30.1 apache2-prefork-debuginfo-2.4.23-29.30.1 apache2-utils-2.4.23-29.30.1 apache2-utils-debuginfo-2.4.23-29.30.1 apache2-worker-2.4.23-29.30.1 apache2-worker-debuginfo-2.4.23-29.30.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): apache2-doc-2.4.23-29.30.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.30.1 apache2-debuginfo-2.4.23-29.30.1 apache2-debugsource-2.4.23-29.30.1 apache2-example-pages-2.4.23-29.30.1 apache2-prefork-2.4.23-29.30.1 apache2-prefork-debuginfo-2.4.23-29.30.1 apache2-utils-2.4.23-29.30.1 apache2-utils-debuginfo-2.4.23-29.30.1 apache2-worker-2.4.23-29.30.1 apache2-worker-debuginfo-2.4.23-29.30.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): apache2-doc-2.4.23-29.30.1 References: https://bugzilla.suse.com/1108989 From sle-updates at lists.suse.com Thu Jan 10 16:14:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 00:14:04 +0100 (CET) Subject: SUSE-RU-2019:0062-1: moderate: Recommended update for xfsprogs Message-ID: <20190110231404.18C2CFD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for xfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0062-1 Rating: moderate References: #1119063 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xfsprogs fixes the following issues: - Fix root inode's parent when it's bogus for sf directory (xfs repair). (bsc#1119063) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-62=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): xfsprogs-4.15.0-4.11.1 xfsprogs-debuginfo-4.15.0-4.11.1 xfsprogs-debugsource-4.15.0-4.11.1 xfsprogs-devel-4.15.0-4.11.1 References: https://bugzilla.suse.com/1119063 From sle-updates at lists.suse.com Thu Jan 10 16:15:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 00:15:14 +0100 (CET) Subject: SUSE-RU-2019:0063-1: moderate: Recommended update for osinfo-db Message-ID: <20190110231514.4F005FD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0063-1 Rating: moderate References: #1086715 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for osinfo-db fixes the following issues: - Add correct release date for SLE12-SP4. - Update database to versions 20181116, 20181011, 20180920, 20180903. - Add support for sle15sp1. (bsc#1086715) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-63=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): osinfo-db-20181116-3.9.1 References: https://bugzilla.suse.com/1086715 From sle-updates at lists.suse.com Thu Jan 10 16:15:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 00:15:52 +0100 (CET) Subject: SUSE-RU-2019:0064-1: moderate: Recommended update for osinfo-db Message-ID: <20190110231552.84F52FD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0064-1 Rating: moderate References: #1086715 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for osinfo-db fixes the following issues: - Add correct release date for SLE12-SP4 - Update database to versions 20181116,20181011 - Add support for sle15sp1 (bsc#1086715) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-64=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-64=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-64=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-64=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): osinfo-db-20181116-3.15.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): osinfo-db-20181116-3.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): osinfo-db-20181116-3.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): osinfo-db-20181116-3.15.1 References: https://bugzilla.suse.com/1086715 From sle-updates at lists.suse.com Thu Jan 10 16:16:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 00:16:31 +0100 (CET) Subject: SUSE-RU-2019:0065-1: moderate: Recommended update for gdm Message-ID: <20190110231631.576CDFD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0065-1 Rating: moderate References: #1112834 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdm fixes the following issues: - Ignore duplicate desktop file with same "Name" value, including symlinks of desktop files. (bsc#1112834) - Drop the hardcoded "default.desktop" as LightDM and SDDM use symlinks as aliases. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-65=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-65=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): gdm-branding-upstream-3.26.2.1-13.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gdm-3.26.2.1-13.12.1 gdm-debuginfo-3.26.2.1-13.12.1 gdm-debugsource-3.26.2.1-13.12.1 gdm-devel-3.26.2.1-13.12.1 libgdm1-3.26.2.1-13.12.1 libgdm1-debuginfo-3.26.2.1-13.12.1 typelib-1_0-Gdm-1_0-3.26.2.1-13.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gdm-lang-3.26.2.1-13.12.1 gdmflexiserver-3.26.2.1-13.12.1 References: https://bugzilla.suse.com/1112834 From sle-updates at lists.suse.com Thu Jan 10 16:17:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 00:17:13 +0100 (CET) Subject: SUSE-RU-2019:0066-1: moderate: Recommended update for kernel-firmware Message-ID: <20190110231713.8D9A5FD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0066-1 Rating: moderate References: #1101818 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kernel-firmware provides the following improvements: - Changes in version 20181026 (fate#326045, fate#325856, fate#326294): * qed: Add 8.37.7.0 firmware image. * amdgpu: Add raven dmcu firmware. * amdgpu: Update raven firmware to 18.40. * amdgpu: Update fiji firmware to 18.40. * amdgpu: Update tonga firmware to 18.40. * amdgpu: Update carrizo firmware to 18.40. * amdgpu: Update polaris10 firmware to 18.40. * amdgpu: Update vega10 firmware to 18.40. * linux-firmware: Add firmware for mt7650e. * linux-firmware: Add MC firmware for NXP DPAA2 SoCs. * linux-firmware: Liquidio: Fix GPL compliance issue. * linux-firmware: Update firmware file for Intel Bluetooth,8265. * linux-firmware: Update firmware patch for Intel Bluetooth 8260. * linux-firmware: Update firmware file for Intel Bluetooth,9260. * linux-firmware: Update firmware file for Intel Bluetooth,9560. * linux-firmware: Add firmware for mt7610e. * Update Intel OPA hfi1 firmware. * ath10k: QCA9984 hw1.0: Update board-2.bin. * ath10k: QCA9984 hw1.0: Update firmware-5.bin to 10.4-3.6.0.1-00003. * ath10k: QCA988X hw2.0: Update firmware-5.bin to 10.2.4-1.0-00041. * ath10k: QCA9888 hw2.0: Update board-2.bin. * ath10k: QCA9888 hw2.0: Update firmware-5.bin to 10.4-3.6-00140. * ath10k: QCA9887 hw1.0: Update firmware-5.bin to 10.2.4-1.0-00041. * ath10k: QCA9377 hw1.0: Add firmware-6.bin to WLAN.TF.2.1-00021-QCARMSWP-1. * ath10k: QCA6174 hw3.0: Update firmware-6.bin to RM.4.4.1.c2-00057-QCARMSWP-1. * ath10k: QCA4019 hw1.0: Update board-2.bin. * ath10k: QCA4019 hw1.0: Update firmware-5.bin to 10.4-3.6-00140. * nfp: Add Agilio BPF firmware rev 2.0.6.124. * rtw88: Add firmware file for driver rtw88. * nfp: Update Agilio SmartNIC flower firmware to rev AOTC-2.9.A.37. * iwlwifi: Add -41.ucode firmwares for 9000 series. * iwlwifi: Update firmwares for 9000 series. * iwlwifi: Update firmwares for 7000, 8000 and 9000 series. * nfp: Update Agilio SmartNIC firmware to rev 2.1.13. - Changes in version 20181001 (fate#326291,fate#326079): * ti-connectivity: Add firmware for CC2560(A) Bluetooth. * linux-firmware: mediatek: Add firmware for mt7668u Bluetooth. * nvidia: Add GV100 signed firmware. * firmware/icl/dmc: Add v1.07 of DMC for Icelake. * linux-firmware: Add Marvell SD8997 firmware image. * qca: Update BT firmware files for QCA ROME chip. - Changes in version 20180913: * brcm: Update firmware for bcm43362 sdio. * Mellanox: Add new mlxsw_spectrum firmware 13.1703.4. * rtl_bt: Add firmware and configuration files for the Bluetooth part of RTL8822CU. * nvidia: Switch GP10[2467] to newer scrubber/ACR firmware (from GP108). - Changes in version 20180825: * amdgpu: Sync up polaris10 firmware with 18.30 release. * amdgpu: Sync up vega10 firmware with 18.30 release. * amdgpu: Sync up raven firmware with 18.30 release. * amdgpu: Sync up polaris12 firmware with 18.30 release. * amdgpu: Sync up tonga firmware with 18.30 release. * amdgpu: Sync up polaris11 firmware with 18.30 release. * amdgpu: Sync up fiji firmware with 18.30 release. * linux-firmware: Add firmware for mhdp8546. * qed: Add firmware 8.37.7.0. - Changes in version 20180814: * linux-firmware: Update firmware patch for Intel Bluetooth 7265 (D1). * linux-firmware: Update firmware file for Intel Bluetooth,9560. * linux-firmware: Update firmware file for Intel Bluetooth,9260. * linux-firmware: Update firmware file for Intel Bluetooth,8265. * linux-firmware: Update firmware patch for Intel Bluetooth 8260. * linux-firmware: Add firmware for mt76x0. * qcom: Update venus firmware files for v5.2. * nfp: Update Agilio SmartNIC flower firmware to rev AOTC-2.9.A.31. - Changes in version 20180730: * linux-firmware: Add firmware for mt76x2u. * wl18xx: Update firmware file 8.9.0.0.79. * Mellanox: Add new mlxsw_spectrum firmware 13.1702.6. * WHENCE: Remove reference to amdgpu/vegam_me_2.bin. * linux-firmware: mediatek: Add MT7622 Bluetooth firmwares and license file. * brcm: Add 43430 based AP6212 and 1DX NVRAM. * linux-firmware: Update Marvell USB8801 B0 firmware image. - Changes in version 20180717: * amdgpu: Update copyright date. * amdgpu: Add initial VegaM firmware. * amdgpu: Sync up vega10 firmware with 18.20 release. * amdgpu: Sync up raven firmware with 18.20 release. * amdgpu: Sync up polaris12 firmware with 18.20 release. * amdgpu: Sync up polaris11 firmware with 18.20 release. * amdgpu: Sync up polaris10 firmware with 18.20 release. * amdgpu: Sync up verde firmware with 18.20 release. * amdgpu: Sync up pitcairn firmware with 18.20 release. * amdgpu: Sync up tahiti firmware with 18.20 release. * amdgpu: Sync up oland firmware with 18.20 release. * amdgpu: Sync up hainan firmware with 18.20 release. * amdgpu: Sync up kaveri firmware with 18.20 release. * amdgpu: Sync up mullins firmware with 18.20 release. * amdgpu: Sync up kabini firmware with 18.20 release. * amdgpu: Sync up hawaii firmware with 18.20 release. * amdgpu: Sync up bonaire firmware with 18.20 release. * WHENCE: Fix typo Version. * cxgb4: Update firmware to revision 1.20.8.0. - Changes in version 20180606: * brcm: Update firmware for bcm4356 pcie. * brcm: Update firmware for bcm4354 sdio. * brcm: Update firmware for bcm43362 sdio. * brcm: Update firmware for bcm43340 sdio. * brcm: Update firmware for bcm43430 sdio. * Update Cypress license termination clause. * amdgpu: Update vega10 VCE firmware to version 55.3. * linux-firmware: Update firmware patch for Intel Bluetooth 7265 (D0). * linux-firmware: Update firmware patch for Intel Bluetooth 7265 (D1). * qcom: Add venus firmware files for v5.2. * linux-firmware: liquidio: Update vswitch firmware to v1.7.2. - Remove unnecessary python dependency. (bsc#1101818) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-66=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-firmware-20181026-3.8.2 ucode-amd-20181026-3.8.2 References: https://bugzilla.suse.com/1101818 From sle-updates at lists.suse.com Thu Jan 10 16:17:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 00:17:50 +0100 (CET) Subject: SUSE-RU-2019:0071-1: moderate: Recommended update for yast2-ntp-client Message-ID: <20190110231750.E201BFD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ntp-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0071-1 Rating: moderate References: #1075039 #1108497 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-ntp-client fixes the following issues: - Fixed sync_once method return value (bsc#1108497) - Save the service status according to the user preferences (bsc#1075039) - Only write the configuration once, and do not save changes when we are only synchronizing the date. (bsc#1108497) - Fixed sync_once method return value (bsc#1108497) - Save the service status according to the user preferences (bsc#1075039) - Only write the configuration once, and do not save changes when we are only synchronizing the date. (bsc#1108497) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-71=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-71=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-ntp-client-3.2.18-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-ntp-client-3.2.18-3.3.1 References: https://bugzilla.suse.com/1075039 https://bugzilla.suse.com/1108497 From sle-updates at lists.suse.com Thu Jan 10 16:18:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 00:18:43 +0100 (CET) Subject: SUSE-RU-2019:0070-1: moderate: Recommended update for docker Message-ID: <20190110231843.A0781FD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0070-1 Rating: moderate References: #1119634 Affected Products: SUSE Linux Enterprise Module for Containers 12 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for docker fixes the following issues: - Handle build breakage due to missing 'export GOPATH' (caused by resolution of bsc#1119634) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-70=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-70=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): docker-18.06.1_ce-98.24.1 docker-debuginfo-18.06.1_ce-98.24.1 docker-debugsource-18.06.1_ce-98.24.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): docker-18.06.1_ce-98.24.1 docker-debuginfo-18.06.1_ce-98.24.1 docker-debugsource-18.06.1_ce-98.24.1 References: https://bugzilla.suse.com/1119634 From sle-updates at lists.suse.com Fri Jan 11 07:09:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 15:09:16 +0100 (CET) Subject: SUSE-SU-2019:13927-1: important: Security update for LibVNCServer Message-ID: <20190111140916.2234BFDF7@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13927-1 Rating: important References: #1120114 #1120115 #1120116 #1120117 #1120118 #1120120 #1120121 #1120122 Cross-References: CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20024 CVE-2018-6307 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-LibVNCServer-13927=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-LibVNCServer-13927=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-LibVNCServer-13927=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-LibVNCServer-13927=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-LibVNCServer-13927=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-LibVNCServer-13927=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-devel-0.9.1-160.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-0.9.1-160.6.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): LibVNCServer-0.9.1-160.6.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): LibVNCServer-0.9.1-160.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-debuginfo-0.9.1-160.6.1 LibVNCServer-debugsource-0.9.1-160.6.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): LibVNCServer-debuginfo-0.9.1-160.6.1 LibVNCServer-debugsource-0.9.1-160.6.1 References: https://www.suse.com/security/cve/CVE-2018-15126.html https://www.suse.com/security/cve/CVE-2018-15127.html https://www.suse.com/security/cve/CVE-2018-20019.html https://www.suse.com/security/cve/CVE-2018-20020.html https://www.suse.com/security/cve/CVE-2018-20021.html https://www.suse.com/security/cve/CVE-2018-20022.html https://www.suse.com/security/cve/CVE-2018-20024.html https://www.suse.com/security/cve/CVE-2018-6307.html https://bugzilla.suse.com/1120114 https://bugzilla.suse.com/1120115 https://bugzilla.suse.com/1120116 https://bugzilla.suse.com/1120117 https://bugzilla.suse.com/1120118 https://bugzilla.suse.com/1120120 https://bugzilla.suse.com/1120121 https://bugzilla.suse.com/1120122 From sle-updates at lists.suse.com Fri Jan 11 07:11:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 15:11:04 +0100 (CET) Subject: SUSE-RU-2019:0073-1: moderate: Recommended update for kubernetes-salt, velum Message-ID: <20190111141104.B20C6FDF7@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes-salt, velum ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0073-1 Rating: moderate References: #1095572 #1097817 #1098334 #1101973 #1103873 #1109293 #1111361 #1115236 #1117152 #1118907 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for velum and kubernetes-salt fixes the following issues: - Scheduling pods with automatic PersistentVolumenClaim doesn't work (bsc#1095572) - Configuring CPI for ECP makes bootstrap fail (bsc#1103873) - OpenStack Cloud Provider config file doesn't exist (bsc#1111361) - added openstack fields info and required validation (bsc#1097817) - Deleting a node during setup phase fails in Velum and does not remove the virtual machine (bsc#1117152) - Filter field description is confusing (bsc#1109293) - require uglifier only during packaging (bsc#1118907) - Changes has to be a dictionary (bsc#1098334) - Add self-signed certificate to CPI configuration (bsc#1101973) - Use the correct key to access the etcd_version from pillars (bsc#1115236) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r902_6247cea-3.36.1 - SUSE CaaS Platform 3.0 (x86_64): sles12-velum-image-3.1.7-3.27.3 References: https://bugzilla.suse.com/1095572 https://bugzilla.suse.com/1097817 https://bugzilla.suse.com/1098334 https://bugzilla.suse.com/1101973 https://bugzilla.suse.com/1103873 https://bugzilla.suse.com/1109293 https://bugzilla.suse.com/1111361 https://bugzilla.suse.com/1115236 https://bugzilla.suse.com/1117152 https://bugzilla.suse.com/1118907 From sle-updates at lists.suse.com Fri Jan 11 10:09:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 18:09:23 +0100 (CET) Subject: SUSE-RU-2019:0075-1: moderate: Recommended update for azure-li-services, python-Cerberus Message-ID: <20190111170923.2D8E9FDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-li-services, python-Cerberus ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0075-1 Rating: moderate References: #1103542 #1119702 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for azure-li-services, python-Cerberus fixes the following issues: azure-li-services and its dependency python-Cerberus were added to the Public Cloud Module. (fate#326575 bsc#1103542) 'azure-li-services' is a package providing services to setup a system suitable to run SAP workloads on it. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-75=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): azure-li-services-1.1.20-1.5.1 python3-Cerberus-1.1-1.3.1 References: https://bugzilla.suse.com/1103542 https://bugzilla.suse.com/1119702 From sle-updates at lists.suse.com Fri Jan 11 10:10:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 18:10:05 +0100 (CET) Subject: SUSE-RU-2019:0078-1: moderate: Recommended update for lifecycle-data-sle-live-patching Message-ID: <20190111171005.674BFFDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0078-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-live-patching adds lifecycle data for the following patches: 3_12_61-52_146, 3_12_74-60_64_107, 4_4_121-92_95, 4_4_121-92_98, 4_4_156-94_57, 4_4_156-94_61, 4_4_156-94_64, 4_4_162-94_69, 4_4_162-94_72. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-76=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-78=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-78=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2019-78=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-4.3.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.35.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.35.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.35.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Fri Jan 11 10:10:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 18:10:40 +0100 (CET) Subject: SUSE-RU-2019:0077-1: moderate: Recommended update for go1.11 Message-ID: <20190111171040.4BBC1FDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0077-1 Rating: moderate References: #1119634 #1119706 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for go1.11 fixes the following issues: - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (bsc#1119634) - Fix a regression that broke go get for import path patterns containing "..." (bsc#1119706) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-77=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): go1.11-1.11.4-1.6.2 go1.11-doc-1.11.4-1.6.2 References: https://bugzilla.suse.com/1119634 https://bugzilla.suse.com/1119706 From sle-updates at lists.suse.com Fri Jan 11 13:09:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 21:09:04 +0100 (CET) Subject: SUSE-SU-2019:0081-1: moderate: Security update for sssd Message-ID: <20190111200904.12770FD85@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0081-1 Rating: moderate References: #1010700 #1072728 #1080156 #1087320 #1098377 #1101877 #1110299 Cross-References: CVE-2018-10852 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for sssd provides the following fixes: This security issue was fixed: - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users (bsc#1098377) These non-security issues were fixed: - Fix a segmentation fault in sss_cache command. (bsc#1072728) - Fix a failure in autofs initialisation sequence upon system boot. (bsc#1010700) - Fix race condition on boot between SSSD and autofs. (bsc#1010700) - Fix a bug where file descriptors were not closed (bsc#1080156) - Fix an issue where sssd logs were not rotated properly (bsc#1080156) - Remove whitespaces from netgroup entries (bsc#1087320) - Remove misleading log messages (bsc#1101877) - exit() the forked process if exec()-ing a child process fails (bsc#1110299) - Do not schedule the machine renewal task if adcli is not executable (bsc#1110299) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-81=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-81=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-81=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-81=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-81=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-81=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-81=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libipa_hbac0-1.13.4-34.23.1 libipa_hbac0-debuginfo-1.13.4-34.23.1 libsss_idmap0-1.13.4-34.23.1 libsss_idmap0-debuginfo-1.13.4-34.23.1 libsss_sudo-1.13.4-34.23.1 libsss_sudo-debuginfo-1.13.4-34.23.1 python-sssd-config-1.13.4-34.23.1 python-sssd-config-debuginfo-1.13.4-34.23.1 sssd-1.13.4-34.23.1 sssd-32bit-1.13.4-34.23.1 sssd-ad-1.13.4-34.23.1 sssd-ad-debuginfo-1.13.4-34.23.1 sssd-debuginfo-1.13.4-34.23.1 sssd-debuginfo-32bit-1.13.4-34.23.1 sssd-debugsource-1.13.4-34.23.1 sssd-ipa-1.13.4-34.23.1 sssd-ipa-debuginfo-1.13.4-34.23.1 sssd-krb5-1.13.4-34.23.1 sssd-krb5-common-1.13.4-34.23.1 sssd-krb5-common-debuginfo-1.13.4-34.23.1 sssd-krb5-debuginfo-1.13.4-34.23.1 sssd-ldap-1.13.4-34.23.1 sssd-ldap-debuginfo-1.13.4-34.23.1 sssd-proxy-1.13.4-34.23.1 sssd-proxy-debuginfo-1.13.4-34.23.1 sssd-tools-1.13.4-34.23.1 sssd-tools-debuginfo-1.13.4-34.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.13.4-34.23.1 libsss_idmap-devel-1.13.4-34.23.1 libsss_nss_idmap-devel-1.13.4-34.23.1 sssd-debuginfo-1.13.4-34.23.1 sssd-debugsource-1.13.4-34.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libipa_hbac0-1.13.4-34.23.1 libipa_hbac0-debuginfo-1.13.4-34.23.1 libsss_idmap0-1.13.4-34.23.1 libsss_idmap0-debuginfo-1.13.4-34.23.1 libsss_sudo-1.13.4-34.23.1 libsss_sudo-debuginfo-1.13.4-34.23.1 python-sssd-config-1.13.4-34.23.1 python-sssd-config-debuginfo-1.13.4-34.23.1 sssd-1.13.4-34.23.1 sssd-ad-1.13.4-34.23.1 sssd-ad-debuginfo-1.13.4-34.23.1 sssd-debuginfo-1.13.4-34.23.1 sssd-debugsource-1.13.4-34.23.1 sssd-ipa-1.13.4-34.23.1 sssd-ipa-debuginfo-1.13.4-34.23.1 sssd-krb5-1.13.4-34.23.1 sssd-krb5-common-1.13.4-34.23.1 sssd-krb5-common-debuginfo-1.13.4-34.23.1 sssd-krb5-debuginfo-1.13.4-34.23.1 sssd-ldap-1.13.4-34.23.1 sssd-ldap-debuginfo-1.13.4-34.23.1 sssd-proxy-1.13.4-34.23.1 sssd-proxy-debuginfo-1.13.4-34.23.1 sssd-tools-1.13.4-34.23.1 sssd-tools-debuginfo-1.13.4-34.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): sssd-32bit-1.13.4-34.23.1 sssd-debuginfo-32bit-1.13.4-34.23.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.13.4-34.23.1 libipa_hbac0-debuginfo-1.13.4-34.23.1 libsss_idmap0-1.13.4-34.23.1 libsss_idmap0-debuginfo-1.13.4-34.23.1 libsss_nss_idmap0-1.13.4-34.23.1 libsss_nss_idmap0-debuginfo-1.13.4-34.23.1 libsss_sudo-1.13.4-34.23.1 libsss_sudo-debuginfo-1.13.4-34.23.1 python-sssd-config-1.13.4-34.23.1 python-sssd-config-debuginfo-1.13.4-34.23.1 sssd-1.13.4-34.23.1 sssd-ad-1.13.4-34.23.1 sssd-ad-debuginfo-1.13.4-34.23.1 sssd-debuginfo-1.13.4-34.23.1 sssd-debugsource-1.13.4-34.23.1 sssd-ipa-1.13.4-34.23.1 sssd-ipa-debuginfo-1.13.4-34.23.1 sssd-krb5-1.13.4-34.23.1 sssd-krb5-common-1.13.4-34.23.1 sssd-krb5-common-debuginfo-1.13.4-34.23.1 sssd-krb5-debuginfo-1.13.4-34.23.1 sssd-ldap-1.13.4-34.23.1 sssd-ldap-debuginfo-1.13.4-34.23.1 sssd-proxy-1.13.4-34.23.1 sssd-proxy-debuginfo-1.13.4-34.23.1 sssd-tools-1.13.4-34.23.1 sssd-tools-debuginfo-1.13.4-34.23.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): sssd-32bit-1.13.4-34.23.1 sssd-debuginfo-32bit-1.13.4-34.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libipa_hbac0-1.13.4-34.23.1 libipa_hbac0-debuginfo-1.13.4-34.23.1 libsss_idmap0-1.13.4-34.23.1 libsss_idmap0-debuginfo-1.13.4-34.23.1 libsss_sudo-1.13.4-34.23.1 libsss_sudo-debuginfo-1.13.4-34.23.1 python-sssd-config-1.13.4-34.23.1 python-sssd-config-debuginfo-1.13.4-34.23.1 sssd-1.13.4-34.23.1 sssd-ad-1.13.4-34.23.1 sssd-ad-debuginfo-1.13.4-34.23.1 sssd-debuginfo-1.13.4-34.23.1 sssd-debugsource-1.13.4-34.23.1 sssd-ipa-1.13.4-34.23.1 sssd-ipa-debuginfo-1.13.4-34.23.1 sssd-krb5-1.13.4-34.23.1 sssd-krb5-common-1.13.4-34.23.1 sssd-krb5-common-debuginfo-1.13.4-34.23.1 sssd-krb5-debuginfo-1.13.4-34.23.1 sssd-ldap-1.13.4-34.23.1 sssd-ldap-debuginfo-1.13.4-34.23.1 sssd-proxy-1.13.4-34.23.1 sssd-proxy-debuginfo-1.13.4-34.23.1 sssd-tools-1.13.4-34.23.1 sssd-tools-debuginfo-1.13.4-34.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): sssd-32bit-1.13.4-34.23.1 sssd-debuginfo-32bit-1.13.4-34.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libipa_hbac0-1.13.4-34.23.1 libipa_hbac0-debuginfo-1.13.4-34.23.1 libsss_idmap0-1.13.4-34.23.1 libsss_idmap0-debuginfo-1.13.4-34.23.1 libsss_nss_idmap0-1.13.4-34.23.1 libsss_nss_idmap0-debuginfo-1.13.4-34.23.1 libsss_sudo-1.13.4-34.23.1 libsss_sudo-debuginfo-1.13.4-34.23.1 python-sssd-config-1.13.4-34.23.1 python-sssd-config-debuginfo-1.13.4-34.23.1 sssd-1.13.4-34.23.1 sssd-32bit-1.13.4-34.23.1 sssd-ad-1.13.4-34.23.1 sssd-ad-debuginfo-1.13.4-34.23.1 sssd-debuginfo-1.13.4-34.23.1 sssd-debuginfo-32bit-1.13.4-34.23.1 sssd-debugsource-1.13.4-34.23.1 sssd-ipa-1.13.4-34.23.1 sssd-ipa-debuginfo-1.13.4-34.23.1 sssd-krb5-1.13.4-34.23.1 sssd-krb5-common-1.13.4-34.23.1 sssd-krb5-common-debuginfo-1.13.4-34.23.1 sssd-krb5-debuginfo-1.13.4-34.23.1 sssd-ldap-1.13.4-34.23.1 sssd-ldap-debuginfo-1.13.4-34.23.1 sssd-proxy-1.13.4-34.23.1 sssd-proxy-debuginfo-1.13.4-34.23.1 sssd-tools-1.13.4-34.23.1 sssd-tools-debuginfo-1.13.4-34.23.1 - SUSE Enterprise Storage 4 (x86_64): libipa_hbac0-1.13.4-34.23.1 libipa_hbac0-debuginfo-1.13.4-34.23.1 libsss_idmap0-1.13.4-34.23.1 libsss_idmap0-debuginfo-1.13.4-34.23.1 libsss_sudo-1.13.4-34.23.1 libsss_sudo-debuginfo-1.13.4-34.23.1 python-sssd-config-1.13.4-34.23.1 python-sssd-config-debuginfo-1.13.4-34.23.1 sssd-1.13.4-34.23.1 sssd-32bit-1.13.4-34.23.1 sssd-ad-1.13.4-34.23.1 sssd-ad-debuginfo-1.13.4-34.23.1 sssd-debuginfo-1.13.4-34.23.1 sssd-debuginfo-32bit-1.13.4-34.23.1 sssd-debugsource-1.13.4-34.23.1 sssd-ipa-1.13.4-34.23.1 sssd-ipa-debuginfo-1.13.4-34.23.1 sssd-krb5-1.13.4-34.23.1 sssd-krb5-common-1.13.4-34.23.1 sssd-krb5-common-debuginfo-1.13.4-34.23.1 sssd-krb5-debuginfo-1.13.4-34.23.1 sssd-ldap-1.13.4-34.23.1 sssd-ldap-debuginfo-1.13.4-34.23.1 sssd-proxy-1.13.4-34.23.1 sssd-proxy-debuginfo-1.13.4-34.23.1 sssd-tools-1.13.4-34.23.1 sssd-tools-debuginfo-1.13.4-34.23.1 References: https://www.suse.com/security/cve/CVE-2018-10852.html https://bugzilla.suse.com/1010700 https://bugzilla.suse.com/1072728 https://bugzilla.suse.com/1080156 https://bugzilla.suse.com/1087320 https://bugzilla.suse.com/1098377 https://bugzilla.suse.com/1101877 https://bugzilla.suse.com/1110299 From sle-updates at lists.suse.com Fri Jan 11 13:10:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 21:10:47 +0100 (CET) Subject: SUSE-RU-2019:13929-1: moderate: Recommended update for xorg-x11-libX11, xorg-x11-libxcb Message-ID: <20190111201047.BE137FD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-libX11, xorg-x11-libxcb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13929-1 Rating: moderate References: #1115729 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-libX11, xorg-x11-libxcb provides the following fix: - Add proper dependencies for handoff mechanism in 32bit version of the packages. (bsc#1115729) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libxcb-13929=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libxcb-13929=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libxcb-13929=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-devel-7.4-5.11.72.12.1 xorg-x11-libxcb-devel-7.4-1.31.9.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-devel-32bit-7.4-5.11.72.12.1 xorg-x11-libxcb-devel-32bit-7.4-1.31.9.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.72.12.1 xorg-x11-libxcb-7.4-1.31.9.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.72.12.1 xorg-x11-libxcb-32bit-7.4-1.31.9.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libX11-x86-7.4-5.11.72.12.1 xorg-x11-libxcb-x86-7.4-1.31.9.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-debuginfo-7.4-5.11.72.12.1 xorg-x11-libX11-debugsource-7.4-5.11.72.12.1 xorg-x11-libxcb-debuginfo-7.4-1.31.9.2 xorg-x11-libxcb-debugsource-7.4-1.31.9.2 References: https://bugzilla.suse.com/1115729 From sle-updates at lists.suse.com Fri Jan 11 13:11:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 21:11:24 +0100 (CET) Subject: SUSE-SU-2019:0080-1: important: Security update for LibVNCServer Message-ID: <20190111201124.BF2E5FD85@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0080-1 Rating: important References: #1120114 #1120115 #1120116 #1120117 #1120118 #1120119 #1120120 #1120121 #1120122 Cross-References: CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-6307 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-80=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-80=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-80=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): LibVNCServer-debugsource-0.9.10-4.3.1 libvncclient0-0.9.10-4.3.1 libvncclient0-debuginfo-0.9.10-4.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.3.1 libvncserver0-0.9.10-4.3.1 libvncserver0-debuginfo-0.9.10-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.3.1 LibVNCServer-devel-0.9.10-4.3.1 libvncserver0-0.9.10-4.3.1 libvncserver0-debuginfo-0.9.10-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-15126.html https://www.suse.com/security/cve/CVE-2018-15127.html https://www.suse.com/security/cve/CVE-2018-20019.html https://www.suse.com/security/cve/CVE-2018-20020.html https://www.suse.com/security/cve/CVE-2018-20021.html https://www.suse.com/security/cve/CVE-2018-20022.html https://www.suse.com/security/cve/CVE-2018-20023.html https://www.suse.com/security/cve/CVE-2018-20024.html https://www.suse.com/security/cve/CVE-2018-6307.html https://bugzilla.suse.com/1120114 https://bugzilla.suse.com/1120115 https://bugzilla.suse.com/1120116 https://bugzilla.suse.com/1120117 https://bugzilla.suse.com/1120118 https://bugzilla.suse.com/1120119 https://bugzilla.suse.com/1120120 https://bugzilla.suse.com/1120121 https://bugzilla.suse.com/1120122 From sle-updates at lists.suse.com Fri Jan 11 13:13:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 21:13:04 +0100 (CET) Subject: SUSE-RU-2019:0083-1: moderate: Recommended update for yast2-storage-ng Message-ID: <20190111201304.31DD2FD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0083-1 Rating: moderate References: #1059972 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-storage-ng provides the following fix: - partitioner: Do not allow to create BTRFS subvolumes with unsafe characters in the path. (bsc#1059972) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-83=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.0.216-3.35.3 References: https://bugzilla.suse.com/1059972 From sle-updates at lists.suse.com Fri Jan 11 13:13:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 21:13:42 +0100 (CET) Subject: SUSE-RU-2019:0082-1: moderate: Recommended update for suse-build-key Message-ID: <20190111201342.410E4FD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-build-key ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0082-1 Rating: moderate References: #1044232 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-build-key fixes the following issues: - Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-82=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): suse-build-key-12.0-8.3.1 References: https://bugzilla.suse.com/1044232 From sle-updates at lists.suse.com Fri Jan 11 13:14:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Jan 2019 21:14:17 +0100 (CET) Subject: SUSE-RU-2019:13928-1: moderate: Recommended update for timezone Message-ID: <20190111201417.A5277FD85@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13928-1 Rating: moderate References: #1120402 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: - Update 2018i: S??o Tom?? and Pr??ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-timezone-13928=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-timezone-13928=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-timezone-13928=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): timezone-java-2018i-0.52.20.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-2018i-0.52.20.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): timezone-java-2018i-0.52.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-debuginfo-2018i-0.52.20.1 timezone-debugsource-2018i-0.52.20.1 References: https://bugzilla.suse.com/1120402 From sle-updates at lists.suse.com Tue Jan 15 09:55:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 17:55:07 +0100 (CET) Subject: SUSE-SU-2019:0092-1: important: Security update for webkit2gtk3 Message-ID: <20190115165507.6F877FDF3@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0092-1 Rating: important References: #1110279 #1116998 #1119558 Cross-References: CVE-2018-11713 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 43 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.22.5 fixes the following issues: Security issues fixed: - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-92=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-92=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-92=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): webkit-jsc-4-2.22.5-3.13.1 webkit-jsc-4-debuginfo-2.22.5-3.13.1 webkit2gtk3-debugsource-2.22.5-3.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.22.5-3.13.1 typelib-1_0-WebKit2-4_0-2.22.5-3.13.1 typelib-1_0-WebKit2WebExtension-4_0-2.22.5-3.13.1 webkit2gtk3-debugsource-2.22.5-3.13.1 webkit2gtk3-devel-2.22.5-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.5-3.13.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-3.13.1 libwebkit2gtk-4_0-37-2.22.5-3.13.1 libwebkit2gtk-4_0-37-debuginfo-2.22.5-3.13.1 webkit2gtk-4_0-injected-bundles-2.22.5-3.13.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-3.13.1 webkit2gtk3-debugsource-2.22.5-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libwebkit2gtk3-lang-2.22.5-3.13.1 References: https://www.suse.com/security/cve/CVE-2018-11713.html https://www.suse.com/security/cve/CVE-2018-4162.html https://www.suse.com/security/cve/CVE-2018-4163.html https://www.suse.com/security/cve/CVE-2018-4165.html https://www.suse.com/security/cve/CVE-2018-4191.html https://www.suse.com/security/cve/CVE-2018-4197.html https://www.suse.com/security/cve/CVE-2018-4207.html https://www.suse.com/security/cve/CVE-2018-4208.html https://www.suse.com/security/cve/CVE-2018-4209.html https://www.suse.com/security/cve/CVE-2018-4210.html https://www.suse.com/security/cve/CVE-2018-4212.html https://www.suse.com/security/cve/CVE-2018-4213.html https://www.suse.com/security/cve/CVE-2018-4299.html https://www.suse.com/security/cve/CVE-2018-4306.html https://www.suse.com/security/cve/CVE-2018-4309.html https://www.suse.com/security/cve/CVE-2018-4312.html https://www.suse.com/security/cve/CVE-2018-4314.html https://www.suse.com/security/cve/CVE-2018-4315.html https://www.suse.com/security/cve/CVE-2018-4316.html https://www.suse.com/security/cve/CVE-2018-4317.html https://www.suse.com/security/cve/CVE-2018-4318.html https://www.suse.com/security/cve/CVE-2018-4319.html https://www.suse.com/security/cve/CVE-2018-4323.html https://www.suse.com/security/cve/CVE-2018-4328.html https://www.suse.com/security/cve/CVE-2018-4345.html https://www.suse.com/security/cve/CVE-2018-4358.html https://www.suse.com/security/cve/CVE-2018-4359.html https://www.suse.com/security/cve/CVE-2018-4361.html https://www.suse.com/security/cve/CVE-2018-4372.html https://www.suse.com/security/cve/CVE-2018-4373.html https://www.suse.com/security/cve/CVE-2018-4375.html https://www.suse.com/security/cve/CVE-2018-4376.html https://www.suse.com/security/cve/CVE-2018-4378.html https://www.suse.com/security/cve/CVE-2018-4382.html https://www.suse.com/security/cve/CVE-2018-4386.html https://www.suse.com/security/cve/CVE-2018-4392.html https://www.suse.com/security/cve/CVE-2018-4416.html https://www.suse.com/security/cve/CVE-2018-4437.html https://www.suse.com/security/cve/CVE-2018-4438.html https://www.suse.com/security/cve/CVE-2018-4441.html https://www.suse.com/security/cve/CVE-2018-4442.html https://www.suse.com/security/cve/CVE-2018-4443.html https://www.suse.com/security/cve/CVE-2018-4464.html https://bugzilla.suse.com/1110279 https://bugzilla.suse.com/1116998 https://bugzilla.suse.com/1119558 From sle-updates at lists.suse.com Tue Jan 15 09:56:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 17:56:06 +0100 (CET) Subject: SUSE-RU-2019:0087-1: moderate: Recommended update for regionServiceClientConfigEC2 Message-ID: <20190115165606.1E9FCFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for regionServiceClientConfigEC2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0087-1 Rating: moderate References: #1093189 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for regionServiceClientConfigEC2 2.1.0 fixes the following issues: Add the SUSE Server IP 34.197.223.242 to configuration (bsc#1093189) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-87=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): regionServiceClientConfigEC2-2.1.0-4.3.1 References: https://bugzilla.suse.com/1093189 From sle-updates at lists.suse.com Tue Jan 15 09:56:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 17:56:43 +0100 (CET) Subject: SUSE-RU-2019:13930-1: moderate: Recommended update for regionServiceClientConfigEC2 Message-ID: <20190115165643.B0F0BFDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for regionServiceClientConfigEC2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13930-1 Rating: moderate References: #1093211 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for regionServiceClientConfigEC2 fixes the following issues: Updated to version 2.1.0 (bsc#1093211) + Delete old certificate of server we no longer operate + Add certificate for new server 34.197.223.242 + Add 34.197.223.242 to configuration Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-regionServiceClientConfigEC2-13930=1 Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (noarch): regionServiceClientConfigEC2-2.1.0-0.7.3.1 References: https://bugzilla.suse.com/1093211 From sle-updates at lists.suse.com Tue Jan 15 09:57:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 17:57:23 +0100 (CET) Subject: SUSE-RU-2019:0091-1: moderate: Recommended update for mozilla-nss Message-ID: <20190115165723.15547FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0091-1 Rating: moderate References: #1090767 #1121045 #1121207 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for mozilla-nss fixes the following issues: - The hmac packages used in FIPS certification inadvertently removed in last update: re-added. (bsc#1121207) - Added "Suggest:" for libfreebl3 and libsoftokn3 respective -hmac packages to avoid dependency issues during updates (bsc#1090767, bsc#1121045) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-91=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libfreebl3-3.40.1-3.10.1 libfreebl3-debuginfo-3.40.1-3.10.1 libfreebl3-hmac-3.40.1-3.10.1 libsoftokn3-3.40.1-3.10.1 libsoftokn3-debuginfo-3.40.1-3.10.1 libsoftokn3-hmac-3.40.1-3.10.1 mozilla-nss-3.40.1-3.10.1 mozilla-nss-certs-3.40.1-3.10.1 mozilla-nss-certs-debuginfo-3.40.1-3.10.1 mozilla-nss-debuginfo-3.40.1-3.10.1 mozilla-nss-debugsource-3.40.1-3.10.1 mozilla-nss-devel-3.40.1-3.10.1 mozilla-nss-sysinit-3.40.1-3.10.1 mozilla-nss-sysinit-debuginfo-3.40.1-3.10.1 mozilla-nss-tools-3.40.1-3.10.1 mozilla-nss-tools-debuginfo-3.40.1-3.10.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libfreebl3-32bit-3.40.1-3.10.1 libfreebl3-32bit-debuginfo-3.40.1-3.10.1 libsoftokn3-32bit-3.40.1-3.10.1 libsoftokn3-32bit-debuginfo-3.40.1-3.10.1 mozilla-nss-32bit-3.40.1-3.10.1 mozilla-nss-32bit-debuginfo-3.40.1-3.10.1 mozilla-nss-certs-32bit-3.40.1-3.10.1 mozilla-nss-certs-32bit-debuginfo-3.40.1-3.10.1 References: https://bugzilla.suse.com/1090767 https://bugzilla.suse.com/1121045 https://bugzilla.suse.com/1121207 From sle-updates at lists.suse.com Tue Jan 15 09:58:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 17:58:19 +0100 (CET) Subject: SUSE-SU-2019:0093-1: important: Security update for wget Message-ID: <20190115165819.20FD8FDF2@maintenance.suse.de> SUSE Security Update: Security update for wget ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0093-1 Rating: important References: #1120382 Cross-References: CVE-2018-20483 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2018-20483: Fixed an information disclosure through file metadata (bsc#1120382) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-93=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): wget-1.19.5-3.3.1 wget-debuginfo-1.19.5-3.3.1 wget-debugsource-1.19.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-20483.html https://bugzilla.suse.com/1120382 From sle-updates at lists.suse.com Tue Jan 15 09:58:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 17:58:55 +0100 (CET) Subject: SUSE-RU-2019:0089-1: moderate: Recommended update for python3-susepubliccloudinfo Message-ID: <20190115165855.6AD33FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-susepubliccloudinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0089-1 Rating: moderate References: #1121150 #1121151 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-susepubliccloudinfo fixes the following issues: Update to version 1.1.0 (bsc#1121151, bsc#1121150) + Support new inactive state + Remove awscvsgen and associated subpackage Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-89=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-susepubliccloudinfo-1.1.0-3.6.1 References: https://bugzilla.suse.com/1121150 https://bugzilla.suse.com/1121151 From sle-updates at lists.suse.com Tue Jan 15 09:59:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 17:59:49 +0100 (CET) Subject: SUSE-SU-2019:0095-1: important: Security update for the Linux Kernel Message-ID: <20190115165949.A2A0BFDF2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0095-1 Rating: important References: #1011920 #1012382 #1012422 #1020645 #1031392 #1035053 #1042422 #1043591 #1044189 #1048129 #1050431 #1050549 #1053043 #1054239 #1057199 #1062303 #1063026 #1065600 #1065726 #1066223 #1067906 #1073579 #1076393 #1078788 #1079524 #1082519 #1082863 #1082979 #1083215 #1083527 #1084427 #1084536 #1084760 #1087209 #1088087 #1089343 #1090535 #1091158 #1093118 #1094244 #1094555 #1094562 #1094825 #1095344 #1095753 #1095805 #1096052 #1096547 #1098050 #1098996 #1099597 #1099810 #1101555 #1102495 #1102715 #1102870 #1102875 #1102877 #1102879 #1102882 #1102896 #1103156 #1103269 #1103308 #1103405 #1104124 #1105025 #1105428 #1105795 #1105931 #1106095 #1106105 #1106110 #1106240 #1106293 #1106359 #1106434 #1106512 #1106594 #1106913 #1106929 #1106934 #1107060 #1107299 #1107318 #1107535 #1107829 #1107870 #1107924 #1108096 #1108170 #1108240 #1108281 #1108315 #1108377 #1108399 #1108498 #1108803 #1108823 #1109038 #1109158 #1109333 #1109336 #1109337 #1109441 #1109772 #1109784 #1109806 #1109818 #1109907 #1109919 #1109923 #1110006 #1110297 #1110337 #1110363 #1110468 #1110600 #1110601 #1110602 #1110603 #1110604 #1110605 #1110606 #1110611 #1110612 #1110613 #1110614 #1110615 #1110616 #1110618 #1110619 #1110930 #1111363 #1111516 #1111870 #1112007 #1112262 #1112263 #1112894 #1112902 #1112903 #1112905 #1113667 #1113751 #1113766 #1113769 #1114178 #1114229 #1114648 #1115593 #981083 #997172 Cross-References: CVE-2018-14613 CVE-2018-14617 CVE-2018-14633 CVE-2018-16276 CVE-2018-16597 CVE-2018-17182 CVE-2018-18281 CVE-2018-18386 CVE-2018-18690 CVE-2018-18710 CVE-2018-7480 CVE-2018-7757 CVE-2018-9516 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 140 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.162 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bnc#1108498). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bnc#1107829). - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-16597: Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem (bnc#1106512). - CVE-2018-14613: There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c (bnc#1102896). - CVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870). - CVE-2018-16276: Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095 bnc#1115593). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1087209). - CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bnc#1082863). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bnc#1012382). - alsa: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping (bnc#1012382). - alsa: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO (bnc#1012382). - alsa: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bnc#1012382). - alsa: hda - Fix cancel_work_sync() stall from jackpoll work (bnc#1012382). - alsa: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bnc#1012382). - alsa: msnd: Fix the default sample sizes (bnc#1012382). - alsa: pcm: Fix snd_interval_refine first/last with open min/max (bnc#1012382). - alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro (bnc#1012382). - apparmor: remove no-op permission check in policy_unpack (git-fixes). - arc: build: Get rid of toolchain check (bnc#1012382). - arc: clone syscall to setp r25 as thread pointer (bnc#1012382). - arch/hexagon: fix kernel/dma.c build warning (bnc#1012382). - arch-symbols: use bash as interpreter since the script uses bashism. - arc: [plat-axs*]: Enable SWAP (bnc#1012382). - arm64: bpf: jit JMP_JSET_{X,K} (bsc#1110613). - arm64: Correct type for PUD macros (bsc#1110600). - arm64: cpufeature: Track 32bit EL0 support (bnc#1012382). - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger (bnc#1012382). - arm64: fix erroneous __raw_read_system_reg() cases (bsc#1110606). - arm64: Fix potential race with hardware DBM in ptep_set_access_flags() (bsc#1110605). - arm64: fpsimd: Avoid FPSIMD context leakage for the init task (bsc#1110603). - arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" (bnc#1012382). - arm64: kasan: avoid bad virt_to_pfn() (bsc#1110612). - arm64: kasan: avoid pfn_to_nid() before page array is initialized (bsc#1110619). - arm64/kasan: do not allocate extra shadow memory (bsc#1110611). - arm64: kernel: Update kerneldoc for cpu_suspend() rename (bsc#1110602). - arm64: kgdb: handle read-only text / modules (bsc#1110604). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bnc#1012382). - arm64: KVM: Tighten guest core register access from userspace (bnc#1012382). - arm64/mm/kasan: do not use vmemmap_populate() to initialize shadow (bsc#1110618). - arm64: ptrace: Avoid setting compat FP[SC]R to garbage if get_user fails (bsc#1110601). - arm64: supported.conf: mark armmmci as not supported - arm64 Update config files. (bsc#1110468) Set MMC_QCOM_DML to build-in and delete driver from supported.conf - arm64: vdso: fix clock_getres for 4GiB-aligned res (bsc#1110614). - arm: dts: at91: add new compatibility string for macb on sama5d3 (bnc#1012382). - arm: dts: dra7: fix DCAN node addresses (bnc#1012382). - arm: exynos: Clear global variable on init error path (bnc#1012382). - arm: hisi: check of_iomap and fix missing of_node_put (bnc#1012382). - arm: hisi: fix error handling and missing of_node_put (bnc#1012382). - arm: hisi: handle of_iomap and fix missing of_node_put (bnc#1012382). - arm: mvebu: declare asm symbols as character arrays in pmsu.c (bnc#1012382). - asm/sections: add helpers to check for section data (bsc#1063026). - ASoC: cs4265: fix MMTLR Data switch control (bnc#1012382). - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs (bnc#1012382). - ASoC: sigmadsp: safeload should not have lower byte limit (bnc#1012382). - ASoC: wm8804: Add ACPI support (bnc#1012382). - ASoC: wm8994: Fix missing break in switch (bnc#1012382). - ata: libahci: Correct setting of DEVSLP register (bnc#1012382). - ath10k: disable bundle mgmt tx completion event support (bnc#1012382). - ath10k: fix scan crash due to incorrect length calculation (bnc#1012382). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bnc#1012382). - ath10k: prevent active scans on potential unusable channels (bnc#1012382). - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock (bnc#1012382). - audit: fix use-after-free in audit_add_watch (bnc#1012382). - autofs: fix autofs_sbi() does not check super block type (bnc#1012382). - binfmt_elf: Respect error return from `regset->active' (bnc#1012382). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1082979). - bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bnc#1012382). - bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV (bnc#1012382). - bluetooth: hidp: Fix handling of strncpy for hid->name information (bnc#1012382). - bnxt_en: Fix TX timeout during netpoll (bnc#1012382). - bonding: avoid possible dead-lock (bnc#1012382). - bpf: fix cb access in socket filter programs on tail calls (bsc#1012382). - bpf: fix map not being uncharged during map creation failure (bsc#1012382). - bpf: fix overflow in prog accounting (bsc#1012382). - bpf, s390: fix potential memleak when later bpf_jit_prog fails (git-fixes). - bpf, s390x: do not reload skb pointers in non-skb context (git-fixes). - btrfs: add a comp_refs() helper (dependency for bsc#1031392). - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: add missing initialization in btrfs_check_shared (Git-fixes bsc#1112262). - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: add tracepoints for outstanding extents mods (dependency for bsc#1031392). - btrfs: add wrapper for counting BTRFS_MAX_EXTENT_SIZE (dependency for bsc#1031392). - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: cleanup extent locking sequence (dependency for bsc#1031392). - btrfs: defrag: use btrfs_mod_outstanding_extents in cluster_pages_for_defrag (Follow up fixes for bsc#1031392). - btrfs: delayed-inode: Remove wrong qgroup meta reservation calls (bsc#1031392). - btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item (bsc#1031392). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - btrfs: fix error handling in btrfs_dev_replace_start (bsc#1107535). - btrfs: fix invalid attempt to free reserved space on failure to cow range (dependency for bsc#1031392). - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - btrfs: Fix race condition between delayed refs and blockgroup removal (Git-fixes bsc#1112263). - btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392). - btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: kill trans in run_delalloc_nocow and btrfs_cross_ref_exist (dependency for bsc#1031392). - btrfs: make the delalloc block rsv per inode (dependency for bsc#1031392). - btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: pass delayed_refs directly to btrfs_find_delayed_ref_head (dependency for bsc#1031392). - btrfs: qgroup: Add quick exit for non-fs extents (dependency for bsc#1031392). - btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function (dependency for bsc#1031392). - btrfs: qgroup: Cleanup the remaining old reservation counters (bsc#1031392). - btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT (bsc#1031392). - btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392). - btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification (bsc#1031392). - btrfs: qgroup: Introduce function to convert META_PREALLOC into META_PERTRANS (bsc#1031392). - btrfs: qgroup: Introduce helpers to update and access new qgroup rsv (bsc#1031392). - btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type (bsc#1031392). - btrfs: qgroup: Skeleton to support separate qgroup reservation type (bsc#1031392). - btrfs: qgroups: opencode qgroup_free helper (dependency for bsc#1031392). - btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans (bsc#1031392). - btrfs: qgroup: Update trace events for metadata reservation (bsc#1031392). - btrfs: qgroup: Update trace events to use new separate rsv types (bsc#1031392). - btrfs: qgroup: Use independent and accurate per inode qgroup rsv (bsc#1031392). - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space (bsc#1031392). - btrfs: qgroup: Use separate meta reservation type for delalloc (bsc#1031392). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bnc#1012382). - btrfs: remove type argument from comp_tree_refs (dependency for bsc#1031392). - btrfs: replace: Reset on-disk dev stats value after replace (bnc#1012382). - btrfs: rework outstanding_extents (dependency for bsc#1031392). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096). - btrfs: switch args for comp_*_refs (dependency for bsc#1031392). - btrfs: Take trans lock before access running trans in check_delayed_ref (Follow up fixes for bsc#1031392). - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: use correct compare function of dirty_metadata_bytes (bnc#1012382). - btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1112007). - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bnc#1012382). - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE (bnc#1012382). - cfq: Give a chance for arming slice idle timer in case of group_idle (bnc#1012382). - cgroup: Fix deadlock in cpu hotplug path (bnc#1012382). - cgroup, netclassid: add a preemption point to write_classid (bnc#1098996). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bnc#1012382). - cifs: connect to servername instead of IP for IPC$ share (bsc#1106359). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - cifs: fix wrapping bugs in num_entries() (bnc#1012382). - cifs: integer overflow in in SMB2_ioctl() (bsc#1012382). - cifs: prevent integer overflow in nxt_dir_entry() (bnc#1012382). - cifs: read overflow in is_valid_oplock_break() (bnc#1012382). - clk: imx6ul: fix missing of_node_put() (bnc#1012382). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bnc#1012382). - coresight: Handle errors in finding input/output ports (bnc#1012382). - coresight: tpiu: Fix disabling timeouts (bnc#1012382). - cpu/hotplug: Fix SMT supported evaluation (bsc#1089343). - crypto: clarify licensing of OpenSSL asm code (). - crypto: mxs-dcp - Fix wait logic on chan threads (bnc#1012382). - crypto: sharah - Unregister correct algorithms for SAHARA 3 (bnc#1012382). - crypto: skcipher - Fix -Wstringop-truncation warnings (bnc#1012382). - crypto: vmx - Remove overly verbose printk from AES XTS init (git-fixes). - debugobjects: Make stack check warning more informative (bnc#1012382). - Define dependencies of in-kernel KMPs statically This allows us to use rpm's internal dependency generator (bsc#981083). - Define early_radix_enabled() (bsc#1094244). - dmaengine: pl330: fix irq race with terminate_all (bnc#1012382). - dm cache: fix resize crash if user does not reload cache table (bnc#1012382). - dm kcopyd: avoid softlockup in run_complete_job (bnc#1012382). - dm-mpath: do not try to access NULL rq (bsc#1110337). - dm-mpath: finally fixup cmd_flags (bsc#1110930). - dm thin metadata: fix __udivdi3 undefined on 32-bit (bnc#1012382). - dm thin metadata: try to avoid ever aborting transactions (bnc#1012382). - Do not ship firmware (bsc#1054239). Pull firmware from kernel-firmware instead. - drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bug#1109038). - drivers: hv: vmbus: Add comments on ring buffer signaling (bug#1109038). - drivers: hv: vmbus: add numa_node to sysfs (bug#1109038). - drivers: hv: vmbus: Cleanup synic memory free path (bug#1109038). - drivers: hv: vmbus: do not mark HV_PCIE as perf_device (bug#1109038). - drivers: hv: vmbus: enable VMBus protocol version 5.0 (bug#1109038). - drivers: hv: vmbus: Expose per-channel interrupts and events counters (bsc#1109038). - drivers: hv: vmbus: Fix a rescind issue (bsc#1109038). - drivers: hv: vmbus: Fix bugs in rescind handling (bug#1109038). - drivers: hv: vmbus: Fix ring buffer signaling (bug#1109038). - drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bug#1109038). - drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() (bug#1109038). - drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bug#1109038). - drivers: hv: vmbus: Make panic reporting to be more useful (bsc#1109038). - drivers: hv: vmbus: Make TLFS #define names architecture neutral (bug#1109038). - drivers: hv: vmbus: Removed an unnecessary cast from void * (bug#1109038). - drivers: hv: vmbus: Remove use of slow_virt_to_phys() (bug#1109038). - drivers: hv: vmbus: Remove x86-isms from arch independent drivers (bsc#1109038). - drivers: hv: vmbus: Remove x86 MSR refs in arch independent code (bug#1109038). - drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bug#1109038). - drivers: hv: vmbus: respect what we get from hv_get_synint_state() (bug#1109038). - drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() (bug#1109038). - drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bug#1109038). - drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config (bnc#1012382). - drivers: net: cpsw: fix segfault in case of bad phy-handle (bnc#1012382). - drivers/tty: add error handling for pcmcia_loop_config (bnc#1012382). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bnc#1012382). - drm/amdkfd: Fix error codes in kfd_get_process (bnc#1012382). - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113766) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113766) - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (bnc#1012382). - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bnc#1012382). - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bnc#1012382). - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1106929) - Drop dtb-source.spec and move the sources to kernel-source (bsc#1011920) - e1000: check on netif_running() before calling e1000_up() (bnc#1012382). - e1000: ensure to free old tx/rx rings in set_ringparam() (bnc#1012382). - ebtables: arpreply: Add the standard target sanity check (bnc#1012382). - edac: Fix memleak in module init error path (bsc#1109441). - edac, i7core: Fix memleaks and use-after-free on probe and remove (1109441). - edac, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114648). - ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle (bnc#1012382). - ethtool: Remove trailing semicolon for static inline (bnc#1012382). - ethtool: restore erroneously removed break in dev_ethtool (bsc#1114229). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bnc#1012382). - ext4: do not mark mmp buffer head dirty (bnc#1012382). - ext4: fix online resize's handling of a too-small final block group (bnc#1012382). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bnc#1012382). - ext4: recalucate superblock checksum after updating free blocks/inodes (bnc#1012382). - f2fs: do not set free of current section (bnc#1012382). - f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize (bnc#1012382). - fat: validate ->i_start before using (bnc#1012382). - fbdev: Distinguish between interlaced and progressive modes (bnc#1012382). - fbdev: fix broken menu dependencies (bsc#1106929) - fbdev/omapfb: fix omapfb_memory_read infoleak (bnc#1012382). - fbdev/via: fix defined but not used warning (bnc#1012382). - Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated pages") (bnc#1012382). - fix init of hv_vp_index on SMP - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bnc#1012382). - fork: do not copy inconsistent signal handler state to child (bnc#1012382). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bnc#1012382). - fs/cifs: suppress a string overflow warning (bnc#1012382). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (bnc#1012382). - fs/eventpoll: loosen irq-safety when possible (bsc#1096052). - genirq: Delay incrementing interrupt count if it's disabled/pending (bnc#1012382). - gfs2: Special-case rindex for gfs2_grow (bnc#1012382). - gpio: adp5588: Fix sleep-in-atomic-context bug (bnc#1012382). - gpiolib: Mark gpio_suffixes array with __maybe_unused (bnc#1012382). - gpio: ml-ioh: Fix buffer underwrite on probe error path (bnc#1012382). - gpio: tegra: Move driver registration to subsys_init level (bnc#1012382). - gso_segment: Reset skb->mac_len after modifying network header (bnc#1012382). - hexagon: modify ffs() and fls() to return int (bnc#1012382). - hfsplus: do not return 0 when fill_super() failed (bnc#1012382). - hfs: prevent crash on exit from failed search (bnc#1012382). - hid: hid-ntrig: add error handling for sysfs_create_group (bnc#1012382). - hid: hyperv: pr_err() strings should end with newlines (bug#1109038). - hid: sony: Support DS4 dongle (bnc#1012382). - hid: sony: Update device ids (bnc#1012382). - hv: add SPDX license id to Kconfig (bug#1109038). - hv: add SPDX license to trace (bug#1109038). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_balloon: trace post_status (bug#1109038). - hv_netvsc: Add handlers for ethtool get/set msg level (bug#1109038). - hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (bug#1109038). - hv_netvsc: Add per-cpu ethtool stats for netvsc (bug#1109038). - hv_netvsc: Add range checking for rx packet offset and length (bug#1109038). - hv_netvsc: add trace points (bug#1109038). - hv_netvsc: avoid retry on send during shutdown (bug#1109038). - hv_netvsc: avoid unnecessary wakeups on subchannel creation (bug#1109038). - hv_netvsc: cancel subchannel setup before halting device (bug#1109038). - hv_netvsc: change GPAD teardown order on older versions (bug#1109038). - hv_netvsc: Clean up extra parameter from rndis_filter_receive_data() (bug#1109038). - hv_netvsc: common detach logic (bug#1109038). - hv_netvsc: disable NAPI before channel close (bug#1109038). - hv_netvsc: Ensure correct teardown message sequence order (bug#1109038). - hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() (bug#1109038). - hv_netvsc: Fix a network regression after ifdown/ifup (bug#1109038). - hv_netvsc: fix bogus ifalias on network device (bug#1109038). - hv_netvsc: fix deadlock on hotplug (bug#1109038). - hv_netvsc: fix error unwind handling if vmbus_open fails (bug#1109038). - hv/netvsc: fix handling of fallback to single queue mode (bug#1109038). - hv_netvsc: Fix napi reschedule while receive completion is busy (bug#1109038). - hv_netvsc: Fix net device attach on older Windows hosts (bug#1109038). - hv_netvsc: fix network namespace issues with VF support (bug#1109038). - hv/netvsc: Fix NULL dereference at single queue mode fallback (bug#1109038). - hv_netvsc: fix race in napi poll when rescheduling (bug#1109038). - hv_netvsc: fix schedule in RCU context (bug#1109038). - hv_netvsc: Fix the return status in RX path (bug#1109038). - hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload (bug#1109038). - hv_netvsc: fix vf serial matching with pci slot info (bug#1109038). - hv_netvsc: ignore devices that are not PCI (bug#1109038). - hv_netvsc: move VF to same namespace as netvsc device (bug#1109038). - hv_netvsc: netvsc_teardown_gpadl() split (bsc#1109038). - hv_netvsc: only wake transmit queue if link is up (bug#1109038). - hv_netvsc: pair VF based on serial number (bug#1109038). - hv_netvsc: Pass net_device parameter to revoke and teardown functions (bug#1109038). - hv_netvsc: pass netvsc_device to rndis halt (bug#1109038). - hv_netvsc: preserve hw_features on mtu/channels/ringparam changes (bsc#1109038). - hv_netvsc: propogate Hyper-V friendly name into interface alias (bug#1109038). - hv_netvsc: select needed ucs2_string routine (bug#1109038). - hv_netvsc: set master device (bug#1109038). - hv_netvsc: Set tx_table to equal weight after subchannels open (bsc#1109038). - hv_netvsc: Simplify num_chn checking in rndis_filter_device_add() (bug#1109038). - hv_netvsc: simplify receive side calling arguments (bug#1109038). - hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl() (bug#1109038). - hv_netvsc: split sub-channel setup into async and sync (bug#1109038). - hv_netvsc: typo in NDIS RSS parameters structure (bug#1109038). - hv_netvsc: use napi_schedule_irqoff (bug#1109038). - hv_netvsc: use RCU to fix concurrent rx and queue changes (bug#1109038). - hv_netvsc: use reciprocal divide to speed up percent calculation (bsc#1109038). - hv_netvsc: Use the num_online_cpus() for channel limit (bsc#1109038). - hv_netvsc: Use Windows version instead of NVSP version on GPAD teardown (bug#1109038). - hv: Synthetic typo correction (bug#1109038). - hv_vmbus: Correct the stale comments regarding cpu affinity (bug#1109038). - hwmon: (adt7475) Make adt7475_read_word() return errors (bnc#1012382). - hwmon: (ina2xx) fix sysfs shunt resistor read access (bnc#1012382). - hwrng: core - document the quality field (git-fixes). - hyper-v: Globalize vp_index (bug#1109038). - hyper-v: use GFP_KERNEL for hv_context.hv_numa_map (bug#1109038). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bnc#1012382). - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (bnc#1012382). - i2c: i801: fix DNV's SMBCTRL register offset (bnc#1012382). - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP (bnc#1012382). - i2c: uniphier: issue STOP only for last message or I2C_M_STOP (bnc#1012382). - i2c: xiic: Make the start and the byte count write atomic (bnc#1012382). - i2c: xlp9xx: Add support for SMBAlert (bsc#1103308). - i2c: xlp9xx: Fix case where SSIF read transaction completes early (bsc#1103308). - i2c: xlp9xx: Fix issue seen when updating receive length (bsc#1103308). - i2c: xlp9xx: Make sure the transfer size is not more than I2C_SMBUS_BLOCK_SIZE (bsc#1103308). - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler (bnc#1012382). - IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop (bnc#1012382). - ib_srp: Remove WARN_ON in srp_terminate_io() (bsc#1094562). - Input: atakbd - fix Atari CapsLock behaviour (bnc#1012382). - Input: atakbd - fix Atari keymap (bnc#1012382). - Input: atmel_mxt_ts - only use first T9 instance (bnc#1012382). - Input: elantech - enable middle button of touchpad on ThinkPad P72 (bnc#1012382). - iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bnc#1012382). - iommu/ipmmu-vmsa: Fix allocation in atomic context (bnc#1012382). - ip6_tunnel: be careful when accessing the inner header (bnc#1012382). - ipmi:ssif: Add support for multi-part transmit messages > 2 parts (bsc#1103308). - ip_tunnel: be careful when accessing the inner header (bnc#1012382). - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (bnc#1012382). - ipv6: fix possible use-after-free in ip6_xmit() (bnc#1012382). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bnc#1012382). - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bnc#1012382). - irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar() (bnc#1012382). - iw_cxgb4: only allow 1 flush on user qps (bnc#1012382). - ixgbe: pci_set_drvdata must be called before register_netdev (Git-fixes bsc#1109923). - jffs2: return -ERANGE when xattr buffer is too small (bnc#1012382). - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244). - kabi.pl: Consider GPL vs. non-GPL exports () - kabi protect hnae_ae_ops (bsc#1107924). - kABI: protect struct hnae_desc_cb (kabi). - kbuild: add .DELETE_ON_ERROR special target (bnc#1012382). - kbuild: make missing $DEPMOD a Warning instead of an Error (bnc#1012382). - kernel-{binary,docs}.spec sort dependencies. - kernel-binary: pass ARCH= to kernel build Recent kernel does not save CONFIG_64BIT so it has to be specified by arch. - kernel-binary: pass MAKE_ARGS to install script as well. - kernel-binary.spec Remove superfluous []. - kernel-binary undefine unique_debug_names Some tools do not understand names like usr/lib/debug/boot/vmlinux-4.12.14-11.10-default-4.12.14-11.10.ppc64le.debu g - kernel-obs-build.spec.in: add --no-hostonly-cmdline to dracut invocation (boo#1062303). call dracut with --no-hostonly-cmdline to avoid the random rootfs UUID being added into the initrd's /etc/cmdline.d/95root-dev.conf - kernel-obs-build.spec.in: enable xfs module This allows the public cloud team to build images with XFS as root filesystem - kernel-obs-build: use pae and lpae kernels where available (bsc#1073579). - kernel/params.c: downgrade warning for unsafe parameters (bsc#1050549). - kernel-source.spec: Align source numbering. - kernel-*.spec: remove remaining occurences of %release from dependencies There is a mix of %release and %source_rel in manually added dependencies and the %release dependencies tend to fail due to rebuild sync issues. So get rid of them. - kprobes/x86: Release insn_slot in failure path (bsc#1110006). - kthread: fix boot hang (regression) on MIPS/OpenRISC (bnc#1012382). - kthread: Fix use-after-free if kthread fork fails (bnc#1012382). - KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled (bsc#1106240). - KVM: nVMX: Do not flush TLB when vmcs12 uses VPID (bsc#1106240). - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bnc#1012382). - KVM: x86: Do not re-{try,execute} after failed emulation in L2 (bsc#1106240). - KVM: x86: Do not use kvm_x86_ops->mpx_supported() directly (bsc#1106240). - KVM: x86: fix APIC page invalidation (bsc#1106240). - KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch (bnc#1012382). - KVM/x86: remove WARN_ON() for when vm_munmap() fails (bsc#1106240). - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (bsc#1106240). - l2tp: cast l2tp traffic counter to unsigned (bsc#1099810). - lib/test_hexdump.c: fix failure on big endian cpu (bsc#1106110). - Limit kernel-source build to architectures for which we build binaries (bsc#1108281). - locking/osq_lock: Fix osq_lock queue corruption (bnc#1012382). - locking/rwsem-xadd: Fix missed wakeup due to reordering of load (bnc#1012382). - lpfc: fixup crash in lpfc_els_unsol_buffer() (bsc#1107318). - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bnc#1012382). - mac80211: fix a race between restart and CSA flows (bnc#1012382). - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys (bnc#1012382). - mac80211: Fix station bandwidth setting after channel switch (bnc#1012382). - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bnc#1012382). - mac80211: mesh: fix HWMP sequence numbering to follow standard (bnc#1012382). - mac80211: restrict delayed tailroom needed decrement (bnc#1012382). - mac80211: shorten the IBSS debug messages (bnc#1012382). - mach64: detect the dot clock divider correctly on sparc (bnc#1012382). - macintosh/via-pmu: Add missing mmio accessors (bnc#1012382). - macros.kernel-source: define linux_arch for KMPs (boo#1098050). CONFIG_64BIT is no longer defined so KMP spec files need to include %{?linux_make_arch} in any make call to build modules or descent into the kernel directory for any reason. - macros.kernel-source: Fix building non-x86 KMPs - macros.kernel-source: ignore errors when using make to print kernel release There is no way to handle the errors anyway and including the error into package version does not give good results. - macros.kernel-source: pass -b properly in kernel module package (bsc#1107870). - macros.kernel-source: pass -f properly in module subpackage (boo#1076393). - md-cluster: clear another node's suspend_area after the copy is finished (bnc#1012382). - md/raid1: exit sync request if MD_RECOVERY_INTR is set (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (bnc#1012382). - media: af9035: prevent buffer overflow on write (bnc#1012382). - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() (bnc#1012382). - media: fsl-viu: fix error handling in viu_of_probe() (bnc#1012382). - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data (bnc#1012382). - media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() (bsc#1050431). - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power (bnc#1012382). - media: soc_camera: ov772x: correct setting of banding filter (bnc#1012382). - media: tm6000: add error handling for dvb_register_adapter (bnc#1012382). - media: uvcvideo: Support realtek's UVC 1.5 device (bnc#1012382). - media: v4l: event: Prevent freeing event subscriptions while accessed (bnc#1012382). - media: videobuf2-core: check for q->error in vb2_core_qbuf() (bnc#1012382). - media: videobuf-dma-sg: Fix dma_{sync,unmap}_sg() calls (bsc#1050431). - mei: bus: type promotion bug in mei_nfc_if_version() (bnc#1012382). - mei: me: allow runtime pm for platform with D0i3 (bnc#1012382). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: omap-usb-host: Fix dts probe of children (bnc#1012382). - mfd: sm501: Set coherent_dma_mask when creating subdevices (bnc#1012382). - mfd: ti_am335x_tscadc: Fix struct clk memory leak (bnc#1012382). - MIPS: ath79: fix system restart (bnc#1012382). - MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET (bnc#1012382). - MIPS: jz4740: Bump zload address (bnc#1012382). - MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads (bnc#1012382). - MIPS: Octeon: add missing of_node_put() (bnc#1012382). - MIPS: VDSO: Match data page cache colouring when D$ aliases (bnc#1012382). - MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON (bnc#1012382). - misc: hmc6352: fix potential Spectre v1 (bnc#1012382). - misc: mic: SCIF Fix scif_get_new_port() error handling (bnc#1012382). - misc: ti-st: Fix memory leak in the error path of probe() (bnc#1012382). - mkspec: do not build dtbs for architectures with no kernel. - mkspec: fix perl warning - mkspec: only build docs for default variant kernel. - mmc: mmci: stop building qcom dml as module (bsc#1110468). - mm/fadvise.c: fix signed overflow UBSAN complaint (bnc#1012382). - mm: fix devmem_is_allowed() for sub-page System RAM intersections (bsc#1110006). - mm: get rid of vmacache_flush_all() entirely (bnc#1012382). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (bnc#1012382). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: shmem.c: Correctly annotate new inodes for lockdep (bnc#1012382). - mm/vmstat.c: fix outdated vmstat_text (bnc#1012382). - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly (bnc#1012382). - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly (git fixes). - module: exclude SHN_UNDEF symbols from kallsyms api (bnc#1012382). - move changes without Git-commit out of sorted section - mtdchar: fix overflows in adjustment of `count` (bnc#1012382). - mtd/maps: fix solutionengine.c printk format warnings (bnc#1012382). - neighbour: confirm neigh entries when ARP packet is received (bnc#1012382). - net/9p: fix error path of p9_virtio_probe (bnc#1012382). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (bnc#1012382). - net: bcmgenet: use MAC link status for fixed phy (bnc#1012382). - net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() (bnc#1012382). - net: dcb: For wild-card lookups, use priority -1, not 0 (bnc#1012382). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108240). - net: ena: fix device destruction to gracefully free resources (bsc#1108240). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108240). - net: ena: fix incorrect usage of memory barriers (bsc#1108240). - net: ena: fix missing calls to READ_ONCE (bsc#1108240). - net: ena: fix missing lock during device destruction (bsc#1108240). - net: ena: fix potential double ena_destroy_device() (bsc#1108240). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108240). - net: ethernet: mvneta: Fix napi structure mixup on armada 3700 (bsc#1110616). - net: ethernet: ti: cpsw: fix mdio device reference leak (bnc#1012382). - netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user (bnc#1012382). - net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924). - net: hns: add the code for cleaning pkt in chip (bsc#1107924). - net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES (bnc#1012382). - net: hp100: fix always-true check for link up state (bnc#1012382). - net: ipv4: update fnhe_pmtu when first hop's MTU changes (bnc#1012382). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (bnc#1012382). - netlabel: check for IPV4MASK in addrinfo_get (bnc#1012382). - net: macb: disable scatter-gather for macb on sama5d3 (bnc#1012382). - net/mlx4: Use cpumask_available for eq->affinity_mask (bnc#1012382). - net: mvneta: fix mtu change on port without link (bnc#1012382). - net: mvneta: fix mvneta_config_rss on armada 3700 (bsc#1110615). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (bnc#1012382). - net: systemport: Fix wake-up interrupt race during resume (bnc#1012382). - net/usb: cancel pending work when unbinding smsc75xx (bnc#1012382). - netvsc: delay setup of VF device (bug#1109038). - netvsc: fix race during initialization (bug#1109038). - netvsc: fix race on sub channel creation (bug#1109038). - netvsc: remove bonding setup script (bug#1109038). - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands (bnc#1012382). - NFC: Fix the number of pipes (bnc#1012382). - NFS: add nostatflush mount option (bsc#1065726). - NFS: Avoid quadratic search when freeing delegations (bsc#1084760). - nfsd: fix corrupted reply to badly ordered compound (bnc#1012382). - NFS: Use an appropriate work queue for direct-write completion (bsc#1082519). - NFSv4.0 fix client reference leak in callback (bnc#1012382). - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189). - nvmet: fixup crash on NULL device path (bsc#1082979). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bnc#1012382). - ocfs2: fix ocfs2 read block panic (bnc#1012382). - of: unittest: Disable interrupt node tests for old world MAC systems (bnc#1012382). - ovl: Copy inode attributes after setting xattr (bsc#1107299). - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512) - ovl: proper cleanup of workdir (bnc#1012382). - ovl: rename is_merge to is_lowest (bnc#1012382). - parport: sunbpp: fix error return code (bnc#1012382). - partitions/aix: append null character to print data from disk (bnc#1012382). - partitions/aix: fix usage of uninitialized lv_info and lvname structures (bnc#1012382). - Pass x86 as architecture on x86_64 and i386 (bsc#1093118). - pci: altera: Fix bool initialization in tlp_read_packet() (bsc#1109806). - pci: designware: Fix I/O space page leak (bsc#1109806). - pci: designware: Fix pci_remap_iospace() failure path (bsc#1109806). - pci: hv: Convert remove_lock to refcount (bug#1109038). - pci: hv: Do not wait forever on a device that has disappeared (bug#1109038). - pci: hv: Fix return value check in hv_pci_assign_slots() (bug#1109038). - pci: hv: Make sure the bus domain is really unique (bug#1109038). - pci: hv: Remove unused reason for refcount handler (bug#1109038). - pci: hv: Replace GFP_ATOMIC with GFP_KERNEL in new_pcichild_device() (bug#1109038). - pci: hv: support reporting serial number as slot information (bug#1109038). - pci: hv: Use effective affinity mask (bsc#1109038). - pci: hv: Use effective affinity mask (bsc#1109772). - pci: hv: Use list_for_each_entry() (bug#1109038). - pci: mvebu: Fix I/O space end address calculation (bnc#1012382). - pci: OF: Fix I/O space page leak (bsc#1109806). - pci: pciehp: Fix unprotected list iteration in IRQ handler (bsc#1109806). - pci: Reprogram bridge prefetch registers on resume (bnc#1012382). - pci: shpchp: Fix AMD POGO identification (bsc#1109806). - pci: Supply CPU physical address (not bus address) to iomem_is_exclusive() (bsc#1109806). - pci: versatile: Fix I/O space page leak (bsc#1109806). - pci: versatile: Fix pci_remap_iospace() failure path (bsc#1109806). - pci: xgene: Fix I/O space page leak (bsc#1109806). - pci: xilinx: Add missing of_node_put() (bsc#1109806). - perf powerpc: Fix callchain ip filtering (bnc#1012382). - perf powerpc: Fix callchain ip filtering when return address is in a register (bnc#1012382). - perf probe powerpc: Ignore SyS symbols irrespective of endianness (bnc#1012382). - perf script python: Fix export-to-postgresql.py occasional failure (bnc#1012382). - perf tools: Allow overriding MAX_NR_CPUS at compile time (bnc#1012382). - phy: qcom-ufs: add MODULE_LICENSE tag (bsc#1110468). - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant (bnc#1012382). - pipe: actually allow root to exceed the pipe buffer limit (git-fixes). - platform/x86: alienware-wmi: Correct a memory leak (bnc#1012382). - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bnc#1012382). - platform/x86: toshiba_acpi: Fix defined but not used build warnings (bnc#1012382). - PM / core: Clear the direct_complete flag on errors (bnc#1012382). - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244). - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244). - powerpc/book3s: Fix MCE console messages for unrecoverable MCE (bsc#1094244). - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc: Fix size calculation using resource_size() (bnc#1012382). - powerpc/kdump: Handle crashkernel memory reservation failure (bnc#1012382). - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244). - powerpc/mce: Move 64-bit machine check code into mce.c (bsc#1094244). - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784). - powerpc/numa: Use associativity if VPHN hcall is successful (bsc#1110363). - powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check (git-fixes). - powerpc/perf/hv-24x7: Fix passing of catalog version number (bsc#1053043). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1066223). - powerpc/powernv: opal_put_chars partial write fix (bnc#1012382). - powerpc/powernv: Rename machine_check_pSeries_early() to powernv (bsc#1094244). - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bnc#1012382). - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1066223). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: factorize PTE slot computation (bsc#1109158). - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337). - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337). - powerpc/rtas: Fix a potential race between CPU-Offline & Migration (bsc#1111870). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - power: vexpress: fix corruption in notifier registration (bnc#1012382). - printk: do not spin in printk when in nmi (bsc#1094244). - proc: restrict kernel stack dumps to root (bnc#1012382). - pstore: Fix incorrect persistent ram buffer mapping (bnc#1012382). - qlcnic: fix Tx descriptor corruption on 82xx devices (bnc#1012382). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bnc#1012382). - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (bnc#1012382). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - RDMA/cma: Do not ignore net namespace for unbound cm_id (bnc#1012382). - RDMA/cma: Protect cma dev list with lock (bnc#1012382). - RDMA/rw: Fix rdma_rw_ctx_signature_init() kernel-doc header (bsc#1082979). - RDMA/ucma: check fd type in ucma_migrate_id() (bnc#1012382). - README: Clean-up trailing whitespace - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: change j_timestamp type to time64_t (bnc#1012382). - reiserfs: do not panic on bad directory entries (bsc#1109818). - resource: Include resource end in walk_*() interfaces (bsc#1114648). - Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" (bnc#1012382). - Revert "btrfs: qgroups: Retry after commit on getting EDQUOT" (bsc#1031392). - Revert "dma-buf/sync-file: Avoid enable fence signaling if poll(.timeout=0)" (bsc#1111363). - Revert "drm: Do not pass negative delta to ktime_sub_ns()" (bsc#1106929) - Revert "drm/i915: Initialize HWS page address after GPU reset" (bsc#1106929) - Revert "Drop kernel trampoline stack." This reverts commit 85dead31706c1c1755adff90405ff9861c39c704. - Revert "kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)" This reverts commit edde1f21880e3bfe244c6f98a3733b05b13533dc. - Revert "KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch" (kabi). - Revert "media: v4l: event: Prevent freeing event subscriptions while accessed" (kabi). - Revert "mm: get rid of vmacache_flush_all() entirely" (kabi). - Revert "proc: restrict kernel stack dumps to root" (kabi). - Revert "Skip intel_crt_init for Dell XPS 8700" (bsc#1106929) - Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" (bnc#1012382). - ring-buffer: Allow for rescheduling when removing pages (bnc#1012382). - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() (bnc#1012382). - rpm/kernel-binary.spec.in: Check module licenses (bsc#1083215,bsc#1083527) - rpm/kernel-binary.spec.in: Do not sign modules if CONFIG_MODULE_SIG=n (bsc#1035053) - rpm/kernel-binary.spec.in: Obsolete ftsteutates KMP (boo#997172) - rpm/kernel-binary.spec.in: Only kernel-syzkaller needs gcc-devel (boo#1043591). - rpm/kernel-docs.spec.in: Expand kernel tree directly from sources (bsc#1057199) - rpm/kernel-docs.spec.in: refresh dependencies for PDF build (bsc#1048129) - rpm/kernel-module-subpackage: Generate proper supplements in the template ... instead of relying on find-provides.ksyms to do it (bsc#981083). - rpm/kernel-source.spec.in: Do not list deleted depdendency helpers (bsc#981083). - rpm/kernel-spec-macros: Try harder to detect Build Service environment (bsc#1078788) - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtc: bq4802: add error handling for devm_ioremap (bnc#1012382). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (bnc#1012382). - s390/chsc: Add exception handler for CHSC instruction (git-fixes). - s390/dasd: fix hanging offline processing due to canceled worker (bnc#1012382). - s390/extmem: fix gcc 8 stringop-overflow warning (bnc#1012382). - s390/facilites: use stfle_fac_list array size for MAX_FACILITY_BIT (bnc#1108315, LTC#171326). - s390/kdump: Fix elfcorehdr size calculation (git-fixes). - s390/kdump: Make elfcorehdr size calculation ABI compliant (git-fixes). - s390/lib: use expoline for all bcr instructions (LTC#171029 bnc#1012382 bnc#1106934). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390/qeth: do not dump past end of unknown HW header (bnc#1012382). - s390/qeth: fix race in used-buffer accounting (bnc#1012382). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: reset layer2 attribute on layer switch (bnc#1012382). - s390/qeth: use vzalloc for QUERY OAT buffer (bnc#1108315, LTC#171527). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/stacktrace: fix address ranges for asynchronous and panic stack (git-fixes). - sched/fair: Fix bandwidth timer clock drift condition (Git-fixes). - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup (Git-fixes). - sched/isolcpus: Fix "isolcpus=" boot parameter handling when !CONFIG_CPUMASK_OFFSTACK (bug#1109038). - sch_hhf: fix null pointer dereference on init failure (bnc#1012382). - sch_htb: fix crash on init failure (bnc#1012382). - sch_multiq: fix double free on init failure (bnc#1012382). - sch_netem: avoid null pointer deref on init failure (bnc#1012382). - sch_tbf: fix two null pointer dereferences on init failure (bnc#1012382). - scripts: modpost: check memory allocation results (bnc#1012382). - scsi: 3ware: fix return 0 on the error path of probe (bnc#1012382). - scsi: aic94xx: fix an error code in aic94xx_init() (bnc#1012382). - scsi: bnx2i: add error handling for ioremap_nocache (bnc#1012382). - scsi: ibmvscsi: Improve strings handling (bnc#1012382). - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336). - scsi: klist: Make it safe to use klists in atomic context (bnc#1012382). - scsi: netvsc: Use the vmbus function to calculate ring buffer percentage (bug#1109038). - scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084427). - scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084427). - scsi: qla2xxx: Add longer window for chip reset (bsc#1094555). - scsi: qla2xxx: Avoid double completion of abort command (bsc#1094555). - scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084427). - scsi: qla2xxx: Cleanup for N2N code (bsc#1094555). - scsi: qla2xxx: correctly shift host byte (bsc#1094555). - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1094555). - scsi: qla2xxx: Delete session for nport id change (bsc#1094555). - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427). - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1094555). - scsi: qla2xxx: Fix double free bug after firmware timeout (bsc#1094555). - scsi: qla2xxx: Fix driver unload by shutting down chip (bsc#1094555). - scsi: qla2xxx: fix error message on cpu_partial unsigned int (bnc#1012382). - smb2: fix missing files in root share directory listing (bnc#1012382). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bnc#1012382). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bnc#1012382). - sound: enable interrupt after dma buffer initialization (bnc#1012382). - spi: rspi: Fix interrupted DMA transfers (bnc#1012382). - spi: rspi: Fix invalid SPI use during system suspend (bnc#1012382). - spi: sh-msiof: Fix handling of write value for SISTR register (bnc#1012382). - spi: sh-msiof: Fix invalid SPI use during system suspend (bnc#1012382). - spi: tegra20-slink: explicitly enable/disable clock (bnc#1012382). - split-modules: use MAKE_ARGS - srcu: Allow use of Tiny/Tree SRCU from both process and interrupt context (bsc#1050549). - staging: android: ashmem: Fix mmap size validation (bnc#1012382). - staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free (bnc#1012382). - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice (bnc#1012382). - staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page (bnc#1012382). - staging: rts5208: fix missing error check on call to rtsx_write_register (bnc#1012382). - staging/rts5208: Fix read overflow in memcpy (bnc#1012382). - stmmac: fix valid numbers of unicast filter entries (bnc#1012382). - stop_machine: Atomically queue and wake stopper threads (git-fixes). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - tcp: add tcp_ooo_try_coalesce() helper (bnc#1012382). - tcp: call tcp_drop() from tcp_data_queue_ofo() (bnc#1012382). - tcp: do not restart timewait timer on rst reception (bnc#1012382). - tcp: fix a stale ooo_last_skb after a replace (bnc#1012382). - tcp: free batches of packets in tcp_prune_ofo_queue() (bnc#1012382). - tcp: increment sk_drops for dropped rx packets (bnc#1012382). - tcp: use an RB tree for ooo receive queue (bnc#1012382). - team: Forbid enslaving team device to itself (bnc#1012382). - thermal: of-thermal: disable passive polling when thermal zone is disabled (bnc#1012382). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (bug#1109038). - tools: hv: Fix a bug in the key delete code (bnc#1012382). - tools: hv: fix compiler warnings about major/target_fname (bug#1109038). - tools/hv: Fix IP reporting by KVP daemon with SRIOV (bug#1109038). - tools: hv: fix snprintf warning in kvp_daemon (bug#1109038). - tools: hv: ignore a NIC if it has been configured (bug#1109038). - tools: hv: include string.h in hv_fcopy_daemon (bug#1109038). - tools: hv: update buffer handling in hv_fcopy_daemon (bug#1109038). - tools: hv: update lsvmbus to be compatible with python3 (bug#1109038). - tools: hv: vss: fix loop device detection (bug#1109038). - tools: hv: vss: Skip freezing filesystems backed by loop (bug#1109038). - tools/vm/page-types.c: fix "defined but not used" warning (bnc#1012382). - tools/vm/slabinfo.c: fix sign-compare warning (bnc#1012382). - tpm: Restore functionality to xen vtpm driver (bsc#1020645, git-fixes). - tsl2550: fix lux1_input error in low light (bnc#1012382). - tty: Drop tty->count on tty_reopen() failure (bnc#1105428). - tty: rocket: Fix possible buffer overwrite on register_PCI (bnc#1012382). - tty: vt_ioctl: fix potential Spectre v1 (bnc#1012382). t usb: yurex: Fix buffer over-read in yurex_write() (bnc#1012382). - ubifs: Check for name being NULL while mounting (bnc#1012382). - ucma: fix a use-after-free in ucma_resolve_ip() (bnc#1012382). - uio_hv_generic: add rescind support (bsc#1109038). - uio_hv_generic: check that host supports monitor page (bsc#1109038). - uio_hv_generic: create send and receive buffers (bsc#1109038). - uio_hv_generic: fix configuration comments (bsc#1109038). - uio_hv_generic: fix new type mismatch warnings (bsc#1109038). - uio_hv_generic: fix type mismatch warnings (bsc#1109038). - uio_hv_generic: use ISR callback method (bsc#1109038). - uio_hv_generic: use standard mmap for resources (bsc#1109038). - uio: potential double frees if __uio_register_device() fails (bnc#1012382). - usb: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller (bnc#1012382). - usb: Add quirk to support DJI CineSSD (bnc#1012382). - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() (bnc#1012382). - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() (bnc#1012382). - usb: Do not die twice if PCI xhci host is not responding in resume (bnc#1012382). - usb: fix error handling in usb_driver_claim_interface() (bnc#1012382). - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bnc#1012382). - usb: gadget: serial: fix oops when data rx'd after close (bnc#1012382). - usb: handle NULL config in usb_find_alt_setting() (bnc#1012382). - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() (bnc#1012382). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bnc#1012382). - usb: net2280: Fix erroneous synchronization change (bnc#1012382). - usb: remove LPM management from usb_driver_claim_interface() (bnc#1012382). - usb: serial: io_ti: fix array underflow in completion handler (bnc#1012382). - usb: serial: kobil_sct: fix modem-status error handling (bnc#1012382). - usb: serial: simple: add Motorola Tetra MTP6550 id (bnc#1012382). - usb: serial: ti_usb_3410_5052: fix array underflow in completion handler (bnc#1012382). - usb: usbdevfs: restore warning for nonsensical flags (bnc#1012382). - usb: usbdevfs: sanitize flags more (bnc#1012382). - usb: wusbcore: security: cast sizeof to int for comparison (bnc#1012382). - usb: yurex: Check for truncation in yurex_read() (bnc#1012382). - use the new async probing feature for the hyperv drivers (bug#1109038). - Use upstream version of pci-hyperv change 35a88a18d7 - uwb: hwa-rc: fix memory leak at probe (bnc#1012382). - vfs: do not test owner for NFS in set_posix_acl() (bsc#1103405). - video: goldfishfb: fix memory leak on driver remove (bnc#1012382). - vmbus: add monitor_id and subchannel_id to sysfs per channel (bsc#1109038). - vmbus: do not return values for uninitalized channels (bug#1109038). - vmbus: make channel attributes static (bsc#1109038). - vmbus: make hv_get_ringbuffer_availbytes local (bsc#1109038). - vmci: type promotion bug in qp_host_get_user_memory() (bnc#1012382). - vmw_balloon: include asm/io.h (bnc#1012382). - vti6: remove !skb->ignore_df check from vti6_xmit() (bnc#1012382). - watchdog: w83627hf: Added NCT6102D support (bsc#1106434). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() (bnc#1012382). - wlcore: Fix memory leak in wlcore_cmd_wait_for_event_or_timeout (git-fixes). - x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (bsc#1110006). - x86/apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (bsc#1110006). - x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (bsc#1110006). - x86/boot: Fix "run_size" calculation (bsc#1110006). - x86/cpufeature: deduplicate X86_FEATURE_L1TF_PTEINV (kabi). - x86/entry/64: Add two more instruction suffixes (bnc#1012382). - x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface (bsc#1105931). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/entry/64: sanitize extra registers on syscall entry (bsc#1105931). - x86/fpu: Finish excising 'eagerfpu' (bnc#1012382). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86/fpu: Remove struct fpu::counter (bnc#1012382). - x86/fpu: Remove use_eager_fpu() (bnc#1012382). - x86/headers/UAPI: Use __u64 instead of u64 in (bug#1109038). - x86/hyperv: Add a function to read both TSC and TSC page value simulateneously (bsc#1109038). - x86/hyperv: Add interrupt handler annotations (bug#1109038). - x86/hyper-v: allocate and use Virtual Processor Assist Pages (bug#1109038). - x86/hyper-V: Allocate the IDT entry early in boot (bug#1109038). - x86/hyper-v: Check cpumask_to_vpset() return value in hyperv_flush_tlb_others_ex() (bug#1109038). - x86/hyperv: Check for required priviliges in hyperv_init() (bsc#1109038). - x86/hyper-v: Check for VP_INVAL in hyperv_flush_tlb_others() (bug#1109038). - x86/hyperv: Clear vCPU banks between calls to avoid flushing unneeded vCPUs (bsc#1109038). - x86/Hyper-V: Consolidate the allocation of the hypercall input page (bug#1109038). - x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits (bug#1109038). - x86/hyper-v: detect nested features (bug#1109038). - x86/hyperv: Do not use percpu areas for pcpu_flush/pcpu_flush_ex structures (bsc#1109038). - x86/Hyper-V: Enable IPI enlightenments (bug#1109038). - x86/Hyper-V: Enhanced IPI enlightenment (bug#1109038). - x86/Hyper-V: Enlighten APIC access (bug#1109038). - x86/hyperv: Fix hypercalls with extended CPU ranges for TLB flushing (bsc#1109038). - x86/hyper-v: Fix the circular dependency in IPI enlightenment (bug#1109038). - x86/hyper-v: Fix wrong merge conflict resolution (bug#1109038). - x86/Hyper-V/hv_apic: Build the Hyper-V APIC conditionally (bug#1109038). - x86/Hyper-V/hv_apic: Include asm/apic.h (bug#1109038). - x86/hyper-v: Implement hv_do_fast_hypercall16 (bug#1109038). - x86/hyper-v: Implement rep hypercalls (bug#1109038). - x86/hyper-v: move definitions from TLFS to hyperv-tlfs.h (bug#1109038). - x86/hyper-v: move hyperv.h out of uapi (bug#1109038). - x86/hyper-v: move struct hv_flush_pcpu{,ex} definitions to common header (bug#1109038). - x86/hyperv: Read TSC frequency from a synthetic MSR (bug#1109038). - x86/hyperv: Redirect reenlightment notifications on CPU offlining (bug#1109038). - x86/hyperv: Reenlightenment notifications support (bug#1109038). - x86/hyper-v: Remove duplicated HV_X64_EX_PROCESSOR_MASKS_RECOMMENDED definition (bug#1109038). - x86/hyper-v: rename ipi_arg_{ex,non_ex} structures (bug#1109038). - x86/hyper-v: stash the max number of virtual/logical processor (bug#1109038). - x86/hyperv: Stop suppressing X86_FEATURE_PCID (bsc#1109038). - x86/hyper-v: Support extended CPU ranges for TLB flush hypercalls (bug#1109038). - x86/hyper-v: Use cheaper HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} hypercalls when possible (bug#1109038). - x86/hyper-v: Use cheaper HVCALL_SEND_IPI hypercall when possible (bug#1109038). - x86/hyper-v: Use 'fast' hypercall for HVCALL_SEND_IPI (bug#1109038). - x86/hyper-v: Use hypercall for remote TLB flush (bug#1109038). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kaiser: Avoid loosing NMIs when using trampoline stack (bsc#1106293 bsc#1099597). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114648). - x86/kvm: rename HV_X64_MSR_APIC_ASSIST_PAGE to HV_X64_MSR_VP_ASSIST_PAGE (bug#1109038). - x86/mm: Remove in_nmi() warning from vmalloc_fault() (bnc#1012382). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006). - x86/numa_emulation: Fix emulated-to-physical node mapping (bnc#1012382). - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bnc#1012382). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158, bsc#1101555). - x86/spec_ctrl: Fix spec_ctrl reporting (bsc#1106913, bsc#1111516). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/tsc: Add missing header to tsc_msr.c (bnc#1012382). - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006). - x86/vdso: Fix vDSO build if a retpoline is emitted (bsc#1110006). - x86/vdso: Fix vDSO syscall fallback asm constraint regression (bsc#1110006). - x86/vdso: Only enable vDSO retpolines when enabled and supported (bsc#1110006). - xen: avoid crash in disable_hotplug_cpu (bnc#1012382 bsc#1106594 bsc#1042422). - xen/blkfront: correct purging of persistent grants (bnc#1065600). - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (bnc#1012382). - xen: issue warning message when out of grant maptrack entries (bsc#1105795). - xen/manage: do not complain about an empty value in control/sysrq node (bnc#1012382). - xen/netfront: do not bug in case of too many frags (bnc#1012382). - xen-netfront: fix queue name setting (bnc#1012382). - xen/netfront: fix waiting for xenbus state change (bnc#1012382). - xen-netfront: fix warn message as irq device name has '/' (bnc#1012382). - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code (bnc#1012382). - xfrm: fix 'passing zero to ERR_PTR()' warning (bnc#1012382). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: add xfs_trim_extent (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: borrow indirect blocks from freed extent when available (bsc#1095344). - xfs: cleanup xfs_bmap_last_before (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: during btree split, save new block key & ptr for future insertion (bsc#1095344). - xfs: factor out a helper to initialize a local format inode fork (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: fix transaction allocation deadlock in IO path (bsc#1090535). - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: improve kmem_realloc (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: new inode extent list lookup helpers (bsc#1095344). - xfs: only run torn log write detection on dirty logs (bsc#1095753). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: provide helper for counting extents from if_bytes (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor delalloc indlen reservation split into helper (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor in-core log state update to helper (bsc#1095753). - xfs: refactor unmount record detection into helper (bsc#1095753). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_bunmapi_cow (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: remove if_rdev (bsc#1095344). - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: separate log head record discovery from verification (bsc#1095753). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify validation of the unwritten extent bit (bsc#1095344). - xfs: split indlen reservations fairly when under reserved (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: update freeblocks counter after extent deletion (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344). - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bnc#1012382). - xhci: Do not print a warning when setting link state for disabled ports (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-95=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (x86_64): kernel-azure-4.4.162-4.19.2 kernel-azure-base-4.4.162-4.19.2 kernel-azure-base-debuginfo-4.4.162-4.19.2 kernel-azure-debuginfo-4.4.162-4.19.2 kernel-azure-debugsource-4.4.162-4.19.2 kernel-azure-devel-4.4.162-4.19.2 kernel-syms-azure-4.4.162-4.19.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-azure-4.4.162-4.19.1 kernel-source-azure-4.4.162-4.19.1 References: https://www.suse.com/security/cve/CVE-2018-14613.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16597.html https://www.suse.com/security/cve/CVE-2018-17182.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18386.html https://www.suse.com/security/cve/CVE-2018-18690.html https://www.suse.com/security/cve/CVE-2018-18710.html https://www.suse.com/security/cve/CVE-2018-7480.html https://www.suse.com/security/cve/CVE-2018-7757.html https://www.suse.com/security/cve/CVE-2018-9516.html https://bugzilla.suse.com/1011920 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1031392 https://bugzilla.suse.com/1035053 https://bugzilla.suse.com/1042422 https://bugzilla.suse.com/1043591 https://bugzilla.suse.com/1044189 https://bugzilla.suse.com/1048129 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1054239 https://bugzilla.suse.com/1057199 https://bugzilla.suse.com/1062303 https://bugzilla.suse.com/1063026 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065726 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1067906 https://bugzilla.suse.com/1073579 https://bugzilla.suse.com/1076393 https://bugzilla.suse.com/1078788 https://bugzilla.suse.com/1079524 https://bugzilla.suse.com/1082519 https://bugzilla.suse.com/1082863 https://bugzilla.suse.com/1082979 https://bugzilla.suse.com/1083215 https://bugzilla.suse.com/1083527 https://bugzilla.suse.com/1084427 https://bugzilla.suse.com/1084536 https://bugzilla.suse.com/1084760 https://bugzilla.suse.com/1087209 https://bugzilla.suse.com/1088087 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1090535 https://bugzilla.suse.com/1091158 https://bugzilla.suse.com/1093118 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1094562 https://bugzilla.suse.com/1094825 https://bugzilla.suse.com/1095344 https://bugzilla.suse.com/1095753 https://bugzilla.suse.com/1095805 https://bugzilla.suse.com/1096052 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1098050 https://bugzilla.suse.com/1098996 https://bugzilla.suse.com/1099597 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1101555 https://bugzilla.suse.com/1102495 https://bugzilla.suse.com/1102715 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103156 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1103308 https://bugzilla.suse.com/1103405 https://bugzilla.suse.com/1104124 https://bugzilla.suse.com/1105025 https://bugzilla.suse.com/1105428 https://bugzilla.suse.com/1105795 https://bugzilla.suse.com/1105931 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106293 https://bugzilla.suse.com/1106359 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1106512 https://bugzilla.suse.com/1106594 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1106934 https://bugzilla.suse.com/1107060 https://bugzilla.suse.com/1107299 https://bugzilla.suse.com/1107318 https://bugzilla.suse.com/1107535 https://bugzilla.suse.com/1107829 https://bugzilla.suse.com/1107870 https://bugzilla.suse.com/1107924 https://bugzilla.suse.com/1108096 https://bugzilla.suse.com/1108170 https://bugzilla.suse.com/1108240 https://bugzilla.suse.com/1108281 https://bugzilla.suse.com/1108315 https://bugzilla.suse.com/1108377 https://bugzilla.suse.com/1108399 https://bugzilla.suse.com/1108498 https://bugzilla.suse.com/1108803 https://bugzilla.suse.com/1108823 https://bugzilla.suse.com/1109038 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1109333 https://bugzilla.suse.com/1109336 https://bugzilla.suse.com/1109337 https://bugzilla.suse.com/1109441 https://bugzilla.suse.com/1109772 https://bugzilla.suse.com/1109784 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1109818 https://bugzilla.suse.com/1109907 https://bugzilla.suse.com/1109919 https://bugzilla.suse.com/1109923 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110297 https://bugzilla.suse.com/1110337 https://bugzilla.suse.com/1110363 https://bugzilla.suse.com/1110468 https://bugzilla.suse.com/1110600 https://bugzilla.suse.com/1110601 https://bugzilla.suse.com/1110602 https://bugzilla.suse.com/1110603 https://bugzilla.suse.com/1110604 https://bugzilla.suse.com/1110605 https://bugzilla.suse.com/1110606 https://bugzilla.suse.com/1110611 https://bugzilla.suse.com/1110612 https://bugzilla.suse.com/1110613 https://bugzilla.suse.com/1110614 https://bugzilla.suse.com/1110615 https://bugzilla.suse.com/1110616 https://bugzilla.suse.com/1110618 https://bugzilla.suse.com/1110619 https://bugzilla.suse.com/1110930 https://bugzilla.suse.com/1111363 https://bugzilla.suse.com/1111516 https://bugzilla.suse.com/1111870 https://bugzilla.suse.com/1112007 https://bugzilla.suse.com/1112262 https://bugzilla.suse.com/1112263 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1113667 https://bugzilla.suse.com/1113751 https://bugzilla.suse.com/1113766 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1114178 https://bugzilla.suse.com/1114229 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1115593 https://bugzilla.suse.com/981083 https://bugzilla.suse.com/997172 From sle-updates at lists.suse.com Tue Jan 15 10:09:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 18:09:22 +0100 (CET) Subject: SUSE-RU-2019:0090-1: moderate: Recommended update for regionServiceClientConfigEC2 Message-ID: <20190115170922.910E1FDF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for regionServiceClientConfigEC2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0090-1 Rating: moderate References: #1121114 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for regionServiceClientConfigEC2 2.1.0 fixes the following issues: Add the SUSE server IP 34.197.223.242 to the configuration. (bsc#1121114) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-90=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): regionServiceClientConfigEC2-2.1.0-3.3.1 References: https://bugzilla.suse.com/1121114 From sle-updates at lists.suse.com Tue Jan 15 13:09:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 21:09:09 +0100 (CET) Subject: SUSE-RU-2019:0099-1: moderate: Recommended update for grub2 Message-ID: <20190115200909.21903FDF7@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0099-1 Rating: moderate References: #1111955 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 provides the following fix: - ieee1275: Fix double free in CAS reboot. (bsc#1111955) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-99=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-99=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.02-4.34.1 grub2-debuginfo-2.02-4.34.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.02-4.34.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-4.34.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64): grub2-arm64-efi-2.02-4.34.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): grub2-i386-pc-2.02-4.34.1 grub2-x86_64-efi-2.02-4.34.1 grub2-x86_64-xen-2.02-4.34.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.34.1 grub2-systemd-sleep-plugin-2.02-4.34.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): grub2-s390x-emu-2.02-4.34.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): grub2-2.02-4.34.1 grub2-debuginfo-2.02-4.34.1 grub2-debugsource-2.02-4.34.1 grub2-i386-pc-2.02-4.34.1 grub2-x86_64-efi-2.02-4.34.1 grub2-x86_64-xen-2.02-4.34.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.34.1 grub2-systemd-sleep-plugin-2.02-4.34.1 - SUSE CaaS Platform ALL (noarch): grub2-snapper-plugin-2.02-4.34.1 - SUSE CaaS Platform ALL (x86_64): grub2-2.02-4.34.1 grub2-debuginfo-2.02-4.34.1 grub2-debugsource-2.02-4.34.1 grub2-i386-pc-2.02-4.34.1 grub2-x86_64-efi-2.02-4.34.1 grub2-x86_64-xen-2.02-4.34.1 - SUSE CaaS Platform 3.0 (x86_64): grub2-2.02-4.34.1 grub2-debuginfo-2.02-4.34.1 grub2-debugsource-2.02-4.34.1 grub2-i386-pc-2.02-4.34.1 grub2-x86_64-efi-2.02-4.34.1 grub2-x86_64-xen-2.02-4.34.1 - SUSE CaaS Platform 3.0 (noarch): grub2-snapper-plugin-2.02-4.34.1 References: https://bugzilla.suse.com/1111955 From sle-updates at lists.suse.com Tue Jan 15 13:09:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 21:09:46 +0100 (CET) Subject: SUSE-RU-2019:0100-1: moderate: Recommended update for grub2 Message-ID: <20190115200946.2AC58FDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0100-1 Rating: moderate References: #1111955 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 provides the following fix: - ieee1275: Fix double free in CAS reboot. (bsc#1111955) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-100=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-100=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): grub2-2.02-12.3.1 grub2-debuginfo-2.02-12.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 s390x x86_64): grub2-debugsource-2.02-12.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64): grub2-arm64-efi-2.02-12.3.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le): grub2-powerpc-ieee1275-2.02-12.3.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): grub2-i386-pc-2.02-12.3.1 grub2-x86_64-efi-2.02-12.3.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.3.1 grub2-systemd-sleep-plugin-2.02-12.3.1 grub2-x86_64-xen-2.02-12.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): grub2-s390x-emu-2.02-12.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): grub2-2.02-12.3.1 grub2-debuginfo-2.02-12.3.1 grub2-debugsource-2.02-12.3.1 grub2-i386-pc-2.02-12.3.1 grub2-x86_64-efi-2.02-12.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.3.1 grub2-systemd-sleep-plugin-2.02-12.3.1 grub2-x86_64-xen-2.02-12.3.1 References: https://bugzilla.suse.com/1111955 From sle-updates at lists.suse.com Tue Jan 15 13:10:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 21:10:19 +0100 (CET) Subject: SUSE-RU-2019:0102-1: moderate: Recommended update for timezone Message-ID: <20190115201019.E4505FDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0102-1 Rating: moderate References: #1120402 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: - Update 2018i: S??o Tom?? and Pr??ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-102=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): timezone-2018i-3.14.1 timezone-debuginfo-2018i-3.14.1 timezone-debugsource-2018i-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): timezone-java-2018i-3.14.1 References: https://bugzilla.suse.com/1120402 From sle-updates at lists.suse.com Tue Jan 15 13:10:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 21:10:54 +0100 (CET) Subject: SUSE-RU-2019:0104-1: moderate: Recommended update for chrony Message-ID: <20190115201054.8CFD4FDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for chrony ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0104-1 Rating: moderate References: #1117147 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for chrony fixes the following issues: - Generate chronyd sysconfig file. (bsc#1117147) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-104=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): chrony-3.2-9.3.1 chrony-debuginfo-3.2-9.3.1 chrony-debugsource-3.2-9.3.1 References: https://bugzilla.suse.com/1117147 From sle-updates at lists.suse.com Tue Jan 15 13:11:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 21:11:32 +0100 (CET) Subject: SUSE-RU-2019:0097-1: moderate: Recommended update for rpmlint Message-ID: <20190115201132.0C853FDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpmlint ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0097-1 Rating: moderate References: #1015141 #1076467 #1089114 #1089340 #1095769 #1097339 #1102836 #1104110 #1108037 #1109938 #1111254 #1116686 #1116758 #1119975 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has 14 recommended fixes can now be installed. Description: This update for rpmlint fixes the following issues: - Update rpmlint-checks to version master (bsc#1116686) - whitelist boltd dbus service (bsc#1119975) - whitelist pam_slurm_adopt (bsc#1116758) - Add user/group 'slurm' for package slurm (FATE#316379) - whitelist keepalived dbus service (bsc#1015141) - remove openswan whitelisting (bsc#1089340) - whitelist systemd-timesyncd (bsc#1111254) - whitelist NetworkManager-fortisslvpn (bsc#1109938) - whitelist iwd D-Bus service (bsc#1108037) - whitelist xpra D-Bus service (bsc#1102836) - adjust maximum valid suse_version to 1550 (bsc#1104110) - whitelist ratbagd D-Bus service (bsc#1076467) - whitelist pam_oath PAM module after audit (bsc#1089114) - Update rpmlint-checks to version master (bsc#1097339) - whitelisting NetworkManager-libreswan plugin (bsc#1089340) - add Lua/NodeJS related groups to list of valid groups (bsc#1095769) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-97=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-5.2.1 rpmlint-mini-debuginfo-1.10-5.2.1 rpmlint-mini-debugsource-1.10-5.2.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): rpmlint-1.10-7.3.1 References: https://bugzilla.suse.com/1015141 https://bugzilla.suse.com/1076467 https://bugzilla.suse.com/1089114 https://bugzilla.suse.com/1089340 https://bugzilla.suse.com/1095769 https://bugzilla.suse.com/1097339 https://bugzilla.suse.com/1102836 https://bugzilla.suse.com/1104110 https://bugzilla.suse.com/1108037 https://bugzilla.suse.com/1109938 https://bugzilla.suse.com/1111254 https://bugzilla.suse.com/1116686 https://bugzilla.suse.com/1116758 https://bugzilla.suse.com/1119975 From sle-updates at lists.suse.com Tue Jan 15 13:14:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 21:14:18 +0100 (CET) Subject: SUSE-RU-2019:0098-1: moderate: Recommended update for yast2-users Message-ID: <20190115201418.4A0FAFDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-users ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0098-1 Rating: moderate References: #1118617 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-users provides the following fixes: - Allow the root user to use a public key for authentication. (fate#324690) - Improve public key selector help. (fate#324690) - Add public keys handling support in an installed system. (fate#324690) - Improve the label for importing public SSH keys to clearly state it is about SSH. (bsc#1118617) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-98=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-users-4.0.11-3.9.3 yast2-users-debuginfo-4.0.11-3.9.3 yast2-users-debugsource-4.0.11-3.9.3 References: https://bugzilla.suse.com/1118617 From sle-updates at lists.suse.com Tue Jan 15 13:14:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 21:14:56 +0100 (CET) Subject: SUSE-RU-2019:0101-1: moderate: Recommended update for timezone Message-ID: <20190115201456.704B2FDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0101-1 Rating: moderate References: #1120402 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: - Update 2018i: S??o Tom?? and Pr??ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-101=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-101=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-101=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-101=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-101=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): timezone-2018i-74.20.1 timezone-debuginfo-2018i-74.20.1 timezone-debugsource-2018i-74.20.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): timezone-java-2018i-0.74.20.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): timezone-2018i-74.20.1 timezone-debuginfo-2018i-74.20.1 timezone-debugsource-2018i-74.20.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): timezone-java-2018i-0.74.20.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): timezone-2018i-74.20.1 timezone-debuginfo-2018i-74.20.1 timezone-debugsource-2018i-74.20.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): timezone-java-2018i-0.74.20.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): timezone-2018i-74.20.1 timezone-debuginfo-2018i-74.20.1 timezone-debugsource-2018i-74.20.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): timezone-java-2018i-0.74.20.1 - SUSE CaaS Platform ALL (x86_64): timezone-2018i-74.20.1 timezone-debuginfo-2018i-74.20.1 timezone-debugsource-2018i-74.20.1 - SUSE CaaS Platform 3.0 (x86_64): timezone-2018i-74.20.1 timezone-debuginfo-2018i-74.20.1 timezone-debugsource-2018i-74.20.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): timezone-2018i-74.20.1 timezone-debuginfo-2018i-74.20.1 timezone-debugsource-2018i-74.20.1 References: https://bugzilla.suse.com/1120402 From sle-updates at lists.suse.com Tue Jan 15 13:15:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 21:15:35 +0100 (CET) Subject: SUSE-SU-2019:0096-1: moderate: Security update for soundtouch Message-ID: <20190115201535.4FFC3FDF0@maintenance.suse.de> SUSE Security Update: Security update for soundtouch ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0096-1 Rating: moderate References: #1108631 #1108632 Cross-References: CVE-2018-17097 CVE-2018-17098 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for soundtouch fixes the following issues: Security issues fixed: - CVE-2018-17098: Fixed a heap corruption from size inconsistency, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108632) - CVE-2018-17097: Fixed a double free, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108631) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-96=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-96=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-96=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-96=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-96=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-96=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-96=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-96=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libSoundTouch0-32bit-1.7.1-5.11.1 libSoundTouch0-debuginfo-32bit-1.7.1-5.11.1 soundtouch-1.7.1-5.11.1 soundtouch-debuginfo-1.7.1-5.11.1 soundtouch-debugsource-1.7.1-5.11.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libSoundTouch0-32bit-1.7.1-5.11.1 libSoundTouch0-debuginfo-32bit-1.7.1-5.11.1 soundtouch-1.7.1-5.11.1 soundtouch-debuginfo-1.7.1-5.11.1 soundtouch-debugsource-1.7.1-5.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): soundtouch-1.7.1-5.11.1 soundtouch-debuginfo-1.7.1-5.11.1 soundtouch-debugsource-1.7.1-5.11.1 soundtouch-devel-1.7.1-5.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): soundtouch-1.7.1-5.11.1 soundtouch-debuginfo-1.7.1-5.11.1 soundtouch-debugsource-1.7.1-5.11.1 soundtouch-devel-1.7.1-5.11.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libSoundTouch0-1.7.1-5.11.1 libSoundTouch0-debuginfo-1.7.1-5.11.1 soundtouch-debuginfo-1.7.1-5.11.1 soundtouch-debugsource-1.7.1-5.11.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libSoundTouch0-1.7.1-5.11.1 libSoundTouch0-debuginfo-1.7.1-5.11.1 soundtouch-debuginfo-1.7.1-5.11.1 soundtouch-debugsource-1.7.1-5.11.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libSoundTouch0-1.7.1-5.11.1 libSoundTouch0-32bit-1.7.1-5.11.1 libSoundTouch0-debuginfo-1.7.1-5.11.1 libSoundTouch0-debuginfo-32bit-1.7.1-5.11.1 soundtouch-1.7.1-5.11.1 soundtouch-debuginfo-1.7.1-5.11.1 soundtouch-debugsource-1.7.1-5.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libSoundTouch0-1.7.1-5.11.1 libSoundTouch0-32bit-1.7.1-5.11.1 libSoundTouch0-debuginfo-1.7.1-5.11.1 libSoundTouch0-debuginfo-32bit-1.7.1-5.11.1 soundtouch-1.7.1-5.11.1 soundtouch-debuginfo-1.7.1-5.11.1 soundtouch-debugsource-1.7.1-5.11.1 References: https://www.suse.com/security/cve/CVE-2018-17097.html https://www.suse.com/security/cve/CVE-2018-17098.html https://bugzilla.suse.com/1108631 https://bugzilla.suse.com/1108632 From sle-updates at lists.suse.com Tue Jan 15 13:16:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 21:16:26 +0100 (CET) Subject: SUSE-RU-2019:0106-1: moderate: Recommended update for several ardana packages Message-ID: <20190115201626.5BE22FDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for several ardana packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0106-1 Rating: moderate References: #1083780 #1084151 #1094873 #1100583 #1103253 #1104760 #1109753 #1111687 #1113113 #1113796 #1113815 #1114632 #1116171 #1116455 #1116486 #1116508 #1116704 #1117198 #1117497 #1118201 #114241 Affected Products: SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 21 recommended fixes can now be installed. Description: This update for for ardana packages fixes the following issues: ardana-ansible: - SCRD-4298 Keep alive SSH sessions - Reset service-update status flag after update (bsc#1114632) - SCRD-5652 - fix Install UI reconfiguring before site.yml has succeeded - SCRD-5139 Fix playbook syntax for RHEL ISO validation - SCRD-5139 Allow CentOS/RHEL/SLES-ES ISOs without failure - SCRD-4816 Prevent exceptions when data missing ardana-cassandra: - SCPL-409 Fix .gitreview for stable/pike ardana-ceilometer: - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike ardana-cobbler: - SCRD-5139 Make cobbler rhel75 profile compatible with CentOS - SCRD-5139 Correct location of ISOs for ardana user - SCRD-5139 Add support for RHEL 7.5 ardana-db: - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike ardana-designate: - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike ardana-extensions-dcn: - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike ardana-extensions-nsx: - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike ardana-heat: - SCRD-2812 Playbook to deploy CaaSP cluster using heat - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike ardana-horizon: - Corrected help button URL (bsc#114241) - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike ardana-input-model: - Enable caching for keystone (bsc#1116171) - Specify external network provider attributes (bsc#1100583) - Physical-volumen of input model example needs _root (bsc#1103253) ardana-ironic: - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike ardana-keystone: - Enable caching for keystone (bsc#1116171) - Use correct path for sso_callback_template.html (bsc#1083780) ardana-logging: - SCRD-5139 Enable logrotate conf generation in centos - SCRD-5366 Avoid rewriting ardana service trigger file - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike ardana-magnum: - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike ardana-manila: - Fix osapi_share_listen for manila-share (bsc#1118201) - Change db connection protocol to mysql+pymysql instead of mysql (bsc#1116508) - Fix manila-manage.log file ownership to manila:manila (bsc#1116486) ardana-memcached: - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike ardana-monasca: - Set up /usr/lib/monasca/agent on RHEL (bsc#1094873) - Don't modify /usr/lib/monasca/agent/ custom dirs (bsc#1094873) - Remove recursively owning /etc/monasca by mon-api (bsc#1094873) ardana-monasca-transform: - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike ardana-neutron: - Keep L3 Agent's DEFAULT.external_network_bridge option (bsc#1117198) - Remove L3 DEFAULT.external_network_bridge option (bsc#1100583) ardana-nova: - Hides usernames and passwords (bsc#1111687) - Removes duplicate cell1 mappings (bsc#1111687) - SCRD-5139 Selinux policy updates for RHEL 7.5 ardana-octavia: - Fix octavia configuration required attributes (bsc#1109753) ardana-osconfig: - set a unique datapath_id for each ovs bridge (bsc#1117198) - SCRD-5139 Fix typo on setup-yum - SCRD-5116 Support root LV named root or LVRoot - SCRD-5139 Fix RHEL optional yum repo references ardana-qa-ansible: - SCPL-409 Fix .gitreview for stable/pike - SCRD-3234 - test coverage for action verbs for service playbooks - SCRD-2770 - Workaround for bugzilla 1084362 - SCRD-3199 Adding iverify to QE automation framework - SCRD-3199 Switch hlm_home_folder to ardana_home_folder - SCRD-3199 Fix issue with the sudo privilege for hqe_user - Reference existing global var for CA bundle (bsc#1084151) - SCRD-2913 Updates to hqe-heat-integrationtests ansible - SCRD-2667 Remove dependency on devel packages - Set 1 - SCRD-2648 Fixes to QE barbican functional - SCRD-2841 - Fix the scaffolding tool to support generating a skeleton wrapper - SCRD-2648 Updates to qe barbican ansible - SCRD-2770 Update qe barbican ansible playbook functional_tests.conf - SCRD-2639 Update copyrights for files touched in 2018 - SCRD-2601 - Fix failing task due to missing library in ansible code - SCRD-2401 Update git server and other fixes - SCRD-2187 Split all group_vars into a directory of group vars - SCRD-2133 Replace sudo with become - SCRD-1237 Replace HLM with Ardana in variable names - SCRD-1366 Don't assume monasca is enabled - SCRD-1969 Disable logging tests - SCRD-1857 Fix the src cert location to be different from the dest location - SCRD-1857 Bug fix related to cert failure - SCRD-1857 Changes to support running ardana-qa-ansible playbooks on SLES node - SCRD-1804 Merge prerelease changes for ardana-qa-ansible - SCRD-1628 Port HQA-1650 fix to ardana-qa-ansible ardana-service: - SCRD-5509 Avoid referencing unassigned variable - SCRD-3501 updated to have better http code - SCRD-3501 added mock data for compute and netowrk API - SCRD-5509 - make monasca api threadsafe - SCRD-5738 remove refrences to `extraVars` - SCRD-0000 Mock playbooks without .yml or canned logs - SCRD-3501 Include IP in cobbler list - SCRD-3497 Add canned logs for additional playbooks - SCRD-3501 Added cobbler REST APIs - SCRD-3497 Add API to remove host from known_hosts - SCRD-3501 Added network REST APIs - SCRD-3501 Added compute REST APIs - SCRD-5506 Picked up encprytion key - SCRD-5505 make playbook names to be constants - SCRD-2887 - update config processor dev env setup to match changes from SCRD-5358 - SCRD-5506 Picked up encprytion key - SCRD-5505 make playbook names to be constants - Add nova and neutron python clients in support of SCRD-3501 - the replace compute node workflow requires calls to nova and neutron - SCRD-2887 - update config processor dev env setup to match changes from SCRD-5358 - SCRD-2887 Add debugging information to README - SCRD-4771 Fix format of error messages ardana-ses: - Fix cinder keyring file path name (bsc#1113815) - Provide full path to keyring files (bsc#1116455) - Fix SES config convert (bsc#1113113) - Read ses_config into dict (bsc#1117497) - Fix cinder backup keyring filename (bsc#1116704) - Fix broken cinder keyring value (bsc#1113796) ardana-spark: - Disable the REST API for the spark-master (bsc#1104760) ardana-tempest: - SCRD-5920 enable additional tests for CI - Update to version 8.0+git.1543336226.7f06c38: - SCRD-9999 bump up timeout for tempest tests - SCRD-4200 Add manila-tempest-plugin - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike - SCRD-3952 Adds a tempest run filter for Magnum - SCRD-3948 Configure alternative image for tempest ardana-tls: - switch to stable/pike branch - SCPL-409 Fix .gitreview for stable/pike Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-106=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-106=1 Package List: - SUSE OpenStack Cloud 8 (noarch): ardana-ansible-8.0+git.1543595116.5c05be0-3.49.1 ardana-cassandra-8.0+git.1534266612.44dcb20-3.9.1 ardana-ceilometer-8.0+git.1534266629.0bb5d54-3.6.1 ardana-cobbler-8.0+git.1540416884.a0a3d4a-3.32.1 ardana-db-8.0+git.1534266770.1b13e95-3.16.1 ardana-designate-8.0+git.1534266787.434a134-3.11.1 ardana-extensions-nsx-8.0+git.1534266342.e2be02d-3.3.2 ardana-heat-8.0+git.1542235970.98e05ca-3.3.1 ardana-horizon-8.0+git.1543534669.06cea45-3.9.1 ardana-input-model-8.0+git.1543232282.45bef54-3.24.1 ardana-ironic-8.0+git.1534266893.1d69df7-3.3.1 ardana-keystone-8.0+git.1543232299.e024ee7-3.18.1 ardana-logging-8.0+git.1542294065.b197cc8-3.12.1 ardana-magnum-8.0+git.1534266946.b552296-3.3.1 ardana-manila-8.0+git.1543877334.9f89cd5-1.9.1 ardana-memcached-8.0+git.1534266982.498c352-3.3.1 ardana-monasca-8.0+git.1539124028.7f060e3-3.15.1 ardana-monasca-transform-8.0+git.1534267017.4bbecd9-3.6.1 ardana-neutron-8.0+git.1543919776.6c02424-3.24.1 ardana-nova-8.0+git.1541608566.6d4b2f7-3.17.1 ardana-octavia-8.0+git.1541639876.e80ad25-3.11.1 ardana-osconfig-8.0+git.1543941929.6f49882-3.30.1 ardana-service-8.0+git.1542651815.31dd419-3.17.1 ardana-ses-8.0+git.1544027578.063442e-1.11.1 ardana-spark-8.0+git.1539709555.5b31c25-3.9.1 ardana-tempest-8.0+git.1543499080.688f581-3.9.1 ardana-tls-8.0+git.1534267264.6b1e899-3.3.1 - HPE Helion Openstack 8 (noarch): ardana-ansible-8.0+git.1543595116.5c05be0-3.49.1 ardana-cassandra-8.0+git.1534266612.44dcb20-3.9.1 ardana-ceilometer-8.0+git.1534266629.0bb5d54-3.6.1 ardana-cobbler-8.0+git.1540416884.a0a3d4a-3.32.1 ardana-db-8.0+git.1534266770.1b13e95-3.16.1 ardana-designate-8.0+git.1534266787.434a134-3.11.1 ardana-extensions-nsx-8.0+git.1534266342.e2be02d-3.3.2 ardana-heat-8.0+git.1542235970.98e05ca-3.3.1 ardana-horizon-8.0+git.1543534669.06cea45-3.9.1 ardana-input-model-8.0+git.1543232282.45bef54-3.24.1 ardana-ironic-8.0+git.1534266893.1d69df7-3.3.1 ardana-keystone-8.0+git.1543232299.e024ee7-3.18.1 ardana-logging-8.0+git.1542294065.b197cc8-3.12.1 ardana-magnum-8.0+git.1534266946.b552296-3.3.1 ardana-manila-8.0+git.1543877334.9f89cd5-1.9.1 ardana-memcached-8.0+git.1534266982.498c352-3.3.1 ardana-monasca-8.0+git.1539124028.7f060e3-3.15.1 ardana-monasca-transform-8.0+git.1534267017.4bbecd9-3.6.1 ardana-neutron-8.0+git.1543919776.6c02424-3.24.1 ardana-nova-8.0+git.1541608566.6d4b2f7-3.17.1 ardana-octavia-8.0+git.1541639876.e80ad25-3.11.1 ardana-osconfig-8.0+git.1543941929.6f49882-3.30.1 ardana-service-8.0+git.1542651815.31dd419-3.17.1 ardana-ses-8.0+git.1544027578.063442e-1.11.1 ardana-spark-8.0+git.1539709555.5b31c25-3.9.1 ardana-tempest-8.0+git.1543499080.688f581-3.9.1 ardana-tls-8.0+git.1534267264.6b1e899-3.3.1 References: https://bugzilla.suse.com/1083780 https://bugzilla.suse.com/1084151 https://bugzilla.suse.com/1094873 https://bugzilla.suse.com/1100583 https://bugzilla.suse.com/1103253 https://bugzilla.suse.com/1104760 https://bugzilla.suse.com/1109753 https://bugzilla.suse.com/1111687 https://bugzilla.suse.com/1113113 https://bugzilla.suse.com/1113796 https://bugzilla.suse.com/1113815 https://bugzilla.suse.com/1114632 https://bugzilla.suse.com/1116171 https://bugzilla.suse.com/1116455 https://bugzilla.suse.com/1116486 https://bugzilla.suse.com/1116508 https://bugzilla.suse.com/1116704 https://bugzilla.suse.com/1117198 https://bugzilla.suse.com/1117497 https://bugzilla.suse.com/1118201 https://bugzilla.suse.com/114241 From sle-updates at lists.suse.com Tue Jan 15 13:20:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 21:20:29 +0100 (CET) Subject: SUSE-RU-2019:0103-1: moderate: Recommended update for ses-manual_en Message-ID: <20190115202029.84484FDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0103-1 Rating: moderate References: #1104794 #1106274 #1107464 #111142 #1113292 #1113900 #1113911 #1113934 #1114054 #1116537 #1116927 #1119167 #1119451 #1119571 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has 14 recommended fixes can now be installed. Description: This update for ses-manual_en fixes the following issues: - prevent rebooting MONs on shared hosts (bsc#1104794) - minor fix of OSD number (bsc#1116927) - tcp_nodelay for RGW (bsc#1106274) - sdded device classes (bsc#1113292) - DeepSea stage 2 added for Ganesha (bsc#1119167) - list pool's snapshots (bsc#1113911) - rely on internal NTP time sources (bsc#1119571) - added example of update-reboot DeepSea setting (bsc#1119451) - extended custom DeepSea configuration (bsc#111142) - updating grains after remove.osd (bsc#1107464) - dont reboot MONs during upgrade (bsc#1104794) - improved pool migration (bsc#1113900) - all command prompts aligned + general key mgmt (bsc#1116537) - improved pool compression (bsc#1113934) - Moved lrdb tip to the right place (bsc#1114054) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-103=1 Package List: - SUSE Enterprise Storage 5 (noarch): ses-admin_en-pdf-5-22.15.1 ses-deployment_en-pdf-5-22.15.1 ses-manual_en-5-22.15.1 References: https://bugzilla.suse.com/1104794 https://bugzilla.suse.com/1106274 https://bugzilla.suse.com/1107464 https://bugzilla.suse.com/111142 https://bugzilla.suse.com/1113292 https://bugzilla.suse.com/1113900 https://bugzilla.suse.com/1113911 https://bugzilla.suse.com/1113934 https://bugzilla.suse.com/1114054 https://bugzilla.suse.com/1116537 https://bugzilla.suse.com/1116927 https://bugzilla.suse.com/1119167 https://bugzilla.suse.com/1119451 https://bugzilla.suse.com/1119571 From sle-updates at lists.suse.com Tue Jan 15 13:23:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Jan 2019 21:23:07 +0100 (CET) Subject: SUSE-RU-2019:0105-1: moderate: Recommended update for chrony Message-ID: <20190115202307.C541FFDF0@maintenance.suse.de> SUSE Recommended Update: Recommended update for chrony ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0105-1 Rating: moderate References: #1117147 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for chrony fixes the following issues: - Generate chronyd sysconfig file. (bsc#1117147) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-105=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-105=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): chrony-2.3-5.3.1 chrony-debuginfo-2.3-5.3.1 chrony-debugsource-2.3-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): chrony-2.3-5.3.1 chrony-debuginfo-2.3-5.3.1 chrony-debugsource-2.3-5.3.1 References: https://bugzilla.suse.com/1117147 From sle-updates at lists.suse.com Wed Jan 16 07:13:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Jan 2019 15:13:06 +0100 (CET) Subject: SUSE-RU-2019:0107-1: moderate: Recommended update for mozilla-nss Message-ID: <20190116141306.9D8E8FDF7@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0107-1 Rating: moderate References: #1090767 #1121045 #1121207 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for mozilla-nss fixes the following issues: - The hmac packages used for FIPS certification inadvertently removed in last update: re-added. (bsc#1121207) - Added "Suggest:" for libfreebl3 and libsoftokn3 respective -hmac packages to avoid dependency issues during updates (bsc#1090767, bsc#1121045) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-107=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-107=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-107=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-107=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-107=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-107=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-107=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-107=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-107=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-107=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-107=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-107=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-107=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-32bit-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libfreebl3-debuginfo-32bit-3.40.1-58.21.1 libfreebl3-hmac-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-32bit-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 libsoftokn3-debuginfo-32bit-3.40.1-58.21.1 libsoftokn3-hmac-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-32bit-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-32bit-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-sysinit-3.40.1-58.21.1 mozilla-nss-sysinit-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-tools-3.40.1-58.21.1 mozilla-nss-tools-debuginfo-3.40.1-58.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-devel-3.40.1-58.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-devel-3.40.1-58.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libfreebl3-hmac-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 libsoftokn3-hmac-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-sysinit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.21.1 mozilla-nss-tools-3.40.1-58.21.1 mozilla-nss-tools-debuginfo-3.40.1-58.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libfreebl3-32bit-3.40.1-58.21.1 libfreebl3-debuginfo-32bit-3.40.1-58.21.1 libsoftokn3-32bit-3.40.1-58.21.1 libsoftokn3-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-32bit-3.40.1-58.21.1 mozilla-nss-certs-32bit-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.21.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libfreebl3-hmac-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 libsoftokn3-hmac-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-sysinit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.21.1 mozilla-nss-tools-3.40.1-58.21.1 mozilla-nss-tools-debuginfo-3.40.1-58.21.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libfreebl3-32bit-3.40.1-58.21.1 libfreebl3-debuginfo-32bit-3.40.1-58.21.1 libsoftokn3-32bit-3.40.1-58.21.1 libsoftokn3-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-32bit-3.40.1-58.21.1 mozilla-nss-certs-32bit-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.21.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libfreebl3-hmac-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 libsoftokn3-hmac-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-sysinit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.21.1 mozilla-nss-tools-3.40.1-58.21.1 mozilla-nss-tools-debuginfo-3.40.1-58.21.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libfreebl3-32bit-3.40.1-58.21.1 libfreebl3-debuginfo-32bit-3.40.1-58.21.1 libsoftokn3-32bit-3.40.1-58.21.1 libsoftokn3-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-32bit-3.40.1-58.21.1 mozilla-nss-certs-32bit-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libfreebl3-hmac-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 libsoftokn3-hmac-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-sysinit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.21.1 mozilla-nss-tools-3.40.1-58.21.1 mozilla-nss-tools-debuginfo-3.40.1-58.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.40.1-58.21.1 libfreebl3-debuginfo-32bit-3.40.1-58.21.1 libsoftokn3-32bit-3.40.1-58.21.1 libsoftokn3-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-32bit-3.40.1-58.21.1 mozilla-nss-certs-32bit-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-32bit-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libfreebl3-debuginfo-32bit-3.40.1-58.21.1 libfreebl3-hmac-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-32bit-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 libsoftokn3-debuginfo-32bit-3.40.1-58.21.1 libsoftokn3-hmac-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-32bit-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-32bit-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-sysinit-3.40.1-58.21.1 mozilla-nss-sysinit-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-tools-3.40.1-58.21.1 mozilla-nss-tools-debuginfo-3.40.1-58.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libfreebl3-hmac-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 libsoftokn3-hmac-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-devel-3.40.1-58.21.1 mozilla-nss-sysinit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.21.1 mozilla-nss-tools-3.40.1-58.21.1 mozilla-nss-tools-debuginfo-3.40.1-58.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libfreebl3-32bit-3.40.1-58.21.1 libfreebl3-debuginfo-32bit-3.40.1-58.21.1 libsoftokn3-32bit-3.40.1-58.21.1 libsoftokn3-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-32bit-3.40.1-58.21.1 mozilla-nss-certs-32bit-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.21.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libfreebl3-hmac-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 libsoftokn3-hmac-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-devel-3.40.1-58.21.1 mozilla-nss-sysinit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.21.1 mozilla-nss-tools-3.40.1-58.21.1 mozilla-nss-tools-debuginfo-3.40.1-58.21.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libfreebl3-32bit-3.40.1-58.21.1 libfreebl3-debuginfo-32bit-3.40.1-58.21.1 libsoftokn3-32bit-3.40.1-58.21.1 libsoftokn3-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-32bit-3.40.1-58.21.1 mozilla-nss-certs-32bit-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.21.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-32bit-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libfreebl3-debuginfo-32bit-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-32bit-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 libsoftokn3-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-32bit-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-32bit-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-sysinit-3.40.1-58.21.1 mozilla-nss-sysinit-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-tools-3.40.1-58.21.1 mozilla-nss-tools-debuginfo-3.40.1-58.21.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-32bit-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libfreebl3-debuginfo-32bit-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-32bit-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 libsoftokn3-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-32bit-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-32bit-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-sysinit-3.40.1-58.21.1 mozilla-nss-sysinit-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-tools-3.40.1-58.21.1 mozilla-nss-tools-debuginfo-3.40.1-58.21.1 - SUSE Enterprise Storage 4 (x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-32bit-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libfreebl3-debuginfo-32bit-3.40.1-58.21.1 libfreebl3-hmac-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-32bit-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 libsoftokn3-debuginfo-32bit-3.40.1-58.21.1 libsoftokn3-hmac-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-32bit-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-32bit-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 mozilla-nss-sysinit-3.40.1-58.21.1 mozilla-nss-sysinit-32bit-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.21.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.21.1 mozilla-nss-tools-3.40.1-58.21.1 mozilla-nss-tools-debuginfo-3.40.1-58.21.1 - SUSE CaaS Platform ALL (x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 - SUSE CaaS Platform 3.0 (x86_64): libfreebl3-3.40.1-58.21.1 libfreebl3-debuginfo-3.40.1-58.21.1 libsoftokn3-3.40.1-58.21.1 libsoftokn3-debuginfo-3.40.1-58.21.1 mozilla-nss-3.40.1-58.21.1 mozilla-nss-certs-3.40.1-58.21.1 mozilla-nss-certs-debuginfo-3.40.1-58.21.1 mozilla-nss-debuginfo-3.40.1-58.21.1 mozilla-nss-debugsource-3.40.1-58.21.1 References: https://bugzilla.suse.com/1090767 https://bugzilla.suse.com/1121045 https://bugzilla.suse.com/1121207 From sle-updates at lists.suse.com Wed Jan 16 10:08:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Jan 2019 18:08:58 +0100 (CET) Subject: SUSE-RU-2019:0108-1: moderate: Recommended update for ndctl Message-ID: <20190116170858.62301FDF7@maintenance.suse.de> SUSE Recommended Update: Recommended update for ndctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0108-1 Rating: moderate References: #1107113 #1110425 #1120931 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides version 63 of ndctl and brings many fixes and improvements: - Use Type=simple instead of Type=forking for service (bsc#1120931) - Enable ppc64le build (FATE#326817) - Drop 'v' from pkgconfig-version (breaks 'ipmctl'). (bsc#1107113, FATE#325527) - ars: Don't invalidate the user-provided command. - autoconf: Include sys/mman.h for MAP_SYNC. - bash-completion: Add completion for ndctl-monitor. - build: Introduce --with-{bash,systemd}. - check-labels: Correct check-labels message wording. - configure: Add -Wunused-result and -D_FORTIFY_SOURCE=2 to cflags. - contrib/do_abidiff: Make the build more robust. - contrib: Add helper scripts for new release. - destroy-namespace: Check for an already-zeroed info block. - documentation/create-namespace: Clarify fsdax wording. - documentation: Add a newline in namespace Theory of Operations. - documentation: Add asciidoctor-extensions.rb to .gitignore. - documentation: Add inject-smart to the Makefile. - documentation: Add man page for monitor. - documentation: Add namespace 'theory of operation'. - documentation: Add the support for asciidoctor. - documentation: Clarify the dimm id for ndctl list d option. - documentation: Document the label-version option for init-labels. - documentation: Fix title and section markers - documentation: Use asciidoctor by default. - filter: Fix "keyword 'all' is ignored" in util__filter(). - filter: Refacor util__filter() to support multiple space-seperated arguments. - inject-error: Add a --saturate option. - inject-smart: Add an interface to inject ctrl-temperature. - inject-smart: Add an option to uninject smart fields. - inject-smart: Continue in spite of errors for uninject-all. - inject-smart: Fix man page to match the current behavior. - inject: Fix a resource leak in ndctl_namespace_get_clear_unit. - intel: Fallback to smart cached shutdown_count. - lib: Add APIs for retrieving namespace badblocks. - lib: Add dirty-shutdown-count retrieval helper. - lib: Refactor badblocks retrieval routines. - libndctl/ars: Add an API to retrieve clear_err_unit. - libndctl/inject: Add 'v2' APIs for inject and uninject. - libndctl/inject: Inject fewer bytes per block by default. - libndctl/test: Fix a couple of unchecked returns. - libndctl: Fix a resource leak in ndctl_dimm_get_{{event_}flags, health}. - libndctl: Fix potential buffer overflow in write_cache APIs. - libndctl: Fix the uninject-error API actually injecting errors. - libndctl: Improve debug prints in wait_for_scrub_completion. - libndctl: Set errno for routines that don't return an error status. - list: Add alarm_enable_ to list. - list: Add controller temperature threshold and alarm. - list: Add controller temperature. - list: Always output array without --human. - list: Display the 'map' location in listings. - list: Fix the verbosity level formatting in the man page. - monitor: Add [--verbose] option to emit extra debug messages. - monitor: Add [Install] Section to systemd unit file of ndctl-monitor. - monitor: Add a config-file section to the man page. - monitor: Add a new command - monitor. - monitor: Add main ndctl monitor configuration file. - monitor: Add the unit file of systemd for ndctl-monitor service. - monitor: Add timestamp and pid to log messages in log_file(). - monitor: Fix a resource leak in parse_monitor_event. - monitor: Fix duplicate prefix in monitor.log. - monitor: Fix formatting for --log in the man page. - monitor: Fix memory leak in monitor_event. - monitor: Fix memory leak in read_config_file. - monitor: Fix the lack of detection of invalid dimm-events. - monitor: Fix the lack of detection of invalid path of log file. - monitor: Fix the severity of "daemon started" message. - monitor: Improve error reporting throughout monitor.c. - monitor: In daemon mode, exit successfully if no DIMMs are found. - monitor: Set default log destination to syslog if "--daemon" is specified. - namespace: Rework namespace action accounting. - ndctl: Add 'list' verbose options. - ndctl: Add CONTRIBUTING.md. - ndctl: Add a test file to .gitignore. - ndctl: Add an API to check support for smart injection. - ndctl: Add an api for getting the ars_status overflow flag. - ndctl: Autoconf detect BUS_MCEERR_AR. - ndctl: Create ndctl udev rules for dirty shutdown. - ndctl: Deprecate undocumented short-options. - ndctl: Fix ABI breakage due to rename of fw_info_get_updated_version. - ndctl: Fix a resource leak in submit_get_firmware_info. - ndctl: Fix libtool versioning. - ndctl: Fix potential null dereference in the smart error handler. - ndctl: Hide null uuids. - ndctl: Refactor validation of the ars_status command. - ndctl: Remove dependency on linker garbage collection. - ndctl: Remove warnings when -O0 is used with -D_FORTIFY_SOURCE=2. - ndctl: Revert "ndctl, intel: Fallback to smart cached shutdown_count". - ndctl: Revert "ndctl: Create ndctl udev rules for dirty shutdown". - ndctl: Simplify JSON print flag handling. - ndctl: Suppress command errors if fallback exists. - ndctl: Update README.md for code blocks. - ndctl: Use max_available_extent for namespace. - ndctl: Warn on variables declared after statement. - ndctl: Work around kernel memory corruption. - prepare-release.sh: Fix revision update checks. - spec: Use pkgconfig for systemd. - test/monitor: Fix inject-smart field in test_filter_dimmevent. - test: Add NFIT_TEST_BUS[01] variable and some helper funtions to common. - test: Add UUID_LIBS for list_smart_dimm. - test: Add a MADV_HWPOISON test. - test: Add a new unit test for max_available_extent namespace. - test: Add a new unit test for monitor. - test: Add a new unit test pfn metadata error clearing. - test: Add common helper functions for test scripts. - test: Add device-dax MADV_HWPOISON test. - test: Add start/wait scrub to injection tests. - test: Check availability of MAP_SYNC for poison test. - test: Cleanup test scripts. - test: Convert remaining tests to use test/common. - test: Disable poison tests for now. - test: Fix a potential null pointer dereference in 'ndctl test'. - test: Fix a resource leak in check_smart_threshold. - test: Fix dax.sh return code. - test: Fix sector-mode.sh to work with label support. - test: Fix tests for the array vs object listing fix. - test: Fix timeouts in device-dax. - test: Remove an unused variable assignment. - test: Remove the firmware image file before the test end. - test: Update libndctl test for controller temperature valid. - test: Update tests for capacity vs namespace-label locking. - tests: Add a new unit test for inject-smart. - udev: Fix a resource leak in save_unsafe_shutdown_count. - util/json: Add a util_namespace_badblocks_to_json() helper. - util/json: Add comments around re-checking the UTIL_JSON_MEDIA_ERRORS flag. - util/json: Fix an error check for region resource. - util/strbuf.h: Include sys/types.h for ssize_t definition. - util: Add OPTION_FILENAME to parse_opt_type. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-108=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): libndctl-devel-63-3.5.1 libndctl6-63-3.5.1 libndctl6-debuginfo-63-3.5.1 ndctl-63-3.5.1 ndctl-debuginfo-63-3.5.1 ndctl-debugsource-63-3.5.1 References: https://bugzilla.suse.com/1107113 https://bugzilla.suse.com/1110425 https://bugzilla.suse.com/1120931 From sle-updates at lists.suse.com Thu Jan 17 10:09:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Jan 2019 18:09:16 +0100 (CET) Subject: SUSE-SU-2019:0110-1: important: Security update for zeromq Message-ID: <20190117170916.C2BF9FDF1@maintenance.suse.de> SUSE Security Update: Security update for zeromq ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0110-1 Rating: important References: #1121717 Cross-References: CVE-2019-6250 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zeromq fixes the following issues: Security issue fixed: - CVE-2019-6250: fix a remote execution vulnerability due to pointer arithmetic overflow (bsc#1121717) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-110=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-110=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): zeromq-debuginfo-4.2.3-3.3.2 zeromq-debugsource-4.2.3-3.3.2 zeromq-tools-4.2.3-3.3.2 zeromq-tools-debuginfo-4.2.3-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libzmq5-4.2.3-3.3.2 libzmq5-debuginfo-4.2.3-3.3.2 zeromq-debuginfo-4.2.3-3.3.2 zeromq-debugsource-4.2.3-3.3.2 zeromq-devel-4.2.3-3.3.2 References: https://www.suse.com/security/cve/CVE-2019-6250.html https://bugzilla.suse.com/1121717 From sle-updates at lists.suse.com Thu Jan 17 10:09:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Jan 2019 18:09:54 +0100 (CET) Subject: SUSE-SU-2019:0111-1: important: Security update for krb5 Message-ID: <20190117170954.D939FFDF3@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0111-1 Rating: important References: #1120489 Cross-References: CVE-2018-20217 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-111=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-111=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-111=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-111=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-111=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-111=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-111=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-111=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-111=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-111=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-111=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-111=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): krb5-1.12.5-40.31.1 krb5-32bit-1.12.5-40.31.1 krb5-client-1.12.5-40.31.1 krb5-client-debuginfo-1.12.5-40.31.1 krb5-debuginfo-1.12.5-40.31.1 krb5-debuginfo-32bit-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 krb5-doc-1.12.5-40.31.1 krb5-plugin-kdb-ldap-1.12.5-40.31.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-otp-1.12.5-40.31.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.31.1 krb5-server-1.12.5-40.31.1 krb5-server-debuginfo-1.12.5-40.31.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 krb5-devel-1.12.5-40.31.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 krb5-devel-1.12.5-40.31.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): krb5-1.12.5-40.31.1 krb5-client-1.12.5-40.31.1 krb5-client-debuginfo-1.12.5-40.31.1 krb5-debuginfo-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 krb5-doc-1.12.5-40.31.1 krb5-plugin-kdb-ldap-1.12.5-40.31.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-otp-1.12.5-40.31.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.31.1 krb5-server-1.12.5-40.31.1 krb5-server-debuginfo-1.12.5-40.31.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): krb5-32bit-1.12.5-40.31.1 krb5-debuginfo-32bit-1.12.5-40.31.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.31.1 krb5-client-1.12.5-40.31.1 krb5-client-debuginfo-1.12.5-40.31.1 krb5-debuginfo-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 krb5-doc-1.12.5-40.31.1 krb5-plugin-kdb-ldap-1.12.5-40.31.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-otp-1.12.5-40.31.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.31.1 krb5-server-1.12.5-40.31.1 krb5-server-debuginfo-1.12.5-40.31.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): krb5-32bit-1.12.5-40.31.1 krb5-debuginfo-32bit-1.12.5-40.31.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.31.1 krb5-client-1.12.5-40.31.1 krb5-client-debuginfo-1.12.5-40.31.1 krb5-debuginfo-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 krb5-doc-1.12.5-40.31.1 krb5-plugin-kdb-ldap-1.12.5-40.31.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-otp-1.12.5-40.31.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.31.1 krb5-server-1.12.5-40.31.1 krb5-server-debuginfo-1.12.5-40.31.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): krb5-32bit-1.12.5-40.31.1 krb5-debuginfo-32bit-1.12.5-40.31.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): krb5-1.12.5-40.31.1 krb5-client-1.12.5-40.31.1 krb5-client-debuginfo-1.12.5-40.31.1 krb5-debuginfo-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 krb5-doc-1.12.5-40.31.1 krb5-plugin-kdb-ldap-1.12.5-40.31.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-otp-1.12.5-40.31.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.31.1 krb5-server-1.12.5-40.31.1 krb5-server-debuginfo-1.12.5-40.31.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): krb5-32bit-1.12.5-40.31.1 krb5-debuginfo-32bit-1.12.5-40.31.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): krb5-1.12.5-40.31.1 krb5-32bit-1.12.5-40.31.1 krb5-client-1.12.5-40.31.1 krb5-client-debuginfo-1.12.5-40.31.1 krb5-debuginfo-1.12.5-40.31.1 krb5-debuginfo-32bit-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 krb5-doc-1.12.5-40.31.1 krb5-plugin-kdb-ldap-1.12.5-40.31.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-otp-1.12.5-40.31.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.31.1 krb5-server-1.12.5-40.31.1 krb5-server-debuginfo-1.12.5-40.31.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): krb5-1.12.5-40.31.1 krb5-32bit-1.12.5-40.31.1 krb5-client-1.12.5-40.31.1 krb5-client-debuginfo-1.12.5-40.31.1 krb5-debuginfo-1.12.5-40.31.1 krb5-debuginfo-32bit-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): krb5-1.12.5-40.31.1 krb5-32bit-1.12.5-40.31.1 krb5-client-1.12.5-40.31.1 krb5-client-debuginfo-1.12.5-40.31.1 krb5-debuginfo-1.12.5-40.31.1 krb5-debuginfo-32bit-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 - SUSE Enterprise Storage 4 (x86_64): krb5-1.12.5-40.31.1 krb5-32bit-1.12.5-40.31.1 krb5-client-1.12.5-40.31.1 krb5-client-debuginfo-1.12.5-40.31.1 krb5-debuginfo-1.12.5-40.31.1 krb5-debuginfo-32bit-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 krb5-doc-1.12.5-40.31.1 krb5-plugin-kdb-ldap-1.12.5-40.31.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-otp-1.12.5-40.31.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-1.12.5-40.31.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.31.1 krb5-server-1.12.5-40.31.1 krb5-server-debuginfo-1.12.5-40.31.1 - SUSE CaaS Platform ALL (x86_64): krb5-1.12.5-40.31.1 krb5-debuginfo-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 - SUSE CaaS Platform 3.0 (x86_64): krb5-1.12.5-40.31.1 krb5-debuginfo-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): krb5-1.12.5-40.31.1 krb5-debuginfo-1.12.5-40.31.1 krb5-debugsource-1.12.5-40.31.1 References: https://www.suse.com/security/cve/CVE-2018-20217.html https://bugzilla.suse.com/1120489 From sle-updates at lists.suse.com Thu Jan 17 10:14:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Jan 2019 18:14:38 +0100 (CET) Subject: SUSE-SU-2019:0112-1: moderate: Security update for soundtouch Message-ID: <20190117171438.8AD03FDF3@maintenance.suse.de> SUSE Security Update: Security update for soundtouch ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0112-1 Rating: moderate References: #1108631 #1108632 Cross-References: CVE-2018-17097 CVE-2018-17098 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for soundtouch fixes the following issues: Security issues fixed: - CVE-2018-17098: Fixed a heap corruption from size inconsistency, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108632) - CVE-2018-17097: Fixed a double free, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108631) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-112=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-112=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): soundtouch-1.8.0-3.11.1 soundtouch-debuginfo-1.8.0-3.11.1 soundtouch-debugsource-1.8.0-3.11.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libSoundTouch0-1.8.0-3.11.1 libSoundTouch0-debuginfo-1.8.0-3.11.1 soundtouch-debuginfo-1.8.0-3.11.1 soundtouch-debugsource-1.8.0-3.11.1 soundtouch-devel-1.8.0-3.11.1 References: https://www.suse.com/security/cve/CVE-2018-17097.html https://www.suse.com/security/cve/CVE-2018-17098.html https://bugzilla.suse.com/1108631 https://bugzilla.suse.com/1108632 From sle-updates at lists.suse.com Thu Jan 17 10:15:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Jan 2019 18:15:28 +0100 (CET) Subject: SUSE-SU-2019:0113-1: important: Security update for krb5 Message-ID: <20190117171528.08EC5FDF3@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0113-1 Rating: important References: #1120489 Cross-References: CVE-2018-20217 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-113=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-113=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): krb5-1.12.1-38.13.2 krb5-client-1.12.1-38.13.2 krb5-client-debuginfo-1.12.1-38.13.2 krb5-debuginfo-1.12.1-38.13.2 krb5-debugsource-1.12.1-38.13.2 krb5-doc-1.12.1-38.13.2 krb5-plugin-kdb-ldap-1.12.1-38.13.2 krb5-plugin-kdb-ldap-debuginfo-1.12.1-38.13.2 krb5-plugin-preauth-otp-1.12.1-38.13.2 krb5-plugin-preauth-otp-debuginfo-1.12.1-38.13.2 krb5-plugin-preauth-pkinit-1.12.1-38.13.2 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-38.13.2 krb5-server-1.12.1-38.13.2 krb5-server-debuginfo-1.12.1-38.13.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): krb5-32bit-1.12.1-38.13.2 krb5-debuginfo-32bit-1.12.1-38.13.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): krb5-1.12.1-38.13.2 krb5-client-1.12.1-38.13.2 krb5-client-debuginfo-1.12.1-38.13.2 krb5-debuginfo-1.12.1-38.13.2 krb5-debugsource-1.12.1-38.13.2 krb5-doc-1.12.1-38.13.2 krb5-plugin-kdb-ldap-1.12.1-38.13.2 krb5-plugin-kdb-ldap-debuginfo-1.12.1-38.13.2 krb5-plugin-preauth-otp-1.12.1-38.13.2 krb5-plugin-preauth-otp-debuginfo-1.12.1-38.13.2 krb5-plugin-preauth-pkinit-1.12.1-38.13.2 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-38.13.2 krb5-server-1.12.1-38.13.2 krb5-server-debuginfo-1.12.1-38.13.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): krb5-32bit-1.12.1-38.13.2 krb5-debuginfo-32bit-1.12.1-38.13.2 References: https://www.suse.com/security/cve/CVE-2018-20217.html https://bugzilla.suse.com/1120489 From sle-updates at lists.suse.com Fri Jan 18 07:09:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 15:09:05 +0100 (CET) Subject: SUSE-SU-2019:0119-1: important: Security update for mariadb Message-ID: <20190118140905.D8269FDF6@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0119-1 Rating: important References: #1013882 #1111858 #1111859 #1112368 #1112377 #1112384 #1112386 #1112391 #1112397 #1112404 #1112415 #1112417 #1112421 #1112432 #1116686 #1118754 #1120041 Cross-References: CVE-2016-9843 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-3284 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 5 fixes is now available. Description: This update for mariadb to version 10.2.19 fixes the following issues: (bsc#1116686) Security issues fixed: - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) - CVE-2018-3282, CVE-2018-3174, CVE-2018-3143, CVE-2018-3156, CVE-2018-3251, CVE-2018-3185, CVE-2018-3277, CVE-2018-3162, CVE-2018-3173, CVE-2018-3200, CVE-2018-3284: Fixed multiple denial of service vulnerabilities (bsc#1112432, bsc#1112368, bsc#1112421, bsc#1112417, bsc#1112397, bsc#1112391, bsc#1112415, bsc#1112386, bsc#1112404, bsc#1112377, bsc#1112384) Non-security issues fixed: - Fixed database corruption after renaming a prefix-indexed column (bsc#1120041) - Remove PerconaFT from the package as it has a AGPL license (bsc#1118754) - Enable testing for client plugins (bsc#1111859) - Improve test coverage by keeping debug_key_management.so (bsc#1111858) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-119=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-119=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): mariadb-10.2.21-3.7.1 mariadb-client-10.2.21-3.7.1 mariadb-client-debuginfo-10.2.21-3.7.1 mariadb-debuginfo-10.2.21-3.7.1 mariadb-debugsource-10.2.21-3.7.1 mariadb-tools-10.2.21-3.7.1 mariadb-tools-debuginfo-10.2.21-3.7.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): mariadb-errormessages-10.2.21-3.7.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): mariadb-10.2.21-3.7.1 mariadb-client-10.2.21-3.7.1 mariadb-client-debuginfo-10.2.21-3.7.1 mariadb-debuginfo-10.2.21-3.7.1 mariadb-debugsource-10.2.21-3.7.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): mariadb-errormessages-10.2.21-3.7.1 References: https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2018-3143.html https://www.suse.com/security/cve/CVE-2018-3156.html https://www.suse.com/security/cve/CVE-2018-3162.html https://www.suse.com/security/cve/CVE-2018-3173.html https://www.suse.com/security/cve/CVE-2018-3174.html https://www.suse.com/security/cve/CVE-2018-3185.html https://www.suse.com/security/cve/CVE-2018-3200.html https://www.suse.com/security/cve/CVE-2018-3251.html https://www.suse.com/security/cve/CVE-2018-3277.html https://www.suse.com/security/cve/CVE-2018-3282.html https://www.suse.com/security/cve/CVE-2018-3284.html https://bugzilla.suse.com/1013882 https://bugzilla.suse.com/1111858 https://bugzilla.suse.com/1111859 https://bugzilla.suse.com/1112368 https://bugzilla.suse.com/1112377 https://bugzilla.suse.com/1112384 https://bugzilla.suse.com/1112386 https://bugzilla.suse.com/1112391 https://bugzilla.suse.com/1112397 https://bugzilla.suse.com/1112404 https://bugzilla.suse.com/1112415 https://bugzilla.suse.com/1112417 https://bugzilla.suse.com/1112421 https://bugzilla.suse.com/1112432 https://bugzilla.suse.com/1116686 https://bugzilla.suse.com/1118754 https://bugzilla.suse.com/1120041 From sle-updates at lists.suse.com Fri Jan 18 07:12:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 15:12:32 +0100 (CET) Subject: SUSE-RU-2019:0116-1: important: Recommended update for drbd Message-ID: <20190118141232.D147EFDF6@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0116-1 Rating: important References: #1118732 #1118974 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for drbd and drbd-utils fixes the following issues: - split brain handles malfunction with 2 primaries (bsc#1118732) - remove the deprecated comment about drbd-overview (bsc#1118974) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-116=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-4.3.1 drbd-debugsource-9.0.14+git.62f906cf-4.3.1 drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_95.3-4.3.1 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_95.3-4.3.1 drbd-utils-9.4.0-3.3.1 drbd-utils-debuginfo-9.4.0-3.3.1 drbd-utils-debugsource-9.4.0-3.3.1 References: https://bugzilla.suse.com/1118732 https://bugzilla.suse.com/1118974 From sle-updates at lists.suse.com Fri Jan 18 07:13:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 15:13:19 +0100 (CET) Subject: SUSE-SU-2019:0117-1: important: Security update for nodejs4 Message-ID: <20190118141319.CD993FDF5@maintenance.suse.de> SUSE Security Update: Security update for nodejs4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0117-1 Rating: important References: #1113534 #1113652 #1117625 #1117626 #1117627 #1117629 #1117630 Cross-References: CVE-2018-0734 CVE-2018-12116 CVE-2018-12120 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123 CVE-2018-5407 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka "PortSmash") (bsc#1113534) - CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625) - CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626) - CVE-2018-12122: Fixed the "Slowloris" HTTP Denial of Service (bsc#1117627) - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630) - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-117=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-117=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le x86_64): nodejs4-4.9.1-15.17.1 nodejs4-debuginfo-4.9.1-15.17.1 nodejs4-debugsource-4.9.1-15.17.1 nodejs4-devel-4.9.1-15.17.1 npm4-4.9.1-15.17.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs4-docs-4.9.1-15.17.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs4-4.9.1-15.17.1 nodejs4-debuginfo-4.9.1-15.17.1 nodejs4-debugsource-4.9.1-15.17.1 References: https://www.suse.com/security/cve/CVE-2018-0734.html https://www.suse.com/security/cve/CVE-2018-12116.html https://www.suse.com/security/cve/CVE-2018-12120.html https://www.suse.com/security/cve/CVE-2018-12121.html https://www.suse.com/security/cve/CVE-2018-12122.html https://www.suse.com/security/cve/CVE-2018-12123.html https://www.suse.com/security/cve/CVE-2018-5407.html https://bugzilla.suse.com/1113534 https://bugzilla.suse.com/1113652 https://bugzilla.suse.com/1117625 https://bugzilla.suse.com/1117626 https://bugzilla.suse.com/1117627 https://bugzilla.suse.com/1117629 https://bugzilla.suse.com/1117630 From sle-updates at lists.suse.com Fri Jan 18 07:15:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 15:15:07 +0100 (CET) Subject: SUSE-RU-2019:0114-1: important: Recommended update for yast2-rmt Message-ID: <20190118141507.1DDCAFC37@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-rmt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0114-1 Rating: important References: #1119386 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-rmt allows user to skip registration (bsc#1119386). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-114=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): yast2-rmt-1.2.0-3.14.1 References: https://bugzilla.suse.com/1119386 From sle-updates at lists.suse.com Fri Jan 18 07:15:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 15:15:44 +0100 (CET) Subject: SUSE-RU-2019:0115-1: important: Recommended update for drbd Message-ID: <20190118141544.43B0DFDF5@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0115-1 Rating: important References: #1118732 #1118974 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for drbd and drbd-utils fixes the following issues: - split brain handles malfunction with 2 primaries (bsc#1118732) - remove the deprecated comment about drbd-overview (bsc#1118974) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-115=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): drbd-9.0.11+git.1e2bccdc-3.11.1 drbd-debugsource-9.0.11+git.1e2bccdc-3.11.1 drbd-kmp-default-9.0.11+git.1e2bccdc_k4.4.162_94.72-3.11.1 drbd-kmp-default-debuginfo-9.0.11+git.1e2bccdc_k4.4.162_94.72-3.11.1 drbd-utils-9.4.0-2.14.1 drbd-utils-debuginfo-9.4.0-2.14.1 drbd-utils-debugsource-9.4.0-2.14.1 References: https://bugzilla.suse.com/1118732 https://bugzilla.suse.com/1118974 From sle-updates at lists.suse.com Fri Jan 18 07:16:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 15:16:28 +0100 (CET) Subject: SUSE-SU-2019:0118-1: important: Security update for nodejs8 Message-ID: <20190118141628.646D8FDF5@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0118-1 Rating: important References: #1117626 #1117627 #1117629 #1117630 Cross-References: CVE-2018-12116 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs8 to version 8.15.0 fixes the following issues: Security issues fixed: - CVE-2018-12121: Fixed a Denial of Service with large HTTP headers (bsc#1117626) - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service (bsc#1117627) - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630) - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-118=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): nodejs8-8.15.0-3.11.1 nodejs8-debuginfo-8.15.0-3.11.1 nodejs8-debugsource-8.15.0-3.11.1 nodejs8-devel-8.15.0-3.11.1 npm8-8.15.0-3.11.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): nodejs8-docs-8.15.0-3.11.1 References: https://www.suse.com/security/cve/CVE-2018-12116.html https://www.suse.com/security/cve/CVE-2018-12121.html https://www.suse.com/security/cve/CVE-2018-12122.html https://www.suse.com/security/cve/CVE-2018-12123.html https://bugzilla.suse.com/1117626 https://bugzilla.suse.com/1117627 https://bugzilla.suse.com/1117629 https://bugzilla.suse.com/1117630 From sle-updates at lists.suse.com Fri Jan 18 10:09:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 18:09:16 +0100 (CET) Subject: SUSE-RU-2019:0122-1: moderate: Recommended update for libstorage-ng Message-ID: <20190118170916.7F551FC37@maintenance.suse.de> SUSE Recommended Update: Recommended update for libstorage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0122-1 Rating: moderate References: #1059972 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libstorage-ng provides the following fixes: - Avoid thread unsafe strerror function. - Create crypttab, lock and log with proper permissions. (bsc#1059972) - Add missing quoting. (bsc#1059972) - Fix some audit issues. - Use exceptions to handle errors. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-122=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-122=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-3.3.316-3.19.2 libstorage-ng-debugsource-3.3.316-3.19.2 libstorage-ng-integration-tests-3.3.316-3.19.2 libstorage-ng-python3-3.3.316-3.19.2 libstorage-ng-python3-debuginfo-3.3.316-3.19.2 libstorage-ng-utils-3.3.316-3.19.2 libstorage-ng-utils-debuginfo-3.3.316-3.19.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-3.3.316-3.19.2 libstorage-ng-debugsource-3.3.316-3.19.2 libstorage-ng-devel-3.3.316-3.19.2 libstorage-ng-ruby-3.3.316-3.19.2 libstorage-ng-ruby-debuginfo-3.3.316-3.19.2 libstorage-ng1-3.3.316-3.19.2 libstorage-ng1-debuginfo-3.3.316-3.19.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libstorage-ng-lang-3.3.316-3.19.2 References: https://bugzilla.suse.com/1059972 From sle-updates at lists.suse.com Fri Jan 18 10:09:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 18:09:53 +0100 (CET) Subject: SUSE-SU-2019:0127-1: moderate: Security update for libraw Message-ID: <20190118170953.D86ACFDF5@maintenance.suse.de> SUSE Security Update: Security update for libraw ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0127-1 Rating: moderate References: #1120498 #1120499 #1120500 #1120515 #1120516 #1120517 Cross-References: CVE-2018-20363 CVE-2018-20364 CVE-2018-20365 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-20365: Fixed a heap-based buffer overflow in the raw2image function of libraw_cxx.cpp (bsc#1120500) - CVE-2018-20364: Fixed a NULL pointer dereference in the copy_bayer function of libraw_cxx.cpp (bsc#1120499) - CVE-2018-20363: Fixed a NULL pointer dereference in the raw2image function of libraw_cxx.cpp (bsc#1120498) - CVE-2018-5817: Fixed an infinite loop in the unpacked_load_raw function of dcraw_common.cpp (bsc#1120515) - CVE-2018-5818: Fixed an infinite loop in the parse_rollei function of dcraw_common.cpp (bsc#1120516) - CVE-2018-5819: Fixed a denial of service in the parse_sinar_ia function of dcraw_common.cpp (bsc#1120517) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-127=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-127=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-127=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-127=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-127=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-127=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libraw-debugsource-0.15.4-30.1 libraw9-0.15.4-30.1 libraw9-debuginfo-0.15.4-30.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libraw-debugsource-0.15.4-30.1 libraw9-0.15.4-30.1 libraw9-debuginfo-0.15.4-30.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libraw-debugsource-0.15.4-30.1 libraw-devel-0.15.4-30.1 libraw-devel-static-0.15.4-30.1 libraw9-0.15.4-30.1 libraw9-debuginfo-0.15.4-30.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libraw-debugsource-0.15.4-30.1 libraw-devel-0.15.4-30.1 libraw-devel-static-0.15.4-30.1 libraw9-0.15.4-30.1 libraw9-debuginfo-0.15.4-30.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libraw-debugsource-0.15.4-30.1 libraw9-0.15.4-30.1 libraw9-debuginfo-0.15.4-30.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libraw-debugsource-0.15.4-30.1 libraw9-0.15.4-30.1 libraw9-debuginfo-0.15.4-30.1 References: https://www.suse.com/security/cve/CVE-2018-20363.html https://www.suse.com/security/cve/CVE-2018-20364.html https://www.suse.com/security/cve/CVE-2018-20365.html https://www.suse.com/security/cve/CVE-2018-5817.html https://www.suse.com/security/cve/CVE-2018-5818.html https://www.suse.com/security/cve/CVE-2018-5819.html https://bugzilla.suse.com/1120498 https://bugzilla.suse.com/1120499 https://bugzilla.suse.com/1120500 https://bugzilla.suse.com/1120515 https://bugzilla.suse.com/1120516 https://bugzilla.suse.com/1120517 From sle-updates at lists.suse.com Fri Jan 18 10:11:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 18:11:26 +0100 (CET) Subject: SUSE-RU-2019:0124-1: Recommended update for tpm-tools Message-ID: <20190118171126.01C29FDF5@maintenance.suse.de> SUSE Recommended Update: Recommended update for tpm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0124-1 Rating: low References: #1114793 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tpm-tools provides the following fix: - Fix undefined and binary data being output in the tpm_version command. (bsc#1114793) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-124=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libtpm_unseal1-1.3.9.1-4.3.1 libtpm_unseal1-debuginfo-1.3.9.1-4.3.1 tpm-tools-1.3.9.1-4.3.1 tpm-tools-debuginfo-1.3.9.1-4.3.1 tpm-tools-debugsource-1.3.9.1-4.3.1 tpm-tools-devel-1.3.9.1-4.3.1 tpm-tools-pkcs11-1.3.9.1-4.3.1 tpm-tools-pkcs11-debuginfo-1.3.9.1-4.3.1 References: https://bugzilla.suse.com/1114793 From sle-updates at lists.suse.com Fri Jan 18 10:12:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 18:12:03 +0100 (CET) Subject: SUSE-SU-2019:0125-1: important: Security update for openssh Message-ID: <20190118171203.42B2EFDF5@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0125-1 Rating: important References: #1121571 #1121816 #1121818 #1121821 Cross-References: CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-125=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-125=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.26.1 openssh-askpass-gnome-6.6p1-54.26.1 openssh-askpass-gnome-debuginfo-6.6p1-54.26.1 openssh-debuginfo-6.6p1-54.26.1 openssh-debugsource-6.6p1-54.26.1 openssh-fips-6.6p1-54.26.1 openssh-helpers-6.6p1-54.26.1 openssh-helpers-debuginfo-6.6p1-54.26.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.26.1 openssh-askpass-gnome-6.6p1-54.26.1 openssh-askpass-gnome-debuginfo-6.6p1-54.26.1 openssh-debuginfo-6.6p1-54.26.1 openssh-debugsource-6.6p1-54.26.1 openssh-fips-6.6p1-54.26.1 openssh-helpers-6.6p1-54.26.1 openssh-helpers-debuginfo-6.6p1-54.26.1 References: https://www.suse.com/security/cve/CVE-2018-20685.html https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6110.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1121571 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121818 https://bugzilla.suse.com/1121821 From sle-updates at lists.suse.com Fri Jan 18 10:13:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 18:13:03 +0100 (CET) Subject: SUSE-RU-2019:0123-1: moderate: Recommended update for yast2-bootloader Message-ID: <20190118171303.6E648FDF6@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0123-1 Rating: moderate References: #1111236 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-bootloader fixes the following issues: - Do not crash if an unknown device is found in a cloned configuration. (bsc#1111236) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-123=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.0.40-3.8.1 References: https://bugzilla.suse.com/1111236 From sle-updates at lists.suse.com Fri Jan 18 10:13:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 18:13:40 +0100 (CET) Subject: SUSE-RU-2019:0121-1: moderate: Recommended update for mutter Message-ID: <20190118171340.26556FDF5@maintenance.suse.de> SUSE Recommended Update: Recommended update for mutter ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0121-1 Rating: moderate References: #1093541 #1120290 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mutter fixes the following issue: - Memory leak in gnome-shell (bsc#1093541) - cursor is missing when using magnifier (bsc#1120290) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-121=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libmutter-1-0-3.26.2+20180207.4b2d21ff0-5.5.1 libmutter-1-0-debuginfo-3.26.2+20180207.4b2d21ff0-5.5.1 mutter-3.26.2+20180207.4b2d21ff0-5.5.1 mutter-data-3.26.2+20180207.4b2d21ff0-5.5.1 mutter-debuginfo-3.26.2+20180207.4b2d21ff0-5.5.1 mutter-debugsource-3.26.2+20180207.4b2d21ff0-5.5.1 mutter-devel-3.26.2+20180207.4b2d21ff0-5.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): mutter-lang-3.26.2+20180207.4b2d21ff0-5.5.1 References: https://bugzilla.suse.com/1093541 https://bugzilla.suse.com/1120290 From sle-updates at lists.suse.com Fri Jan 18 10:14:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 18:14:28 +0100 (CET) Subject: SUSE-RU-2019:0120-1: important: Recommended update for yast2, yast2-firewall Message-ID: <20190118171428.1ED59FDF5@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2, yast2-firewall ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0120-1 Rating: important References: #1093052 #1121627 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2, yast2-firewall provides the following fixes: Fixes in yast2: - In case of only one installed Firewall it will be used by YaST. (bsc#1093052) Fixes in yast2-firewall: - Adjust package requirements to ensure firewall_chooser exists. (bsc#1121627) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-120=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-120=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): yast2-3.2.49-4.4.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-firewall-3.4.0-6.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-firewall-3.4.0-6.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): yast2-3.2.49-4.4.2 References: https://bugzilla.suse.com/1093052 https://bugzilla.suse.com/1121627 From sle-updates at lists.suse.com Fri Jan 18 10:15:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 18:15:12 +0100 (CET) Subject: SUSE-SU-2019:0126-1: important: Security update for openssh Message-ID: <20190118171512.7A6CFFDF5@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0126-1 Rating: important References: #1121571 #1121816 #1121818 #1121821 Cross-References: CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for openssh fixes the following issues: Security issues fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-126=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-126=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-126=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-126=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-7.6p1-9.13.1 openssh-debugsource-7.6p1-9.13.1 openssh-fips-7.6p1-9.13.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openssh-cavs-7.6p1-9.13.1 openssh-cavs-debuginfo-7.6p1-9.13.1 openssh-debuginfo-7.6p1-9.13.1 openssh-debugsource-7.6p1-9.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-7.6p1-9.13.1 openssh-askpass-gnome-debuginfo-7.6p1-9.13.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): openssh-7.6p1-9.13.1 openssh-debuginfo-7.6p1-9.13.1 openssh-debugsource-7.6p1-9.13.1 openssh-helpers-7.6p1-9.13.1 openssh-helpers-debuginfo-7.6p1-9.13.1 References: https://www.suse.com/security/cve/CVE-2018-20685.html https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6110.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1121571 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121818 https://bugzilla.suse.com/1121821 From sle-updates at lists.suse.com Fri Jan 18 10:16:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 18:16:16 +0100 (CET) Subject: SUSE-SU-2019:0128-1: moderate: Security update for PackageKit Message-ID: <20190118171616.28E98FDF5@maintenance.suse.de> SUSE Security Update: Security update for PackageKit ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0128-1 Rating: moderate References: #1038425 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for PackageKit fixes the following issues: - Fixed displaying the license agreement pop up window during package update (bsc#1038425). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-128=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-128=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-128=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-128=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-128=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-128=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-128=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-128=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): PackageKit-debuginfo-1.1.3-24.9.1 PackageKit-debugsource-1.1.3-24.9.1 PackageKit-gstreamer-plugin-1.1.3-24.9.1 PackageKit-gstreamer-plugin-debuginfo-1.1.3-24.9.1 PackageKit-gtk3-module-1.1.3-24.9.1 PackageKit-gtk3-module-debuginfo-1.1.3-24.9.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): PackageKit-debuginfo-1.1.3-24.9.1 PackageKit-debugsource-1.1.3-24.9.1 PackageKit-gstreamer-plugin-1.1.3-24.9.1 PackageKit-gstreamer-plugin-debuginfo-1.1.3-24.9.1 PackageKit-gtk3-module-1.1.3-24.9.1 PackageKit-gtk3-module-debuginfo-1.1.3-24.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): PackageKit-debuginfo-1.1.3-24.9.1 PackageKit-debugsource-1.1.3-24.9.1 PackageKit-devel-1.1.3-24.9.1 PackageKit-devel-debuginfo-1.1.3-24.9.1 libpackagekit-glib2-devel-1.1.3-24.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): PackageKit-debuginfo-1.1.3-24.9.1 PackageKit-debugsource-1.1.3-24.9.1 PackageKit-devel-1.1.3-24.9.1 PackageKit-devel-debuginfo-1.1.3-24.9.1 libpackagekit-glib2-devel-1.1.3-24.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): PackageKit-1.1.3-24.9.1 PackageKit-backend-zypp-1.1.3-24.9.1 PackageKit-backend-zypp-debuginfo-1.1.3-24.9.1 PackageKit-debuginfo-1.1.3-24.9.1 PackageKit-debugsource-1.1.3-24.9.1 libpackagekit-glib2-18-1.1.3-24.9.1 libpackagekit-glib2-18-debuginfo-1.1.3-24.9.1 typelib-1_0-PackageKitGlib-1_0-1.1.3-24.9.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): PackageKit-lang-1.1.3-24.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): PackageKit-1.1.3-24.9.1 PackageKit-backend-zypp-1.1.3-24.9.1 PackageKit-backend-zypp-debuginfo-1.1.3-24.9.1 PackageKit-debuginfo-1.1.3-24.9.1 PackageKit-debugsource-1.1.3-24.9.1 libpackagekit-glib2-18-1.1.3-24.9.1 libpackagekit-glib2-18-debuginfo-1.1.3-24.9.1 typelib-1_0-PackageKitGlib-1_0-1.1.3-24.9.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): PackageKit-lang-1.1.3-24.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): PackageKit-lang-1.1.3-24.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): PackageKit-1.1.3-24.9.1 PackageKit-backend-zypp-1.1.3-24.9.1 PackageKit-backend-zypp-debuginfo-1.1.3-24.9.1 PackageKit-debuginfo-1.1.3-24.9.1 PackageKit-debugsource-1.1.3-24.9.1 PackageKit-gstreamer-plugin-1.1.3-24.9.1 PackageKit-gstreamer-plugin-debuginfo-1.1.3-24.9.1 PackageKit-gtk3-module-1.1.3-24.9.1 PackageKit-gtk3-module-debuginfo-1.1.3-24.9.1 libpackagekit-glib2-18-1.1.3-24.9.1 libpackagekit-glib2-18-debuginfo-1.1.3-24.9.1 typelib-1_0-PackageKitGlib-1_0-1.1.3-24.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): PackageKit-lang-1.1.3-24.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): PackageKit-1.1.3-24.9.1 PackageKit-backend-zypp-1.1.3-24.9.1 PackageKit-backend-zypp-debuginfo-1.1.3-24.9.1 PackageKit-debuginfo-1.1.3-24.9.1 PackageKit-debugsource-1.1.3-24.9.1 PackageKit-gstreamer-plugin-1.1.3-24.9.1 PackageKit-gstreamer-plugin-debuginfo-1.1.3-24.9.1 PackageKit-gtk3-module-1.1.3-24.9.1 PackageKit-gtk3-module-debuginfo-1.1.3-24.9.1 libpackagekit-glib2-18-1.1.3-24.9.1 libpackagekit-glib2-18-debuginfo-1.1.3-24.9.1 typelib-1_0-PackageKitGlib-1_0-1.1.3-24.9.1 References: https://bugzilla.suse.com/1038425 From sle-updates at lists.suse.com Fri Jan 18 13:08:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 21:08:52 +0100 (CET) Subject: SUSE-SU-2019:0130-1: moderate: Security update for wireshark Message-ID: <20190118200852.0B661FDFC@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0130-1 Rating: moderate References: #1121232 #1121233 #1121234 #1121235 Cross-References: CVE-2019-5717 CVE-2019-5718 CVE-2019-5719 CVE-2019-5721 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for wireshark to version 2.4.12 fixes the following issues: Security issues fixed: - CVE-2019-5717: Fixed a denial of service in the P_MUL dissector (bsc#1121232) - CVE-2019-5718: Fixed a denial of service in the RTSE dissector and other dissectors (bsc#1121233) - CVE-2019-5719: Fixed a denial of service in the ISAKMP dissector (bsc#1121234) - CVE-2019-5721: Fixed a denial of service in the ISAKMP dissector (bsc#1121235) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-130=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-130=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.12-3.19.1 wireshark-debugsource-2.4.12-3.19.1 wireshark-devel-2.4.12-3.19.1 wireshark-ui-qt-2.4.12-3.19.1 wireshark-ui-qt-debuginfo-2.4.12-3.19.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.12-3.19.1 libwireshark9-debuginfo-2.4.12-3.19.1 libwiretap7-2.4.12-3.19.1 libwiretap7-debuginfo-2.4.12-3.19.1 libwscodecs1-2.4.12-3.19.1 libwscodecs1-debuginfo-2.4.12-3.19.1 libwsutil8-2.4.12-3.19.1 libwsutil8-debuginfo-2.4.12-3.19.1 wireshark-2.4.12-3.19.1 wireshark-debuginfo-2.4.12-3.19.1 wireshark-debugsource-2.4.12-3.19.1 References: https://www.suse.com/security/cve/CVE-2019-5717.html https://www.suse.com/security/cve/CVE-2019-5718.html https://www.suse.com/security/cve/CVE-2019-5719.html https://www.suse.com/security/cve/CVE-2019-5721.html https://bugzilla.suse.com/1121232 https://bugzilla.suse.com/1121233 https://bugzilla.suse.com/1121234 https://bugzilla.suse.com/1121235 From sle-updates at lists.suse.com Fri Jan 18 13:09:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Jan 2019 21:09:48 +0100 (CET) Subject: SUSE-SU-2019:13931-1: important: Security update for openssh Message-ID: <20190118200948.18664FDFB@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13931-1 Rating: important References: #1121571 #1121816 #1121818 #1121821 Cross-References: CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssh-13931=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-13931=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-6.6p1-36.12.1 openssh-askpass-gnome-6.6p1-36.12.1 openssh-fips-6.6p1-36.12.1 openssh-helpers-6.6p1-36.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-36.12.1 openssh-debuginfo-6.6p1-36.12.1 openssh-debugsource-6.6p1-36.12.1 References: https://www.suse.com/security/cve/CVE-2018-20685.html https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6110.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1121571 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121818 https://bugzilla.suse.com/1121821 From sle-updates at lists.suse.com Mon Jan 21 07:09:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Jan 2019 15:09:22 +0100 (CET) Subject: SUSE-SU-2019:0133-1: moderate: Security update for libraw Message-ID: <20190121140922.CC3AFFDFC@maintenance.suse.de> SUSE Security Update: Security update for libraw ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0133-1 Rating: moderate References: #1120498 #1120499 #1120500 #1120515 #1120516 #1120517 #1120519 Cross-References: CVE-2018-20337 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-20337: Fixed a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (bsc#1120519) - CVE-2018-20365: Fixed a heap-based buffer overflow in the raw2image function of libraw_cxx.cpp (bsc#1120500) - CVE-2018-20364: Fixed a NULL pointer dereference in the copy_bayer function of libraw_cxx.cpp (bsc#1120499) - CVE-2018-20363: Fixed a NULL pointer dereference in the raw2image function of libraw_cxx.cpp (bsc#1120498) - CVE-2018-5817: Fixed an infinite loop in the unpacked_load_raw function of dcraw_common.cpp (bsc#1120515) - CVE-2018-5818: Fixed an infinite loop in the parse_rollei function of dcraw_common.cpp (bsc#1120516) - CVE-2018-5819: Fixed a denial of service in the parse_sinar_ia function of dcraw_common.cpp (bsc#1120517) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-133=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-133=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): libraw-debuginfo-0.18.9-3.8.1 libraw-debugsource-0.18.9-3.8.1 libraw-devel-0.18.9-3.8.1 libraw16-0.18.9-3.8.1 libraw16-debuginfo-0.18.9-3.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libraw-debuginfo-0.18.9-3.8.1 libraw-debugsource-0.18.9-3.8.1 libraw-devel-static-0.18.9-3.8.1 libraw-tools-0.18.9-3.8.1 libraw-tools-debuginfo-0.18.9-3.8.1 References: https://www.suse.com/security/cve/CVE-2018-20337.html https://www.suse.com/security/cve/CVE-2018-20363.html https://www.suse.com/security/cve/CVE-2018-20364.html https://www.suse.com/security/cve/CVE-2018-20365.html https://www.suse.com/security/cve/CVE-2018-5817.html https://www.suse.com/security/cve/CVE-2018-5818.html https://www.suse.com/security/cve/CVE-2018-5819.html https://bugzilla.suse.com/1120498 https://bugzilla.suse.com/1120499 https://bugzilla.suse.com/1120500 https://bugzilla.suse.com/1120515 https://bugzilla.suse.com/1120516 https://bugzilla.suse.com/1120517 https://bugzilla.suse.com/1120519 From sle-updates at lists.suse.com Mon Jan 21 07:12:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Jan 2019 15:12:06 +0100 (CET) Subject: SUSE-SU-2019:0132-1: important: Security update for openssh Message-ID: <20190121141206.F241AFDFC@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0132-1 Rating: important References: #1121571 #1121816 #1121818 #1121821 Cross-References: CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-132=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-132=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-132=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-132=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-132=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-132=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-132=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-132=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-132=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-132=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): openssh-7.2p2-74.35.1 openssh-askpass-gnome-7.2p2-74.35.1 openssh-askpass-gnome-debuginfo-7.2p2-74.35.1 openssh-debuginfo-7.2p2-74.35.1 openssh-debugsource-7.2p2-74.35.1 openssh-fips-7.2p2-74.35.1 openssh-helpers-7.2p2-74.35.1 openssh-helpers-debuginfo-7.2p2-74.35.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openssh-7.2p2-74.35.1 openssh-askpass-gnome-7.2p2-74.35.1 openssh-askpass-gnome-debuginfo-7.2p2-74.35.1 openssh-debuginfo-7.2p2-74.35.1 openssh-debugsource-7.2p2-74.35.1 openssh-fips-7.2p2-74.35.1 openssh-helpers-7.2p2-74.35.1 openssh-helpers-debuginfo-7.2p2-74.35.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): openssh-7.2p2-74.35.1 openssh-askpass-gnome-7.2p2-74.35.1 openssh-askpass-gnome-debuginfo-7.2p2-74.35.1 openssh-debuginfo-7.2p2-74.35.1 openssh-debugsource-7.2p2-74.35.1 openssh-fips-7.2p2-74.35.1 openssh-helpers-7.2p2-74.35.1 openssh-helpers-debuginfo-7.2p2-74.35.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openssh-7.2p2-74.35.1 openssh-askpass-gnome-7.2p2-74.35.1 openssh-askpass-gnome-debuginfo-7.2p2-74.35.1 openssh-debuginfo-7.2p2-74.35.1 openssh-debugsource-7.2p2-74.35.1 openssh-fips-7.2p2-74.35.1 openssh-helpers-7.2p2-74.35.1 openssh-helpers-debuginfo-7.2p2-74.35.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openssh-7.2p2-74.35.1 openssh-askpass-gnome-7.2p2-74.35.1 openssh-askpass-gnome-debuginfo-7.2p2-74.35.1 openssh-debuginfo-7.2p2-74.35.1 openssh-debugsource-7.2p2-74.35.1 openssh-fips-7.2p2-74.35.1 openssh-helpers-7.2p2-74.35.1 openssh-helpers-debuginfo-7.2p2-74.35.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openssh-7.2p2-74.35.1 openssh-askpass-gnome-7.2p2-74.35.1 openssh-askpass-gnome-debuginfo-7.2p2-74.35.1 openssh-debuginfo-7.2p2-74.35.1 openssh-debugsource-7.2p2-74.35.1 openssh-fips-7.2p2-74.35.1 openssh-helpers-7.2p2-74.35.1 openssh-helpers-debuginfo-7.2p2-74.35.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): openssh-7.2p2-74.35.1 openssh-askpass-gnome-7.2p2-74.35.1 openssh-askpass-gnome-debuginfo-7.2p2-74.35.1 openssh-debuginfo-7.2p2-74.35.1 openssh-debugsource-7.2p2-74.35.1 openssh-helpers-7.2p2-74.35.1 openssh-helpers-debuginfo-7.2p2-74.35.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): openssh-7.2p2-74.35.1 openssh-askpass-gnome-7.2p2-74.35.1 openssh-askpass-gnome-debuginfo-7.2p2-74.35.1 openssh-debuginfo-7.2p2-74.35.1 openssh-debugsource-7.2p2-74.35.1 openssh-helpers-7.2p2-74.35.1 openssh-helpers-debuginfo-7.2p2-74.35.1 - SUSE Enterprise Storage 4 (x86_64): openssh-7.2p2-74.35.1 openssh-askpass-gnome-7.2p2-74.35.1 openssh-askpass-gnome-debuginfo-7.2p2-74.35.1 openssh-debuginfo-7.2p2-74.35.1 openssh-debugsource-7.2p2-74.35.1 openssh-fips-7.2p2-74.35.1 openssh-helpers-7.2p2-74.35.1 openssh-helpers-debuginfo-7.2p2-74.35.1 - SUSE CaaS Platform ALL (x86_64): openssh-7.2p2-74.35.1 openssh-debuginfo-7.2p2-74.35.1 openssh-debugsource-7.2p2-74.35.1 - SUSE CaaS Platform 3.0 (x86_64): openssh-7.2p2-74.35.1 openssh-debuginfo-7.2p2-74.35.1 openssh-debugsource-7.2p2-74.35.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): openssh-7.2p2-74.35.1 openssh-debuginfo-7.2p2-74.35.1 openssh-debugsource-7.2p2-74.35.1 References: https://www.suse.com/security/cve/CVE-2018-20685.html https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6110.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1121571 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121818 https://bugzilla.suse.com/1121821 From sle-updates at lists.suse.com Mon Jan 21 10:10:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Jan 2019 18:10:06 +0100 (CET) Subject: SUSE-SU-2019:0135-1: moderate: Security update for systemd Message-ID: <20190121171006.99663FDFB@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0135-1 Rating: moderate References: #1005023 #1076696 #1101591 #1114981 #1115518 #1119971 #1120323 Cross-References: CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - core: Queue loading transient units after setting their properties. (bsc#1115518) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - terminal-util: introduce vt_release() and vt_restore() helpers. - terminal: Unify code for resetting kbd utf8 mode a bit. - terminal Reset should honour default_utf8 kernel setting. - logind: Make session_restore_vt() static. - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - log: Never log into foreign fd #2 in PID 1 or its pre-execve() children. (bsc#1114981) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-135=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-135=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-135=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-135=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-135=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-135=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-135=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-135=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-135=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-135=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-135=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-135=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libsystemd0-228-150.58.1 libsystemd0-32bit-228-150.58.1 libsystemd0-debuginfo-228-150.58.1 libsystemd0-debuginfo-32bit-228-150.58.1 libudev1-228-150.58.1 libudev1-32bit-228-150.58.1 libudev1-debuginfo-228-150.58.1 libudev1-debuginfo-32bit-228-150.58.1 systemd-228-150.58.1 systemd-32bit-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debuginfo-32bit-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-sysvinit-228-150.58.1 udev-228-150.58.1 udev-debuginfo-228-150.58.1 - SUSE OpenStack Cloud 7 (noarch): systemd-bash-completion-228-150.58.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-devel-228-150.58.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-devel-228-150.58.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsystemd0-228-150.58.1 libsystemd0-debuginfo-228-150.58.1 libudev1-228-150.58.1 libudev1-debuginfo-228-150.58.1 systemd-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-sysvinit-228-150.58.1 udev-228-150.58.1 udev-debuginfo-228-150.58.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsystemd0-32bit-228-150.58.1 libsystemd0-debuginfo-32bit-228-150.58.1 libudev1-32bit-228-150.58.1 libudev1-debuginfo-32bit-228-150.58.1 systemd-32bit-228-150.58.1 systemd-debuginfo-32bit-228-150.58.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): systemd-bash-completion-228-150.58.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.58.1 libsystemd0-debuginfo-228-150.58.1 libudev1-228-150.58.1 libudev1-debuginfo-228-150.58.1 systemd-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-sysvinit-228-150.58.1 udev-228-150.58.1 udev-debuginfo-228-150.58.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsystemd0-32bit-228-150.58.1 libsystemd0-debuginfo-32bit-228-150.58.1 libudev1-32bit-228-150.58.1 libudev1-debuginfo-32bit-228-150.58.1 systemd-32bit-228-150.58.1 systemd-debuginfo-32bit-228-150.58.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): systemd-bash-completion-228-150.58.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.58.1 libsystemd0-debuginfo-228-150.58.1 libudev1-228-150.58.1 libudev1-debuginfo-228-150.58.1 systemd-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-sysvinit-228-150.58.1 udev-228-150.58.1 udev-debuginfo-228-150.58.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsystemd0-32bit-228-150.58.1 libsystemd0-debuginfo-32bit-228-150.58.1 libudev1-32bit-228-150.58.1 libudev1-debuginfo-32bit-228-150.58.1 systemd-32bit-228-150.58.1 systemd-debuginfo-32bit-228-150.58.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): systemd-bash-completion-228-150.58.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsystemd0-228-150.58.1 libsystemd0-debuginfo-228-150.58.1 libudev1-228-150.58.1 libudev1-debuginfo-228-150.58.1 systemd-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-sysvinit-228-150.58.1 udev-228-150.58.1 udev-debuginfo-228-150.58.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsystemd0-32bit-228-150.58.1 libsystemd0-debuginfo-32bit-228-150.58.1 libudev1-32bit-228-150.58.1 libudev1-debuginfo-32bit-228-150.58.1 systemd-32bit-228-150.58.1 systemd-debuginfo-32bit-228-150.58.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): systemd-bash-completion-228-150.58.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): systemd-bash-completion-228-150.58.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsystemd0-228-150.58.1 libsystemd0-32bit-228-150.58.1 libsystemd0-debuginfo-228-150.58.1 libsystemd0-debuginfo-32bit-228-150.58.1 libudev1-228-150.58.1 libudev1-32bit-228-150.58.1 libudev1-debuginfo-228-150.58.1 libudev1-debuginfo-32bit-228-150.58.1 systemd-228-150.58.1 systemd-32bit-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debuginfo-32bit-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-sysvinit-228-150.58.1 udev-228-150.58.1 udev-debuginfo-228-150.58.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsystemd0-228-150.58.1 libsystemd0-32bit-228-150.58.1 libsystemd0-debuginfo-228-150.58.1 libsystemd0-debuginfo-32bit-228-150.58.1 libudev1-228-150.58.1 libudev1-32bit-228-150.58.1 libudev1-debuginfo-228-150.58.1 libudev1-debuginfo-32bit-228-150.58.1 systemd-228-150.58.1 systemd-32bit-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debuginfo-32bit-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-sysvinit-228-150.58.1 udev-228-150.58.1 udev-debuginfo-228-150.58.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): systemd-bash-completion-228-150.58.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsystemd0-228-150.58.1 libsystemd0-32bit-228-150.58.1 libsystemd0-debuginfo-228-150.58.1 libsystemd0-debuginfo-32bit-228-150.58.1 libudev1-228-150.58.1 libudev1-32bit-228-150.58.1 libudev1-debuginfo-228-150.58.1 libudev1-debuginfo-32bit-228-150.58.1 systemd-228-150.58.1 systemd-32bit-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debuginfo-32bit-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-sysvinit-228-150.58.1 udev-228-150.58.1 udev-debuginfo-228-150.58.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): systemd-bash-completion-228-150.58.1 - SUSE Enterprise Storage 4 (noarch): systemd-bash-completion-228-150.58.1 - SUSE Enterprise Storage 4 (x86_64): libsystemd0-228-150.58.1 libsystemd0-32bit-228-150.58.1 libsystemd0-debuginfo-228-150.58.1 libsystemd0-debuginfo-32bit-228-150.58.1 libudev1-228-150.58.1 libudev1-32bit-228-150.58.1 libudev1-debuginfo-228-150.58.1 libudev1-debuginfo-32bit-228-150.58.1 systemd-228-150.58.1 systemd-32bit-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debuginfo-32bit-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-sysvinit-228-150.58.1 udev-228-150.58.1 udev-debuginfo-228-150.58.1 - SUSE CaaS Platform ALL (x86_64): libsystemd0-228-150.58.1 libsystemd0-debuginfo-228-150.58.1 libudev1-228-150.58.1 libudev1-debuginfo-228-150.58.1 systemd-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-sysvinit-228-150.58.1 udev-228-150.58.1 udev-debuginfo-228-150.58.1 - SUSE CaaS Platform 3.0 (x86_64): libsystemd0-228-150.58.1 libsystemd0-debuginfo-228-150.58.1 libudev1-228-150.58.1 libudev1-debuginfo-228-150.58.1 systemd-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-sysvinit-228-150.58.1 udev-228-150.58.1 udev-debuginfo-228-150.58.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsystemd0-228-150.58.1 libsystemd0-debuginfo-228-150.58.1 libudev1-228-150.58.1 libudev1-debuginfo-228-150.58.1 systemd-228-150.58.1 systemd-debuginfo-228-150.58.1 systemd-debugsource-228-150.58.1 systemd-sysvinit-228-150.58.1 udev-228-150.58.1 udev-debuginfo-228-150.58.1 References: https://www.suse.com/security/cve/CVE-2018-16864.html https://www.suse.com/security/cve/CVE-2018-16865.html https://www.suse.com/security/cve/CVE-2018-16866.html https://bugzilla.suse.com/1005023 https://bugzilla.suse.com/1076696 https://bugzilla.suse.com/1101591 https://bugzilla.suse.com/1114981 https://bugzilla.suse.com/1115518 https://bugzilla.suse.com/1119971 https://bugzilla.suse.com/1120323 From sle-updates at lists.suse.com Mon Jan 21 10:12:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Jan 2019 18:12:07 +0100 (CET) Subject: SUSE-SU-2019:0134-1: important: Security update for freerdp Message-ID: <20190121171207.44A1FFDFA@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0134-1 Rating: important References: #1085416 #1087240 #1104918 #1116708 #1117963 #1117964 #1117965 #1117966 #1117967 #1120507 Cross-References: CVE-2018-0886 CVE-2018-1000852 CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has two fixes is now available. Description: This update for freerdp fixes the following issues: Security issues fixed: - CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918) - CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965) - CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967) - CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966) - CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964) - CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963) - CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708) - CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-134=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-134=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-134=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-134=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-134=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-134=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): freerdp-2.0.0~git.1463131968.4e66df7-12.8.1 freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1 freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.8.1 libfreerdp2-2.0.0~git.1463131968.4e66df7-12.8.1 libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): freerdp-2.0.0~git.1463131968.4e66df7-12.8.1 freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1 freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.8.1 libfreerdp2-2.0.0~git.1463131968.4e66df7-12.8.1 libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1 freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.8.1 freerdp-devel-2.0.0~git.1463131968.4e66df7-12.8.1 libfreerdp2-2.0.0~git.1463131968.4e66df7-12.8.1 libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1 freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.8.1 freerdp-devel-2.0.0~git.1463131968.4e66df7-12.8.1 libfreerdp2-2.0.0~git.1463131968.4e66df7-12.8.1 libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): freerdp-2.0.0~git.1463131968.4e66df7-12.8.1 freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1 freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.8.1 libfreerdp2-2.0.0~git.1463131968.4e66df7-12.8.1 libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): freerdp-2.0.0~git.1463131968.4e66df7-12.8.1 freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1 freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.8.1 libfreerdp2-2.0.0~git.1463131968.4e66df7-12.8.1 libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1 References: https://www.suse.com/security/cve/CVE-2018-0886.html https://www.suse.com/security/cve/CVE-2018-1000852.html https://www.suse.com/security/cve/CVE-2018-8784.html https://www.suse.com/security/cve/CVE-2018-8785.html https://www.suse.com/security/cve/CVE-2018-8786.html https://www.suse.com/security/cve/CVE-2018-8787.html https://www.suse.com/security/cve/CVE-2018-8788.html https://www.suse.com/security/cve/CVE-2018-8789.html https://bugzilla.suse.com/1085416 https://bugzilla.suse.com/1087240 https://bugzilla.suse.com/1104918 https://bugzilla.suse.com/1116708 https://bugzilla.suse.com/1117963 https://bugzilla.suse.com/1117964 https://bugzilla.suse.com/1117965 https://bugzilla.suse.com/1117966 https://bugzilla.suse.com/1117967 https://bugzilla.suse.com/1120507 From sle-updates at lists.suse.com Mon Jan 21 13:09:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Jan 2019 21:09:05 +0100 (CET) Subject: SUSE-SU-2019:0137-1: important: Security update for systemd Message-ID: <20190121200905.9875DFE03@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0137-1 Rating: important References: #1005023 #1045723 #1076696 #1080919 #1093753 #1101591 #1111498 #1114933 #1117063 #1119971 #1120323 Cross-References: CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 CVE-2018-6954 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 7 fixes is now available. Description: This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498) - systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933) - systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723) - Fixed installation issue with /etc/machine-id during update (bsc#1117063) - btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-137=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-137=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libsystemd0-mini-234-24.20.1 libsystemd0-mini-debuginfo-234-24.20.1 libudev-mini-devel-234-24.20.1 libudev-mini1-234-24.20.1 libudev-mini1-debuginfo-234-24.20.1 nss-myhostname-234-24.20.1 nss-myhostname-debuginfo-234-24.20.1 nss-mymachines-234-24.20.1 nss-mymachines-debuginfo-234-24.20.1 nss-systemd-234-24.20.1 nss-systemd-debuginfo-234-24.20.1 systemd-debuginfo-234-24.20.1 systemd-debugsource-234-24.20.1 systemd-logger-234-24.20.1 systemd-mini-234-24.20.1 systemd-mini-container-mini-234-24.20.1 systemd-mini-container-mini-debuginfo-234-24.20.1 systemd-mini-coredump-mini-234-24.20.1 systemd-mini-coredump-mini-debuginfo-234-24.20.1 systemd-mini-debuginfo-234-24.20.1 systemd-mini-debugsource-234-24.20.1 systemd-mini-devel-234-24.20.1 systemd-mini-sysvinit-234-24.20.1 udev-mini-234-24.20.1 udev-mini-debuginfo-234-24.20.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): systemd-mini-bash-completion-234-24.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.20.1 libsystemd0-debuginfo-234-24.20.1 libudev-devel-234-24.20.1 libudev1-234-24.20.1 libudev1-debuginfo-234-24.20.1 systemd-234-24.20.1 systemd-container-234-24.20.1 systemd-container-debuginfo-234-24.20.1 systemd-coredump-234-24.20.1 systemd-coredump-debuginfo-234-24.20.1 systemd-debuginfo-234-24.20.1 systemd-debugsource-234-24.20.1 systemd-devel-234-24.20.1 systemd-sysvinit-234-24.20.1 udev-234-24.20.1 udev-debuginfo-234-24.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): systemd-bash-completion-234-24.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libsystemd0-32bit-234-24.20.1 libsystemd0-32bit-debuginfo-234-24.20.1 libudev1-32bit-234-24.20.1 libudev1-32bit-debuginfo-234-24.20.1 systemd-32bit-234-24.20.1 systemd-32bit-debuginfo-234-24.20.1 References: https://www.suse.com/security/cve/CVE-2018-16864.html https://www.suse.com/security/cve/CVE-2018-16865.html https://www.suse.com/security/cve/CVE-2018-16866.html https://www.suse.com/security/cve/CVE-2018-6954.html https://bugzilla.suse.com/1005023 https://bugzilla.suse.com/1045723 https://bugzilla.suse.com/1076696 https://bugzilla.suse.com/1080919 https://bugzilla.suse.com/1093753 https://bugzilla.suse.com/1101591 https://bugzilla.suse.com/1111498 https://bugzilla.suse.com/1114933 https://bugzilla.suse.com/1117063 https://bugzilla.suse.com/1119971 https://bugzilla.suse.com/1120323 From sle-updates at lists.suse.com Mon Jan 21 13:11:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Jan 2019 21:11:30 +0100 (CET) Subject: SUSE-RU-2019:0140-1: Recommended update for python-ipaddress Message-ID: <20190121201130.D235EFE02@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ipaddress ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0140-1 Rating: low References: #1112174 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-ipaddress fixes the following issue: Version update to 1.0.18: - various small bugfixes - new is_global method Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-140=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-140=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-140=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-140=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-140=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-140=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-140=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-140=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-140=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-140=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-140=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-ipaddress-1.0.18-3.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-ipaddress-1.0.18-3.9.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-ipaddress-1.0.18-3.9.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-ipaddress-1.0.18-3.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-ipaddress-1.0.18-3.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-ipaddress-1.0.18-3.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-ipaddress-1.0.18-3.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): python-ipaddress-1.0.18-3.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): python-ipaddress-1.0.18-3.9.1 - SUSE Enterprise Storage 4 (noarch): python-ipaddress-1.0.18-3.9.1 - SUSE CaaS Platform ALL (noarch): python-ipaddress-1.0.18-3.9.1 - SUSE CaaS Platform 3.0 (noarch): python-ipaddress-1.0.18-3.9.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): python-ipaddress-1.0.18-3.9.1 References: https://bugzilla.suse.com/1112174 From sle-updates at lists.suse.com Mon Jan 21 13:12:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Jan 2019 21:12:11 +0100 (CET) Subject: SUSE-SU-2019:0138-1: moderate: Security update for wireshark Message-ID: <20190121201211.3F4B5FE02@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0138-1 Rating: moderate References: #1121232 #1121233 #1121234 #1121235 Cross-References: CVE-2019-5717 CVE-2019-5718 CVE-2019-5719 CVE-2019-5721 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for wireshark to version 2.4.12 fixes the following issues: Security issues fixed: - CVE-2019-5717: Fixed a denial of service in the P_MUL dissector (bsc#1121232) - CVE-2019-5718: Fixed a denial of service in the RTSE dissector and other dissectors (bsc#1121233) - CVE-2019-5719: Fixed a denial of service in the ISAKMP dissector (bsc#1121234) - CVE-2019-5721: Fixed a denial of service in the ISAKMP dissector (bsc#1121235) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-138=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-138=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-138=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-138=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-138=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-138=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.12-48.39.1 wireshark-debugsource-2.4.12-48.39.1 wireshark-devel-2.4.12-48.39.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.12-48.39.1 wireshark-debugsource-2.4.12-48.39.1 wireshark-devel-2.4.12-48.39.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.12-48.39.1 libwireshark9-debuginfo-2.4.12-48.39.1 libwiretap7-2.4.12-48.39.1 libwiretap7-debuginfo-2.4.12-48.39.1 libwscodecs1-2.4.12-48.39.1 libwscodecs1-debuginfo-2.4.12-48.39.1 libwsutil8-2.4.12-48.39.1 libwsutil8-debuginfo-2.4.12-48.39.1 wireshark-2.4.12-48.39.1 wireshark-debuginfo-2.4.12-48.39.1 wireshark-debugsource-2.4.12-48.39.1 wireshark-gtk-2.4.12-48.39.1 wireshark-gtk-debuginfo-2.4.12-48.39.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.12-48.39.1 libwireshark9-debuginfo-2.4.12-48.39.1 libwiretap7-2.4.12-48.39.1 libwiretap7-debuginfo-2.4.12-48.39.1 libwscodecs1-2.4.12-48.39.1 libwscodecs1-debuginfo-2.4.12-48.39.1 libwsutil8-2.4.12-48.39.1 libwsutil8-debuginfo-2.4.12-48.39.1 wireshark-2.4.12-48.39.1 wireshark-debuginfo-2.4.12-48.39.1 wireshark-debugsource-2.4.12-48.39.1 wireshark-gtk-2.4.12-48.39.1 wireshark-gtk-debuginfo-2.4.12-48.39.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libwireshark9-2.4.12-48.39.1 libwireshark9-debuginfo-2.4.12-48.39.1 libwiretap7-2.4.12-48.39.1 libwiretap7-debuginfo-2.4.12-48.39.1 libwscodecs1-2.4.12-48.39.1 libwscodecs1-debuginfo-2.4.12-48.39.1 libwsutil8-2.4.12-48.39.1 libwsutil8-debuginfo-2.4.12-48.39.1 wireshark-2.4.12-48.39.1 wireshark-debuginfo-2.4.12-48.39.1 wireshark-debugsource-2.4.12-48.39.1 wireshark-gtk-2.4.12-48.39.1 wireshark-gtk-debuginfo-2.4.12-48.39.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwireshark9-2.4.12-48.39.1 libwireshark9-debuginfo-2.4.12-48.39.1 libwiretap7-2.4.12-48.39.1 libwiretap7-debuginfo-2.4.12-48.39.1 libwscodecs1-2.4.12-48.39.1 libwscodecs1-debuginfo-2.4.12-48.39.1 libwsutil8-2.4.12-48.39.1 libwsutil8-debuginfo-2.4.12-48.39.1 wireshark-2.4.12-48.39.1 wireshark-debuginfo-2.4.12-48.39.1 wireshark-debugsource-2.4.12-48.39.1 wireshark-gtk-2.4.12-48.39.1 wireshark-gtk-debuginfo-2.4.12-48.39.1 References: https://www.suse.com/security/cve/CVE-2019-5717.html https://www.suse.com/security/cve/CVE-2019-5718.html https://www.suse.com/security/cve/CVE-2019-5719.html https://www.suse.com/security/cve/CVE-2019-5721.html https://bugzilla.suse.com/1121232 https://bugzilla.suse.com/1121233 https://bugzilla.suse.com/1121234 https://bugzilla.suse.com/1121235 From sle-updates at lists.suse.com Mon Jan 21 13:13:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Jan 2019 21:13:16 +0100 (CET) Subject: SUSE-SU-2019:0139-1: moderate: Security update for python-urllib3 Message-ID: <20190121201316.0C23BFE02@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0139-1 Rating: moderate References: #1024540 #1074247 #1110422 Cross-References: CVE-2016-9015 Affected Products: SUSE Manager Server 3.2 SUSE Manager Server 3.1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for python-urllib3 fixes the following issues: python-urllib3 was updated to version 1.22 (fate#326733, bsc#1110422) and contains new features and lots of bugfixes: The full changelog can be found on: https://github.com/Lukasa/urllib3/blob/1.22/CHANGES.rst Security issues fixed: - CVE-2016-9015: TLS certificate validation vulnerability (bsc#1024540). (This issue did not affect our previous version 1.16.) Non security issues fixed: - bsc#1074247: Fix test suite, use correct date (gh#shazow/urllib3#1303). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-139=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-139=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-139=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-139=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-139=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-139=1 Package List: - SUSE Manager Server 3.2 (noarch): python-urllib3-1.22-3.10.1 - SUSE Manager Server 3.1 (noarch): python-urllib3-1.22-3.10.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-urllib3-1.22-3.10.1 - SUSE Enterprise Storage 5 (noarch): python-urllib3-1.22-3.10.1 - SUSE Enterprise Storage 4 (noarch): python-urllib3-1.22-3.10.1 - SUSE CaaS Platform ALL (noarch): python-urllib3-1.22-3.10.1 - SUSE CaaS Platform 3.0 (noarch): python-urllib3-1.22-3.10.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): python-urllib3-1.22-3.10.1 References: https://www.suse.com/security/cve/CVE-2016-9015.html https://bugzilla.suse.com/1024540 https://bugzilla.suse.com/1074247 https://bugzilla.suse.com/1110422 From sle-updates at lists.suse.com Tue Jan 22 04:10:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Jan 2019 12:10:42 +0100 (CET) Subject: SUSE-RU-2019:0141-1: moderate: Recommended update for polkit-default-privs Message-ID: <20190122111042.C20F1FE03@maintenance.suse.de> SUSE Recommended Update: Recommended update for polkit-default-privs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0141-1 Rating: moderate References: #1119394 #984817 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for polkit-default-privs fixes the following issues: - Backport of additional flatpak rule (bsc#1119394, bsc#984817) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-141=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): polkit-default-privs-13.2-10.14.1 References: https://bugzilla.suse.com/1119394 https://bugzilla.suse.com/984817 From sle-updates at lists.suse.com Tue Jan 22 10:09:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Jan 2019 18:09:20 +0100 (CET) Subject: SUSE-RU-2019:0143-1: important: Recommended update for ncurses Message-ID: <20190122170920.210C3FE03@maintenance.suse.de> SUSE Recommended Update: Recommended update for ncurses ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0143-1 Rating: important References: #1121450 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ncurses fixes the following issues: - ncurses applications freezing (bsc#1121450) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-143=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-143=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-143=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-143=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-143=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-143=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-143=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ncurses-debugsource-5.9-64.1 ncurses-devel-5.9-64.1 ncurses-devel-debuginfo-5.9-64.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ncurses-debugsource-5.9-64.1 ncurses-devel-5.9-64.1 ncurses-devel-debuginfo-5.9-64.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libncurses5-5.9-64.1 libncurses5-debuginfo-5.9-64.1 libncurses6-5.9-64.1 libncurses6-debuginfo-5.9-64.1 ncurses-debugsource-5.9-64.1 ncurses-devel-5.9-64.1 ncurses-devel-debuginfo-5.9-64.1 ncurses-utils-5.9-64.1 ncurses-utils-debuginfo-5.9-64.1 tack-5.9-64.1 tack-debuginfo-5.9-64.1 terminfo-5.9-64.1 terminfo-base-5.9-64.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libncurses5-32bit-5.9-64.1 libncurses5-debuginfo-32bit-5.9-64.1 libncurses6-32bit-5.9-64.1 libncurses6-debuginfo-32bit-5.9-64.1 ncurses-devel-32bit-5.9-64.1 ncurses-devel-debuginfo-32bit-5.9-64.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libncurses5-5.9-64.1 libncurses5-debuginfo-5.9-64.1 libncurses6-5.9-64.1 libncurses6-debuginfo-5.9-64.1 ncurses-debugsource-5.9-64.1 ncurses-devel-5.9-64.1 ncurses-devel-debuginfo-5.9-64.1 ncurses-utils-5.9-64.1 ncurses-utils-debuginfo-5.9-64.1 tack-5.9-64.1 tack-debuginfo-5.9-64.1 terminfo-5.9-64.1 terminfo-base-5.9-64.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libncurses5-32bit-5.9-64.1 libncurses5-debuginfo-32bit-5.9-64.1 libncurses6-32bit-5.9-64.1 libncurses6-debuginfo-32bit-5.9-64.1 ncurses-devel-32bit-5.9-64.1 ncurses-devel-debuginfo-32bit-5.9-64.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libncurses5-32bit-5.9-64.1 libncurses5-5.9-64.1 libncurses5-debuginfo-32bit-5.9-64.1 libncurses5-debuginfo-5.9-64.1 libncurses6-32bit-5.9-64.1 libncurses6-5.9-64.1 libncurses6-debuginfo-32bit-5.9-64.1 libncurses6-debuginfo-5.9-64.1 ncurses-debugsource-5.9-64.1 ncurses-devel-5.9-64.1 ncurses-devel-debuginfo-5.9-64.1 ncurses-utils-5.9-64.1 ncurses-utils-debuginfo-5.9-64.1 tack-5.9-64.1 tack-debuginfo-5.9-64.1 terminfo-5.9-64.1 terminfo-base-5.9-64.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libncurses5-32bit-5.9-64.1 libncurses5-5.9-64.1 libncurses5-debuginfo-32bit-5.9-64.1 libncurses5-debuginfo-5.9-64.1 libncurses6-32bit-5.9-64.1 libncurses6-5.9-64.1 libncurses6-debuginfo-32bit-5.9-64.1 libncurses6-debuginfo-5.9-64.1 ncurses-debugsource-5.9-64.1 ncurses-devel-5.9-64.1 ncurses-devel-debuginfo-5.9-64.1 ncurses-utils-5.9-64.1 ncurses-utils-debuginfo-5.9-64.1 tack-5.9-64.1 tack-debuginfo-5.9-64.1 terminfo-5.9-64.1 terminfo-base-5.9-64.1 - SUSE CaaS Platform ALL (x86_64): libncurses5-5.9-64.1 libncurses5-debuginfo-5.9-64.1 libncurses6-5.9-64.1 libncurses6-debuginfo-5.9-64.1 ncurses-debugsource-5.9-64.1 ncurses-utils-5.9-64.1 ncurses-utils-debuginfo-5.9-64.1 terminfo-base-5.9-64.1 - SUSE CaaS Platform 3.0 (x86_64): libncurses5-5.9-64.1 libncurses5-debuginfo-5.9-64.1 libncurses6-5.9-64.1 libncurses6-debuginfo-5.9-64.1 ncurses-debugsource-5.9-64.1 ncurses-utils-5.9-64.1 ncurses-utils-debuginfo-5.9-64.1 terminfo-5.9-64.1 terminfo-base-5.9-64.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libncurses5-5.9-64.1 libncurses5-debuginfo-5.9-64.1 libncurses6-5.9-64.1 libncurses6-debuginfo-5.9-64.1 ncurses-debugsource-5.9-64.1 ncurses-utils-5.9-64.1 ncurses-utils-debuginfo-5.9-64.1 terminfo-base-5.9-64.1 References: https://bugzilla.suse.com/1121450 From sle-updates at lists.suse.com Wed Jan 23 13:09:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Jan 2019 21:09:15 +0100 (CET) Subject: SUSE-SU-2019:0145-1: important: Security update for ghostscript Message-ID: <20190123200915.33E01FFD6@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0145-1 Rating: important References: #1122319 Cross-References: CVE-2019-6116 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-145=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-145=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-145=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ghostscript-mini-9.26a-3.12.1 ghostscript-mini-debuginfo-9.26a-3.12.1 ghostscript-mini-debugsource-9.26a-3.12.1 ghostscript-mini-devel-9.26a-3.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libspectre-debugsource-0.2.8-3.6.1 libspectre-devel-0.2.8-3.6.1 libspectre1-0.2.8-3.6.1 libspectre1-debuginfo-0.2.8-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ghostscript-9.26a-3.12.1 ghostscript-debuginfo-9.26a-3.12.1 ghostscript-debugsource-9.26a-3.12.1 ghostscript-devel-9.26a-3.12.1 ghostscript-x11-9.26a-3.12.1 ghostscript-x11-debuginfo-9.26a-3.12.1 References: https://www.suse.com/security/cve/CVE-2019-6116.html https://bugzilla.suse.com/1122319 From sle-updates at lists.suse.com Wed Jan 23 13:10:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Jan 2019 21:10:37 +0100 (CET) Subject: SUSE-SU-2019:0146-1: important: Security update for webkit2gtk3 Message-ID: <20190123201037.94647FFD5@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0146-1 Rating: important References: #1119553 #1119554 #1119555 #1119556 #1119557 #1119558 Cross-References: CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.22.5 fixes the following issues: Security issues fixed: - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-146=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-146=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-146=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-146=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-146=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-146=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-146=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-146=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-146=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-146=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-146=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-146=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-146=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.5-2.32.2 libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2 libwebkit2gtk-4_0-37-2.22.5-2.32.2 libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2 typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2WebExtension-4_0-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2 webkit2gtk3-debugsource-2.22.5-2.32.2 webkit2gtk3-devel-2.22.5-2.32.2 - SUSE OpenStack Cloud 7 (noarch): libwebkit2gtk3-lang-2.22.5-2.32.2 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libwebkit2gtk3-lang-2.22.5-2.32.2 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libwebkit2gtk3-lang-2.22.5-2.32.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.22.5-2.32.2 webkit2gtk3-debugsource-2.22.5-2.32.2 webkit2gtk3-devel-2.22.5-2.32.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.22.5-2.32.2 webkit2gtk3-debugsource-2.22.5-2.32.2 webkit2gtk3-devel-2.22.5-2.32.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.22.5-2.32.2 libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2 libwebkit2gtk-4_0-37-2.22.5-2.32.2 libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2 typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2WebExtension-4_0-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2 webkit2gtk3-debugsource-2.22.5-2.32.2 webkit2gtk3-devel-2.22.5-2.32.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libwebkit2gtk3-lang-2.22.5-2.32.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.5-2.32.2 libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2 libwebkit2gtk-4_0-37-2.22.5-2.32.2 libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2 typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2-4_0-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2 webkit2gtk3-debugsource-2.22.5-2.32.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.5-2.32.2 libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2 libwebkit2gtk-4_0-37-2.22.5-2.32.2 libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2 typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2-4_0-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2 webkit2gtk3-debugsource-2.22.5-2.32.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.5-2.32.2 libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2 libwebkit2gtk-4_0-37-2.22.5-2.32.2 libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2 typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2WebExtension-4_0-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2 webkit2gtk3-debugsource-2.22.5-2.32.2 webkit2gtk3-devel-2.22.5-2.32.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.22.5-2.32.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.22.5-2.32.2 libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2 libwebkit2gtk-4_0-37-2.22.5-2.32.2 libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2 typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2WebExtension-4_0-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2 webkit2gtk3-debugsource-2.22.5-2.32.2 webkit2gtk3-devel-2.22.5-2.32.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.22.5-2.32.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): libwebkit2gtk3-lang-2.22.5-2.32.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libjavascriptcoregtk-4_0-18-2.22.5-2.32.2 libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2 libwebkit2gtk-4_0-37-2.22.5-2.32.2 libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2 typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2-4_0-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2 webkit2gtk3-debugsource-2.22.5-2.32.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libjavascriptcoregtk-4_0-18-2.22.5-2.32.2 libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2 libwebkit2gtk-4_0-37-2.22.5-2.32.2 libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2 typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2-4_0-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2 webkit2gtk3-debugsource-2.22.5-2.32.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libwebkit2gtk3-lang-2.22.5-2.32.2 - SUSE Enterprise Storage 4 (noarch): libwebkit2gtk3-lang-2.22.5-2.32.2 - SUSE Enterprise Storage 4 (x86_64): libjavascriptcoregtk-4_0-18-2.22.5-2.32.2 libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2 libwebkit2gtk-4_0-37-2.22.5-2.32.2 libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2 typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2-4_0-2.22.5-2.32.2 typelib-1_0-WebKit2WebExtension-4_0-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2 webkit2gtk3-debugsource-2.22.5-2.32.2 webkit2gtk3-devel-2.22.5-2.32.2 References: https://www.suse.com/security/cve/CVE-2018-4437.html https://www.suse.com/security/cve/CVE-2018-4438.html https://www.suse.com/security/cve/CVE-2018-4441.html https://www.suse.com/security/cve/CVE-2018-4442.html https://www.suse.com/security/cve/CVE-2018-4443.html https://www.suse.com/security/cve/CVE-2018-4464.html https://bugzilla.suse.com/1119553 https://bugzilla.suse.com/1119554 https://bugzilla.suse.com/1119555 https://bugzilla.suse.com/1119556 https://bugzilla.suse.com/1119557 https://bugzilla.suse.com/1119558 From sle-updates at lists.suse.com Wed Jan 23 16:09:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 00:09:09 +0100 (CET) Subject: SUSE-RU-2019:0149-1: moderate: Recommended update for ca-certificates-mozilla Message-ID: <20190123230909.F1FC5FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0149-1 Rating: moderate References: #1121446 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ca-certificates-mozilla fixes the following issues: The package was updated to the 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446) Removed Root CAs: - AC Raiz Certicamara S.A. - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - Visa eCommerce Root Added Root CAs: - Certigna Root CA (email and server auth) - GTS Root R1 (server auth) - GTS Root R2 (server auth) - GTS Root R3 (server auth) - GTS Root R4 (server auth) - OISTE WISeKey Global Root GC CA (email and server auth) - UCA Extended Validation Root (server auth) - UCA Global G2 Root (email and server auth) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-149=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-149=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-149=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-149=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-149=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-149=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-149=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-149=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-149=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-149=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-149=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-149=1 Package List: - SUSE OpenStack Cloud 7 (noarch): ca-certificates-mozilla-2.30-12.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): ca-certificates-mozilla-2.30-12.12.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): ca-certificates-mozilla-2.30-12.12.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): ca-certificates-mozilla-2.30-12.12.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): ca-certificates-mozilla-2.30-12.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): ca-certificates-mozilla-2.30-12.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): ca-certificates-mozilla-2.30-12.12.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): ca-certificates-mozilla-2.30-12.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): ca-certificates-mozilla-2.30-12.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): ca-certificates-mozilla-2.30-12.12.1 - SUSE Enterprise Storage 4 (noarch): ca-certificates-mozilla-2.30-12.12.1 - SUSE CaaS Platform ALL (noarch): ca-certificates-mozilla-2.30-12.12.1 - SUSE CaaS Platform 3.0 (noarch): ca-certificates-mozilla-2.30-12.12.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): ca-certificates-mozilla-2.30-12.12.1 References: https://bugzilla.suse.com/1121446 From sle-updates at lists.suse.com Wed Jan 23 16:09:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 00:09:52 +0100 (CET) Subject: SUSE-SU-2019:0150-1: important: Security update for the Linux Kernel Message-ID: <20190123230952.F02D7FFD5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0150-1 Rating: important References: #1024718 #1046299 #1050242 #1050244 #1051510 #1055120 #1055121 #1055186 #1058115 #1060463 #1065600 #1065729 #1068273 #1078248 #1079935 #1082387 #1082555 #1082653 #1083647 #1085535 #1086282 #1086283 #1086423 #1087082 #1087978 #1088386 #1089350 #1090888 #1091405 #1094244 #1097593 #1097755 #1102875 #1102877 #1102879 #1102882 #1102896 #1103257 #1104353 #1104427 #1104824 #1104967 #1105168 #1106105 #1106110 #1106237 #1106240 #1106615 #1106913 #1107256 #1107385 #1107866 #1108270 #1108468 #1109272 #1109772 #1109806 #1110006 #1110558 #1110998 #1111062 #1111174 #1111183 #1111188 #1111469 #1111696 #1111795 #1111809 #1112963 #1113295 #1113412 #1113501 #1113677 #1113722 #1113769 #1114015 #1114178 #1114279 #1114385 #1114576 #1114577 #1114578 #1114579 #1114580 #1114581 #1114582 #1114583 #1114584 #1114585 #1114839 #1114871 #1115074 #1115269 #1115431 #1115433 #1115440 #1115567 #1115709 #1115976 #1116040 #1116183 #1116336 #1116692 #1116693 #1116698 #1116699 #1116700 #1116701 #1116803 #1116841 #1116862 #1116863 #1116876 #1116877 #1116878 #1116891 #1116895 #1116899 #1116950 #1117115 #1117162 #1117165 #1117168 #1117172 #1117174 #1117181 #1117184 #1117186 #1117188 #1117189 #1117349 #1117561 #1117656 #1117788 #1117789 #1117790 #1117791 #1117792 #1117794 #1117795 #1117796 #1117798 #1117799 #1117801 #1117802 #1117803 #1117804 #1117805 #1117806 #1117807 #1117808 #1117815 #1117816 #1117817 #1117818 #1117819 #1117820 #1117821 #1117822 #1117953 #1118102 #1118136 #1118137 #1118138 #1118140 #1118152 #1118215 #1118316 #1118319 #1118320 #1118428 #1118484 #1118505 #1118752 #1118760 #1118761 #1118762 #1118766 #1118767 #1118768 #1118769 #1118771 #1118772 #1118773 #1118774 #1118775 #1118798 #1118809 #1118962 #1119017 #1119086 #1119212 #1119322 #1119410 #1119714 #1119749 #1119804 #1119946 #1119947 #1119962 #1119968 #1119974 #1120036 #1120053 #1120054 #1120055 #1120058 #1120088 #1120092 #1120094 #1120096 #1120097 #1120173 #1120214 #1120223 #1120228 #1120230 #1120232 #1120234 #1120235 #1120238 #1120594 #1120598 #1120600 #1120601 #1120602 #1120603 #1120604 #1120606 #1120612 #1120613 #1120614 #1120615 #1120616 #1120617 #1120618 #1120620 #1120621 #1120632 #1120633 #1120743 #1120954 #1121017 #1121058 #1121263 #1121273 #1121477 #1121483 #1121599 #1121621 #1121714 #1121715 #1121973 Cross-References: CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18397 CVE-2018-19407 CVE-2018-19824 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 241 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). - ACPICA: Tables: Add WSMT support (bsc#1089350). - ACPI / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115). - ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - ACPI, nfit: Fix ARS overflow continuation (bsc#1116895). - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - ALSA: control: Fix race between adding and removing a user element (bsc#1051510). - ALSA: cs46xx: Potential NULL dereference in probe (bsc#1051510). - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - ALSA: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - ALSA: fireface: fix for state to fetch PCM frames (bsc#1051510). - ALSA: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - ALSA: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - ALSA: hda: Add support for AMD Stoney Ridge (bsc#1051510). - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - ALSA: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - ALSA: hda: fix front speakers on Huawei MBXP (bsc#1051510). - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510). - ALSA: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - ALSA: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - ALSA: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - ALSA: hda/realtek - Support ALC300 (bsc#1051510). - ALSA: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - ALSA: hda/tegra: clear pending irq handlers (bsc#1051510). - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - ALSA: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - ALSA: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - ALSA: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - ALSA: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: trident: Suppress gcc string warning (bsc#1051510). - ALSA: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - ALSA: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - b43: Fix error in cordic routine (bsc#1051510). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block: respect virtual boundary mask in bvecs (bsc#1113412). - block/swim: Fix array bounds check (Git-fixes). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - Bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf: use per htab salt for bucket hash (git-fixes). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - Btrfs: Always try all copies when reading extent buffers (git-fixes). - Btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - Btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - Btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - Btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - Btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - Btrfs: fix deadlock when writing out free space caches (bsc#1116700). - Btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - Btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - Btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - Btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - Btrfs: fix fsync of files with multiple hard links in new directories (1120173). - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - Btrfs: Fix memory barriers usage with device stats counters (git-fixes). - Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - Btrfs: fix use-after-free during inode eviction (bsc#1116701). - Btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - Btrfs: fix use-after-free when dumping free space (bsc#1116862). - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - Btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - Btrfs: get rid of unused orphan infrastructure (bsc#1111469). - Btrfs: make sure we create all new block groups (bsc#1116699). - Btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - Btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - Btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - Btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - Btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - Btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - Btrfs: stop creating orphan items for truncate (bsc#1111469). - Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - Btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - configfs: replace strncpy with memcpy (bsc#1051510). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable "ret" in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix "compatible" prop description (git-fixes). - dt-bindings: pwm: Update STM32 timers clock names (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - fbdev: fix broken menu dependencies (bsc#1113722) - firmware: add firmware_request_nowarn() - load firmware without warnings (). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix kABI for "Ensure we commit after writeback is complete" (bsc#1111809). - Fix the breakage of KMP build on x86_64 (bsc#1121017) The backport of the commit 4cd24de3a098 broke KMP builds because of the failure of make kernelrelease call in spec file. Clear the blacklist and backport the fix from the upstream. - Fix tracing sample code warning (git-fixes). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - git_sort.py: Remove non-existent remote tj/libata - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - HID: Add quirk for Primax PIXART OEM mice (bsc#1119410). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - HID: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi fix for "NFSv4.1: Fix up replays of interrupted requests" (git-fixes). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi: mask raw in struct bpf_reg_state (bsc#1083647). - kabi: powerpc: Revert npu callback signature change (bsc#1055120). - kabi protect hnae_ae_ops (bsc#1104353). - kabi: protect struct fib_nh_exception (kabi). - kabi: protect struct rtable (kabi). - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: move "_all" target out of $(KBUILD_SRC) conditional (bsc#1114279). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - Kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h (Git-fixes). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - KVM: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - KVM: s390: vsie: copy wrapping keys to right place (git-fixes). - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - KVM: VMX: re-add ple_gap module parameter (bsc#1106240). - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Always report TX status (bsc#1051510). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: rework memcg kernel stack accounting (bnc#1113677). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - nfs: Avoid RCU usage in tracepoints (git-fixes). - nfs: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - nfs: Ensure we commit after writeback is complete (bsc#1111809). - nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes). - nfs: Fix a typo in nfs_rename() (git-fixes). - nfs: Fix typo in nomigration mount option (git-fixes). - nfs: Fix unstable write completion (git-fixes). - nfsv4.0 fix client reference leak in callback (git-fixes). - nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - nfsv4.1 fix infinite loop on I/O (git-fixes). - nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - nfsv4.1: Fix up replays of interrupted requests (git-fixes). - nfsv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Include <asm/barrier.h> dependency (bsc#1114279). - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme: Free ctrl device name on init failure (). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix "noreturn" detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - PCI: Add ACS quirk for Ampere root ports (bsc#1120058). - PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058). - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk (bsc#1051510). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - PCI: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - PCI: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510) - PCI: Export pcie_has_flr() (bsc#1120058). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: imx6: Fix link training status detection in link up check (bsc#1109806). - PCI: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - PCI: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - PCI: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - PCI: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - PCI: vmd: Assign vector zero to all bridges (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1109806). - PCI: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - perf tools: Fix tracing_path_mount proper path (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - RDMA/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - RDMA/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - RDMA/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - RDMA/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - rds: fix two RCU related problems (networking-stable-18_09_18). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes). - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert commit ef9209b642f "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c" (bsc#1051510). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1051510). - Revert "powerpc/64: Fix checksum folding in csum_add()" (bsc#1065729). - Revert "scsi: lpfc: ls_rjt erroneus FLOGIs" (bsc#1119322). - Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" (bsc#1051510). - Revert wlcore patch to follow stable tree develpment - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-${flavor}-devel packages if it exists. - rpm/kernel-binary.spec.in: allow unsupported modules for -extra (bsc#1111183). SLE-15 and later only. - rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ("kconfig: remove silentoldconfig target"), "make silentoldconfig" can be no longer used. Use "make syncconfig" instead if available. - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Git fixes (scheduler)). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scripts/git-pre-commit: make executable. - scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue - scripts/git_sort/git_sort.py: change SCSI git repos to make series sorting more failsafe. - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - skip LAYOUTRETURN if layout is invalid (git-fixes). - soc: bcm2835: sync firmware properties with downstream () - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_firmware: fix error return getting clobbered (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename "trywlock" into "trywrlock" (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - unifdef: use memcpy instead of strncpy (bsc#1051510). - Update config files. Enabled ENA (Amazon network driver) for arm64. - usb: appledisplay: Add 27" Apple Cinema Display (bsc#1051510). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20" Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/PCI: Add "pci=big_root_window" option for AMD 64-bit windows (bsc#1120058). - x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058). - x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058). - x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/netfront: tolerate frags with no data (bnc#1119804). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-150=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): kernel-devel-azure-4.12.14-5.19.1 kernel-source-azure-4.12.14-5.19.1 - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): kernel-azure-4.12.14-5.19.1 kernel-azure-base-4.12.14-5.19.1 kernel-azure-base-debuginfo-4.12.14-5.19.1 kernel-azure-debuginfo-4.12.14-5.19.1 kernel-azure-devel-4.12.14-5.19.1 kernel-syms-azure-4.12.14-5.19.1 References: https://www.suse.com/security/cve/CVE-2018-12232.html https://www.suse.com/security/cve/CVE-2018-14625.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18397.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19854.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1046299 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1068273 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1082653 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086423 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087978 https://bugzilla.suse.com/1088386 https://bugzilla.suse.com/1089350 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097593 https://bugzilla.suse.com/1097755 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104824 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1105168 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106615 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1107256 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1108270 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1109772 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110558 https://bugzilla.suse.com/1110998 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111174 https://bugzilla.suse.com/1111183 https://bugzilla.suse.com/1111188 https://bugzilla.suse.com/1111469 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1111795 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1113501 https://bugzilla.suse.com/1113677 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1114015 https://bugzilla.suse.com/1114178 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114385 https://bugzilla.suse.com/1114576 https://bugzilla.suse.com/1114577 https://bugzilla.suse.com/1114578 https://bugzilla.suse.com/1114579 https://bugzilla.suse.com/1114580 https://bugzilla.suse.com/1114581 https://bugzilla.suse.com/1114582 https://bugzilla.suse.com/1114583 https://bugzilla.suse.com/1114584 https://bugzilla.suse.com/1114585 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1115074 https://bugzilla.suse.com/1115269 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115567 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1115976 https://bugzilla.suse.com/1116040 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116692 https://bugzilla.suse.com/1116693 https://bugzilla.suse.com/1116698 https://bugzilla.suse.com/1116699 https://bugzilla.suse.com/1116700 https://bugzilla.suse.com/1116701 https://bugzilla.suse.com/1116803 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1116862 https://bugzilla.suse.com/1116863 https://bugzilla.suse.com/1116876 https://bugzilla.suse.com/1116877 https://bugzilla.suse.com/1116878 https://bugzilla.suse.com/1116891 https://bugzilla.suse.com/1116895 https://bugzilla.suse.com/1116899 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1117115 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117168 https://bugzilla.suse.com/1117172 https://bugzilla.suse.com/1117174 https://bugzilla.suse.com/1117181 https://bugzilla.suse.com/1117184 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117188 https://bugzilla.suse.com/1117189 https://bugzilla.suse.com/1117349 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1117656 https://bugzilla.suse.com/1117788 https://bugzilla.suse.com/1117789 https://bugzilla.suse.com/1117790 https://bugzilla.suse.com/1117791 https://bugzilla.suse.com/1117792 https://bugzilla.suse.com/1117794 https://bugzilla.suse.com/1117795 https://bugzilla.suse.com/1117796 https://bugzilla.suse.com/1117798 https://bugzilla.suse.com/1117799 https://bugzilla.suse.com/1117801 https://bugzilla.suse.com/1117802 https://bugzilla.suse.com/1117803 https://bugzilla.suse.com/1117804 https://bugzilla.suse.com/1117805 https://bugzilla.suse.com/1117806 https://bugzilla.suse.com/1117807 https://bugzilla.suse.com/1117808 https://bugzilla.suse.com/1117815 https://bugzilla.suse.com/1117816 https://bugzilla.suse.com/1117817 https://bugzilla.suse.com/1117818 https://bugzilla.suse.com/1117819 https://bugzilla.suse.com/1117820 https://bugzilla.suse.com/1117821 https://bugzilla.suse.com/1117822 https://bugzilla.suse.com/1117953 https://bugzilla.suse.com/1118102 https://bugzilla.suse.com/1118136 https://bugzilla.suse.com/1118137 https://bugzilla.suse.com/1118138 https://bugzilla.suse.com/1118140 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118215 https://bugzilla.suse.com/1118316 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118320 https://bugzilla.suse.com/1118428 https://bugzilla.suse.com/1118484 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118752 https://bugzilla.suse.com/1118760 https://bugzilla.suse.com/1118761 https://bugzilla.suse.com/1118762 https://bugzilla.suse.com/1118766 https://bugzilla.suse.com/1118767 https://bugzilla.suse.com/1118768 https://bugzilla.suse.com/1118769 https://bugzilla.suse.com/1118771 https://bugzilla.suse.com/1118772 https://bugzilla.suse.com/1118773 https://bugzilla.suse.com/1118774 https://bugzilla.suse.com/1118775 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118809 https://bugzilla.suse.com/1118962 https://bugzilla.suse.com/1119017 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119212 https://bugzilla.suse.com/1119322 https://bugzilla.suse.com/1119410 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119749 https://bugzilla.suse.com/1119804 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119947 https://bugzilla.suse.com/1119962 https://bugzilla.suse.com/1119968 https://bugzilla.suse.com/1119974 https://bugzilla.suse.com/1120036 https://bugzilla.suse.com/1120053 https://bugzilla.suse.com/1120054 https://bugzilla.suse.com/1120055 https://bugzilla.suse.com/1120058 https://bugzilla.suse.com/1120088 https://bugzilla.suse.com/1120092 https://bugzilla.suse.com/1120094 https://bugzilla.suse.com/1120096 https://bugzilla.suse.com/1120097 https://bugzilla.suse.com/1120173 https://bugzilla.suse.com/1120214 https://bugzilla.suse.com/1120223 https://bugzilla.suse.com/1120228 https://bugzilla.suse.com/1120230 https://bugzilla.suse.com/1120232 https://bugzilla.suse.com/1120234 https://bugzilla.suse.com/1120235 https://bugzilla.suse.com/1120238 https://bugzilla.suse.com/1120594 https://bugzilla.suse.com/1120598 https://bugzilla.suse.com/1120600 https://bugzilla.suse.com/1120601 https://bugzilla.suse.com/1120602 https://bugzilla.suse.com/1120603 https://bugzilla.suse.com/1120604 https://bugzilla.suse.com/1120606 https://bugzilla.suse.com/1120612 https://bugzilla.suse.com/1120613 https://bugzilla.suse.com/1120614 https://bugzilla.suse.com/1120615 https://bugzilla.suse.com/1120616 https://bugzilla.suse.com/1120617 https://bugzilla.suse.com/1120618 https://bugzilla.suse.com/1120620 https://bugzilla.suse.com/1120621 https://bugzilla.suse.com/1120632 https://bugzilla.suse.com/1120633 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120954 https://bugzilla.suse.com/1121017 https://bugzilla.suse.com/1121058 https://bugzilla.suse.com/1121263 https://bugzilla.suse.com/1121273 https://bugzilla.suse.com/1121477 https://bugzilla.suse.com/1121483 https://bugzilla.suse.com/1121599 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1121714 https://bugzilla.suse.com/1121715 https://bugzilla.suse.com/1121973 From sle-updates at lists.suse.com Wed Jan 23 16:49:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 00:49:06 +0100 (CET) Subject: SUSE-SU-2019:0148-1: important: Security update for the Linux Kernel Message-ID: <20190123234906.A06A5FFD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0148-1 Rating: important References: #1012382 #1015336 #1015337 #1015340 #1019683 #1019695 #1020645 #1027260 #1027457 #1042286 #1043083 #1046264 #1047487 #1048916 #1065600 #1066223 #1068032 #1069702 #1070805 #1079935 #1087082 #1091405 #1093158 #1094244 #1094973 #1096242 #1096281 #1099523 #1100105 #1101557 #1102439 #1102660 #1103156 #1103257 #1103624 #1104098 #1104731 #1105412 #1106105 #1106237 #1106240 #1106929 #1107385 #1108145 #1108240 #1109272 #1109330 #1109806 #1110286 #1111062 #1111809 #1112246 #1112963 #1113412 #1114190 #1114417 #1114475 #1114648 #1114763 #1114839 #1114871 #1115431 #1115433 #1115440 #1115587 #1115709 #1116027 #1116183 #1116285 #1116336 #1116345 #1116497 #1116841 #1116924 #1116950 #1117162 #1117165 #1117186 #1117562 #1118152 #1118316 #1118319 #1118505 #1118790 #1118798 #1118915 #1118922 #1118926 #1118930 #1118936 #1119204 #1119714 #1119877 #1119946 #1119967 #1119970 #1120046 #1120743 #1121239 #1121240 #1121241 #1121242 #1121275 #1121621 Cross-References: CVE-2017-16939 CVE-2018-1120 CVE-2018-16862 CVE-2018-16884 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-3639 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 94 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic was uninitialized (bnc#1116841). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bnc#1087082). - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319). - CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). The following non-security bugs were fixed: - 9p: clear dangling pointers in p9stat_free (bnc#1012382). - 9p locks: fix glock.client_id leak in do_lock (bnc#1012382). - 9p/net: put a lower bound on msize (bnc#1012382). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1121239). - ACPI/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bnc#1012382). - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114648). - ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114648). - ACPI/platform: Add SMB0001 HID to forbidden_id_list (bnc#1012382). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bnc#1012382). - ahci: do not ignore result code of ahci_reset_controller() (bnc#1012382). - aio: fix spectre gadget in lookup_ioctx (bnc#1012382). - aio: hold an extra file reference over AIO read/write operations (bsc#1116027). - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bnc#1012382). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bnc#1012382). - ALSA: control: Fix race between adding and removing a user element (bnc#1012382). - ALSA: cs46xx: Potential NULL dereference in probe (bnc#1012382). - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - ALSA: emux: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bnc#1012382). - ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bnc#1012382). - ALSA: hda: Add support for AMD Stoney Ridge (bnc#1012382). - ALSA: hda: Check the non-cached stream buffers more explicitly (bnc#1012382). - ALSA: hda/tegra: clear pending irq handlers (bnc#1012382). - ALSA: isa/wavefront: prevent some out of bound writes (bnc#1012382). - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bnc#1012382). - ALSA: pcm: Fix interval evaluation with openmin/max (bnc#1012382). - ALSA: pcm: Fix potential Spectre v1 vulnerability (bnc#1012382). - ALSA: pcm: Fix starvation on down_write_nonblock() (bnc#1012382). - ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command (bnc#1012382). - ALSA: rme9652: Fix potential Spectre v1 vulnerability (bnc#1012382). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bnc#1012382). - ALSA: timer: Fix zero-division by continue of uninitialized instance (bnc#1012382). - ALSA: trident: Suppress gcc string warning (bnc#1012382). - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bnc#1012382). - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bnc#1012382). - ALSA: wss: Fix invalid snd_free_pages() at error path (bnc#1012382). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - ARC: change defconfig defaults to ARCv2 (bnc#1012382). - ARC: [devboards] Add support of NFSv3 ACL (bnc#1012382). - arch/alpha, termios: implement BOTHER, IBSHIFT and termios2 (bnc#1012382). - ARC: io.h: Implement reads{x}()/writes{x}() (bnc#1012382). - ARM64: Disable asm-operand-width warning for clang (bnc#1012382). - ARM64: dts: stratix10: Correct System Manager register size (bnc#1012382). - ARM64: Enabled ENA (Amazon network driver) - ARM64: hardcode rodata_enabled=true earlier in the series (bsc#1114763). - ARM64: PCI: ACPI support for legacy IRQs parsing and consolidation with DT code. - ARM64: percpu: Initialize ret in the default case (bnc#1012382). - ARM64: remove no-op -p linker flag (bnc#1012382). - ARM: 8799/1: mm: fix pci_ioremap_io() offset check (bnc#1012382). - ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bnc#1012382). - ARM: dts: apq8064: add ahci ports-implemented mask (bnc#1012382). - ARM: dts: imx53-qsb: disable 1.2GHz OPP (bnc#1012382). - ARM: fix mis-applied iommu identity check (bsc#1116924). - ARM: imx: update the cpu power up timing setting on i.mx6sx (bnc#1012382). - ARM: kvm: fix building with gcc-8 (bsc#1121241). - ARM: OMAP1: ams-delta: Fix possible use of uninitialized field (bnc#1012382). - ARM: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bnc#1012382). - asix: Check for supported Wake-on-LAN modes (bnc#1012382). - ASoC: ak4613: Enable cache usage to fix crashes on resume (bnc#1012382). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bnc#1012382). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bnc#1012382). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bnc#1012382). - ASoC: spear: fix error return code in spdif_in_probe() (bnc#1012382). - ASoC: wm8940: Enable cache usage to fix crashes on resume (bnc#1012382). - ataflop: fix error handling during setup (bnc#1012382). - ath10k: fix kernel panic due to race in accessing arvif list (bnc#1012382). - ath10k: schedule hardware restart if WMI command times out (bnc#1012382). - ax25: fix a use-after-free in ax25_fillin_cb() (bnc#1012382). - ax88179_178a: Check for supported Wake-on-LAN modes (bnc#1012382). - b43: Fix error in cordic routine (bnc#1012382). - batman-adv: Expand merged fragment buffer for full packet (bnc#1012382). - bcache: fix miss key refill->end in writeback (bnc#1012382). - bfs: add sanity check at bfs_fill_super() (bnc#1012382). - binfmt_elf: fix calculations for bss padding (bnc#1012382). - bitops: protect variables in bit_clear_unless() macro (bsc#1116285). - block: fix inheriting request priority from bio (bsc#1116924). - block: respect virtual boundary mask in bvecs (bsc#1113412). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bnc#1012382). - Bluetooth: SMP: fix crash in unpairing (bnc#1012382). - bna: ethtool: Avoid reading past end of buffer (bnc#1012382). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bnc#1012382). - bonding: fix 802.3ad state sent to partner when unbinding slave (bnc#1012382). - bpf: fix check of allowed specifiers in bpf_trace_printk (bnc#1012382). - bpf: generally move prog destruction to RCU deferral (bnc#1012382). - bpf: support 8-byte metafield access (bnc#1012382). - bpf, trace: check event type in bpf_perf_event_read (bsc#1119970). - bpf, trace: use READ_ONCE for retrieving file ptr (bsc#1119967). - bpf/verifier: Add spi variable to check_stack_write() (bnc#1012382). - bpf/verifier: Pass instruction index to check_mem_access() and check_xadd() (bnc#1012382). - bridge: do not add port to router list when receives query with source 0.0.0.0 (bnc#1012382). - btrfs: Always try all copies when reading extent buffers (bnc#1012382). - btrfs: do not attempt to trim devices that do not support it (bnc#1012382). - btrfs: ensure path name is null terminated at btrfs_control_ioctl (bnc#1012382). - btrfs: fix backport error in submit_stripe_bio (bsc#1114763). - btrfs: fix data corruption due to cloning of eof block (bnc#1012382). - btrfs: Fix memory barriers usage with device stats counters. - btrfs: fix null pointer dereference on compressed write path error (bnc#1012382). - btrfs: fix pinned underflow after transaction aborted (bnc#1012382). - btrfs: fix use-after-free when dumping free space (bnc#1012382). - btrfs: fix wrong dentries after fsync of file that got its parent replaced (bnc#1012382). - btrfs: Handle error from btrfs_uuid_tree_rem call in _btrfs_ioctl_set_received_subvol. - btrfs: Handle owner mismatch gracefully when walking up tree (bnc#1012382). - btrfs: iterate all devices during trim, instead of fs_devices::alloc_list (bnc#1012382). - btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock (bnc#1012382). - btrfs: make sure we create all new block groups (bnc#1012382). - btrfs: qgroup: Dirty all qgroups before rescan (bnc#1012382). - btrfs: release metadata before running delayed refs (bnc#1012382). - btrfs: reset max_extent_size on clear in a bitmap (bnc#1012382). - btrfs: send, fix infinite loop due to directory rename dependencies (bnc#1012382). - btrfs: set max_extent_size properly (bnc#1012382). - btrfs: wait on caching when putting the bg cache (bnc#1012382). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bnc#1012382). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bnc#1012382). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bnc#1012382). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bnc#1012382). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bnc#1012382). - can: rcar_can: Fix erroneous registration (bnc#1012382). - cdc-acm: correct counting of UART states in serial state notification (bnc#1012382). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bnc#1012382). - ceph: call setattr_prepare from ceph_setattr instead of inode_change_ok (bsc#1114763). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121275). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bnc#1012382). - checkstack.pl: fix for aarch64 (bnc#1012382). - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bnc#1012382). - CIFS: Fix separator when building path from dentry (bnc#1012382). - CIFS: handle guest access errors to Windows shares (bnc#1012382). - CIFS: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bnc#1012382). - clk: mmp: Off by one in mmp_clk_add() (bnc#1012382). - clk: s2mps11: Add used attribute to s2mps11_dt_match. - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bnc#1012382). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bnc#1012382). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bnc#1012382). - configfs: replace strncpy with memcpy (bnc#1012382). - cpufeature: avoid warning when compiling with clang. - cpufreq: imx6q: add return value check for voltage scale (bnc#1012382). - cpuidle: Do not access cpuidle_devices when !CONFIG_CPU_IDLE (bnc#1012382). - Cramfs: fix abad comparison when wrap-arounds occur (bnc#1012382). - crypto: arm64/sha - avoid non-standard inline asm tricks (bnc#1012382). - crypto: lrw - Fix out-of bounds access on counter overflow (bnc#1012382). - crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned (bnc#1012382). - crypto, x86: aesni - fix token pasting for clang (bnc#1012382). - crypto: x86/chacha20 - avoid sleeping with preemption disabled (bnc#1012382). - cw1200: Do not leak memory if krealloc failes (bnc#1012382). - cxgb4: Add support for new flash parts (bsc#1102439). - cxgb4: assume flash part size to be 4MB, if it can't be determined (bsc#1102439). - cxgb4: Fix FW flash errors (bsc#1102439). - cxgb4: fix missing break in switch and indent return statements (bsc#1102439). - cxgb4: support new ISSI flash parts (bsc#1102439). - debugobjects: avoid recursive calls with kmemleak (bnc#1012382). - disable stringop truncation warnings for now (bnc#1012382). - dlm: fixed memory leaks after failed ls_remove_names allocation (bnc#1012382). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bnc#1012382). - dlm: memory leaks on error path in dlm_user_request() (bnc#1012382). - dlm: possible memory leak on error path in create_lkb() (bnc#1012382). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bnc#1012382). - dmaengine: at_hdmac: fix module unloading (bnc#1012382). - dmaengine: dma-jz4780: Return error if not probed from DT (bnc#1012382). - dm cache metadata: ignore hints array being too small during resize. - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (bnc#1012382). - dm-multipath: do not assign cmd_flags in setup_clone() (bsc#1103156). - dm raid: stop using BUG() in __rdev_sectors() (bsc#1046264). - dm thin: stop no_space_timeout worker when switching to write-mode. - dpaa_eth: fix dpaa_get_stats64 to match prototype (bsc#1114763). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bnc#1012382). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bnc#1012382). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bnc#1012382). - drivers/sbus/char: add of_node_put() (bnc#1012382). - drivers/tty: add missing of_node_put() (bnc#1012382). - drm/ast: change resolution may cause screen blurred (bnc#1012382). - drm/ast: fixed cursor may disappear sometimes (bnc#1012382). - drm/ast: fixed reading monitor EDID not stable issue (bnc#1012382). - drm/ast: Fix incorrect free on ioregs (bsc#1106929) - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bnc#1012382). - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106929) - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bnc#1012382). - drm/ioctl: Fix Spectre v1 vulnerabilities (bnc#1012382). - drm/msm: Grab a vblank reference when waiting for commit_done (bnc#1012382). - drm/nouveau/fbcon: fix oops without fbdev emulation (bnc#1012382). - drm/omap: fix memory barrier bug in DMM driver (bnc#1012382). - drm: rcar-du: Fix external clock error checks (bsc#1106929) - drm: rcar-du: Fix vblank initialization (bsc#1106929) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bnc#1012382). - e1000: avoid null pointer dereference on invalid stat type (bnc#1012382). - e1000: fix race condition between e1000_down() and e1000_watchdog (bnc#1012382). - efi/libstub/arm64: Force 'hidden' visibility for section markers (bnc#1012382). - efi/libstub/arm64: Set -fpie when building the EFI stub (bnc#1012382). - exec: avoid gcc-8 warning for get_task_comm (bnc#1012382). - exportfs: do not read dentry after free (bnc#1012382). - ext2: fix potential use after free (bnc#1012382). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bnc#1012382). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bnc#1012382). - ext4: add missing brelse() update_backups()'s error path (bnc#1012382). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bnc#1012382). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bnc#1012382). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bnc#1012382). - ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bnc#1012382). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bnc#1012382). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bnc#1012382). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bnc#1012382). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bnc#1012382). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bnc#1012382). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bnc#1012382). - ext4: fix possible use after free in ext4_quota_enable (bnc#1012382). - ext4: force inode writes when nfsd calls commit_metadata() (bnc#1012382). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bnc#1012382). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bnc#1012382). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bnc#1012382). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106929) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106929) - fcoe: remove duplicate debugging message in fcoe_ctlr_vn_add (bsc#1114763). - Fix kABI for "Ensure we commit after writeback is complete" (bsc#1111809). - floppy: fix race condition in __floppy_read_block_0(). - flow_dissector: do not dissect l4 ports for fragments (bnc#1012382). - fork: record start_time late (bnc#1012382). - fscache, cachefiles: remove redundant variable 'cache' (bnc#1012382). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read . - fscache: Pass the correct cancelled indications to fscache_op_complete(). - fs, elf: make sure to page align bss in load_elf_library (bnc#1012382). - fs/exofs: fix potential memory leak in mount option parsing (bnc#1012382). - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() (bnc#1012382). - fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio (bnc#1012382). - fuse: fix blocked_waitq wakeup (bnc#1012382). - fuse: fix leaked notify reply (bnc#1012382). - fuse: Fix use-after-free in fuse_dev_do_read() (bnc#1012382). - fuse: Fix use-after-free in fuse_dev_do_write() (bnc#1012382). - fuse: set FR_SENT while locked (bnc#1012382). - genirq: Fix race on spurious interrupt detection (bnc#1012382). - genwqe: Fix size check (bnc#1012382). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bnc#1012382). - gfs2: Fix loop in gfs2_rbm_find (bnc#1012382). - gfs2_meta: ->mount() can get NULL dev_name (bnc#1012382). - gfs2: Put bitmap buffers in put_super (bnc#1012382). - git_sort.py: Remove non-existent remote tj/libata - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bnc#1012382). - gpio: msic: fix error return code in platform_msic_gpio_probe() (bnc#1012382). - gpu: host1x: fix error return code in host1x_probe() (bnc#1012382). - gro_cell: add napi_disable in gro_cells_destroy (bnc#1012382). - hfs: do not free node before using (bnc#1012382). - hfsplus: do not free node before using (bnc#1012382). - hfsplus: prevent btree data loss on root split (bnc#1012382). - hfs: prevent btree data loss on root split (bnc#1012382). - HID: hiddev: fix potential Spectre v1 (bnc#1012382). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bnc#1012382). - hpwdt add dynamic debugging (bsc#1114417). - hpwdt calculate reload value on each use (bsc#1114417). - hugetlbfs: dirty pages as they are added to pagecache (bnc#1012382). - hugetlbfs: fix bug in pgoff overflow checking (bnc#1012382). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (bnc#1012382). - hwmon: (ibmpowernv) Remove bogus __init annotations (bnc#1012382). - hwmon: (ina2xx) Fix current value calculation (bnc#1012382). - hwmon: (pmbus) Fix page count auto-detection (bnc#1012382). - hwmon: (w83795) temp4_type has writable permission (bnc#1012382). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bnc#1012382). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bnc#1012382). - IB/hfi1: Fix an out-of-bounds access in get_hw_stats (). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (bnc#1012382). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - IB/ucm: Fix Spectre v1 vulnerability (bnc#1012382). - ide: pmac: add of_node_put() (bnc#1012382). - ieee802154: lowpan_header_create check must check daddr (bnc#1012382). - igb: Remove superfluous reset to PHY and page 0 selection (bnc#1012382). - iio: adc: at91: fix acking DRDY irq on simple conversions (bnc#1012382). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bnc#1012382). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bnc#1012382). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bnc#1012382). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bnc#1012382). - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bnc#1012382). - Input: elan_i2c - add ELAN0620 to the ACPI table (bnc#1012382). - Input: elan_i2c - add support for ELAN0621 touchpad (bnc#1012382). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bnc#1012382). - Input: omap-keypad - fix idle configuration to not block SoC idle states (bnc#1012382). - Input: omap-keypad - fix keyboard debounce configuration (bnc#1012382). - Input: restore EV_ABS ABS_RESERVED (bnc#1012382). - Input: xpad - add GPD Win 2 Controller USB IDs (bnc#1012382). - Input: xpad - add Mad Catz FightStick TE 2 VID/PID (bnc#1012382). - Input: xpad - add more third-party controllers (bnc#1012382). - Input: xpad - add PDP device id 0x02a4 (bnc#1012382). - Input: xpad - add product ID for Xbox One S pad (bnc#1012382). - Input: xpad - add support for PDP Xbox One controllers (bnc#1012382). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bnc#1012382). - Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth (bnc#1012382). - Input: xpad - avoid using __set_bit() for capabilities (bnc#1012382). - Input: xpad - constify usb_device_id (bnc#1012382). - Input: xpad - correctly sort vendor id's (bnc#1012382). - Input: xpad - correct xbox one pad device name (bnc#1012382). - Input: xpad - do not depend on endpoint order (bnc#1012382). - Input: xpad - fix GPD Win 2 controller name (bnc#1012382). - Input: xpad - fix PowerA init quirk for some gamepad models (bnc#1012382). - Input: xpad - fix rumble on Xbox One controllers with 2015 firmware (bnc#1012382). - Input: xpad - fix some coding style issues (bnc#1012382). - Input: xpad - fix stuck mode button on Xbox One S pad (bnc#1012382). - Input: xpad - fix Xbox One rumble stopping after 2.5 secs (bnc#1012382). - Input: xpad - handle "present" and "gone" correctly (bnc#1012382). - Input: xpad - move reporting xbox one home button to common function (bnc#1012382). - Input: xpad - power off wireless 360 controllers on suspend (bnc#1012382). - Input: xpad - prevent spurious input from wired Xbox 360 controllers (bnc#1012382). - Input: xpad - quirk all PDP Xbox One gamepads (bnc#1012382). - Input: xpad - remove spurious events of wireless xpad 360 controller (bnc#1012382). - Input: xpad - remove unused function (bnc#1012382). - Input: xpad - restore LED state after device resume (bnc#1012382). - Input: xpad - simplify error condition in init_output (bnc#1012382). - Input: xpad - sort supported devices by USB ID (bnc#1012382). - Input: xpad - support some quirky Xbox One pads (bnc#1012382). - Input: xpad - sync supported devices with 360Controller (bnc#1012382). - Input: xpad - sync supported devices with XBCD (bnc#1012382). - Input: xpad - sync supported devices with xboxdrv (bnc#1012382). - Input: xpad - update Xbox One Force Feedback Support (bnc#1012382). - Input: xpad - use LED API when identifying wireless controllers (bnc#1012382). - Input: xpad - validate USB endpoint type during probe (bnc#1012382). - Input: xpad - workaround dead irq_out after suspend/ resume (bnc#1012382). - Input: xpad - xbox one elite controller support (bnc#1012382). - intel_th: msu: Fix an off-by-one in attribute store (bnc#1012382). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6mr: Fix potential Spectre v1 vulnerability (bnc#1012382). - ipmi: Fix timer race with module unload (bnc#1012382). - ip_tunnel: do not force DF when MTU is locked (bnc#1012382). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (bnc#1012382). - ipv4: Fix potential Spectre v1 vulnerability (bnc#1012382). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286). - ipv6: Check available headroom in ip6_xmit() even without options (bnc#1012382). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (bnc#1012382). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (bnc#1012382). - ipv6: mcast: fix a use-after-free in inet6_mc_check (bnc#1012382). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (bnc#1012382). - ipv6: orphan skbs in reassembly unit (bnc#1012382). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ipv6: suppress sparse warnings in IP6_ECN_set_ce() (bnc#1012382). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bnc#1012382). - iser: set sector for ambiguous mr status errors (bnc#1012382). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bnc#1012382). - iwlwifi: mvm: support sta_statistics() even on older firmware (bnc#1012382). - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105). - ixgbe: Add support for build_skb (bsc#1100105). - ixgbe: Add support for padding packet (bsc#1100105). - ixgbe: Break out Rx buffer page management (bsc#1100105). - ixgbe: Fix output from ixgbe_dump (bsc#1100105). - ixgbe: fix possible race in reset subtask (bsc#1101557). - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105). - ixgbe: Only DMA sync frame length (bsc#1100105). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bnc#1012382). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - ixgbe: Update code to better handle incrementing page count (bsc#1100105). - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105). - ixgbe: Use length to determine if descriptor is done (bsc#1100105). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bnc#1012382). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bnc#1012382). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kABI: protect get_vaddr_frames (kabi). - kABI: protect struct azx (kabi). - kABI: protect struct cfs_bandwidth (kabi). - kABI: protect struct esp (kabi). - kABI: protect struct fuse_io_priv (kabi). - kABI: protect __usb_get_extra_descriptor (kabi). - kABI: protect xen/xen-ops.h include in xlate_mmu.c (kabi). - kabi: revert sig change on pnfs_read_resend_pnfs. - kbuild: Add better clang cross build support (bnc#1012382). - kbuild: Add __cc-option macro (bnc#1012382). - kbuild: Add support to generate LLVM assembly files (bnc#1012382). - kbuild: allow to use GCC toolchain not in Clang search path (bnc#1012382). - kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS (bnc#1012382). - kbuild: clang: Disable 'address-of-packed-member' warning (bnc#1012382). - kbuild: clang: disable unused variable warnings only when constant (bnc#1012382). - kbuild: clang: fix build failures with sparse check (bnc#1012382). - kbuild: clang: remove crufty HOSTCFLAGS (bnc#1012382). - kbuild: Consolidate header generation from ASM offset information (bnc#1012382). - kbuild: consolidate redundant sed script ASM offset generation (bnc#1012382). - kbuild: drop -Wno-unknown-warning-option from clang options (bnc#1012382). - kbuild: fix asm-offset generation to work with clang (bnc#1012382). - kbuild: fix kernel/bounds.c 'W=1' warning (bnc#1012382). - kbuild: fix linker feature test macros when cross compiling with Clang (bnc#1012382). - kbuild, LLVMLinux: Add -Werror to cc-option to support clang (bnc#1012382). - kbuild: move cc-option and cc-disable-warning after incl. arch Makefile (bnc#1012382). - kbuild: Set KBUILD_CFLAGS before incl. arch Makefile (bnc#1012382). - kbuild: set no-integrated-as before incl. arch Makefile (bnc#1012382). - kbuild: suppress packed-not-aligned warning for default setting only (bnc#1012382). - kbuild: use -Oz instead of -Os when using clang (bnc#1012382). - kdb: use memmove instead of overlapping memcpy (bnc#1012382). - kdb: Use strscpy with destination buffer size (bnc#1012382). - kernfs: Replace strncpy with memcpy (bnc#1012382). - KEYS: put keyring if install_session_keyring_to_cred() fails (bnc#1012382). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bnc#1012382). - kgdboc: Fix restrict error (bnc#1012382). - kgdboc: Fix warning with module build (bnc#1012382). - kgdboc: Passing ekgdboc to command line causes panic (bnc#1012382). - kobject: Replace strncpy with memcpy (bnc#1012382). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bnc#1012382). - KVM: arm64: Fix caching of host MDCR_EL2 value (bsc#1121242). - KVM: arm: Restore banked registers and physical timer access on hyp_panic() (bsc#1121240). - KVM: mmu: Fix race in emulated page table writes (bnc#1012382). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: Eliminate vmcs02 pool (bnc#1012382). - KVM: nVMX: mark vmcs12 pages dirty on L2 exit (bnc#1012382). - KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE (bnc#1012382). - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032). - KVM/SVM: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114648). - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032 bsc#1096242 bsc#1096281). - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (bnc#1012382). - KVM/VMX: introduce alloc_loaded_vmcs (bnc#1012382). - KVM/VMX: make MSR bitmaps per-VCPU (bnc#1012382). - KVM/x86: Add IBPB support (bnc#1012382 bsc#1068032 bsc#1068032). - KVM/x86: fix empty-body warnings (bnc#1012382). - KVM/x86: Remove indirect MSR op calls from SPEC_CTRL (bnc#1012382). - KVM/x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bnc#1012382). - lan78xx: Check for supported Wake-on-LAN modes (bnc#1012382). - leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF (bnc#1012382). - leds: leds-gpio: Fix return value check in create_gpio_led() (bnc#1012382). - leds: turn off the LED and wait for completion on unregistering LED class device (bnc#1012382). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bnc#1012382). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libfc: sync strings with upstream versions (bsc#1114763). - lib/interval_tree_test.c: allow full tree search (bnc#1012382). - lib/interval_tree_test.c: allow users to limit scope of endpoint (bnc#1012382). - lib/interval_tree_test.c: make test options module parameters (bnc#1012382). - libnvdimm, {btt, blk}: do integrity setup before add_disk() (bsc#1118926). - libnvdimm, dimm: fix dpa reservation vs uninitialized label area (bsc#1118936). - libnvdimm: fix integer overflow static analysis warning (bsc#1118922). - libnvdimm: fix nvdimm_bus_lock() vs device_lock() ordering (bsc#1118915). - libnvdimm: Hold reference on parent while scheduling async init (bnc#1012382). - lib/raid6: Fix arm64 test build (bnc#1012382). - lib/rbtree_test.c: make input module parameters (bnc#1012382). - lib/rbtree-test: lower default params (bnc#1012382). - llc: do not use sk_eat_skb() (bnc#1012382). - lockd: fix access beyond unterminated strings in prints (bnc#1012382). - locking/lockdep: Fix debug_locks off performance problem (bnc#1012382). - mac80211: Always report TX status (bnc#1012382). - mac80211: Clear beacon_int in ieee80211_do_stop (bnc#1012382). - mac80211: fix reordering of buffered broadcast packets (bnc#1012382). - mac80211_hwsim: do not omit multicast announce of first added radio (bnc#1012382). - mac80211_hwsim: fix module init error paths for netlink (bnc#1012382). - mac80211_hwsim: Timer should be initialized before device registered (bnc#1012382). - mac80211: ignore NullFunc frames in the duplicate detection (bnc#1012382). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bnc#1012382). - mach64: fix display corruption on big endian machines (bnc#1012382). - mach64: fix image corruption due to reading accelerator registers (bnc#1012382). - matroxfb: fix size of memcpy (bnc#1012382). - MD: do not check MD_SB_CHANGE_CLEAN in md_allow_write. - MD: fix invalid stored role for a disk (bnc#1012382). - MD: fix invalid stored role for a disk - try2 (bnc#1012382). - media: dvb-frontends: fix i2c access helpers for KASAN (bnc#1012382). - media: em28xx: fix input name for Terratec AV 350 (bnc#1012382). - media: em28xx: Fix use-after-free when disconnecting (bnc#1012382). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bnc#1012382). - media: em28xx: use a default format if TRY_FMT fails (bnc#1012382). - media: pci: cx23885: handle adding to list failure (bnc#1012382). - media: tvp5150: fix width alignment during set_selection() (bnc#1012382). - media: v4l: event: Add subscription to list before calling "add" operation (bnc#1012382). - media: vivid: free bitmap_cap when updating std/timings/etc (bnc#1012382). - MIPS: Align kernel load address to 64KB (bnc#1012382). - MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression (bnc#1012382). - MIPS: Ensure pmd_present() returns false after pmd_mknotpresent() (bnc#1012382). - MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue (bnc#1012382). - MIPS: fix mips_get_syscall_arg o32 check (bnc#1012382). - MIPS: Handle non word sized instructions when examining frame (bnc#1012382). - MIPS: kexec: Mark CPU offline before disabling local IRQ (bnc#1012382). - MIPS: Loongson-3: Fix BRIDGE irq delivery problem (bnc#1012382). - MIPS: Loongson-3: Fix CPU UART irq delivery problem (bnc#1012382). - MIPS: microMIPS: Fix decoding of swsp16 instruction (bnc#1012382). - MIPS: OCTEON: fix out of bounds array access on CN68XX (bnc#1012382). - MIPS: ralink: Fix mt7620 nd_sd pinmux (bnc#1012382). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bnc#1012382). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bnc#1012382). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bnc#1012382). - mm: cleancache: fix corruption on missed inode invalidation (bnc#1012382). - mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bnc#1012382). - mmc: omap_hsmmc: fix DMA API warning (bnc#1012382). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bnc#1012382). - mm, devm_memremap_pages: kill mapping "System RAM" support (bnc#1012382). - mm: do not bug_on on incorrect length in __mm_populate() (bnc#1012382). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm, elf: handle vm_brk error (bnc#1012382). - mm, hugetlb: fix huge_pte_alloc BUG_ON (bsc#1119204). - mm: hwpoison: call shake_page() after try_to_unmap() for mlocked page (bnc#1116336). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1012382). - mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT) (bnc#1012382). - mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages() (bnc#1012382). - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1118790). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: refuse wrapped vm_brk requests (bnc#1012382). - mm: remove write/force parameters from __get_user_pages_locked() (bnc#1012382 bsc#1027260). - mm: remove write/force parameters from __get_user_pages_unlocked() (bnc#1012382 bsc#1027260). - mm: replace __access_remote_vm() write parameter with gup_flags (bnc#1012382). - mm: replace access_remote_vm() write parameter with gup_flags (bnc#1012382). - mm: replace get_user_pages_locked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_user_pages_unlocked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_user_pages() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_vaddr_frames() write/force parameters with gup_flags (bnc#1012382). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - modules: mark __inittest/__exittest as __maybe_unused (bnc#1012382). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bnc#1012382). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bnc#1012382). - mount: Retest MNT_LOCKED in do_umount (bnc#1012382). - Move usb-audio UAF fix into sorted section - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bnc#1012382). - mtd: spi-nor: Add support for is25wp series chips (bnc#1012382). - mv88e6060: disable hardware level MAC learning (bnc#1012382). - mwifiex: Fix NULL pointer dereference in skb_dequeue() (bnc#1012382). - mwifiex: fix p2p device does not find in scan problem (bnc#1012382). - namei: allow restricted O_CREAT of FIFOs and regular files (bnc#1012382). - neighbour: Avoid writing before skb->head in neigh_hh_output() (bnc#1012382). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (bnc#1012382). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114475, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114475, LTC#172679). - net: amd: add missing of_node_put() (bnc#1012382). - net: bcmgenet: fix OF child-node lookup (bnc#1012382). - net: bridge: remove ipv6 zero address check in mcast queries (bnc#1012382). - net: cxgb3_main: fix a missing-check bug (bnc#1012382). - net: drop skb on failure in ip_check_defrag() (bnc#1012382). - net: drop write-only stack variable (bnc#1012382). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1117562). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1117562). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1117562). - net: ena: complete host info to match latest ENA spec (bsc#1117562). - net: ena: enable Low Latency Queues (bsc#1117562). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1117562). - net: ena: fix auto casting to boolean (bsc#1117562). - net: ena: fix compilation error in xtensa architecture (bsc#1117562). - net: ena: fix crash during ena_remove() (bsc#1108240). - net: ena: fix crash during failed resume from hibernation (bsc#1117562). - net: ena: fix indentations in ena_defs for better readability (bsc#1117562). - net: ena: Fix Kconfig dependency on X86 (bsc#1117562). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1117562). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1117562). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1117562). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1117562). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1117562). - net: ena: minor performance improvement (bsc#1117562). - net: ena: remove ndo_poll_controller (bsc#1117562). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1117562). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1108240). - net: ena: update driver version to 2.0.1 (bsc#1117562). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1117562). - net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts (bnc#1012382). - netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net (bnc#1012382). - netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() (bnc#1012382). - netfilter: nf_tables: fix oops when inserting an element into a verdict map (bnc#1012382). - netfilter: xt_IDLETIMER: add sysfs filename checking routine (bnc#1012382). - net-gro: reset skb->pkt_type in napi_reuse_skb() (bnc#1012382). - net: hisilicon: remove unexpected free_netdev (bnc#1012382). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net/ipv4: defensive cipso option parsing (bnc#1012382). - net/ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (bnc#1012382). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1015336 bsc#1015337 bsc#1015340). - net/mlx4_core: Fix uninitialized variable compilation warning (bnc#1012382). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bnc#1012382). - net/mlx4: Fix UBSAN warning of signed integer overflow (bnc#1012382). - net: phy: do not allow __set_phy_supported to add unsupported modes (bnc#1012382). - net: Prevent invalid access to skb->prev in __qdisc_drop_all (bnc#1012382). - net: qla3xxx: Remove overflowing shift statement (bnc#1012382). - netrom: fix locking in nr_find_socket() (bnc#1012382). - net: sched: gred: pass the right attribute to gred_change_table_def() (bnc#1012382). - net: socket: fix a missing-check bug (bnc#1012382). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (bnc#1012382). - net: thunderx: fix NULL pointer dereference in nic_remove (bnc#1012382). - new helper: uaccess_kernel() (bnc#1012382). - NFC: nfcmrvl_uart: fix OF child-node lookup (bnc#1012382). - nfit: skip region registration for incomplete control regions (bsc#1118930). - nfsd: Fix an Oops in free_session() (bnc#1012382). - NFS: Ensure we commit after writeback is complete (bsc#1111809). - NFSv4.1: Fix the r/wsize checking (bnc#1012382). - NFSv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING. - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bnc#1012382). - ocfs2: fix deadlock caused by ocfs2_defrag_extent() (bnc#1012382). - ocfs2: fix potential use after free (bnc#1012382). - of: add helper to lookup compatible child node (bnc#1012382). - packet: validate address length (bnc#1012382). - packet: validate address length if non-zero (bnc#1012382). - parisc: Fix address in HPMC IVA (bnc#1012382). - parisc: Fix map_pages() to not overwrite existing pte entries (bnc#1012382). - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk (bnc#1012382). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1109806). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1106105). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bnc#1012382). - perf/bpf: Convert perf_event_array to use struct file (bsc#1119967). - perf/core: Do not leak event in the syscall error path (bnc#1012382). - perf pmu: Suppress potential format-truncation warning (bnc#1012382). - perf/ring_buffer: Prevent concurent ring buffer access (bnc#1012382). - perf tools: Cleanup trace-event-info 'tdata' leak (bnc#1012382). - perf tools: Disable parallelism for 'make clean' (bnc#1012382). - perf tools: Free temporary 'sys' string in read_event_files() (bnc#1012382). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bnc#1012382). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bnc#1012382). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bnc#1012382). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bnc#1012382). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bnc#1012382). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bnc#1012382). - PM / devfreq: tegra: fix error return code in tegra_devfreq_probe() (bnc#1012382). - pNFS: Fix a deadlock between read resends and layoutreturn. - pNFS/flexfiles: Fix up the ff_layout_write_pagelist failure path. - pNFS/flexfiles: When checking for available DSes, conditionally check for MDS io. - pnfs: set NFS_IOHDR_REDO in pnfs_read_resend_pnfs. - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/boot: Ensure _zimage_start is a weak symbol (bnc#1012382). - powerpc/boot: Fix random libfdt related build errors (bnc#1012382). - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805). - powerpc: Fix COFF zImage booting on old powermacs (bnc#1012382). - powerpc/mm/radix: Use mm->task_size for boundary checking instead of addr_limit (bsc#1027457). - powerpc/msi: Fix compile error on mpc83xx (bnc#1012382). - powerpc/msi: Fix NULL pointer access in teardown code (bnc#1012382). - powerpc/nohash: fix undefined behaviour when testing page size support (bnc#1012382). - powerpc/numa: Suppress "VPHN is not supported" messages (bnc#1012382). - powerpc/powernv: Do not select the cpufreq governors (bsc#1066223). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1066223). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1066223). - powerpc/pseries: Fix DTL buffer registration (bsc#1066223). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1066223). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: olpc_battery: correct the temperature units (bnc#1012382). - printk: Fix panic caused by passing log_buf_len to command line (bnc#1012382). - Provide a temporary fix for STIBP on-by-default (bsc#1116497). - pstore: Convert console write to use ->write_buf (bnc#1012382). - ptp: fix Spectre v1 vulnerability (bnc#1012382). - pxa168fb: prepare the clock (bnc#1012382). - qed: Fix bitmap_weight() check (bsc#1019695). - qed: Fix PTT leak in qed_drain() (bnc#1012382). - qed: Fix QM getters to always return a valid pq (bsc#1019695 ). - qed: Fix reading wrong value in loop condition (bnc#1012382). - r8152: Check for supported Wake-on-LAN Modes (bnc#1012382). - r8169: fix NAPI handling under high load (bnc#1012382). - rapidio/rionet: do not free skb before reading its length (bnc#1012382). - RDMA/ucma: Fix Spectre v1 vulnerability (bnc#1012382). - reiserfs: propagate errors from fill_with_dentries() properly (bnc#1012382). - Reorder a few commits in kGraft out of tree section - Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV" (bnc#1012382). - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" (bsc#1106929) - Revert "exec: avoid gcc-8 warning for get_task_comm" (kabi). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "media: v4l: event: Add subscription to list before calling "add" operation" (kabi). - Revert "media: videobuf2-core: do not call memop 'finish' when queueing" (bnc#1012382). - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1106105). - Revert "usb: musb: musb_host: Enable HCD_BH flag to handle urb return in bottom half" (bsc#1047487). - Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()" (bnc#1012382). - Revert "x86/kconfig: Fall back to ticket spinlocks" (kabi). - rocker: fix rocker_tlv_put_* functions for KASAN (bnc#1012382). - rpcrdma: Add RPCRDMA_HDRLEN_ERR. - rpm/kernel-binary.spec.in: Add missing export BRP_SIGN_FILES (bsc#1115587). - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1042286 bsc#1108145). - rtc: hctosys: Add missing range error reporting (bnc#1012382). - rtc: snvs: add a missing write sync (bnc#1012382). - rtc: snvs: Add timeouts to avoid kernel lockups (bnc#1012382). - rtnetlink: Disallow FDB configuration for non-Ethernet device (bnc#1012382). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (bnc#1012382). - s390/cpum_cf: Reject request for sampling in event initialization (bnc#1012382). - s390/mm: Check for valid vma before zapping in gmap_discard (bnc#1012382). - s390/mm: Fix ERROR: "__node_distance" undefined! (bnc#1012382). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114475, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1114475, LTC#172953). - s390/qeth: fix length check in SNMP processing (bnc#1012382). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114475, LTC#172682). - s390/vdso: add missing FORCE to build targets (bnc#1012382). - sbus: char: add of_node_put() (bnc#1012382). - sc16is7xx: Fix for multi-channel stall (bnc#1012382). - sched/cgroup: Fix cgroup entity load tracking tear-down (bnc#1012382). - sched/fair: Fix throttle_list starvation with low CFS quota (bnc#1012382). - sch_red: update backlog as well (bnc#1012382). - scsi: aacraid: Fix typo in blink status (bnc#1012382). - scsi: bfa: convert to strlcpy/strlcat (bnc#1012382 bsc#1019683, ). - scsi: bnx2fc: Fix NULL dereference in error handling (bnc#1012382). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: Create two versions of scsi_internal_device_unblock() (bsc#1119877). - scsi: csiostor: Avoid content leaks and casts (bnc#1012382). - scsi: esp_scsi: Track residual for PIO transfers (bnc#1012382). - scsi: Introduce scsi_start_queue() (bsc#1119877). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1103624, bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (bnc#1012382). - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (bsc#1102660). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bnc#1012382). - scsi: lpfc: devloss timeout race condition caused null pointer reference (bsc#1102660). - scsi: lpfc: Fix abort error path for NVMET (bsc#1102660). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix driver crash when re-registering NVME rports (bsc#1102660). - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102660). - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102660). - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102660). - scsi: lpfc: Fix panic if driver unloaded when port is offline (bsc#1102660). - scsi: lpfc: update driver version to 11.4.0.7-5 (bsc#1102660). - scsi: Make __scsi_remove_device go straight from BLOCKED to DEL (bsc#1119877). - scsi: megaraid_sas: fix a missing-check bug (bnc#1012382). - scsi: Protect SCSI device state changes with a mutex (bsc#1119877). - scsi: qedi: Add ISCSI_BOOT_SYSFS to Kconfig (bsc#1043083). - scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure (bsc#1094973). - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters (bnc#1012382). - scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure (bsc#1094973). - scsi: Re-export scsi_internal_device_{,un}_block() (bsc#1119877). - scsi: Split scsi_internal_device_block() (bsc#1119877). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: ufs: fix bugs related to null pointer access and array size (bnc#1012382). - scsi: ufs: fix race between clock gating and devfreq scaling work (bnc#1012382). - scsi: ufshcd: Fix race between clk scaling and ungate work (bnc#1012382). - scsi: ufshcd: release resources if probe fails (bnc#1012382). - scsi: use 'inquiry_mutex' instead of 'state_mutex' (bsc#1119877). - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload (bnc#1012382). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bnc#1012382). - sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer (bnc#1012382). - sctp: fix race on sctp_id2asoc (bnc#1012382). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (bnc#1012382). - selftests: ftrace: Add synthetic event syntax testcase (bnc#1012382). - selftests: Move networking/timestamping from Documentation (bnc#1012382). - seq_file: fix incomplete reset on read from zero offset. - ser_gigaset: use container_of() instead of detour (bnc#1012382). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (bnc#1012382). - signal/GenWQE: Fix sending of SIGKILL (bnc#1012382). - smb3: allow stats which track session and share reconnects to be reset (bnc#1012382). - smb3: do not attempt cifs operation in smb3 query info error path (bnc#1012382). - smb3: on kerberos mount if server does not specify auth type use krb5 (bnc#1012382). - smsc75xx: Check for Wake-on-LAN modes (bnc#1012382). - smsc95xx: Check for Wake-on-LAN modes (bnc#1012382). - sock: Make sock->sk_stamp thread-safe (bnc#1012382). - soc/tegra: pmc: Fix child-node lookup (bnc#1012382). - sparc64: Fix exception handling in UltraSPARC-III memcpy (bnc#1012382). - sparc64 mm: Fix more TSB sizing issues (bnc#1012382). - sparc: Fix single-pcr perf event counter management (bnc#1012382). - sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata (bnc#1012382). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bnc#1012382). - spi: bcm2835: Fix book-keeping of DMA termination (bnc#1012382). - spi: bcm2835: Fix race on DMA termination (bnc#1012382). - spi: bcm2835: Unbreak the build of esoteric configs (bnc#1012382). - spi/bcm63xx: fix error return code in bcm63xx_spi_probe() (bnc#1012382). - spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe() (bnc#1012382). - spi: xlp: fix error return code in xlp_spi_probe() (bnc#1012382). - sr9800: Check for supported Wake-on-LAN modes (bnc#1012382). - sr: pass down correctly sized SCSI sense buffer (bnc#1012382). - Staging: lustre: remove two build warnings (bnc#1012382). - staging: rts5208: fix gcc-8 logic error warning (bnc#1012382). - staging: speakup: Replace strncpy with memcpy (bnc#1012382). - sunrpc: correct the computation for page_ptr when truncating (bnc#1012382). - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() (bnc#1012382). - SUNRPC: Fix a bogus get/put in generic_key_to_expire() (bnc#1012382). - SUNRPC: Fix a potential race in xprt_connect(). - SUNRPC: fix cache_head leak due to queued request (bnc#1012382). - SUNRPC: Fix leak of krb5p encode pages (bnc#1012382). - svcrdma: Remove unused variable in rdma_copy_tail(). - swim: fix cleanup on setup error (bnc#1012382). - swiotlb: clean up reporting (bnc#1012382). - sysv: return 'err' instead of 0 in __sysv_write_inode (bnc#1012382). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: fix NULL ref in tail loss probe (bnc#1012382). - TC: Set DMA masks for devices (bnc#1012382). - termios, tty/tty_baudrate.c: fix buffer overrun (bnc#1012382). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (bnc#1012382). - thermal: allow spear-thermal driver to be a module (bnc#1012382). - thermal: allow u8500-thermal driver to be a module (bnc#1012382). - timer/debug: Change /proc/timer_list from 0444 to 0400 (bnc#1012382). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bnc#1012382). - tpm: fix response size validation in tpm_get_random() (bsc#1020645). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bnc#1012382). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix memory leak in set_trigger_filter() (bnc#1012382). - tracing: Fix memory leak of instance function hash filters (bnc#1012382). - tracing: Skip more functions when doing stack tracing of events (bnc#1012382). - tty: check name length in tty_find_polling_driver() (bnc#1012382). - tty: serial: 8250_mtk: always resume the device in probe (bnc#1012382). - tty: serial: sprd: fix error return code in sprd_probe() (bnc#1012382). - tty: wipe buffer (bnc#1012382). - tty: wipe buffer if not echoing data (bnc#1012382). - tun: Consistently configure generic netdev params via rtnetlink (bnc#1012382). - tun: forbid iface creation with rtnl ops (bnc#1012382). - uio: ensure class is registered before devices (bnc#1012382). - uio: Fix an Oops on load (bnc#1012382). - uio: make symbol 'uio_class_registered' static. - um: Avoid longjmp/setjmp symbol clashes with libpthread.a (bnc#1012382). - um: Give start_idle_thread() a return code (bnc#1012382). - unifdef: use memcpy instead of strncpy (bnc#1012382). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bnc#1012382). - usb: appledisplay: Add 27" Apple Cinema Display (bnc#1012382). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bnc#1012382). - usb: check usb_get_extra_descriptor for proper size (bnc#1012382). - usb: chipidea: Prevent unbalanced IRQ disable (bnc#1012382). - usb: core: Fix hub port connection events lost (bnc#1012382). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bnc#1012382). - usb: dwc3: omap: fix error return code in dwc3_omap_probe() (bnc#1012382). - usb: ehci-omap: fix error return code in ehci_hcd_omap_probe() (bnc#1012382). - usb: fix the usbfs flag sanitization for control transfers (bnc#1012382). - usb: gadget: dummy: fix nonsensical comparisons (bnc#1012382). - usb: gadget: storage: Fix Spectre v1 vulnerability (bnc#1012382). - usb: imx21-hcd: fix error return code in imx21_probe() (bnc#1012382). - usb: misc: appledisplay: add 20" Apple Cinema Display (bnc#1012382). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (bnc#1012382). - usb: omap_udc: fix crashes on probe error and module removal (bnc#1012382). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bnc#1012382). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bnc#1012382). - usb: omap_udc: use devm_request_irq() (bnc#1012382). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bnc#1012382). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bnc#1012382). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bnc#1012382). - usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() (bnc#1012382). - usb: serial: option: add Fibocom NL678 series (bnc#1012382). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bnc#1012382). - usb: serial: option: add HP lt4132 (bnc#1012382). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bnc#1012382). - usb: serial: option: add Telit LN940 series (bnc#1012382). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bnc#1012382). - usb-storage: fix bogus hardware error messages for ATA pass-thru devices (bnc#1012382). - usb: usb-storage: Add new IDs to ums-realtek (bnc#1012382). - usb: xhci: fix timeout for transition from RExit to U0 (bnc#1012382). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bnc#1012382). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bnc#1012382). - v9fs_dir_readdir: fix double-free on p9stat_read error (bnc#1012382). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vhost: Fix Spectre V1 vulnerability (bnc#1012382). - vhost: make sure used idx is seen before log in vhost_add_used_n() (bnc#1012382). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bnc#1012382). - video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe() (bnc#1012382). - virtio/s390: avoid race on vcdev->config (bnc#1012382). - virtio/s390: fix race in ccw_io_helper() (bnc#1012382). - VSOCK: Send reset control packet when socket is partially bound (bnc#1012382). - vti6: flush x-netns xfrm cache when vti interface is removed (bnc#1012382). - w1: omap-hdq: fix missing bus unregister at removal (bnc#1012382). - x86: boot: Fix EFI stub alignment (bnc#1012382). - x86/boot: #undef memcpy() et al in string.c (bnc#1012382). - x86/build: Fix stack alignment for CLang (bnc#1012382). - x86/build: Specify stack alignment for clang (bnc#1012382). - x86/build: Use __cc-option for boot code compiler options (bnc#1012382). - x86/build: Use cc-option to validate stack alignment parameter (bnc#1012382). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bnc#1012382). - x86/earlyprintk/efi: Fix infinite loop on some screen widths (bnc#1012382). - x86/entry: spell EBX register correctly in documentation (bnc#1012382). - x86/kbuild: Use cc-option to enable -falign-{jumps/loops} (bnc#1012382). - x86/kconfig: Fall back to ticket spinlocks (bnc#1012382). - x86/MCE: Export memory_error() (bsc#1114648). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114648). - x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang incompatibility (bnc#1012382). - x86/mm/pat: Prevent hang during boot when mapping pages (bnc#1012382). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bnc#1012382). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP (bnc#1012382). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1012382). - xen: fix xen_qlock_wait() (bnc#1012382). - xen: make xen_qlock_wait() nestable (bnc#1012382). - xen/netback: dont overflow meta array (bnc#1099523). - xen/netfront: tolerate frags with no data (bnc#1012382). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1012382). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xen: xlate_mmu: add missing header to fix 'W=1' warning (bnc#1012382). - xfrm6: call kfree_skb when skb is toobig (bnc#1012382). - xfrm: Clear sk_dst_cache when applying per-socket policy (bnc#1012382). - xfrm: Fix bucket count reported to userspace (bnc#1012382). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfrm: Validate address prefix lengths in the xfrm selector (bnc#1012382). - xfrm: validate template mode (bnc#1012382). - xfs: Align compat attrlist_by_handle with native implementation. - xfs/dmapi: restore event in xfs_getbmap (bsc#1114763). - xfs: Fix error code in 'xfs_ioc_getbmap()'. - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bnc#1012382). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bnc#1012382). - xprtrdma: checking for NULL instead of IS_ERR(). - xprtrdma: Disable pad optimization by default. - xprtrdma: Disable RPC/RDMA backchannel debugging messages. - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock). - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps. - xprtrdma: Fix Read chunk padding. - xprtrdma: Fix receive buffer accounting. - xprtrdma: Reset credit grant properly after a disconnect. - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len. - xprtrdma: Serialize credit accounting again. - xprtrdma: xprt_rdma_free() must not release backchannel reqs. - xtensa: add NOTES section to the linker script (bnc#1012382). - xtensa: enable coprocessors that are being flushed (bnc#1012382). - xtensa: fix boot parameters address translation (bnc#1012382). - xtensa: fix coprocessor context offset definitions (bnc#1012382). - xtensa: make sure bFLT stack is 16 byte aligned (bnc#1012382). - zram: close udev startup race condition as default groups (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-148=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-azure-4.4.170-4.22.1 kernel-source-azure-4.4.170-4.22.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): kernel-azure-4.4.170-4.22.1 kernel-azure-base-4.4.170-4.22.1 kernel-azure-base-debuginfo-4.4.170-4.22.1 kernel-azure-debuginfo-4.4.170-4.22.1 kernel-azure-debugsource-4.4.170-4.22.1 kernel-azure-devel-4.4.170-4.22.1 kernel-syms-azure-4.4.170-4.22.1 References: https://www.suse.com/security/cve/CVE-2017-16939.html https://www.suse.com/security/cve/CVE-2018-1120.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1015336 https://bugzilla.suse.com/1015337 https://bugzilla.suse.com/1015340 https://bugzilla.suse.com/1019683 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1027260 https://bugzilla.suse.com/1027457 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1043083 https://bugzilla.suse.com/1046264 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1048916 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1069702 https://bugzilla.suse.com/1070805 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1093158 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094973 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1099523 https://bugzilla.suse.com/1100105 https://bugzilla.suse.com/1101557 https://bugzilla.suse.com/1102439 https://bugzilla.suse.com/1102660 https://bugzilla.suse.com/1103156 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1103624 https://bugzilla.suse.com/1104098 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1105412 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1108145 https://bugzilla.suse.com/1108240 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1110286 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1112246 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1114190 https://bugzilla.suse.com/1114417 https://bugzilla.suse.com/1114475 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114763 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115587 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1116027 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116285 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116345 https://bugzilla.suse.com/1116497 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1116924 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117562 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118316 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118790 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118915 https://bugzilla.suse.com/1118922 https://bugzilla.suse.com/1118926 https://bugzilla.suse.com/1118930 https://bugzilla.suse.com/1118936 https://bugzilla.suse.com/1119204 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119877 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119967 https://bugzilla.suse.com/1119970 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1121239 https://bugzilla.suse.com/1121240 https://bugzilla.suse.com/1121241 https://bugzilla.suse.com/1121242 https://bugzilla.suse.com/1121275 https://bugzilla.suse.com/1121621 From sle-updates at lists.suse.com Wed Jan 23 17:07:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 01:07:31 +0100 (CET) Subject: SUSE-SU-2019:0144-1: important: Security update for ghostscript Message-ID: <20190124000731.9438EFFD6@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0144-1 Rating: important References: #1122319 Cross-References: CVE-2019-6116 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript to version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-144=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-144=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-144=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-144=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-144=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-144=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-144=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-144=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-144=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-144=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-144=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-144=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-144=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): ghostscript-9.26a-23.19.1 ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-x11-9.26a-23.19.1 ghostscript-x11-debuginfo-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre1-0.2.7-12.6.1 libspectre1-debuginfo-0.2.7-12.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-devel-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre-devel-0.2.7-12.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-devel-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre-devel-0.2.7-12.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ghostscript-9.26a-23.19.1 ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-x11-9.26a-23.19.1 ghostscript-x11-debuginfo-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre1-0.2.7-12.6.1 libspectre1-debuginfo-0.2.7-12.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ghostscript-9.26a-23.19.1 ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-x11-9.26a-23.19.1 ghostscript-x11-debuginfo-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre1-0.2.7-12.6.1 libspectre1-debuginfo-0.2.7-12.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-9.26a-23.19.1 ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-x11-9.26a-23.19.1 ghostscript-x11-debuginfo-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre1-0.2.7-12.6.1 libspectre1-debuginfo-0.2.7-12.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ghostscript-9.26a-23.19.1 ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-x11-9.26a-23.19.1 ghostscript-x11-debuginfo-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre1-0.2.7-12.6.1 libspectre1-debuginfo-0.2.7-12.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ghostscript-9.26a-23.19.1 ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-x11-9.26a-23.19.1 ghostscript-x11-debuginfo-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre1-0.2.7-12.6.1 libspectre1-debuginfo-0.2.7-12.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ghostscript-9.26a-23.19.1 ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-x11-9.26a-23.19.1 ghostscript-x11-debuginfo-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre1-0.2.7-12.6.1 libspectre1-debuginfo-0.2.7-12.6.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ghostscript-9.26a-23.19.1 ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-x11-9.26a-23.19.1 ghostscript-x11-debuginfo-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre1-0.2.7-12.6.1 libspectre1-debuginfo-0.2.7-12.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ghostscript-9.26a-23.19.1 ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-x11-9.26a-23.19.1 ghostscript-x11-debuginfo-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre1-0.2.7-12.6.1 libspectre1-debuginfo-0.2.7-12.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ghostscript-9.26a-23.19.1 ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-x11-9.26a-23.19.1 ghostscript-x11-debuginfo-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre1-0.2.7-12.6.1 libspectre1-debuginfo-0.2.7-12.6.1 - SUSE Enterprise Storage 4 (x86_64): ghostscript-9.26a-23.19.1 ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-x11-9.26a-23.19.1 ghostscript-x11-debuginfo-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre1-0.2.7-12.6.1 libspectre1-debuginfo-0.2.7-12.6.1 References: https://www.suse.com/security/cve/CVE-2019-6116.html https://bugzilla.suse.com/1122319 From sle-updates at lists.suse.com Wed Jan 23 17:08:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 01:08:09 +0100 (CET) Subject: SUSE-RU-2019:0151-1: moderate: Recommended update for apparmor Message-ID: <20190124000809.F3C58FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0151-1 Rating: moderate References: #1082956 #1097370 #1100779 #1111342 #1117354 #1119937 #1120472 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for apparmor fixes the following issues: - Change of path of rpm in lessopen.sh (bsc#1082956, bsc#1117354) - allow network access in lessopen.sh for reading files on NFS (workaround for bsc#1119937 / lp#1784499) - dropped check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (bsc#1120472) - netconfig: write resolv.conf to /run with link to /etc (fate#325872, bsc#1097370) [patch apparmor-nameservice-resolv-conf-link.patch] Update to AppArmor 2.12.2: - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (bsc#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.2 for the detailed upstream changelog Update to AppArmor 2.12.1: - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - add support for conditional includes ("include if exists") - ignore "abi" rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including bsc#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.1 for detailed upstream release notes Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-151=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-151=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-151=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.12.2-7.9.1 apache2-mod_apparmor-debuginfo-2.12.2-7.9.1 apparmor-debugsource-2.12.2-7.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.12.2-7.9.1 ruby-apparmor-2.12.2-7.9.1 ruby-apparmor-debuginfo-2.12.2-7.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.12.2-7.9.1 apparmor-parser-2.12.2-7.9.1 apparmor-parser-debuginfo-2.12.2-7.9.1 libapparmor-debugsource-2.12.2-7.9.1 libapparmor-devel-2.12.2-7.9.1 libapparmor1-2.12.2-7.9.1 libapparmor1-debuginfo-2.12.2-7.9.1 pam_apparmor-2.12.2-7.9.1 pam_apparmor-debuginfo-2.12.2-7.9.1 perl-apparmor-2.12.2-7.9.1 perl-apparmor-debuginfo-2.12.2-7.9.1 python3-apparmor-2.12.2-7.9.1 python3-apparmor-debuginfo-2.12.2-7.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libapparmor1-32bit-2.12.2-7.9.1 libapparmor1-32bit-debuginfo-2.12.2-7.9.1 pam_apparmor-32bit-2.12.2-7.9.1 pam_apparmor-32bit-debuginfo-2.12.2-7.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): apparmor-abstractions-2.12.2-7.9.1 apparmor-docs-2.12.2-7.9.1 apparmor-parser-lang-2.12.2-7.9.1 apparmor-profiles-2.12.2-7.9.1 apparmor-utils-2.12.2-7.9.1 apparmor-utils-lang-2.12.2-7.9.1 References: https://bugzilla.suse.com/1082956 https://bugzilla.suse.com/1097370 https://bugzilla.suse.com/1100779 https://bugzilla.suse.com/1111342 https://bugzilla.suse.com/1117354 https://bugzilla.suse.com/1119937 https://bugzilla.suse.com/1120472 From sle-updates at lists.suse.com Thu Jan 24 07:09:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 15:09:14 +0100 (CET) Subject: SUSE-SU-2019:0152-1: Security update for rubygem-activejob-4_2 Message-ID: <20190124140914.4C5F0FCD8@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activejob-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0152-1 Rating: low References: #1117632 Cross-References: CVE-2018-16476 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activejob-4_2 fixes the following issues: Security issue fixed: - CVE-2018-16476: Fixed broken access control vulnerability (bsc#1117632). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-152=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-152=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-152=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-activejob-4_2-4.2.9-3.6.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-activejob-4_2-4.2.9-3.6.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): ruby2.1-rubygem-activejob-4_2-4.2.9-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-16476.html https://bugzilla.suse.com/1117632 From sle-updates at lists.suse.com Thu Jan 24 10:09:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 18:09:13 +0100 (CET) Subject: SUSE-RU-2019:0158-1: moderate: Recommended update for hwinfo Message-ID: <20190124170913.84A57FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0158-1 Rating: moderate References: #1018271 #1084700 #1107196 #1117982 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for hwinfo provides the following fixes: - Adjust system type detection. (bsc#1117982) - Update PCI and USB IDs. (fate#326431) - Make hwinfo aware of RISC-V. - Fix ID of s-par storage controller. (bsc#1107196) - Add network interfaces found on mdio bus. (bsc#1018271) - The location of the S-Par drivers virtual buses has changed. (bsc#1107196) - Ensure udev device links are unique. (bsc#1084700) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-158=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): hwinfo-21.63-3.6.1 hwinfo-debuginfo-21.63-3.6.1 hwinfo-debugsource-21.63-3.6.1 hwinfo-devel-21.63-3.6.1 hwinfo-devel-debuginfo-21.63-3.6.1 References: https://bugzilla.suse.com/1018271 https://bugzilla.suse.com/1084700 https://bugzilla.suse.com/1107196 https://bugzilla.suse.com/1117982 From sle-updates at lists.suse.com Thu Jan 24 10:10:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 18:10:22 +0100 (CET) Subject: SUSE-RU-2019:0159-1: moderate: Recommended update for hwinfo Message-ID: <20190124171022.3B90AFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0159-1 Rating: moderate References: #1117982 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hwinfo provides the following fix: - Adjust system type detection. (bsc#1117982) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-159=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-159=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-159=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-159=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-159=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-159=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): hwinfo-debuginfo-21.63-2.17.1 hwinfo-debugsource-21.63-2.17.1 hwinfo-devel-21.63-2.17.1 hwinfo-devel-debuginfo-21.63-2.17.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): hwinfo-debuginfo-21.63-2.17.1 hwinfo-debugsource-21.63-2.17.1 hwinfo-devel-21.63-2.17.1 hwinfo-devel-debuginfo-21.63-2.17.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): hwinfo-21.63-2.17.1 hwinfo-debuginfo-21.63-2.17.1 hwinfo-debugsource-21.63-2.17.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): hwinfo-21.63-2.17.1 hwinfo-debuginfo-21.63-2.17.1 hwinfo-debugsource-21.63-2.17.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): hwinfo-21.63-2.17.1 hwinfo-debuginfo-21.63-2.17.1 hwinfo-debugsource-21.63-2.17.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): hwinfo-21.63-2.17.1 hwinfo-debuginfo-21.63-2.17.1 hwinfo-debugsource-21.63-2.17.1 References: https://bugzilla.suse.com/1117982 From sle-updates at lists.suse.com Thu Jan 24 10:10:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 18:10:59 +0100 (CET) Subject: SUSE-RU-2019:0157-1: moderate: Recommended update for python-pyOpenSSL Message-ID: <20190124171059.D0498FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pyOpenSSL ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0157-1 Rating: moderate References: #1052927 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-pyOpenSSL provides the following fix: - Add python-setuptools as a requirement. (bsc#1052927) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-157=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-157=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-157=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-157=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): python-pyOpenSSL-16.0.0-4.17.1 python3-pyOpenSSL-16.0.0-4.17.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-pyOpenSSL-16.0.0-4.17.1 python3-pyOpenSSL-16.0.0-4.17.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): python-pyOpenSSL-16.0.0-4.17.1 python3-pyOpenSSL-16.0.0-4.17.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): python-pyOpenSSL-16.0.0-4.17.1 - SUSE CaaS Platform 3.0 (noarch): python-pyOpenSSL-16.0.0-4.17.1 References: https://bugzilla.suse.com/1052927 From sle-updates at lists.suse.com Thu Jan 24 10:11:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 18:11:37 +0100 (CET) Subject: SUSE-RU-2019:0155-1: moderate: Recommended update for csync Message-ID: <20190124171137.8168BFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for csync ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0155-1 Rating: moderate References: #1113889 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for csync fixes the following issues: - Fix a compile error on Leap 15.1 (bsc#1113889) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-155=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-155=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): csync-0.50.0-3.3.1 csync-debuginfo-0.50.0-3.3.1 csync-debugsource-0.50.0-3.3.1 libcsync-plugin-sftp-0.50.0-3.3.1 libcsync-plugin-sftp-debuginfo-0.50.0-3.3.1 libcsync-plugin-smb-0.50.0-3.3.1 libcsync-plugin-smb-debuginfo-0.50.0-3.3.1 libcsync0-0.50.0-3.3.1 libcsync0-debuginfo-0.50.0-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): csync-debuginfo-0.50.0-3.3.1 csync-debugsource-0.50.0-3.3.1 libcsync-devel-0.50.0-3.3.1 libcsync-devel-doc-0.50.0-3.3.1 libcsync-doc-0.50.0-3.3.1 libcsync-plugin-owncloud-0.50.0-3.3.1 libcsync-plugin-owncloud-debuginfo-0.50.0-3.3.1 References: https://bugzilla.suse.com/1113889 From sle-updates at lists.suse.com Thu Jan 24 10:12:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 18:12:20 +0100 (CET) Subject: SUSE-RU-2019:0161-1: moderate: Recommended update for ibus, gnome-shell, gjs Message-ID: <20190124171220.7538AFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for ibus, gnome-shell, gjs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0161-1 Rating: moderate References: #1093541 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ibus, gnome-shell and gjs provides the following fix: - Fix some problems that were causing memory leaks in gnome-shell. (bsc#1093541) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-161=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-161=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-161=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-161=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-161=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-161=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-161=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-161=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): gjs-1.45.4-7.3.1 gjs-debuginfo-1.45.4-7.3.1 gjs-debugsource-1.45.4-7.3.1 gnome-shell-calendar-3.20.4-77.20.4 gnome-shell-calendar-debuginfo-3.20.4-77.20.4 gnome-shell-debuginfo-3.20.4-77.20.4 gnome-shell-debugsource-3.20.4-77.20.4 ibus-debuginfo-1.5.13-15.8.1 ibus-debugsource-1.5.13-15.8.1 ibus-gtk3-32bit-1.5.13-15.8.1 ibus-gtk3-debuginfo-32bit-1.5.13-15.8.1 libibus-1_0-5-32bit-1.5.13-15.8.1 libibus-1_0-5-debuginfo-32bit-1.5.13-15.8.1 python-ibus-1.5.13-15.8.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gjs-1.45.4-7.3.1 gjs-debuginfo-1.45.4-7.3.1 gjs-debugsource-1.45.4-7.3.1 gnome-shell-calendar-3.20.4-77.20.4 gnome-shell-calendar-debuginfo-3.20.4-77.20.4 gnome-shell-debuginfo-3.20.4-77.20.4 gnome-shell-debugsource-3.20.4-77.20.4 ibus-debuginfo-1.5.13-15.8.1 ibus-debugsource-1.5.13-15.8.1 ibus-gtk3-32bit-1.5.13-15.8.1 ibus-gtk3-debuginfo-32bit-1.5.13-15.8.1 libibus-1_0-5-32bit-1.5.13-15.8.1 libibus-1_0-5-debuginfo-32bit-1.5.13-15.8.1 python-ibus-1.5.13-15.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): gjs-debuginfo-1.45.4-7.3.1 gjs-debugsource-1.45.4-7.3.1 gnome-shell-debuginfo-3.20.4-77.20.4 gnome-shell-debugsource-3.20.4-77.20.4 gnome-shell-devel-3.20.4-77.20.4 ibus-debuginfo-1.5.13-15.8.1 ibus-debugsource-1.5.13-15.8.1 ibus-devel-1.5.13-15.8.1 libgjs-devel-1.45.4-7.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gjs-debuginfo-1.45.4-7.3.1 gjs-debugsource-1.45.4-7.3.1 gnome-shell-debuginfo-3.20.4-77.20.4 gnome-shell-debugsource-3.20.4-77.20.4 gnome-shell-devel-3.20.4-77.20.4 ibus-debuginfo-1.5.13-15.8.1 ibus-debugsource-1.5.13-15.8.1 ibus-devel-1.5.13-15.8.1 libgjs-devel-1.45.4-7.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gjs-debuginfo-1.45.4-7.3.1 gjs-debugsource-1.45.4-7.3.1 gnome-shell-3.20.4-77.20.4 gnome-shell-browser-plugin-3.20.4-77.20.4 gnome-shell-browser-plugin-debuginfo-3.20.4-77.20.4 gnome-shell-debuginfo-3.20.4-77.20.4 gnome-shell-debugsource-3.20.4-77.20.4 ibus-1.5.13-15.8.1 ibus-debuginfo-1.5.13-15.8.1 ibus-debugsource-1.5.13-15.8.1 ibus-gtk-1.5.13-15.8.1 ibus-gtk-debuginfo-1.5.13-15.8.1 ibus-gtk3-1.5.13-15.8.1 ibus-gtk3-debuginfo-1.5.13-15.8.1 libgjs0-1.45.4-7.3.1 libgjs0-debuginfo-1.45.4-7.3.1 libibus-1_0-5-1.5.13-15.8.1 libibus-1_0-5-debuginfo-1.5.13-15.8.1 typelib-1_0-GjsPrivate-1_0-1.45.4-7.3.1 typelib-1_0-IBus-1_0-1.5.13-15.8.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): gnome-shell-lang-3.20.4-77.20.4 ibus-lang-1.5.13-15.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gjs-debuginfo-1.45.4-7.3.1 gjs-debugsource-1.45.4-7.3.1 gnome-shell-3.20.4-77.20.4 gnome-shell-browser-plugin-3.20.4-77.20.4 gnome-shell-browser-plugin-debuginfo-3.20.4-77.20.4 gnome-shell-debuginfo-3.20.4-77.20.4 gnome-shell-debugsource-3.20.4-77.20.4 ibus-1.5.13-15.8.1 ibus-debuginfo-1.5.13-15.8.1 ibus-debugsource-1.5.13-15.8.1 ibus-gtk-1.5.13-15.8.1 ibus-gtk-debuginfo-1.5.13-15.8.1 ibus-gtk3-1.5.13-15.8.1 ibus-gtk3-debuginfo-1.5.13-15.8.1 libgjs0-1.45.4-7.3.1 libgjs0-debuginfo-1.45.4-7.3.1 libibus-1_0-5-1.5.13-15.8.1 libibus-1_0-5-debuginfo-1.5.13-15.8.1 typelib-1_0-GjsPrivate-1_0-1.45.4-7.3.1 typelib-1_0-IBus-1_0-1.5.13-15.8.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): gnome-shell-lang-3.20.4-77.20.4 ibus-lang-1.5.13-15.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): gnome-shell-lang-3.20.4-77.20.4 ibus-lang-1.5.13-15.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gjs-1.45.4-7.3.1 gjs-debuginfo-1.45.4-7.3.1 gjs-debugsource-1.45.4-7.3.1 gnome-shell-3.20.4-77.20.4 gnome-shell-browser-plugin-3.20.4-77.20.4 gnome-shell-browser-plugin-debuginfo-3.20.4-77.20.4 gnome-shell-calendar-3.20.4-77.20.4 gnome-shell-calendar-debuginfo-3.20.4-77.20.4 gnome-shell-debuginfo-3.20.4-77.20.4 gnome-shell-debugsource-3.20.4-77.20.4 ibus-1.5.13-15.8.1 ibus-debuginfo-1.5.13-15.8.1 ibus-debugsource-1.5.13-15.8.1 ibus-gtk-1.5.13-15.8.1 ibus-gtk-debuginfo-1.5.13-15.8.1 ibus-gtk3-1.5.13-15.8.1 ibus-gtk3-32bit-1.5.13-15.8.1 ibus-gtk3-debuginfo-1.5.13-15.8.1 ibus-gtk3-debuginfo-32bit-1.5.13-15.8.1 libgjs0-1.45.4-7.3.1 libgjs0-debuginfo-1.45.4-7.3.1 libibus-1_0-5-1.5.13-15.8.1 libibus-1_0-5-32bit-1.5.13-15.8.1 libibus-1_0-5-debuginfo-1.5.13-15.8.1 libibus-1_0-5-debuginfo-32bit-1.5.13-15.8.1 python-ibus-1.5.13-15.8.1 typelib-1_0-GjsPrivate-1_0-1.45.4-7.3.1 typelib-1_0-IBus-1_0-1.5.13-15.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gnome-shell-lang-3.20.4-77.20.4 ibus-lang-1.5.13-15.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gjs-1.45.4-7.3.1 gjs-debuginfo-1.45.4-7.3.1 gjs-debugsource-1.45.4-7.3.1 gnome-shell-3.20.4-77.20.4 gnome-shell-browser-plugin-3.20.4-77.20.4 gnome-shell-browser-plugin-debuginfo-3.20.4-77.20.4 gnome-shell-calendar-3.20.4-77.20.4 gnome-shell-calendar-debuginfo-3.20.4-77.20.4 gnome-shell-debuginfo-3.20.4-77.20.4 gnome-shell-debugsource-3.20.4-77.20.4 ibus-1.5.13-15.8.1 ibus-debuginfo-1.5.13-15.8.1 ibus-debugsource-1.5.13-15.8.1 ibus-gtk-1.5.13-15.8.1 ibus-gtk-debuginfo-1.5.13-15.8.1 ibus-gtk3-1.5.13-15.8.1 ibus-gtk3-32bit-1.5.13-15.8.1 ibus-gtk3-debuginfo-1.5.13-15.8.1 ibus-gtk3-debuginfo-32bit-1.5.13-15.8.1 libgjs0-1.45.4-7.3.1 libgjs0-debuginfo-1.45.4-7.3.1 libibus-1_0-5-1.5.13-15.8.1 libibus-1_0-5-32bit-1.5.13-15.8.1 libibus-1_0-5-debuginfo-1.5.13-15.8.1 libibus-1_0-5-debuginfo-32bit-1.5.13-15.8.1 python-ibus-1.5.13-15.8.1 typelib-1_0-GjsPrivate-1_0-1.45.4-7.3.1 typelib-1_0-IBus-1_0-1.5.13-15.8.1 References: https://bugzilla.suse.com/1093541 From sle-updates at lists.suse.com Thu Jan 24 10:13:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 18:13:07 +0100 (CET) Subject: SUSE-RU-2019:0162-1: moderate: Recommended update for grub2 Message-ID: <20190124171307.1CF53FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0162-1 Rating: moderate References: #1111955 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 provides the following fix: - ieee1275: Fix double free in CAS reboot. (bsc#1111955) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-162=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-162=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-162=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): grub2-debuginfo-2.02-19.18.2 grub2-debugsource-2.02-19.18.2 grub2-x86_64-xen-2.02-19.18.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): grub2-branding-upstream-2.02-19.18.2 grub2-debuginfo-2.02-19.18.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 s390x x86_64): grub2-debugsource-2.02-19.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): grub2-2.02-19.18.2 grub2-debuginfo-2.02-19.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 s390x x86_64): grub2-debugsource-2.02-19.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (ppc64le): grub2-powerpc-ieee1275-2.02-19.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64): grub2-arm64-efi-2.02-19.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): grub2-i386-pc-2.02-19.18.2 grub2-x86_64-efi-2.02-19.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): grub2-snapper-plugin-2.02-19.18.2 grub2-systemd-sleep-plugin-2.02-19.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): grub2-s390x-emu-2.02-19.18.2 References: https://bugzilla.suse.com/1111955 From sle-updates at lists.suse.com Thu Jan 24 10:13:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 18:13:41 +0100 (CET) Subject: SUSE-RU-2019:0163-1: moderate: Recommended update for vm-install Message-ID: <20190124171341.303F3FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for vm-install ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0163-1 Rating: moderate References: #1111021 #1116990 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for vm-install provides the following fixes: - Fix a problem in vm-install when outputing error messages. (bsc#1116990) - Fix a string encoding problem that was causing virt-install startup to fail. (bsc#1111021) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-163=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): vm-install-0.10.05-3.3.3 References: https://bugzilla.suse.com/1111021 https://bugzilla.suse.com/1116990 From sle-updates at lists.suse.com Thu Jan 24 10:14:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 18:14:26 +0100 (CET) Subject: SUSE-RU-2019:0164-1: Recommended update for tpm-tools Message-ID: <20190124171426.CE1D3FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for tpm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0164-1 Rating: low References: #1114793 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tpm-tools provides the following fix: - Fix undefined and binary data being output in the tpm_version command. (bsc#1114793) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-164=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-164=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libtpm_unseal1-1.3.9.1-3.3.1 libtpm_unseal1-debuginfo-1.3.9.1-3.3.1 tpm-tools-1.3.9.1-3.3.1 tpm-tools-debuginfo-1.3.9.1-3.3.1 tpm-tools-debugsource-1.3.9.1-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtpm_unseal1-1.3.9.1-3.3.1 libtpm_unseal1-debuginfo-1.3.9.1-3.3.1 tpm-tools-1.3.9.1-3.3.1 tpm-tools-debuginfo-1.3.9.1-3.3.1 tpm-tools-debugsource-1.3.9.1-3.3.1 References: https://bugzilla.suse.com/1114793 From sle-updates at lists.suse.com Thu Jan 24 10:15:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 18:15:03 +0100 (CET) Subject: SUSE-RU-2019:0154-1: Recommended update for yast2-firewall Message-ID: <20190124171503.7EF8EFCD8@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-firewall ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0154-1 Rating: low References: #1119831 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-firewall provides the following fix: - Make sure yast2-firewall requires the correct version of yast2. (bsc#1119831) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-154=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-154=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-firewall-3.2.2-3.6.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-firewall-3.2.2-3.6.2 References: https://bugzilla.suse.com/1119831 From sle-updates at lists.suse.com Thu Jan 24 10:15:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 18:15:39 +0100 (CET) Subject: SUSE-RU-2019:0160-1: moderate: Recommended update for virt-manager Message-ID: <20190124171539.B31A1FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0160-1 Rating: moderate References: #1054986 #1100558 #1116885 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for virt-manager provides the following fixes: - Fix calling virt-install --inject-initrd. (bsc#1116885) - Fix selection of network volumes. (bsc#1100558) - Fix SLE-15 detection because of changes in osinfo-db. (bsc#1054986) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-160=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): virt-install-1.5.1-7.6.1 virt-manager-1.5.1-7.6.1 virt-manager-common-1.5.1-7.6.1 References: https://bugzilla.suse.com/1054986 https://bugzilla.suse.com/1100558 https://bugzilla.suse.com/1116885 From sle-updates at lists.suse.com Thu Jan 24 10:16:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 18:16:46 +0100 (CET) Subject: SUSE-RU-2019:0165-1: moderate: Recommended update for kubernetes-salt Message-ID: <20190124171646.5F04EFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes-salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0165-1 Rating: moderate References: #1101973 #1120047 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kubernetes-salt fixes the following issues: - update etcdctl sysconfig with ENDPOINTS flag (bsc#1120047) - [CPI] Add self-signed certificate to CPI configuration, bsc#1101973 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r908_0bb377e-3.39.1 References: https://bugzilla.suse.com/1101973 https://bugzilla.suse.com/1120047 From sle-updates at lists.suse.com Thu Jan 24 10:17:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 18:17:34 +0100 (CET) Subject: SUSE-RU-2019:0156-1: moderate: Recommended update for accountsservice Message-ID: <20190124171734.62EECFCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for accountsservice ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0156-1 Rating: moderate References: #1114292 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for accountsservice provides the following fix: - Read root user cache file. (bsc#1114292) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-156=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): accountsservice-0.6.45-6.10.1 accountsservice-debuginfo-0.6.45-6.10.1 accountsservice-debugsource-0.6.45-6.10.1 accountsservice-devel-0.6.45-6.10.1 libaccountsservice0-0.6.45-6.10.1 libaccountsservice0-debuginfo-0.6.45-6.10.1 typelib-1_0-AccountsService-1_0-0.6.45-6.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): accountsservice-lang-0.6.45-6.10.1 References: https://bugzilla.suse.com/1114292 From sle-updates at lists.suse.com Thu Jan 24 10:18:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Jan 2019 18:18:09 +0100 (CET) Subject: SUSE-RU-2019:0153-1: moderate: Recommended update for dracut Message-ID: <20190124171809.5FA50FCD3@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0153-1 Rating: moderate References: #1008352 #1112327 #1119037 #1121251 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - Ensures that mmc host modules get included properly (bsc#1119037) - Fixes a missing space in example configs (bsc#1121251) - Removes rule existence check (bsc#1008352). - dracut-installkernel: Stops keeping old kernel files as .old (bsc#1112327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-153=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-153=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): dracut-debuginfo-044.1-18.15.1 dracut-debugsource-044.1-18.15.1 dracut-tools-044.1-18.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): dracut-044.1-18.15.1 dracut-debuginfo-044.1-18.15.1 dracut-debugsource-044.1-18.15.1 dracut-fips-044.1-18.15.1 dracut-ima-044.1-18.15.1 References: https://bugzilla.suse.com/1008352 https://bugzilla.suse.com/1112327 https://bugzilla.suse.com/1119037 https://bugzilla.suse.com/1121251 From sle-updates at lists.suse.com Fri Jan 25 04:10:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Jan 2019 12:10:22 +0100 (CET) Subject: SUSE-RU-2019:0166-1: moderate: Recommended update for kernel-firmware Message-ID: <20190125111022.E88C9FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0166-1 Rating: moderate References: #1122456 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kernel-firmware fixes the following issues: - Fix firmware for bcm43430 and bcm43455 (fate#326215) - renamed brcmfmac43450 and brcfmac43455 to the compatible name used by brcmf_of_probe - deleted brcmfmac43455-sdio.clm_blob as it was not accepted upstream - Add firmware for bcm43430 and bcm43455 (fate#326215) - brcmfmac43430-sdio.raspberrypi-rpi.txt - brcmfmac43455-sdio.clm_blob - brcmfmac43455-sdio.raspberrypi-rpi.txt - Update to version 20181218: (FATE#326045,FATE#325856,FATE#326294) - Revert "amdgpu: update vega10 fw for 18.50 release" - brcm: Add 4330 NVRAM for the Prowise PT301 tablet - brcm: Add 43430 NVRAM for the Chuwi Vi8 Plus tablet - brcm: Add 43340 based AP6234 NVRAM for the Meegopad T08 HDMI stick - brcm: Add 43430a0 based AP6212 NVRAM for the Jumper EZpad mini 3 tablet - brcm: Add 43430a0 based AP6212 NVRAM for the Onda V80 Plus tablet - brcm: Add 4356 based AP6356 NVRAM for the GPD win handheld - brcm: Add brcmfmac43362-sdio.lemaker,bananapro.txt symlink - brcm: Add 43362 based AP6210 NVRAM for the Cubietech Cubietruck - WHENCE: Put quotes around brcmfmac NVRAM filenames - check_whence.py: Add support for filenames with spaces in them - rtl_bt: Add firmware and configuration files for the Bluetooth part of RTL8723BS - Update to version 20181217: - iwlwifi: update firmwares for 8000 series - iwlwifi: add -43.ucode for 9000 series - iwlwifi: update -41.ucode for 9000 series - brcm: provide new firmwares for BCM4366 chipset - Mellanox: Add new mlxsw_spectrum firmware 13.1910.622 - cavium: Update firmware for CNN55XX crypto driver - amdgpu: update vega12 fw for 18.50 release - amdgpu: update vega10 fw for 18.50 release - amdgpu: update raven fw for 18.50 release - amdgpu: update polaris11 fw for 18.50 release - amdgpu: update polaris10 fw for 18.50 release - amdgpu: add firmware for vega12 - amdgpu: Add new polaris MC firmwares - amdgpu: Add new polaris SMC firmwares - linux-firmware: Update AMD cpu microcode - nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.10.A.13 - microchip: add firmware for VSC8574 and VSC8584 Ethernet PHYs - linux-firmware: intel: Update Cannonlake audio firmware. - firmware/huc/bxt: Add huC Update for BXT - nfp: update Agilio SmartNIC firmware to rev 2.1.16 - cxgb4: update firmware to revision 1.21.5.0 - Update to version 20181026: (bsc#1122456) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-166=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-firmware-20181218-3.11.2 ucode-amd-20181218-3.11.2 References: https://bugzilla.suse.com/1122456 From sle-updates at lists.suse.com Fri Jan 25 04:11:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Jan 2019 12:11:00 +0100 (CET) Subject: SUSE-RU-2019:0169-1: moderate: Recommended update for python-yarb Message-ID: <20190125111100.48633FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-yarb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0169-1 Rating: moderate References: #1111232 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-yarb fixes the following issues: - Add to SUSE OpenStack Cloud 7 (fate#326791, bsc#1111232) - Remove superfluous devel dependency for noarch package - Protect against a timeout while deleting - Improve error message on wrong/invalid credentials Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-169=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-yarb-1.0.0-1.5.1 References: https://bugzilla.suse.com/1111232 From sle-updates at lists.suse.com Fri Jan 25 04:11:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Jan 2019 12:11:41 +0100 (CET) Subject: SUSE-RU-2019:0168-1: moderate: Recommended update for wicked Message-ID: <20190125111141.2328EFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0168-1 Rating: moderate References: #1022872 #1026807 #1027099 #1036675 #1057007 #1061051 #1069468 #1072343 #1078245 #1083670 #1084462 #1084527 #1085020 #1085786 #1095818 #1102871 #1107579 #1109147 #954758 #972463 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: wicked was updated to version 0.6.52. Following issues have been addressed: - wickedd: fix netdev detection bootstrap race (bsc#1107579) - compat: fix ifcfg parsing crash if network/config is missed - wireless: fix eap peap auth mapping for wpa-supplicant (bsc#1026807) - vxlan: fix to convert dst_port to network byte order - firewall: do not assign default zone, but pass as is (bsc#1109147) - nanny: fix memory leaks on fast create-delete calls (bsc#1095818) + fsm: cleanup worker reset (reinit) vs. free + fsm: do not process or pass pending workers to nanny + nanny: catch init failures in device registration + netdev: allow NULL in get and put functions + model: fix to call (netif) dbus object destructors + model: removed server specific call in netif destroy + fsm: handle NULL in worker get and release calls + fsm: process device delete event separately + calls: split get netif service and netif list utils + xml-schema: fix range constraint values parsing + xml-schema: remove underscores from ni_xs_type_new + xml-schema: fix type leak around ni_xs_build_one_type + fsm: free worker control mode on worker free + xpath: trace and free complete xpath expression tree + nanny: fix config leak in ni_nanny_recheck_policy + dbus: free pending call in ni_dbus_connection_call + dbus: free dbus_message_iter_get_signature result - dhcp6: fix to properly decline dynamic addresses - extensions: do not use /etc/HOSTNAME artifact (bsc#972463) - ethtool: call offload ioctl if requested by offload name, e.g. tso has been splitted into several features and the old STSO offload ioctl sets multiple features at once. - ethtool: add missing pause support (bsc#1102871) - dhcp6: refresh info using rfc4242 info-refresh-time - dhcp6: add ia and ia addr list search utilities, improve status utils and use timeval struct in ia acquired times - dhcp6: restart on NotOnLink status request reply - ifcfg: show unknown/invalid bootproto as error - dhcp6: Fix server preference and weight option behaviour - dhcp6: retrigger duplicate detection on all address updates - man: add ifcfg-lo.5 manual page - man: add missing documentation for DHCLIENT6_CLIENT_ID - man: improved create-cid docs in wicked-config(5) (bsc#1084527) - address cache-info and lease acquisition time fixes and cleanups - ethtool: streamline options available on all devices (bsc#1085786) - dhcp4: expose broadcast response as DHCLIENT_BROADCAST in ifcfg - ipoib: do not fail setup on mode or umcast set failure (bsc#1084462) - bond: avoid reenslave failure in fail_over_mac mode (bsc#1083670) - Fix show-xml filtering by interface name (issue #735,bsc#954758) - ifconfig: refresh state before link reenslave hotfix (bsc#1061051 - ethtool: query priv-flags bitmap first (bsc#1085020) - util: fix a memory leak in ni_var_array_free - client: refactor arp utility to add missed arp ping (bsc#1078245) - dbus: omit zero-length hwaddr data properties - ibft: no IP setup on bnx2x storage-only interfaces (bsc#1072343) - fixed format, self compare and always true issues - client: fixed broken wicked arp utility command (bsc#1078245) - cleanup: add mising/explicit designated field initializers - pkgconfig: fix to request libnl3 instead of libnl1 - dbus: add missing DBUS_ERROR_FAILED type to a dbus_set_error call and enforce formatting input as string when an extension did not returned any error message. - wickedd: clear master references on slaves when a master gets deleted and the deletion event arrives before unenslave event to avoid a bridge reenslave failure on restart (bsc#1061051). - dhcp6: reapply confirmed addresses, also on any confirm status other to not-on-link - dhcp: clear hostname on lease recovery/reboot (bsc#1057007) - firewall: add firewalld and zone support (fate#320794) - ifconfig: cleanup slaves before enslaving (bsc#1036675) - ethtool: add rxvlan, txvlan, ntuple and rxhash offloads - dhcp6: fix to send up to 5 release retransmissions - dhcp4: fix to use rfc4361 client-id on infiniband (bsc#1022872) - man: ifcfg.5: Fix directory name for compatibility scripts - dhcp: cleanup common option update flags (bsc#1027099) - vxlan: convert ifcfg VXLAN_REMOTE_IP to remote-ip Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-168=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-168=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-168=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwicked-0-6-0.6.52-38.13.1 libwicked-0-6-debuginfo-0.6.52-38.13.1 wicked-0.6.52-38.13.1 wicked-debuginfo-0.6.52-38.13.1 wicked-debugsource-0.6.52-38.13.1 wicked-service-0.6.52-38.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwicked-0-6-0.6.52-38.13.1 libwicked-0-6-debuginfo-0.6.52-38.13.1 wicked-0.6.52-38.13.1 wicked-debuginfo-0.6.52-38.13.1 wicked-debugsource-0.6.52-38.13.1 wicked-service-0.6.52-38.13.1 - SUSE CaaS Platform ALL (x86_64): libwicked-0-6-0.6.52-38.13.1 libwicked-0-6-debuginfo-0.6.52-38.13.1 wicked-0.6.52-38.13.1 wicked-debuginfo-0.6.52-38.13.1 wicked-debugsource-0.6.52-38.13.1 wicked-service-0.6.52-38.13.1 - SUSE CaaS Platform 3.0 (x86_64): libwicked-0-6-0.6.52-38.13.1 libwicked-0-6-debuginfo-0.6.52-38.13.1 wicked-0.6.52-38.13.1 wicked-debuginfo-0.6.52-38.13.1 wicked-debugsource-0.6.52-38.13.1 wicked-service-0.6.52-38.13.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libwicked-0-6-0.6.52-38.13.1 libwicked-0-6-debuginfo-0.6.52-38.13.1 wicked-0.6.52-38.13.1 wicked-debuginfo-0.6.52-38.13.1 wicked-debugsource-0.6.52-38.13.1 wicked-service-0.6.52-38.13.1 References: https://bugzilla.suse.com/1022872 https://bugzilla.suse.com/1026807 https://bugzilla.suse.com/1027099 https://bugzilla.suse.com/1036675 https://bugzilla.suse.com/1057007 https://bugzilla.suse.com/1061051 https://bugzilla.suse.com/1069468 https://bugzilla.suse.com/1072343 https://bugzilla.suse.com/1078245 https://bugzilla.suse.com/1083670 https://bugzilla.suse.com/1084462 https://bugzilla.suse.com/1084527 https://bugzilla.suse.com/1085020 https://bugzilla.suse.com/1085786 https://bugzilla.suse.com/1095818 https://bugzilla.suse.com/1102871 https://bugzilla.suse.com/1107579 https://bugzilla.suse.com/1109147 https://bugzilla.suse.com/954758 https://bugzilla.suse.com/972463 From sle-updates at lists.suse.com Fri Jan 25 04:16:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Jan 2019 12:16:34 +0100 (CET) Subject: SUSE-RU-2019:0167-1: Recommended update for python-psutil Message-ID: <20190125111634.4D8C8FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-psutil ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0167-1 Rating: low References: #1073879 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-psutil delivers it to OpenStack Cloud 7. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-167=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-psutil-1.2.1-18.1 python-psutil-debuginfo-1.2.1-18.1 python-psutil-debugsource-1.2.1-18.1 References: https://bugzilla.suse.com/1073879 From sle-updates at lists.suse.com Fri Jan 25 10:09:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Jan 2019 18:09:10 +0100 (CET) Subject: SUSE-RU-2019:0170-1: moderate: Recommended update for kmod Message-ID: <20190125170910.54CAEFCC6@maintenance.suse.de> SUSE Recommended Update: Recommended update for kmod ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0170-1 Rating: moderate References: #1118629 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kmod fixes the following issues: - Fixes module dependency file corruption on parallel invocation (bsc#1118629). - Allows 'modprobe -c' to print the status of 'allow_unsupported_modules' option. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-170=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kmod-25-6.7.1 kmod-compat-25-6.7.1 kmod-debuginfo-25-6.7.1 kmod-debugsource-25-6.7.1 libkmod-devel-25-6.7.1 libkmod2-25-6.7.1 libkmod2-debuginfo-25-6.7.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kmod-bash-completion-25-6.7.1 References: https://bugzilla.suse.com/1118629 From sle-updates at lists.suse.com Fri Jan 25 13:08:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Jan 2019 21:08:58 +0100 (CET) Subject: SUSE-RU-2019:0172-1: moderate: Recommended update for rsyslog Message-ID: <20190125200858.6A02BFCC6@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0172-1 Rating: moderate References: #1101642 #1119429 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rsyslog fixes the following issues: - remove references to obsolete SYSLOG_REQUIRES_NETWORK variable in remote.conf (bsc#1101642) - ship the missed out "rsyslog-module-gtls" sub-package (bsc#1119429) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-172=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-172=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-172=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.6.31 rsyslog-debugsource-8.33.1-3.6.31 rsyslog-module-gssapi-8.33.1-3.6.31 rsyslog-module-gssapi-debuginfo-8.33.1-3.6.31 rsyslog-module-gtls-8.33.1-3.6.31 rsyslog-module-gtls-debuginfo-8.33.1-3.6.31 rsyslog-module-mysql-8.33.1-3.6.31 rsyslog-module-mysql-debuginfo-8.33.1-3.6.31 rsyslog-module-pgsql-8.33.1-3.6.31 rsyslog-module-pgsql-debuginfo-8.33.1-3.6.31 rsyslog-module-relp-8.33.1-3.6.31 rsyslog-module-relp-debuginfo-8.33.1-3.6.31 rsyslog-module-snmp-8.33.1-3.6.31 rsyslog-module-snmp-debuginfo-8.33.1-3.6.31 rsyslog-module-udpspoof-8.33.1-3.6.31 rsyslog-module-udpspoof-debuginfo-8.33.1-3.6.31 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.6.31 rsyslog-debugsource-8.33.1-3.6.31 rsyslog-diag-tools-8.33.1-3.6.31 rsyslog-diag-tools-debuginfo-8.33.1-3.6.31 rsyslog-doc-8.33.1-3.6.31 rsyslog-module-dbi-8.33.1-3.6.31 rsyslog-module-dbi-debuginfo-8.33.1-3.6.31 rsyslog-module-elasticsearch-8.33.1-3.6.31 rsyslog-module-elasticsearch-debuginfo-8.33.1-3.6.31 rsyslog-module-gcrypt-8.33.1-3.6.31 rsyslog-module-gcrypt-debuginfo-8.33.1-3.6.31 rsyslog-module-gtls-8.33.1-3.6.31 rsyslog-module-gtls-debuginfo-8.33.1-3.6.31 rsyslog-module-mmnormalize-8.33.1-3.6.31 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.6.31 rsyslog-module-omamqp1-8.33.1-3.6.31 rsyslog-module-omamqp1-debuginfo-8.33.1-3.6.31 rsyslog-module-omhttpfs-8.33.1-3.6.31 rsyslog-module-omhttpfs-debuginfo-8.33.1-3.6.31 rsyslog-module-omtcl-8.33.1-3.6.31 rsyslog-module-omtcl-debuginfo-8.33.1-3.6.31 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): rsyslog-8.33.1-3.6.31 rsyslog-debuginfo-8.33.1-3.6.31 rsyslog-debugsource-8.33.1-3.6.31 References: https://bugzilla.suse.com/1101642 https://bugzilla.suse.com/1119429 From sle-updates at lists.suse.com Fri Jan 25 13:09:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Jan 2019 21:09:41 +0100 (CET) Subject: SUSE-RU-2019:0171-1: moderate: Recommended update for azure-li-services Message-ID: <20190125200941.B3360FCC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-li-services ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0171-1 Rating: moderate References: #1103542 #1105612 #1120522 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for azure-li-services to 1.1.20 fixes the following issues: - Fixup createrepo requirement createrepo is no longer part of SLE15. The successor of this package is createrepo_c an implementation in C. Therefore the requires statement in the spec file should be changed to work with both distributions: SLE12 and SLE15. - Support MTU setup for standard and vlan interfaces Enhanced the config schema to allow the networking attributes mtu and vlan_mtu as optional arguments to configure the maximum transfer unit for the interface and/or its virtual type. In addition add a differentiator for the VeryLarge instance types in generation 3 and its successor. For Gen3 VeryLarge instance types the network setup was not yet defined because we haven't started to support this target. However the successor of the VeryLarge instance type is similar in the infrastructure and boot compared to the LargeInstance type and can be covered by the network service in the same way. This Fixes #105 and Fixes bsc#1120522 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-171=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): azure-li-services-1.1.20-1.11.1 References: https://bugzilla.suse.com/1103542 https://bugzilla.suse.com/1105612 https://bugzilla.suse.com/1120522 From sle-updates at lists.suse.com Fri Jan 25 13:10:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Jan 2019 21:10:34 +0100 (CET) Subject: SUSE-RU-2019:0177-1: moderate: Recommended update for rubygem-chef Message-ID: <20190125201034.0206DFCC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0177-1 Rating: moderate References: #1111504 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-chef fixes the following issues: - Add patch does more safe checking of the version number when removing packages as it can end up empty which breaks the chef run. (bsc#1111504) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-177=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-177=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-chef-10.32.2-5.9.1 rubygem-chef-10.32.2-5.9.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): ruby2.1-rubygem-chef-10.32.2-5.9.1 rubygem-chef-10.32.2-5.9.1 References: https://bugzilla.suse.com/1111504 From sle-updates at lists.suse.com Fri Jan 25 13:11:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Jan 2019 21:11:10 +0100 (CET) Subject: SUSE-SU-2019:0175-1: important: Security update for krb5 Message-ID: <20190125201110.AEDAFFCC1@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0175-1 Rating: important References: #1083926 #1083927 Cross-References: CVE-2018-5729 CVE-2018-5730 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for krb5 fixes the following issues: Security issues fixed: - CVE-2018-5729, CVE-2018-5730: Fixed multiple flaws in LDAP DN checking (bsc#1083926, bsc#1083927) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-175=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-175=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-175=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.15.2-6.6.2 krb5-debugsource-1.15.2-6.6.2 krb5-plugin-kdb-ldap-1.15.2-6.6.2 krb5-plugin-kdb-ldap-debuginfo-1.15.2-6.6.2 krb5-server-1.15.2-6.6.2 krb5-server-debuginfo-1.15.2-6.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): krb5-mini-1.15.2-6.6.1 krb5-mini-debuginfo-1.15.2-6.6.1 krb5-mini-debugsource-1.15.2-6.6.1 krb5-mini-devel-1.15.2-6.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): krb5-1.15.2-6.6.2 krb5-client-1.15.2-6.6.2 krb5-client-debuginfo-1.15.2-6.6.2 krb5-debuginfo-1.15.2-6.6.2 krb5-debugsource-1.15.2-6.6.2 krb5-devel-1.15.2-6.6.2 krb5-plugin-preauth-otp-1.15.2-6.6.2 krb5-plugin-preauth-otp-debuginfo-1.15.2-6.6.2 krb5-plugin-preauth-pkinit-1.15.2-6.6.2 krb5-plugin-preauth-pkinit-debuginfo-1.15.2-6.6.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): krb5-32bit-1.15.2-6.6.2 krb5-32bit-debuginfo-1.15.2-6.6.2 References: https://www.suse.com/security/cve/CVE-2018-5729.html https://www.suse.com/security/cve/CVE-2018-5730.html https://bugzilla.suse.com/1083926 https://bugzilla.suse.com/1083927 From sle-updates at lists.suse.com Fri Jan 25 13:12:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Jan 2019 21:12:00 +0100 (CET) Subject: SUSE-SU-2019:0174-1: important: Security update for python-paramiko Message-ID: <20190125201200.BDC35FCC1@maintenance.suse.de> SUSE Security Update: Security update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0174-1 Rating: important References: #1111151 #1115769 #1121846 Cross-References: CVE-2018-1000805 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for python-paramiko to version 2.4.2 fixes the following issues: Security issue fixed: - CVE-2018-1000805: Fixed an authentication bypass in auth_handler.py (bsc#1111151) Non-security issue fixed: - Disable experimental gssapi support (bsc#1115769) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-174=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-174=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-174=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-paramiko-2.4.2-3.3.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-paramiko-doc-2.4.2-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python2-paramiko-2.4.2-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-1000805.html https://bugzilla.suse.com/1111151 https://bugzilla.suse.com/1115769 https://bugzilla.suse.com/1121846 From sle-updates at lists.suse.com Fri Jan 25 13:14:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Jan 2019 21:14:19 +0100 (CET) Subject: SUSE-SU-2019:0179-1: moderate: Security update for avahi Message-ID: <20190125201419.0AAA5FCC1@maintenance.suse.de> SUSE Security Update: Security update for avahi ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0179-1 Rating: moderate References: #1120281 Cross-References: CVE-2018-1000845 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-179=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-179=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-179=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-179=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-179=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-179=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-179=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-179=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): avahi-glib2-debugsource-0.6.32-32.3.2 libavahi-gobject0-0.6.32-32.3.2 libavahi-gobject0-debuginfo-0.6.32-32.3.2 libavahi-ui-gtk3-0-0.6.32-32.3.2 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.3.2 libavahi-ui0-0.6.32-32.3.2 libavahi-ui0-debuginfo-0.6.32-32.3.2 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): avahi-glib2-debugsource-0.6.32-32.3.2 libavahi-gobject0-0.6.32-32.3.2 libavahi-gobject0-debuginfo-0.6.32-32.3.2 libavahi-ui-gtk3-0-0.6.32-32.3.2 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.3.2 libavahi-ui0-0.6.32-32.3.2 libavahi-ui0-debuginfo-0.6.32-32.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): avahi-compat-howl-devel-0.6.32-32.3.1 avahi-compat-mDNSResponder-devel-0.6.32-32.3.1 avahi-debuginfo-0.6.32-32.3.1 avahi-debugsource-0.6.32-32.3.1 avahi-glib2-debugsource-0.6.32-32.3.2 libavahi-devel-0.6.32-32.3.1 libavahi-glib-devel-0.6.32-32.3.2 libavahi-gobject-devel-0.6.32-32.3.2 libavahi-gobject0-0.6.32-32.3.2 libavahi-gobject0-debuginfo-0.6.32-32.3.2 libavahi-ui-gtk3-0-0.6.32-32.3.2 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.3.2 libavahi-ui0-0.6.32-32.3.2 libavahi-ui0-debuginfo-0.6.32-32.3.2 libhowl0-0.6.32-32.3.1 libhowl0-debuginfo-0.6.32-32.3.1 python-avahi-0.6.32-32.3.1 typelib-1_0-Avahi-0_6-0.6.32-32.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): avahi-compat-howl-devel-0.6.32-32.3.1 avahi-compat-mDNSResponder-devel-0.6.32-32.3.1 avahi-debuginfo-0.6.32-32.3.1 avahi-debugsource-0.6.32-32.3.1 avahi-glib2-debugsource-0.6.32-32.3.2 libavahi-devel-0.6.32-32.3.1 libavahi-glib-devel-0.6.32-32.3.2 libavahi-gobject-devel-0.6.32-32.3.2 libavahi-gobject0-0.6.32-32.3.2 libavahi-gobject0-debuginfo-0.6.32-32.3.2 libavahi-ui-gtk3-0-0.6.32-32.3.2 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.3.2 libavahi-ui0-0.6.32-32.3.2 libavahi-ui0-debuginfo-0.6.32-32.3.2 libhowl0-0.6.32-32.3.1 libhowl0-debuginfo-0.6.32-32.3.1 python-avahi-0.6.32-32.3.1 typelib-1_0-Avahi-0_6-0.6.32-32.3.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): avahi-0.6.32-32.3.1 avahi-debuginfo-0.6.32-32.3.1 avahi-debugsource-0.6.32-32.3.1 avahi-glib2-debugsource-0.6.32-32.3.2 avahi-utils-0.6.32-32.3.1 avahi-utils-debuginfo-0.6.32-32.3.1 libavahi-client3-0.6.32-32.3.1 libavahi-client3-debuginfo-0.6.32-32.3.1 libavahi-common3-0.6.32-32.3.1 libavahi-common3-debuginfo-0.6.32-32.3.1 libavahi-core7-0.6.32-32.3.1 libavahi-core7-debuginfo-0.6.32-32.3.1 libavahi-glib1-0.6.32-32.3.2 libavahi-glib1-debuginfo-0.6.32-32.3.2 libdns_sd-0.6.32-32.3.1 libdns_sd-debuginfo-0.6.32-32.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): avahi-debuginfo-32bit-0.6.32-32.3.1 libavahi-client3-32bit-0.6.32-32.3.1 libavahi-client3-debuginfo-32bit-0.6.32-32.3.1 libavahi-common3-32bit-0.6.32-32.3.1 libavahi-common3-debuginfo-32bit-0.6.32-32.3.1 libavahi-glib1-32bit-0.6.32-32.3.2 libavahi-glib1-debuginfo-32bit-0.6.32-32.3.2 libdns_sd-32bit-0.6.32-32.3.1 libdns_sd-debuginfo-32bit-0.6.32-32.3.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): avahi-lang-0.6.32-32.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): avahi-0.6.32-32.3.1 avahi-debuginfo-0.6.32-32.3.1 avahi-debugsource-0.6.32-32.3.1 avahi-glib2-debugsource-0.6.32-32.3.2 avahi-utils-0.6.32-32.3.1 avahi-utils-debuginfo-0.6.32-32.3.1 libavahi-client3-0.6.32-32.3.1 libavahi-client3-debuginfo-0.6.32-32.3.1 libavahi-common3-0.6.32-32.3.1 libavahi-common3-debuginfo-0.6.32-32.3.1 libavahi-core7-0.6.32-32.3.1 libavahi-core7-debuginfo-0.6.32-32.3.1 libavahi-glib1-0.6.32-32.3.2 libavahi-glib1-debuginfo-0.6.32-32.3.2 libdns_sd-0.6.32-32.3.1 libdns_sd-debuginfo-0.6.32-32.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): avahi-debuginfo-32bit-0.6.32-32.3.1 libavahi-client3-32bit-0.6.32-32.3.1 libavahi-client3-debuginfo-32bit-0.6.32-32.3.1 libavahi-common3-32bit-0.6.32-32.3.1 libavahi-common3-debuginfo-32bit-0.6.32-32.3.1 libavahi-glib1-32bit-0.6.32-32.3.2 libavahi-glib1-debuginfo-32bit-0.6.32-32.3.2 libdns_sd-32bit-0.6.32-32.3.1 libdns_sd-debuginfo-32bit-0.6.32-32.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): avahi-lang-0.6.32-32.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): avahi-lang-0.6.32-32.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): avahi-0.6.32-32.3.1 avahi-debuginfo-0.6.32-32.3.1 avahi-debuginfo-32bit-0.6.32-32.3.1 avahi-debugsource-0.6.32-32.3.1 avahi-glib2-debugsource-0.6.32-32.3.2 libavahi-client3-0.6.32-32.3.1 libavahi-client3-32bit-0.6.32-32.3.1 libavahi-client3-debuginfo-0.6.32-32.3.1 libavahi-client3-debuginfo-32bit-0.6.32-32.3.1 libavahi-common3-0.6.32-32.3.1 libavahi-common3-32bit-0.6.32-32.3.1 libavahi-common3-debuginfo-0.6.32-32.3.1 libavahi-common3-debuginfo-32bit-0.6.32-32.3.1 libavahi-core7-0.6.32-32.3.1 libavahi-core7-debuginfo-0.6.32-32.3.1 libavahi-glib1-0.6.32-32.3.2 libavahi-glib1-32bit-0.6.32-32.3.2 libavahi-glib1-debuginfo-0.6.32-32.3.2 libavahi-glib1-debuginfo-32bit-0.6.32-32.3.2 libavahi-gobject0-0.6.32-32.3.2 libavahi-gobject0-debuginfo-0.6.32-32.3.2 libavahi-ui-gtk3-0-0.6.32-32.3.2 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.3.2 libavahi-ui0-0.6.32-32.3.2 libavahi-ui0-debuginfo-0.6.32-32.3.2 libdns_sd-0.6.32-32.3.1 libdns_sd-32bit-0.6.32-32.3.1 libdns_sd-debuginfo-0.6.32-32.3.1 libdns_sd-debuginfo-32bit-0.6.32-32.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): avahi-lang-0.6.32-32.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): avahi-0.6.32-32.3.1 avahi-debuginfo-0.6.32-32.3.1 avahi-debuginfo-32bit-0.6.32-32.3.1 avahi-debugsource-0.6.32-32.3.1 avahi-glib2-debugsource-0.6.32-32.3.2 libavahi-client3-0.6.32-32.3.1 libavahi-client3-32bit-0.6.32-32.3.1 libavahi-client3-debuginfo-0.6.32-32.3.1 libavahi-client3-debuginfo-32bit-0.6.32-32.3.1 libavahi-common3-0.6.32-32.3.1 libavahi-common3-32bit-0.6.32-32.3.1 libavahi-common3-debuginfo-0.6.32-32.3.1 libavahi-common3-debuginfo-32bit-0.6.32-32.3.1 libavahi-core7-0.6.32-32.3.1 libavahi-core7-debuginfo-0.6.32-32.3.1 libavahi-glib1-0.6.32-32.3.2 libavahi-glib1-32bit-0.6.32-32.3.2 libavahi-glib1-debuginfo-0.6.32-32.3.2 libavahi-glib1-debuginfo-32bit-0.6.32-32.3.2 libavahi-gobject0-0.6.32-32.3.2 libavahi-gobject0-debuginfo-0.6.32-32.3.2 libavahi-ui-gtk3-0-0.6.32-32.3.2 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.3.2 libavahi-ui0-0.6.32-32.3.2 libavahi-ui0-debuginfo-0.6.32-32.3.2 libdns_sd-0.6.32-32.3.1 libdns_sd-32bit-0.6.32-32.3.1 libdns_sd-debuginfo-0.6.32-32.3.1 libdns_sd-debuginfo-32bit-0.6.32-32.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000845.html https://bugzilla.suse.com/1120281 From sle-updates at lists.suse.com Fri Jan 25 13:14:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Jan 2019 21:14:54 +0100 (CET) Subject: SUSE-RU-2019:0178-1: moderate: Recommended update for openstack packages Message-ID: <20190125201454.C4CFBFCC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0178-1 Rating: moderate References: #1107094 #1110331 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openstack-cinder, openstack-keystone, openstack-neutron, openstack-nova fixes the following issues: - Fix openstack-cinder-volume restart abrupting systemd - cinder-volume.service: Raise rlimits significantly to increase stability in ceph/high load cases. Disable cgroup limiting by setting TasksMax to infinity (bsc#1110331) - Added fixes for short circuiting notifications if they are disabled - Fix issue of creating HEAT stack under ASP_CLOUD_TESTING (bsc#1107094) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-178=1 Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-cinder-9.1.5~dev6-4.18.1 openstack-cinder-api-9.1.5~dev6-4.18.1 openstack-cinder-backup-9.1.5~dev6-4.18.1 openstack-cinder-doc-9.1.5~dev6-4.18.1 openstack-cinder-scheduler-9.1.5~dev6-4.18.1 openstack-cinder-volume-9.1.5~dev6-4.18.1 openstack-keystone-10.0.3~dev9-7.15.1 openstack-keystone-doc-10.0.3~dev9-7.15.1 openstack-neutron-9.4.2~dev21-7.24.1 openstack-neutron-dhcp-agent-9.4.2~dev21-7.24.1 openstack-neutron-doc-9.4.2~dev21-7.24.1 openstack-neutron-ha-tool-9.4.2~dev21-7.24.1 openstack-neutron-l3-agent-9.4.2~dev21-7.24.1 openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.24.1 openstack-neutron-macvtap-agent-9.4.2~dev21-7.24.1 openstack-neutron-metadata-agent-9.4.2~dev21-7.24.1 openstack-neutron-metering-agent-9.4.2~dev21-7.24.1 openstack-neutron-openvswitch-agent-9.4.2~dev21-7.24.1 openstack-neutron-server-9.4.2~dev21-7.24.1 openstack-nova-14.0.11~dev13-4.31.1 openstack-nova-api-14.0.11~dev13-4.31.1 openstack-nova-cells-14.0.11~dev13-4.31.1 openstack-nova-cert-14.0.11~dev13-4.31.1 openstack-nova-compute-14.0.11~dev13-4.31.1 openstack-nova-conductor-14.0.11~dev13-4.31.1 openstack-nova-console-14.0.11~dev13-4.31.1 openstack-nova-consoleauth-14.0.11~dev13-4.31.1 openstack-nova-doc-14.0.11~dev13-4.31.1 openstack-nova-novncproxy-14.0.11~dev13-4.31.1 openstack-nova-placement-api-14.0.11~dev13-4.31.1 openstack-nova-scheduler-14.0.11~dev13-4.31.1 openstack-nova-serialproxy-14.0.11~dev13-4.31.1 openstack-nova-vncproxy-14.0.11~dev13-4.31.1 python-cinder-9.1.5~dev6-4.18.1 python-keystone-10.0.3~dev9-7.15.1 python-neutron-9.4.2~dev21-7.24.1 python-nova-14.0.11~dev13-4.31.1 References: https://bugzilla.suse.com/1107094 https://bugzilla.suse.com/1110331 From sle-updates at lists.suse.com Fri Jan 25 13:15:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Jan 2019 21:15:38 +0100 (CET) Subject: SUSE-RU-2019:0176-1: moderate: Recommended update for python-kombu Message-ID: <20190125201538.C4C6BFCC1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kombu ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0176-1 Rating: moderate References: #1111504 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kombu fixes the following issues: - Add patches that invoke revive/error callbacks on default channel connection loss to be able to reestablish exchanges on reconnect. (bsc#1111504) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-176=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-kombu-3.0.35-3.3.1 References: https://bugzilla.suse.com/1111504 From sle-updates at lists.suse.com Mon Jan 28 07:11:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Jan 2019 15:11:44 +0100 (CET) Subject: SUSE-RU-2019:0180-1: moderate: Recommended update for python-backports, python-backports.ssl_match_hostname Message-ID: <20190128141144.9BBF6FFD9@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-backports, python-backports.ssl_match_hostname ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0180-1 Rating: moderate References: #1112174 Affected Products: SUSE OpenStack Cloud 7 SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.2 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-backports, python-backports.ssl_match_hostname brings them to version 3.5, needed as dependency for other packages. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-180=1 - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-180=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-180=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-180=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2019-180=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-180=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-180=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2019-180=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2019-180=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-180=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-180=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2019-180=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-180=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-180=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-180=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-180=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-180=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Manager Tools 12 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Manager Server 3.2 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Manager Server 3.1 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Manager Server 3.0 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Manager Proxy 3.2 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Manager Proxy 3.1 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Manager Proxy 3.0 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Linux Enterprise Module for Containers 12 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Enterprise Storage 5 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE Enterprise Storage 4 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - SUSE CaaS Platform ALL (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): python-backports-4.0.0-1.3.1 python-backports.ssl_match_hostname-3.5.0.1-21.3.1 References: https://bugzilla.suse.com/1112174 From sle-updates at lists.suse.com Mon Jan 28 10:09:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Jan 2019 18:09:16 +0100 (CET) Subject: SUSE-RU-2019:13936-1: moderate: Recommended update for mkinitrd Message-ID: <20190128170916.89D07FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for mkinitrd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13936-1 Rating: moderate References: #1118723 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mkinitrd provides the following fix: - Dereference symlinks when copying binaries. (bsc#1118723) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mkinitrd-13936=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mkinitrd-13936=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): mkinitrd-2.4.2-106.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mkinitrd-debuginfo-2.4.2-106.8.1 mkinitrd-debugsource-2.4.2-106.8.1 References: https://bugzilla.suse.com/1118723 From sle-updates at lists.suse.com Mon Jan 28 10:09:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Jan 2019 18:09:51 +0100 (CET) Subject: SUSE-RU-2019:0189-1: moderate: Recommended update for rpm Message-ID: <20190128170951.3F94CFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0189-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for rpm fixes the following issues: - Add kmod(module) provides to kernel and KMPs (fate#326579). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-189=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-189=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.1-10.11.1 rpm-build-debuginfo-4.14.1-10.11.1 rpm-debuginfo-4.14.1-10.11.1 rpm-debugsource-4.14.1-10.11.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.1-10.11.1 python2-rpm-4.14.1-10.11.1 python2-rpm-debuginfo-4.14.1-10.11.1 python3-rpm-4.14.1-10.11.1 python3-rpm-debuginfo-4.14.1-10.11.1 rpm-4.14.1-10.11.1 rpm-debuginfo-4.14.1-10.11.1 rpm-debugsource-4.14.1-10.11.1 rpm-devel-4.14.1-10.11.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): rpm-32bit-4.14.1-10.11.1 rpm-32bit-debuginfo-4.14.1-10.11.1 References: From sle-updates at lists.suse.com Mon Jan 28 10:10:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Jan 2019 18:10:16 +0100 (CET) Subject: SUSE-RU-2019:0192-1: moderate: Recommended update for python-ardana-configurationprocessor Message-ID: <20190128171016.D787FFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ardana-configurationprocessor ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0192-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-ardana-configurationprocessor fixes the following issues: - SCPL-409 Fix .gitreview for stable/pike (bsc#1109991) - switch to tracking from git, pypi releases don't work Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-192=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-192=1 Package List: - SUSE OpenStack Cloud 8 (noarch): python-ardana-configurationprocessor-8.0+git.1534266236.fb1623c-6.6.1 - HPE Helion Openstack 8 (noarch): python-ardana-configurationprocessor-8.0+git.1534266236.fb1623c-6.6.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Mon Jan 28 10:10:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Jan 2019 18:10:52 +0100 (CET) Subject: SUSE-RU-2019:0186-1: moderate: Recommended update for nodejs10 Message-ID: <20190128171052.8CEFFFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0186-1 Rating: moderate References: #1112438 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships NodeJS 10.15.0 to the Web and Scripting modules. (FATE#326776) Release notes can be found: https://nodejs.org/en/blog/release/v10.0.0/ Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-186=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): nodejs10-10.15.0-1.3.1 nodejs10-debuginfo-10.15.0-1.3.1 nodejs10-debugsource-10.15.0-1.3.1 nodejs10-devel-10.15.0-1.3.1 npm10-10.15.0-1.3.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): nodejs10-docs-10.15.0-1.3.1 References: https://bugzilla.suse.com/1112438 From sle-updates at lists.suse.com Mon Jan 28 10:11:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Jan 2019 18:11:32 +0100 (CET) Subject: SUSE-RU-2019:0182-1: moderate: Recommended update for kmod Message-ID: <20190128171132.82175FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for kmod ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0182-1 Rating: moderate References: #1118629 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kmod fixes the following issues: - Fixes module dependency file corruption on parallel invocation (bsc#1118629). - Allows 'modprobe -c' to print the status of 'allow_unsupported_modules' option. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-182=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-182=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-182=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kmod-debuginfo-25-3.4.1 kmod-debugsource-25-3.4.1 libkmod-devel-25-3.4.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kmod-25-3.4.1 kmod-compat-25-3.4.1 kmod-debuginfo-25-3.4.1 kmod-debugsource-25-3.4.1 libkmod2-25-3.4.1 libkmod2-debuginfo-25-3.4.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kmod-25-3.4.1 kmod-compat-25-3.4.1 kmod-debuginfo-25-3.4.1 kmod-debugsource-25-3.4.1 libkmod2-25-3.4.1 libkmod2-debuginfo-25-3.4.1 References: https://bugzilla.suse.com/1118629 From sle-updates at lists.suse.com Mon Jan 28 10:12:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Jan 2019 18:12:15 +0100 (CET) Subject: SUSE-RU-2019:0188-1: moderate: Recommended update for gstreamer-plugins-bad Message-ID: <20190128171215.92F8EFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for gstreamer-plugins-bad ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0188-1 Rating: moderate References: #1120299 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gstreamer-plugins-bad fixes the following issues: - Fixes for compatibility with libfdk-aac 2.0.0 (bsc#1120299) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-188=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-188=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-188=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-bad-debuginfo-1.12.5-3.3.1 gstreamer-plugins-bad-debugsource-1.12.5-3.3.1 gstreamer-plugins-bad-doc-1.12.5-3.3.1 libgstvdpau-1.12.5-3.3.1 libgstvdpau-debuginfo-1.12.5-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-bad-1.12.5-3.3.1 gstreamer-plugins-bad-debuginfo-1.12.5-3.3.1 gstreamer-plugins-bad-debugsource-1.12.5-3.3.1 gstreamer-plugins-bad-devel-1.12.5-3.3.1 libgstadaptivedemux-1_0-0-1.12.5-3.3.1 libgstadaptivedemux-1_0-0-debuginfo-1.12.5-3.3.1 libgstbadallocators-1_0-0-1.12.5-3.3.1 libgstbadallocators-1_0-0-debuginfo-1.12.5-3.3.1 libgstbadaudio-1_0-0-1.12.5-3.3.1 libgstbadaudio-1_0-0-debuginfo-1.12.5-3.3.1 libgstbadbase-1_0-0-1.12.5-3.3.1 libgstbadbase-1_0-0-debuginfo-1.12.5-3.3.1 libgstbadvideo-1_0-0-1.12.5-3.3.1 libgstbadvideo-1_0-0-debuginfo-1.12.5-3.3.1 libgstbasecamerabinsrc-1_0-0-1.12.5-3.3.1 libgstbasecamerabinsrc-1_0-0-debuginfo-1.12.5-3.3.1 libgstcodecparsers-1_0-0-1.12.5-3.3.1 libgstcodecparsers-1_0-0-debuginfo-1.12.5-3.3.1 libgstinsertbin-1_0-0-1.12.5-3.3.1 libgstinsertbin-1_0-0-debuginfo-1.12.5-3.3.1 libgstmpegts-1_0-0-1.12.5-3.3.1 libgstmpegts-1_0-0-debuginfo-1.12.5-3.3.1 libgstplayer-1_0-0-1.12.5-3.3.1 libgstplayer-1_0-0-debuginfo-1.12.5-3.3.1 libgsturidownloader-1_0-0-1.12.5-3.3.1 libgsturidownloader-1_0-0-debuginfo-1.12.5-3.3.1 libgstwayland-1_0-0-1.12.5-3.3.1 libgstwayland-1_0-0-debuginfo-1.12.5-3.3.1 typelib-1_0-GstBadAllocators-1_0-1.12.5-3.3.1 typelib-1_0-GstGL-1_0-1.12.5-3.3.1 typelib-1_0-GstInsertBin-1_0-1.12.5-3.3.1 typelib-1_0-GstMpegts-1_0-1.12.5-3.3.1 typelib-1_0-GstPlayer-1_0-1.12.5-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gstreamer-plugins-bad-lang-1.12.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-bad-debuginfo-1.12.5-3.3.1 gstreamer-plugins-bad-debugsource-1.12.5-3.3.1 libgstgl-1_0-0-1.12.5-3.3.1 libgstgl-1_0-0-debuginfo-1.12.5-3.3.1 libgstphotography-1_0-0-1.12.5-3.3.1 libgstphotography-1_0-0-debuginfo-1.12.5-3.3.1 References: https://bugzilla.suse.com/1120299 From sle-updates at lists.suse.com Mon Jan 28 10:12:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Jan 2019 18:12:51 +0100 (CET) Subject: SUSE-RU-2019:0193-1: moderate: Recommended update for python-ardana-packager Message-ID: <20190128171251.32CE0FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ardana-packager ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0193-1 Rating: moderate References: #1105503 Affected Products: SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-ardana-packager fixes the following issues: - update nova_host_aggregate from git - Fetch nova_host_aggregate from git (bsc#1105503) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-193=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-193=1 Package List: - SUSE OpenStack Cloud 8 (noarch): python-ardana-packager-0.0.3-7.3.1 - HPE Helion Openstack 8 (noarch): python-ardana-packager-0.0.3-7.3.1 References: https://bugzilla.suse.com/1105503 From sle-updates at lists.suse.com Mon Jan 28 10:13:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Jan 2019 18:13:29 +0100 (CET) Subject: SUSE-RU-2019:13935-1: moderate: Recommended update for wodim Message-ID: <20190128171329.25A0FFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for wodim ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13935-1 Rating: moderate References: #1100466 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wodim fixes the following issues: - Fixing a crash when option "-T" is used in conjunction with files larger than 4GB. (bsc#1100466) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wodim-13935=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wodim-13935=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wodim-13935=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wodim-devel-1.1.8-3.34.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): cdrkit-cdrtools-compat-1.1.8-3.34.3.1 genisoimage-1.1.8-3.34.3.1 icedax-1.1.8-3.34.3.1 wodim-1.1.8-3.34.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wodim-debuginfo-1.1.8-3.34.3.1 wodim-debugsource-1.1.8-3.34.3.1 References: https://bugzilla.suse.com/1100466 From sle-updates at lists.suse.com Mon Jan 28 10:14:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Jan 2019 18:14:09 +0100 (CET) Subject: SUSE-RU-2019:0183-1: moderate: Recommended update for wodim Message-ID: <20190128171410.0085CFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for wodim ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0183-1 Rating: moderate References: #1100466 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wodim fixes the following issues: - Fixing a crash when option "-T" is used in conjunction with files larger than 4GB. (bsc#1100466) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-183=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-183=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-183=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-183=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-183=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-183=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): cdrkit-devel-static-1.1.11-26.4.1 wodim-debuginfo-1.1.11-26.4.1 wodim-debugsource-1.1.11-26.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): cdrkit-devel-static-1.1.11-26.4.1 wodim-debuginfo-1.1.11-26.4.1 wodim-debugsource-1.1.11-26.4.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): cdrkit-cdrtools-compat-1.1.11-26.4.1 genisoimage-1.1.11-26.4.1 genisoimage-debuginfo-1.1.11-26.4.1 icedax-1.1.11-26.4.1 icedax-debuginfo-1.1.11-26.4.1 wodim-1.1.11-26.4.1 wodim-debuginfo-1.1.11-26.4.1 wodim-debugsource-1.1.11-26.4.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cdrkit-cdrtools-compat-1.1.11-26.4.1 genisoimage-1.1.11-26.4.1 genisoimage-debuginfo-1.1.11-26.4.1 icedax-1.1.11-26.4.1 icedax-debuginfo-1.1.11-26.4.1 wodim-1.1.11-26.4.1 wodim-debuginfo-1.1.11-26.4.1 wodim-debugsource-1.1.11-26.4.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): cdrkit-cdrtools-compat-1.1.11-26.4.1 genisoimage-1.1.11-26.4.1 genisoimage-debuginfo-1.1.11-26.4.1 icedax-1.1.11-26.4.1 icedax-debuginfo-1.1.11-26.4.1 wodim-1.1.11-26.4.1 wodim-debuginfo-1.1.11-26.4.1 wodim-debugsource-1.1.11-26.4.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cdrkit-cdrtools-compat-1.1.11-26.4.1 genisoimage-1.1.11-26.4.1 genisoimage-debuginfo-1.1.11-26.4.1 icedax-1.1.11-26.4.1 icedax-debuginfo-1.1.11-26.4.1 wodim-1.1.11-26.4.1 wodim-debuginfo-1.1.11-26.4.1 wodim-debugsource-1.1.11-26.4.1 References: https://bugzilla.suse.com/1100466 From sle-updates at lists.suse.com Mon Jan 28 10:15:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Jan 2019 18:15:14 +0100 (CET) Subject: SUSE-RU-2019:0191-1: moderate: Recommended update for openssl-ibmca Message-ID: <20190128171514.4C578FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-ibmca ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0191-1 Rating: moderate References: #1117897 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-ibmca provides the following fix: - Prefer rsa-crt over rsa-me when possible. (bsc#1117897) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-191=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (s390x): openssl-ibmca-2.0.0-3.3.1 openssl-ibmca-32bit-2.0.0-3.3.1 openssl-ibmca-debuginfo-2.0.0-3.3.1 openssl-ibmca-debuginfo-32bit-2.0.0-3.3.1 openssl-ibmca-debugsource-2.0.0-3.3.1 References: https://bugzilla.suse.com/1117897 From sle-updates at lists.suse.com Mon Jan 28 10:15:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Jan 2019 18:15:51 +0100 (CET) Subject: SUSE-RU-2019:0190-1: moderate: Recommended update for smt Message-ID: <20190128171551.65AC4FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0190-1 Rating: moderate References: #1117190 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for smt provides the following fix: - Truncate patch summary to 512 characters. (bsc#1117190) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-190=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-190=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-190=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-190=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-190=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-190=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-190=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-190=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-190=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): res-signingkeys-3.0.39-52.29.1 smt-3.0.39-52.29.1 smt-debuginfo-3.0.39-52.29.1 smt-debugsource-3.0.39-52.29.1 smt-support-3.0.39-52.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): res-signingkeys-3.0.39-52.29.1 smt-3.0.39-52.29.1 smt-debuginfo-3.0.39-52.29.1 smt-debugsource-3.0.39-52.29.1 smt-support-3.0.39-52.29.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): res-signingkeys-3.0.39-52.29.1 smt-3.0.39-52.29.1 smt-debuginfo-3.0.39-52.29.1 smt-debugsource-3.0.39-52.29.1 smt-support-3.0.39-52.29.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): res-signingkeys-3.0.39-52.29.1 smt-3.0.39-52.29.1 smt-debuginfo-3.0.39-52.29.1 smt-debugsource-3.0.39-52.29.1 smt-support-3.0.39-52.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): res-signingkeys-3.0.39-52.29.1 smt-3.0.39-52.29.1 smt-debuginfo-3.0.39-52.29.1 smt-debugsource-3.0.39-52.29.1 smt-support-3.0.39-52.29.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): res-signingkeys-3.0.39-52.29.1 smt-3.0.39-52.29.1 smt-debuginfo-3.0.39-52.29.1 smt-debugsource-3.0.39-52.29.1 smt-support-3.0.39-52.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): res-signingkeys-3.0.39-52.29.1 smt-3.0.39-52.29.1 smt-debuginfo-3.0.39-52.29.1 smt-debugsource-3.0.39-52.29.1 smt-support-3.0.39-52.29.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): smt-ha-3.0.39-52.29.1 - SUSE Enterprise Storage 4 (x86_64): res-signingkeys-3.0.39-52.29.1 smt-3.0.39-52.29.1 smt-debuginfo-3.0.39-52.29.1 smt-debugsource-3.0.39-52.29.1 smt-support-3.0.39-52.29.1 References: https://bugzilla.suse.com/1117190 From sle-updates at lists.suse.com Tue Jan 29 10:09:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Jan 2019 18:09:27 +0100 (CET) Subject: SUSE-SU-2019:0196-1: important: Security update for the Linux Kernel Message-ID: <20190129170927.408D3FFD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0196-1 Rating: important References: #1024718 #1046299 #1050242 #1050244 #1051510 #1055121 #1055186 #1058115 #1060463 #1065729 #1078248 #1079935 #1082387 #1083647 #1086282 #1086283 #1086423 #1087084 #1087978 #1088386 #1090888 #1091405 #1094244 #1097593 #1102875 #1102877 #1102879 #1102882 #1102896 #1103257 #1104353 #1104427 #1104967 #1105168 #1106105 #1106110 #1106615 #1106913 #1108270 #1109272 #1110558 #1111188 #1111469 #1111696 #1111795 #1112128 #1113722 #1114648 #1114871 #1116040 #1116336 #1116803 #1116841 #1117115 #1117162 #1117165 #1117186 #1117561 #1117656 #1117953 #1118215 #1118319 #1118428 #1118484 #1118505 #1118752 #1118760 #1118761 #1118762 #1118766 #1118767 #1118768 #1118769 #1118771 #1118772 #1118773 #1118774 #1118775 #1118787 #1118788 #1118798 #1118809 #1118962 #1119017 #1119086 #1119212 #1119322 #1119410 #1119714 #1119749 #1119804 #1119946 #1119962 #1119968 #1120036 #1120046 #1120053 #1120054 #1120055 #1120058 #1120088 #1120092 #1120094 #1120096 #1120097 #1120173 #1120214 #1120223 #1120228 #1120230 #1120232 #1120234 #1120235 #1120238 #1120594 #1120598 #1120600 #1120601 #1120602 #1120603 #1120604 #1120606 #1120612 #1120613 #1120614 #1120615 #1120616 #1120617 #1120618 #1120620 #1120621 #1120632 #1120633 #1120743 #1120954 #1121017 #1121058 #1121263 #1121273 #1121477 #1121483 #1121599 #1121621 #1121714 #1121715 #1121973 Cross-References: CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18397 CVE-2018-19407 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 136 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - acpi / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115). - acpi / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510). - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510). - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510). - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - alsa: hda/tegra: clear pending irq handlers (bsc#1051510). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: trident: Suppress gcc string warning (bsc#1051510). - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - b43: Fix error in cordic routine (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - Blacklist 5182f26f6f74 crypto: ccp - Make function sev_get_firmware() static - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block/swim: Fix array bounds check (Git-fixes). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: use per htab salt for bucket hash (git-fixes). - btrfs: Always try all copies when reading extent buffers (git-fixes). - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: fix fsync of files with multiple hard links in new directories (1120173). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - btrfs: get rid of unused orphan infrastructure (bsc#1111469). - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - btrfs: stop creating orphan items for truncate (bsc#1111469). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable "ret" in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix "compatible" prop description (git-fixes). - dt-bindings: pwm: Update STM32 timers clock names (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787). - firmware: add firmware_request_nowarn() - load firmware without warnings (). - Fix tracing sample code warning (git-fixes). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - hid: Add quirk for Primax PIXART OEM mice (bsc#1119410). - hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi protect hnae_ae_ops (bsc#1104353). - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h (Git-fixes). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix "noreturn" detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - pci: Add ACS quirk for Ampere root ports (bsc#1120058). - pci: Add ACS quirk for APM X-Gene devices (bsc#1120058). - pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - pci: Export pcie_has_flr() (bsc#1120058). - pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - perf tools: Fix tracing_path_mount proper path (git-fixes). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - reset: remove remaining WARN_ON() in (Git-fixes). - Revert commit ef9209b642f "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c" (bsc#1051510). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1051510). - Revert "scsi: lpfc: ls_rjt erroneus FLOGIs" (bsc#1119322). - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - soc: bcm2835: sync firmware properties with downstream () - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - Tools: hv: Fix a bug in the key delete code (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename "trywlock" into "trywrlock" (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype. - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27" Apple Cinema Display (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/pci: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/pci: Add "pci=big_root_window" option for AMD 64-bit windows (bsc#1120058). - x86/pci: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/pci: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/pci: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/pci: Enable AMD 64-bit window on resume (bsc#1120058). - x86/pci: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/pci: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/pci: Move VMD quirk to x86 fixups (bsc#1120058). - x86/pci: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/pci: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - xen/netfront: tolerate frags with no data (bnc#1119804). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-196=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_6-default-1-6.3.1 References: https://www.suse.com/security/cve/CVE-2018-12232.html https://www.suse.com/security/cve/CVE-2018-14625.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-18397.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19854.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1046299 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086423 https://bugzilla.suse.com/1087084 https://bugzilla.suse.com/1087978 https://bugzilla.suse.com/1088386 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097593 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1105168 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106615 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1108270 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1110558 https://bugzilla.suse.com/1111188 https://bugzilla.suse.com/1111469 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1111795 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1116040 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116803 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1117115 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1117656 https://bugzilla.suse.com/1117953 https://bugzilla.suse.com/1118215 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118428 https://bugzilla.suse.com/1118484 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118752 https://bugzilla.suse.com/1118760 https://bugzilla.suse.com/1118761 https://bugzilla.suse.com/1118762 https://bugzilla.suse.com/1118766 https://bugzilla.suse.com/1118767 https://bugzilla.suse.com/1118768 https://bugzilla.suse.com/1118769 https://bugzilla.suse.com/1118771 https://bugzilla.suse.com/1118772 https://bugzilla.suse.com/1118773 https://bugzilla.suse.com/1118774 https://bugzilla.suse.com/1118775 https://bugzilla.suse.com/1118787 https://bugzilla.suse.com/1118788 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118809 https://bugzilla.suse.com/1118962 https://bugzilla.suse.com/1119017 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119212 https://bugzilla.suse.com/1119322 https://bugzilla.suse.com/1119410 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119749 https://bugzilla.suse.com/1119804 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119962 https://bugzilla.suse.com/1119968 https://bugzilla.suse.com/1120036 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120053 https://bugzilla.suse.com/1120054 https://bugzilla.suse.com/1120055 https://bugzilla.suse.com/1120058 https://bugzilla.suse.com/1120088 https://bugzilla.suse.com/1120092 https://bugzilla.suse.com/1120094 https://bugzilla.suse.com/1120096 https://bugzilla.suse.com/1120097 https://bugzilla.suse.com/1120173 https://bugzilla.suse.com/1120214 https://bugzilla.suse.com/1120223 https://bugzilla.suse.com/1120228 https://bugzilla.suse.com/1120230 https://bugzilla.suse.com/1120232 https://bugzilla.suse.com/1120234 https://bugzilla.suse.com/1120235 https://bugzilla.suse.com/1120238 https://bugzilla.suse.com/1120594 https://bugzilla.suse.com/1120598 https://bugzilla.suse.com/1120600 https://bugzilla.suse.com/1120601 https://bugzilla.suse.com/1120602 https://bugzilla.suse.com/1120603 https://bugzilla.suse.com/1120604 https://bugzilla.suse.com/1120606 https://bugzilla.suse.com/1120612 https://bugzilla.suse.com/1120613 https://bugzilla.suse.com/1120614 https://bugzilla.suse.com/1120615 https://bugzilla.suse.com/1120616 https://bugzilla.suse.com/1120617 https://bugzilla.suse.com/1120618 https://bugzilla.suse.com/1120620 https://bugzilla.suse.com/1120621 https://bugzilla.suse.com/1120632 https://bugzilla.suse.com/1120633 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120954 https://bugzilla.suse.com/1121017 https://bugzilla.suse.com/1121058 https://bugzilla.suse.com/1121263 https://bugzilla.suse.com/1121273 https://bugzilla.suse.com/1121477 https://bugzilla.suse.com/1121483 https://bugzilla.suse.com/1121599 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1121714 https://bugzilla.suse.com/1121715 https://bugzilla.suse.com/1121973 From sle-updates at lists.suse.com Tue Jan 29 10:39:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Jan 2019 18:39:31 +0100 (CET) Subject: SUSE-SU-2019:13937-1: important: Security update for the Linux Kernel Message-ID: <20190129173931.7D929FFD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13937-1 Rating: important References: #1031240 #1039803 #1066674 #1071021 #1094186 #1094825 #1104070 #1104366 #1104367 #1107189 #1108498 #1109200 #1113201 #1113751 #1113769 #1114920 #1115007 #1115038 #1116412 #1116841 #1117515 #1118152 #1118319 #1119255 #1119714 #1120743 #905299 #936875 #968018 #990682 Cross-References: CVE-2017-1000407 CVE-2017-16533 CVE-2017-7273 CVE-2018-18281 CVE-2018-18386 CVE-2018-18710 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9516 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 18 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1108498). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). - CVE-2017-1000407: Fixed a denial of service, which was caused by flooding the diagnostic port 0x80 an exception leading to a kernel panic (bnc#1071021). The following non-security bugs were fixed: - ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018, bsc#1104366). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#1119255). - Drivers: scsi: storvsc: Change the limits to reflect the values on the host (bug#1107189). - drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure (bug#1107189). - Drivers: scsi: storvsc: Filter commands based on the storage protocol version (bug#1107189). - Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version (bug#1107189). - Drivers: scsi: storvsc: Implement a eh_timed_out handler (bug#1107189). - Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by the Host (bug#1107189). - drivers: scsi: storvsc: Set srb_flags in all cases (bug#1107189). - EHCI: improved logic for isochronous scheduling (bsc#1117515). - ipv4: remove the unnecessary variable in udp_mcast_next (bsc#1104070). - KEYS: prevent creating a different user's keyrings (bnc#1094186). - KVM: x86: Fix the duplicate failure path handling in vmx_init (bsc#1104367). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#1116412). - MM/vmscan.c: avoid throttling reclaim for loop-back nfsd threads (bsc#1116412). - net/ipv6/udp: Fix ipv6 multicast socket filter regression (bsc#1104070). - NFS: avoid deadlocks with loop-back mounted NFS filesystems (bsc#1116412). - NFS: avoid waiting at all in nfs_release_page when congested (bsc#1116412). - NFS: Do not write enable new pages while an invalidation is proceeding (bsc#1116412). - NFS: Fix a regression in the read() syscall (bsc#1116412). - NFS: Fix races in nfs_revalidate_mapping (bsc#1116412). - NFS: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#1116412). - NFS: Fix writeback performance issue on cache invalidation (bsc#1116412). - reiserfs: do not preallocate blocks for extended attributes (bsc#990682). - reiserfs: fix race in readdir (bsc#1039803). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#1119255). - scsi: storvsc: Always send on the selected outgoing channel (bug#1107189). - scsi: storvsc: Do not assume that the scatterlist is not chained (bug#1107189). - scsi: storvsc: Fix a bug in copy_from_bounce_buffer() (bug#1107189). - scsi: storvsc: Increase the ring buffer size (bug#1107189). - scsi: storvsc: Size the queue depth based on the ringbuffer size (bug#1107189). - storvsc: fix a bug in storvsc limits (bug#1107189). - storvsc: force discovery of LUNs that may have been removed (bug#1107189). - storvsc: get rid of overly verbose warning messages (bug#1107189). - storvsc: in responce to a scan event, scan the host (bug#1107189). - storvsc: Set the SRB flags correctly when no data transfer is needed (bug#1107189). - udp: ipv4: Add udp early demux (bsc#1104070). - udp: restore UDPlite many-cast delivery (bsc#1104070). - udp: Simplify __udp*_lib_mcast_deliver (bsc#1104070). - udp: Use hash2 for long hash1 chains in __udp*_lib_mcast_deliver (bsc#1104070). - USB: EHCI: add new root-hub state: STOPPING (bsc#1117515). - USB: EHCI: add pointer to end of async-unlink list (bsc#1117515). - USB: EHCI: add symbolic constants for QHs (bsc#1117515). - USB: EHCI: always scan each interrupt QH (bsc#1117515). - USB: EHCI: do not lose events during a scan (bsc#1117515). - USB: EHCI: do not refcount iso_stream structures (bsc#1117515). - USB: EHCI: do not refcount QHs (bsc#1117515). - USB: EHCI: fix initialization bug in iso_stream_schedule() (bsc#1117515). - USB: EHCI: fix up locking (bsc#1117515). - USB: EHCI: initialize data before resetting hardware (bsc#1117515). - USB: EHCI: introduce high-res timer (bsc#1117515). - USB: EHCI: remove PS3 status polling (bsc#1117515). - USB: EHCI: remove unneeded suspend/resume code (bsc#1117515). - USB: EHCI: rename "reclaim" (bsc#1117515). - USB: EHCI: resolve some unlikely races (bsc#1117515). - USB: EHCI: return void instead of 0 (bsc#1117515). - USB: EHCI: simplify isochronous scanning (bsc#1117515). - USB: EHCI: unlink multiple async QHs together (bsc#1117515). - USB: EHCI: use hrtimer for async schedule (bsc#1117515). - USB: EHCI: use hrtimer for controller death (bsc#1117515). - USB: EHCI: use hrtimer for interrupt QH unlink (bsc#1117515). - USB: EHCI: use hrtimer for (s)iTD deallocation (bsc#1117515). - USB: EHCI: use hrtimer for the IAA watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the I/O watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the periodic schedule (bsc#1117515). - USB: EHCI: use hrtimer for unlinking empty async QHs (bsc#1117515). - XFS: do not BUG() on mixed direct and mapped I/O (bsc#1114920). - XFS: stop searching for free slots in an inode chunk when there are none (bsc#1115007). - XFS: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-20190123-13937=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20190123-13937=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-20190123-13937=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-20190123-13937=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.106.59.1 kernel-default-base-3.0.101-0.47.106.59.1 kernel-default-devel-3.0.101-0.47.106.59.1 kernel-source-3.0.101-0.47.106.59.1 kernel-syms-3.0.101-0.47.106.59.1 kernel-trace-3.0.101-0.47.106.59.1 kernel-trace-base-3.0.101-0.47.106.59.1 kernel-trace-devel-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.106.59.1 kernel-ec2-base-3.0.101-0.47.106.59.1 kernel-ec2-devel-3.0.101-0.47.106.59.1 kernel-xen-3.0.101-0.47.106.59.1 kernel-xen-base-3.0.101-0.47.106.59.1 kernel-xen-devel-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.106.59.1 kernel-bigsmp-base-3.0.101-0.47.106.59.1 kernel-bigsmp-devel-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.106.59.1 kernel-pae-base-3.0.101-0.47.106.59.1 kernel-pae-devel-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.106.59.1 kernel-trace-extra-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.106.59.1 kernel-default-base-3.0.101-0.47.106.59.1 kernel-default-devel-3.0.101-0.47.106.59.1 kernel-ec2-3.0.101-0.47.106.59.1 kernel-ec2-base-3.0.101-0.47.106.59.1 kernel-ec2-devel-3.0.101-0.47.106.59.1 kernel-pae-3.0.101-0.47.106.59.1 kernel-pae-base-3.0.101-0.47.106.59.1 kernel-pae-devel-3.0.101-0.47.106.59.1 kernel-source-3.0.101-0.47.106.59.1 kernel-syms-3.0.101-0.47.106.59.1 kernel-trace-3.0.101-0.47.106.59.1 kernel-trace-base-3.0.101-0.47.106.59.1 kernel-trace-devel-3.0.101-0.47.106.59.1 kernel-xen-3.0.101-0.47.106.59.1 kernel-xen-base-3.0.101-0.47.106.59.1 kernel-xen-devel-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.106.59.1 kernel-default-debugsource-3.0.101-0.47.106.59.1 kernel-trace-debuginfo-3.0.101-0.47.106.59.1 kernel-trace-debugsource-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.106.59.1 kernel-ec2-debugsource-3.0.101-0.47.106.59.1 kernel-xen-debuginfo-3.0.101-0.47.106.59.1 kernel-xen-debugsource-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.106.59.1 kernel-bigsmp-debugsource-3.0.101-0.47.106.59.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.106.59.1 kernel-pae-debugsource-3.0.101-0.47.106.59.1 References: https://www.suse.com/security/cve/CVE-2017-1000407.html https://www.suse.com/security/cve/CVE-2017-16533.html https://www.suse.com/security/cve/CVE-2017-7273.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18386.html https://www.suse.com/security/cve/CVE-2018-18710.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9516.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1031240 https://bugzilla.suse.com/1039803 https://bugzilla.suse.com/1066674 https://bugzilla.suse.com/1071021 https://bugzilla.suse.com/1094186 https://bugzilla.suse.com/1094825 https://bugzilla.suse.com/1104070 https://bugzilla.suse.com/1104366 https://bugzilla.suse.com/1104367 https://bugzilla.suse.com/1107189 https://bugzilla.suse.com/1108498 https://bugzilla.suse.com/1109200 https://bugzilla.suse.com/1113201 https://bugzilla.suse.com/1113751 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1114920 https://bugzilla.suse.com/1115007 https://bugzilla.suse.com/1115038 https://bugzilla.suse.com/1116412 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1117515 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1119255 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/905299 https://bugzilla.suse.com/936875 https://bugzilla.suse.com/968018 https://bugzilla.suse.com/990682 From sle-updates at lists.suse.com Tue Jan 29 10:45:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Jan 2019 18:45:43 +0100 (CET) Subject: SUSE-SU-2019:0197-1: moderate: Security update for openssl-1_1 Message-ID: <20190129174543.094DCFFE1@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0197-1 Rating: moderate References: #1117951 #1118913 Cross-References: CVE-2018-0737 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openssl-1_1 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - Fix FIPS RSA generator (bsc#1118913) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-197=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-197=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): openssl-1_1-doc-1.1.0i-4.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-4.18.1 libopenssl1_1-1.1.0i-4.18.1 libopenssl1_1-debuginfo-1.1.0i-4.18.1 libopenssl1_1-hmac-1.1.0i-4.18.1 openssl-1_1-1.1.0i-4.18.1 openssl-1_1-debuginfo-1.1.0i-4.18.1 openssl-1_1-debugsource-1.1.0i-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libopenssl1_1-32bit-1.1.0i-4.18.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.18.1 libopenssl1_1-hmac-32bit-1.1.0i-4.18.1 References: https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1118913 From sle-updates at lists.suse.com Tue Jan 29 10:46:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Jan 2019 18:46:34 +0100 (CET) Subject: SUSE-RU-2019:0198-1: moderate: Recommended update for llvm6, jsoncpp Message-ID: <20190129174634.40CCDFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for llvm6, jsoncpp ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0198-1 Rating: moderate References: #1112730 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for llvm6, jsoncpp provides the following fixes: Changes in llvm6: - Make sure opt-viewer installed in /usr/bin can find resources from /usr/share/opt-viewer. (bsc#1112730) - Make sure llvm6-polly will not conflict with future llvm7-polly. - Add direct conflict between llvm6-polly-devel and future llvm7-polly-devel to prevent false reports of file conflicts. Changes in jsoncpp: - No change rebuild to get libjsoncpp1 released to SDK 12-SP4. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-198=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-198=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-198=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libLTO6-6.0.0-2.3.2 libLTO6-debuginfo-6.0.0-2.3.2 libjsoncpp1-1.6.5-3.2.1 libjsoncpp1-debuginfo-1.6.5-3.2.1 llvm6-6.0.0-2.3.2 llvm6-LTO-devel-6.0.0-2.3.2 llvm6-debuginfo-6.0.0-2.3.2 llvm6-debugsource-6.0.0-2.3.2 llvm6-devel-6.0.0-2.3.2 llvm6-devel-debuginfo-6.0.0-2.3.2 llvm6-gold-6.0.0-2.3.2 llvm6-gold-debuginfo-6.0.0-2.3.2 llvm6-polly-6.0.0-2.3.2 llvm6-polly-debuginfo-6.0.0-2.3.2 llvm6-polly-devel-6.0.0-2.3.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libLLVM6-6.0.0-2.3.2 libLLVM6-debuginfo-6.0.0-2.3.2 llvm6-debuginfo-6.0.0-2.3.2 llvm6-debugsource-6.0.0-2.3.2 - SUSE Linux Enterprise Server 12-SP4 (x86_64): libLLVM6-32bit-6.0.0-2.3.2 libLLVM6-debuginfo-32bit-6.0.0-2.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libLLVM6-32bit-6.0.0-2.3.2 libLLVM6-6.0.0-2.3.2 libLLVM6-debuginfo-32bit-6.0.0-2.3.2 libLLVM6-debuginfo-6.0.0-2.3.2 llvm6-debuginfo-6.0.0-2.3.2 llvm6-debugsource-6.0.0-2.3.2 References: https://bugzilla.suse.com/1112730 From sle-updates at lists.suse.com Tue Jan 29 10:47:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Jan 2019 18:47:12 +0100 (CET) Subject: SUSE-SU-2019:0196-1: important: Security update for the Linux Kernel Message-ID: <20190129174712.4A26BFFD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0196-1 Rating: important References: #1024718 #1046299 #1050242 #1050244 #1051510 #1055121 #1055186 #1058115 #1060463 #1065729 #1078248 #1079935 #1082387 #1083647 #1086282 #1086283 #1086423 #1087084 #1087978 #1088386 #1090888 #1091405 #1094244 #1097593 #1102875 #1102877 #1102879 #1102882 #1102896 #1103257 #1104353 #1104427 #1104967 #1105168 #1106105 #1106110 #1106615 #1106913 #1108270 #1109272 #1110558 #1111188 #1111469 #1111696 #1111795 #1112128 #1113722 #1114648 #1114871 #1116040 #1116336 #1116803 #1116841 #1117115 #1117162 #1117165 #1117186 #1117561 #1117656 #1117953 #1118215 #1118319 #1118428 #1118484 #1118505 #1118752 #1118760 #1118761 #1118762 #1118766 #1118767 #1118768 #1118769 #1118771 #1118772 #1118773 #1118774 #1118775 #1118787 #1118788 #1118798 #1118809 #1118962 #1119017 #1119086 #1119212 #1119322 #1119410 #1119714 #1119749 #1119804 #1119946 #1119962 #1119968 #1120036 #1120046 #1120053 #1120054 #1120055 #1120058 #1120088 #1120092 #1120094 #1120096 #1120097 #1120173 #1120214 #1120223 #1120228 #1120230 #1120232 #1120234 #1120235 #1120238 #1120594 #1120598 #1120600 #1120601 #1120602 #1120603 #1120604 #1120606 #1120612 #1120613 #1120614 #1120615 #1120616 #1120617 #1120618 #1120620 #1120621 #1120632 #1120633 #1120743 #1120954 #1121017 #1121058 #1121263 #1121273 #1121477 #1121483 #1121599 #1121621 #1121714 #1121715 #1121973 Cross-References: CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18397 CVE-2018-19407 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 136 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - acpi / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115). - acpi / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510). - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510). - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510). - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - alsa: hda/tegra: clear pending irq handlers (bsc#1051510). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: trident: Suppress gcc string warning (bsc#1051510). - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - b43: Fix error in cordic routine (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - Blacklist 5182f26f6f74 crypto: ccp - Make function sev_get_firmware() static - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block/swim: Fix array bounds check (Git-fixes). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: use per htab salt for bucket hash (git-fixes). - btrfs: Always try all copies when reading extent buffers (git-fixes). - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: fix fsync of files with multiple hard links in new directories (1120173). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - btrfs: get rid of unused orphan infrastructure (bsc#1111469). - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - btrfs: stop creating orphan items for truncate (bsc#1111469). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable "ret" in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix "compatible" prop description (git-fixes). - dt-bindings: pwm: Update STM32 timers clock names (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787). - firmware: add firmware_request_nowarn() - load firmware without warnings (). - Fix tracing sample code warning (git-fixes). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - hid: Add quirk for Primax PIXART OEM mice (bsc#1119410). - hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi protect hnae_ae_ops (bsc#1104353). - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h (Git-fixes). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix "noreturn" detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - pci: Add ACS quirk for Ampere root ports (bsc#1120058). - pci: Add ACS quirk for APM X-Gene devices (bsc#1120058). - pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - pci: Export pcie_has_flr() (bsc#1120058). - pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - perf tools: Fix tracing_path_mount proper path (git-fixes). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - reset: remove remaining WARN_ON() in (Git-fixes). - Revert commit ef9209b642f "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c" (bsc#1051510). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1051510). - Revert "scsi: lpfc: ls_rjt erroneus FLOGIs" (bsc#1119322). - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - soc: bcm2835: sync firmware properties with downstream () - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - Tools: hv: Fix a bug in the key delete code (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename "trywlock" into "trywrlock" (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype. - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27" Apple Cinema Display (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/pci: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/pci: Add "pci=big_root_window" option for AMD 64-bit windows (bsc#1120058). - x86/pci: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/pci: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/pci: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/pci: Enable AMD 64-bit window on resume (bsc#1120058). - x86/pci: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/pci: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/pci: Move VMD quirk to x86 fixups (bsc#1120058). - x86/pci: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/pci: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - xen/netfront: tolerate frags with no data (bnc#1119804). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-196=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-196=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-196=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-196=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-196=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-196=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.6.1 kernel-default-debugsource-4.12.14-95.6.1 kernel-default-extra-4.12.14-95.6.1 kernel-default-extra-debuginfo-4.12.14-95.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.6.1 kernel-obs-build-debugsource-4.12.14-95.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.6.1 kernel-default-base-4.12.14-95.6.1 kernel-default-base-debuginfo-4.12.14-95.6.1 kernel-default-debuginfo-4.12.14-95.6.1 kernel-default-debugsource-4.12.14-95.6.1 kernel-default-devel-4.12.14-95.6.1 kernel-syms-4.12.14-95.6.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.6.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.6.1 kernel-macros-4.12.14-95.6.1 kernel-source-4.12.14-95.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.6.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_6-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.6.1 cluster-md-kmp-default-debuginfo-4.12.14-95.6.1 dlm-kmp-default-4.12.14-95.6.1 dlm-kmp-default-debuginfo-4.12.14-95.6.1 gfs2-kmp-default-4.12.14-95.6.1 gfs2-kmp-default-debuginfo-4.12.14-95.6.1 kernel-default-debuginfo-4.12.14-95.6.1 kernel-default-debugsource-4.12.14-95.6.1 ocfs2-kmp-default-4.12.14-95.6.1 ocfs2-kmp-default-debuginfo-4.12.14-95.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.6.1 kernel-default-debuginfo-4.12.14-95.6.1 kernel-default-debugsource-4.12.14-95.6.1 kernel-default-devel-4.12.14-95.6.1 kernel-default-devel-debuginfo-4.12.14-95.6.1 kernel-default-extra-4.12.14-95.6.1 kernel-default-extra-debuginfo-4.12.14-95.6.1 kernel-syms-4.12.14-95.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.6.1 kernel-macros-4.12.14-95.6.1 kernel-source-4.12.14-95.6.1 References: https://www.suse.com/security/cve/CVE-2018-12232.html https://www.suse.com/security/cve/CVE-2018-14625.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-18397.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19854.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1046299 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086423 https://bugzilla.suse.com/1087084 https://bugzilla.suse.com/1087978 https://bugzilla.suse.com/1088386 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097593 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1105168 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106615 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1108270 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1110558 https://bugzilla.suse.com/1111188 https://bugzilla.suse.com/1111469 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1111795 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1116040 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116803 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1117115 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1117656 https://bugzilla.suse.com/1117953 https://bugzilla.suse.com/1118215 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118428 https://bugzilla.suse.com/1118484 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118752 https://bugzilla.suse.com/1118760 https://bugzilla.suse.com/1118761 https://bugzilla.suse.com/1118762 https://bugzilla.suse.com/1118766 https://bugzilla.suse.com/1118767 https://bugzilla.suse.com/1118768 https://bugzilla.suse.com/1118769 https://bugzilla.suse.com/1118771 https://bugzilla.suse.com/1118772 https://bugzilla.suse.com/1118773 https://bugzilla.suse.com/1118774 https://bugzilla.suse.com/1118775 https://bugzilla.suse.com/1118787 https://bugzilla.suse.com/1118788 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118809 https://bugzilla.suse.com/1118962 https://bugzilla.suse.com/1119017 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119212 https://bugzilla.suse.com/1119322 https://bugzilla.suse.com/1119410 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119749 https://bugzilla.suse.com/1119804 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119962 https://bugzilla.suse.com/1119968 https://bugzilla.suse.com/1120036 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120053 https://bugzilla.suse.com/1120054 https://bugzilla.suse.com/1120055 https://bugzilla.suse.com/1120058 https://bugzilla.suse.com/1120088 https://bugzilla.suse.com/1120092 https://bugzilla.suse.com/1120094 https://bugzilla.suse.com/1120096 https://bugzilla.suse.com/1120097 https://bugzilla.suse.com/1120173 https://bugzilla.suse.com/1120214 https://bugzilla.suse.com/1120223 https://bugzilla.suse.com/1120228 https://bugzilla.suse.com/1120230 https://bugzilla.suse.com/1120232 https://bugzilla.suse.com/1120234 https://bugzilla.suse.com/1120235 https://bugzilla.suse.com/1120238 https://bugzilla.suse.com/1120594 https://bugzilla.suse.com/1120598 https://bugzilla.suse.com/1120600 https://bugzilla.suse.com/1120601 https://bugzilla.suse.com/1120602 https://bugzilla.suse.com/1120603 https://bugzilla.suse.com/1120604 https://bugzilla.suse.com/1120606 https://bugzilla.suse.com/1120612 https://bugzilla.suse.com/1120613 https://bugzilla.suse.com/1120614 https://bugzilla.suse.com/1120615 https://bugzilla.suse.com/1120616 https://bugzilla.suse.com/1120617 https://bugzilla.suse.com/1120618 https://bugzilla.suse.com/1120620 https://bugzilla.suse.com/1120621 https://bugzilla.suse.com/1120632 https://bugzilla.suse.com/1120633 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120954 https://bugzilla.suse.com/1121017 https://bugzilla.suse.com/1121058 https://bugzilla.suse.com/1121263 https://bugzilla.suse.com/1121273 https://bugzilla.suse.com/1121477 https://bugzilla.suse.com/1121483 https://bugzilla.suse.com/1121599 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1121714 https://bugzilla.suse.com/1121715 https://bugzilla.suse.com/1121973 From sle-updates at lists.suse.com Tue Jan 29 11:01:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Jan 2019 19:01:36 +0100 (CET) Subject: SUSE-SU-2019:0195-1: moderate: Security update for subversion Message-ID: <20190129180136.070CBFFD6@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0195-1 Rating: moderate References: #1122842 Cross-References: CVE-2018-11803 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for subversion fixes the following issues: Security issue fixed: - CVE-2018-11803: Fixed a vulnerability that allowed malicious SVN clients to trigger a crash in mod_dav_svn by omitting the root path from a recursive directory listing request (bsc#1122842) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-195=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-195=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-195=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-195=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.0-3.3.1 subversion-debugsource-1.10.0-3.3.1 subversion-server-1.10.0-3.3.1 subversion-server-debuginfo-1.10.0-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.10.0-3.3.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.10.0-3.3.1 subversion-debuginfo-1.10.0-3.3.1 subversion-debugsource-1.10.0-3.3.1 subversion-python-ctypes-1.10.0-3.3.1 subversion-ruby-1.10.0-3.3.1 subversion-ruby-debuginfo-1.10.0-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.0-3.3.1 subversion-debugsource-1.10.0-3.3.1 subversion-perl-1.10.0-3.3.1 subversion-perl-debuginfo-1.10.0-3.3.1 subversion-python-1.10.0-3.3.1 subversion-python-debuginfo-1.10.0-3.3.1 subversion-tools-1.10.0-3.3.1 subversion-tools-debuginfo-1.10.0-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): subversion-bash-completion-1.10.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): subversion-1.10.0-3.3.1 subversion-debuginfo-1.10.0-3.3.1 subversion-debugsource-1.10.0-3.3.1 subversion-devel-1.10.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-11803.html https://bugzilla.suse.com/1122842 From sle-updates at lists.suse.com Tue Jan 29 13:09:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Jan 2019 21:09:03 +0100 (CET) Subject: SUSE-RU-2019:0199-1: moderate: Recommended update for tomcat Message-ID: <20190129200903.D97A2FCBE@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0199-1 Rating: moderate References: #1120745 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tomcat fixes the following issues: - Fixed a bug where tomcat-digest could not be executed. (bsc#1120745) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-199=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-199=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): tomcat-9.0.12-3.15.1 tomcat-admin-webapps-9.0.12-3.15.1 tomcat-el-3_0-api-9.0.12-3.15.1 tomcat-jsp-2_3-api-9.0.12-3.15.1 tomcat-lib-9.0.12-3.15.1 tomcat-servlet-4_0-api-9.0.12-3.15.1 tomcat-webapps-9.0.12-3.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): tomcat-docs-webapp-9.0.12-3.15.1 tomcat-embed-9.0.12-3.15.1 tomcat-javadoc-9.0.12-3.15.1 tomcat-jsvc-9.0.12-3.15.1 References: https://bugzilla.suse.com/1120745 From sle-updates at lists.suse.com Tue Jan 29 16:09:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Jan 2019 00:09:07 +0100 (CET) Subject: SUSE-RU-2019:0207-1: moderate: Recommended update for container-suseconnect Message-ID: <20190129230907.A9578F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for container-suseconnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0207-1 Rating: moderate References: #1119496 Affected Products: SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.0.0 (bsc#1119496): - Added command line interface - Added `ADDITIONAL_MODULES` capability to enable further extension modules during image build and run - Added documentation about how to build docker images on non SLE distributions - Improve documentation to clarify how container-suseconnect works in a Dockerfile - Improve error handling on non SLE hosts - Fix bug which makes container-suseconnect work on SLE15 based distributions Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-207=1 Package List: - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): container-suseconnect-2.0.0-4.3.1 References: https://bugzilla.suse.com/1119496 From sle-updates at lists.suse.com Tue Jan 29 16:09:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Jan 2019 00:09:41 +0100 (CET) Subject: SUSE-RU-2019:0205-1: moderate: Recommended update for yast2-network Message-ID: <20190129230941.36BDEFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0205-1 Rating: moderate References: #1105692 #709176 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-network fixes the following issues: - Fixes an issue where the start mode for nfsroot device was not shown correctly (bsc#1105692) - Hostname aliases were wiped when IP address gets changed (bsc#709176) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-205=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-205=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-network-3.4.2-3.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-network-3.4.2-3.6.1 References: https://bugzilla.suse.com/1105692 https://bugzilla.suse.com/709176 From sle-updates at lists.suse.com Tue Jan 29 16:10:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Jan 2019 00:10:31 +0100 (CET) Subject: SUSE-RU-2019:0201-1: moderate: Recommended update for google-compute-engine Message-ID: <20190129231031.8EBDCFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0201-1 Rating: moderate References: #1119029 #1119110 #1122172 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for google-compute-engine provides the following fixes: - Fixes from version 20181206 (bsc#1119029, bsc#1119110): + Google Compute Engine * Support enabling OS Login two factor authentication. * Improve accounts support for FreeBSD. + Google Compute Engine OS Login * Support OS Login two factor authentication (Alpha). * Improve SELinux support. - Fixes from version 20181023: + Google Compute Engine * Fix: Update sudoer group membership without overriding local groups. - Fixes from version 20181018: + Google Compute Engine * Fix: Remove users from sudoers group on account removal. - Fixes from version 20181011: + Google Compute Engine * Revert: Remove users from sudoers group on account removal. - Fixes from version 20181008: + Google Compute Engine * Remove users from sudoers group on account removal. * Remove gsutil dependency for metadata scripts. - Fixes from version 20180905: + Google Compute Engine * Remove ntp package dependency. * Support Debian 10 Buster. * Restart the network daemon if networking is restarted. * Prevent setup of the default ethernet interface. * Accounts daemon verifies username is 32 characters or less. + Google Compute Engine OS Login * Add user name validation to pam modules. * Return false on failed final load. * Support FreeBSD. * Support Debian 10 Buster. - Fixes from version 20180611: + Google Compute Engine * Prevent IP forwarding daemon log spam. * Make default shell configurable when executing metadata scripts. * Rename distro directory to distro_lib. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-201=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20181206-4.8.1 google-compute-engine-oslogin-debuginfo-20181206-4.8.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): google-compute-engine-init-20181206-4.8.1 References: https://bugzilla.suse.com/1119029 https://bugzilla.suse.com/1119110 https://bugzilla.suse.com/1122172 From sle-updates at lists.suse.com Tue Jan 29 16:11:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Jan 2019 00:11:40 +0100 (CET) Subject: SUSE-RU-2019:0208-1: moderate: Recommended update for sssd Message-ID: <20190129231140.69F2BFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0208-1 Rating: moderate References: #1039567 #1072694 #1101536 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sssd provides the following fixes: - Install /var/lib/sss/mc directory to correct sssd cache invalidation behaviour. (bsc#1039567) - Fix a problem with the caching of groups that could cause lookups to return an incomplete set of groups for some particular users when connecting to a Active Directory domain. (bsc#1072694) - Soften condition for expired entries. (bsc#1101536) - SDAP: Set initgroups expire attribute at the end. (bsc#1101536) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-208=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-208=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libipa_hbac0-1.11.5.1-38.7.1 libipa_hbac0-debuginfo-1.11.5.1-38.7.1 libsss_idmap0-1.11.5.1-38.7.1 libsss_idmap0-debuginfo-1.11.5.1-38.7.1 libsss_sudo-1.11.5.1-38.7.1 libsss_sudo-debuginfo-1.11.5.1-38.7.1 python-sssd-config-1.11.5.1-38.7.1 python-sssd-config-debuginfo-1.11.5.1-38.7.1 sssd-1.11.5.1-38.7.1 sssd-ad-1.11.5.1-38.7.1 sssd-ad-debuginfo-1.11.5.1-38.7.1 sssd-debuginfo-1.11.5.1-38.7.1 sssd-debugsource-1.11.5.1-38.7.1 sssd-ipa-1.11.5.1-38.7.1 sssd-ipa-debuginfo-1.11.5.1-38.7.1 sssd-krb5-1.11.5.1-38.7.1 sssd-krb5-common-1.11.5.1-38.7.1 sssd-krb5-common-debuginfo-1.11.5.1-38.7.1 sssd-krb5-debuginfo-1.11.5.1-38.7.1 sssd-ldap-1.11.5.1-38.7.1 sssd-ldap-debuginfo-1.11.5.1-38.7.1 sssd-proxy-1.11.5.1-38.7.1 sssd-proxy-debuginfo-1.11.5.1-38.7.1 sssd-tools-1.11.5.1-38.7.1 sssd-tools-debuginfo-1.11.5.1-38.7.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): sssd-32bit-1.11.5.1-38.7.1 sssd-debuginfo-32bit-1.11.5.1-38.7.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libipa_hbac0-1.11.5.1-38.7.1 libipa_hbac0-debuginfo-1.11.5.1-38.7.1 libsss_idmap0-1.11.5.1-38.7.1 libsss_idmap0-debuginfo-1.11.5.1-38.7.1 libsss_sudo-1.11.5.1-38.7.1 libsss_sudo-debuginfo-1.11.5.1-38.7.1 python-sssd-config-1.11.5.1-38.7.1 python-sssd-config-debuginfo-1.11.5.1-38.7.1 sssd-1.11.5.1-38.7.1 sssd-ad-1.11.5.1-38.7.1 sssd-ad-debuginfo-1.11.5.1-38.7.1 sssd-debuginfo-1.11.5.1-38.7.1 sssd-debugsource-1.11.5.1-38.7.1 sssd-ipa-1.11.5.1-38.7.1 sssd-ipa-debuginfo-1.11.5.1-38.7.1 sssd-krb5-1.11.5.1-38.7.1 sssd-krb5-common-1.11.5.1-38.7.1 sssd-krb5-common-debuginfo-1.11.5.1-38.7.1 sssd-krb5-debuginfo-1.11.5.1-38.7.1 sssd-ldap-1.11.5.1-38.7.1 sssd-ldap-debuginfo-1.11.5.1-38.7.1 sssd-proxy-1.11.5.1-38.7.1 sssd-proxy-debuginfo-1.11.5.1-38.7.1 sssd-tools-1.11.5.1-38.7.1 sssd-tools-debuginfo-1.11.5.1-38.7.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): sssd-32bit-1.11.5.1-38.7.1 sssd-debuginfo-32bit-1.11.5.1-38.7.1 References: https://bugzilla.suse.com/1039567 https://bugzilla.suse.com/1072694 https://bugzilla.suse.com/1101536 From sle-updates at lists.suse.com Tue Jan 29 16:13:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Jan 2019 00:13:14 +0100 (CET) Subject: SUSE-RU-2019:0203-1: moderate: Recommended update for cfn-lint, python-aws-sam-translator Message-ID: <20190129231314.D87FCFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for cfn-lint, python-aws-sam-translator ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0203-1 Rating: moderate References: #1122669 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cfn-lint, python-aws-sam-translator brings new functionality to the SUSE Linux Enterprise 15 Public Cloud Module: - cfn-lint is included in version 0.12.1. - python-aws-sam-translator is included in version 1.9.0 as dependency of cfn-lint. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-203=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cfn-lint-0.12.1-1.3.1 python3-aws-sam-translator-1.9.0-1.3.1 References: https://bugzilla.suse.com/1122669 From sle-updates at lists.suse.com Tue Jan 29 16:13:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Jan 2019 00:13:51 +0100 (CET) Subject: SUSE-RU-2019:0206-1: moderate: Recommended update for python3-susepubliccloudinfo Message-ID: <20190129231351.A1180FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-susepubliccloudinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0206-1 Rating: moderate References: #1034497 #1089196 #1103684 #1121150 #1121151 #1121617 #943490 #949281 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: python3-susepubliccloudinfo is included in version 1.1.0 (bsc#1121151, bsc#1121150) (FATE#327134) + Support new inactive state + Remove awscvsgen and associated subpackage + Avoid traceback on improper query options + Make request implementation to access pint server usable as library + Fix data output + Add type filter for servers + Remove HP Helion support + Fix exception when the service pack command line option was used + show an error message instead of traceback on connection error + error messages should write to stderr by default + added regex and invert substring filters + fix up permissions on amazon data generation binary + add Amazon data generation + add missing dependency python-requests BSC#949281 + Cross-compatible with Python 2.6 (SLE 11) + Submit to SLE 11 & SLE 12 Public Cloud Modules FATE#319399 BSC#943490 + name filter is case-insensitive + Updated manpage + Include in SLE 12 (FATE#319399) + Resolve a path generation issue https://github.com/SUSE/Enceladus/issues/51 + Added filters Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-206=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python3-docopt-0.6.2-1.3.1 python3-susepubliccloudinfo-1.1.0-1.3.1 References: https://bugzilla.suse.com/1034497 https://bugzilla.suse.com/1089196 https://bugzilla.suse.com/1103684 https://bugzilla.suse.com/1121150 https://bugzilla.suse.com/1121151 https://bugzilla.suse.com/1121617 https://bugzilla.suse.com/943490 https://bugzilla.suse.com/949281 From sle-updates at lists.suse.com Tue Jan 29 16:15:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Jan 2019 00:15:37 +0100 (CET) Subject: SUSE-RU-2019:0204-1: moderate: Recommended update for nodejs10 Message-ID: <20190129231537.22670FCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0204-1 Rating: moderate References: #1112438 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ships NodeJS 10.15.0 to the Web and Scripting modules. (FATE#326776) Release notes can be found: https://nodejs.org/en/blog/release/v10.0.0/ Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-204=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs10-10.15.0-1.3.1 nodejs10-debuginfo-10.15.0-1.3.1 nodejs10-debugsource-10.15.0-1.3.1 nodejs10-devel-10.15.0-1.3.1 npm10-10.15.0-1.3.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs10-docs-10.15.0-1.3.1 References: https://bugzilla.suse.com/1112438 From sle-updates at lists.suse.com Tue Jan 29 16:16:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Jan 2019 00:16:15 +0100 (CET) Subject: SUSE-RU-2019:0202-1: moderate: Recommended update for google-compute-engine Message-ID: <20190129231615.07A1FFCA2@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0202-1 Rating: moderate References: #1119029 #1119110 #1122172 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for google-compute-engine provides the following fixes: - Fixes from version 20181206 (bsc#1119029, bsc#1119110): + Google Compute Engine * Support enabling OS Login two factor authentication. * Improve accounts support for FreeBSD. + Google Compute Engine OS Login * Support OS Login two factor authentication (Alpha). * Improve SELinux support. - Fixes from version 20181023: + Google Compute Engine * Fix: Update sudoer group membership without overriding local groups. - Fixes from version 20181018: + Google Compute Engine * Fix: Remove users from sudoers group on account removal. - Fixes from version 20181011: + Google Compute Engine * Revert: Remove users from sudoers group on account removal. - Fixes from version 20181008: + Google Compute Engine * Remove users from sudoers group on account removal. * Remove gsutil dependency for metadata scripts. - Fixes from version 20180905: + Google Compute Engine * Remove ntp package dependency. * Support Debian 10 Buster. * Restart the network daemon if networking is restarted. * Prevent setup of the default ethernet interface. * Accounts daemon verifies username is 32 characters or less. + Google Compute Engine OS Login * Add user name validation to pam modules. * Return false on failed final load. * Support FreeBSD. * Support Debian 10 Buster. - Fixes from version 20180611: + Google Compute Engine * Prevent IP forwarding daemon log spam. * Make default shell configurable when executing metadata scripts. * Rename distro directory to distro_lib. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-202=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20181206-24.1 google-compute-engine-oslogin-debuginfo-20181206-24.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-compute-engine-init-20181206-24.1 References: https://bugzilla.suse.com/1119029 https://bugzilla.suse.com/1119110 https://bugzilla.suse.com/1122172 From sle-updates at lists.suse.com Thu Jan 31 07:10:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Jan 2019 15:10:12 +0100 (CET) Subject: SUSE-SU-2019:0209-1: important: Security update for rsyslog Message-ID: <20190131141012.A3C15FFD9@maintenance.suse.de> SUSE Security Update: Security update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0209-1 Rating: important References: #1123164 Cross-References: CVE-2018-16881 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsyslog fixes the following issues: Security issue fixed: - CVE-2018-16881: Fixed a denial of service when both the imtcp module and Octet-Counted TCP Framing is enabled (bsc#1123164). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-209=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-209=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-209=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-209=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.19.1 rsyslog-debuginfo-8.24.0-3.19.1 rsyslog-debugsource-8.24.0-3.19.1 rsyslog-diag-tools-8.24.0-3.19.1 rsyslog-diag-tools-debuginfo-8.24.0-3.19.1 rsyslog-doc-8.24.0-3.19.1 rsyslog-module-gssapi-8.24.0-3.19.1 rsyslog-module-gssapi-debuginfo-8.24.0-3.19.1 rsyslog-module-gtls-8.24.0-3.19.1 rsyslog-module-gtls-debuginfo-8.24.0-3.19.1 rsyslog-module-mysql-8.24.0-3.19.1 rsyslog-module-mysql-debuginfo-8.24.0-3.19.1 rsyslog-module-pgsql-8.24.0-3.19.1 rsyslog-module-pgsql-debuginfo-8.24.0-3.19.1 rsyslog-module-relp-8.24.0-3.19.1 rsyslog-module-relp-debuginfo-8.24.0-3.19.1 rsyslog-module-snmp-8.24.0-3.19.1 rsyslog-module-snmp-debuginfo-8.24.0-3.19.1 rsyslog-module-udpspoof-8.24.0-3.19.1 rsyslog-module-udpspoof-debuginfo-8.24.0-3.19.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.19.1 rsyslog-debuginfo-8.24.0-3.19.1 rsyslog-debugsource-8.24.0-3.19.1 rsyslog-diag-tools-8.24.0-3.19.1 rsyslog-diag-tools-debuginfo-8.24.0-3.19.1 rsyslog-doc-8.24.0-3.19.1 rsyslog-module-gssapi-8.24.0-3.19.1 rsyslog-module-gssapi-debuginfo-8.24.0-3.19.1 rsyslog-module-gtls-8.24.0-3.19.1 rsyslog-module-gtls-debuginfo-8.24.0-3.19.1 rsyslog-module-mysql-8.24.0-3.19.1 rsyslog-module-mysql-debuginfo-8.24.0-3.19.1 rsyslog-module-pgsql-8.24.0-3.19.1 rsyslog-module-pgsql-debuginfo-8.24.0-3.19.1 rsyslog-module-relp-8.24.0-3.19.1 rsyslog-module-relp-debuginfo-8.24.0-3.19.1 rsyslog-module-snmp-8.24.0-3.19.1 rsyslog-module-snmp-debuginfo-8.24.0-3.19.1 rsyslog-module-udpspoof-8.24.0-3.19.1 rsyslog-module-udpspoof-debuginfo-8.24.0-3.19.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): rsyslog-8.24.0-3.19.1 rsyslog-debuginfo-8.24.0-3.19.1 rsyslog-debugsource-8.24.0-3.19.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rsyslog-8.24.0-3.19.1 rsyslog-debuginfo-8.24.0-3.19.1 rsyslog-debugsource-8.24.0-3.19.1 - SUSE CaaS Platform ALL (x86_64): rsyslog-8.24.0-3.19.1 rsyslog-debuginfo-8.24.0-3.19.1 rsyslog-debugsource-8.24.0-3.19.1 - SUSE CaaS Platform 3.0 (x86_64): rsyslog-8.24.0-3.19.1 rsyslog-debuginfo-8.24.0-3.19.1 rsyslog-debugsource-8.24.0-3.19.1 References: https://www.suse.com/security/cve/CVE-2018-16881.html https://bugzilla.suse.com/1123164 From sle-updates at lists.suse.com Thu Jan 31 10:09:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Jan 2019 18:09:10 +0100 (CET) Subject: SUSE-RU-2019:13939-1: important: Recommended update for openssh Message-ID: <20190131170910.A3D99FFDF@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13939-1 Rating: important References: #1123028 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - A previously applied security patch unintendedly changed the behavior of OpenSSH's "scp" utility such that server-side brace expansion would no longer be supported. Attempts to copy a set files from a remote machine to the local one by running "scp 'remote:{file-a,file-b}' /tmp" would fail. This change in behavior broke Corosync and, potentially, many user scripts that relied on brace expansion. [bsc#1123028] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssh-13939=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-13939=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-6.6p1-36.15.1 openssh-askpass-gnome-6.6p1-36.15.1 openssh-fips-6.6p1-36.15.1 openssh-helpers-6.6p1-36.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-36.15.1 openssh-debuginfo-6.6p1-36.15.1 openssh-debugsource-6.6p1-36.15.1 References: https://bugzilla.suse.com/1123028 From sle-updates at lists.suse.com Thu Jan 31 10:10:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Jan 2019 18:10:24 +0100 (CET) Subject: SUSE-RU-2019:0212-1: important: Recommended update for openssh Message-ID: <20190131171024.57533FFD9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0212-1 Rating: important References: #1123028 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - A previously applied security patch unintendedly changed the behavior of OpenSSH's "scp" utility such that server-side brace expansion would no longer be supported. Attempts to copy a set files from a remote machine to the local one by running "scp 'remote:{file-a,file-b}' /tmp" would fail. This change in behavior broke Corosync and, potentially, many user scripts that relied on brace expansion. [bsc#1123028] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-212=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-212=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-212=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-212=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-212=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-212=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-212=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-212=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-212=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-212=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): openssh-7.2p2-74.39.1 openssh-askpass-gnome-7.2p2-74.39.1 openssh-askpass-gnome-debuginfo-7.2p2-74.39.1 openssh-debuginfo-7.2p2-74.39.1 openssh-debugsource-7.2p2-74.39.1 openssh-fips-7.2p2-74.39.1 openssh-helpers-7.2p2-74.39.1 openssh-helpers-debuginfo-7.2p2-74.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openssh-7.2p2-74.39.1 openssh-askpass-gnome-7.2p2-74.39.1 openssh-askpass-gnome-debuginfo-7.2p2-74.39.1 openssh-debuginfo-7.2p2-74.39.1 openssh-debugsource-7.2p2-74.39.1 openssh-fips-7.2p2-74.39.1 openssh-helpers-7.2p2-74.39.1 openssh-helpers-debuginfo-7.2p2-74.39.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): openssh-7.2p2-74.39.1 openssh-askpass-gnome-7.2p2-74.39.1 openssh-askpass-gnome-debuginfo-7.2p2-74.39.1 openssh-debuginfo-7.2p2-74.39.1 openssh-debugsource-7.2p2-74.39.1 openssh-fips-7.2p2-74.39.1 openssh-helpers-7.2p2-74.39.1 openssh-helpers-debuginfo-7.2p2-74.39.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openssh-7.2p2-74.39.1 openssh-askpass-gnome-7.2p2-74.39.1 openssh-askpass-gnome-debuginfo-7.2p2-74.39.1 openssh-debuginfo-7.2p2-74.39.1 openssh-debugsource-7.2p2-74.39.1 openssh-fips-7.2p2-74.39.1 openssh-helpers-7.2p2-74.39.1 openssh-helpers-debuginfo-7.2p2-74.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openssh-7.2p2-74.39.1 openssh-askpass-gnome-7.2p2-74.39.1 openssh-askpass-gnome-debuginfo-7.2p2-74.39.1 openssh-debuginfo-7.2p2-74.39.1 openssh-debugsource-7.2p2-74.39.1 openssh-fips-7.2p2-74.39.1 openssh-helpers-7.2p2-74.39.1 openssh-helpers-debuginfo-7.2p2-74.39.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openssh-7.2p2-74.39.1 openssh-askpass-gnome-7.2p2-74.39.1 openssh-askpass-gnome-debuginfo-7.2p2-74.39.1 openssh-debuginfo-7.2p2-74.39.1 openssh-debugsource-7.2p2-74.39.1 openssh-fips-7.2p2-74.39.1 openssh-helpers-7.2p2-74.39.1 openssh-helpers-debuginfo-7.2p2-74.39.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): openssh-7.2p2-74.39.1 openssh-askpass-gnome-7.2p2-74.39.1 openssh-askpass-gnome-debuginfo-7.2p2-74.39.1 openssh-debuginfo-7.2p2-74.39.1 openssh-debugsource-7.2p2-74.39.1 openssh-helpers-7.2p2-74.39.1 openssh-helpers-debuginfo-7.2p2-74.39.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): openssh-7.2p2-74.39.1 openssh-askpass-gnome-7.2p2-74.39.1 openssh-askpass-gnome-debuginfo-7.2p2-74.39.1 openssh-debuginfo-7.2p2-74.39.1 openssh-debugsource-7.2p2-74.39.1 openssh-helpers-7.2p2-74.39.1 openssh-helpers-debuginfo-7.2p2-74.39.1 - SUSE Enterprise Storage 4 (x86_64): openssh-7.2p2-74.39.1 openssh-askpass-gnome-7.2p2-74.39.1 openssh-askpass-gnome-debuginfo-7.2p2-74.39.1 openssh-debuginfo-7.2p2-74.39.1 openssh-debugsource-7.2p2-74.39.1 openssh-fips-7.2p2-74.39.1 openssh-helpers-7.2p2-74.39.1 openssh-helpers-debuginfo-7.2p2-74.39.1 - SUSE CaaS Platform ALL (x86_64): openssh-7.2p2-74.39.1 openssh-debuginfo-7.2p2-74.39.1 openssh-debugsource-7.2p2-74.39.1 - SUSE CaaS Platform 3.0 (x86_64): openssh-7.2p2-74.39.1 openssh-debuginfo-7.2p2-74.39.1 openssh-debugsource-7.2p2-74.39.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): openssh-7.2p2-74.39.1 openssh-debuginfo-7.2p2-74.39.1 openssh-debugsource-7.2p2-74.39.1 References: https://bugzilla.suse.com/1123028 From sle-updates at lists.suse.com Thu Jan 31 10:11:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Jan 2019 18:11:04 +0100 (CET) Subject: SUSE-RU-2019:0211-1: important: Recommended update for openssh Message-ID: <20190131171104.B03CCFFD9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0211-1 Rating: important References: #1123028 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - A previously applied security patch unintendedly changed the behavior of OpenSSH's "scp" utility such that server-side brace expansion would no longer be supported. Attempts to copy a set files from a remote machine to the local one by running "scp 'remote:{file-a,file-b}' /tmp" would fail. This change in behavior broke Corosync and, potentially, many user scripts that relied on brace expansion. [bsc#1123028] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-211=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-211=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-211=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-211=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-7.6p1-9.16.1 openssh-debugsource-7.6p1-9.16.1 openssh-fips-7.6p1-9.16.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openssh-cavs-7.6p1-9.16.1 openssh-cavs-debuginfo-7.6p1-9.16.1 openssh-debuginfo-7.6p1-9.16.1 openssh-debugsource-7.6p1-9.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-7.6p1-9.16.1 openssh-askpass-gnome-debuginfo-7.6p1-9.16.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): openssh-7.6p1-9.16.1 openssh-debuginfo-7.6p1-9.16.1 openssh-debugsource-7.6p1-9.16.1 openssh-helpers-7.6p1-9.16.1 openssh-helpers-debuginfo-7.6p1-9.16.1 References: https://bugzilla.suse.com/1123028 From sle-updates at lists.suse.com Thu Jan 31 10:11:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Jan 2019 18:11:40 +0100 (CET) Subject: SUSE-RU-2019:0213-1: important: Recommended update for openssh Message-ID: <20190131171140.AAFB8FFD9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0213-1 Rating: important References: #1123028 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - A previously applied security patch unintendedly changed the behavior of OpenSSH's "scp" utility such that server-side brace expansion would no longer be supported. Attempts to copy a set files from a remote machine to the local one by running "scp 'remote:{file-a,file-b}' /tmp" would fail. This change in behavior broke Corosync and, potentially, many user scripts that relied on brace expansion. [bsc#1123028] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-213=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-213=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.29.1 openssh-askpass-gnome-6.6p1-54.29.1 openssh-askpass-gnome-debuginfo-6.6p1-54.29.1 openssh-debuginfo-6.6p1-54.29.1 openssh-debugsource-6.6p1-54.29.1 openssh-fips-6.6p1-54.29.1 openssh-helpers-6.6p1-54.29.1 openssh-helpers-debuginfo-6.6p1-54.29.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.29.1 openssh-askpass-gnome-6.6p1-54.29.1 openssh-askpass-gnome-debuginfo-6.6p1-54.29.1 openssh-debuginfo-6.6p1-54.29.1 openssh-debugsource-6.6p1-54.29.1 openssh-fips-6.6p1-54.29.1 openssh-helpers-6.6p1-54.29.1 openssh-helpers-debuginfo-6.6p1-54.29.1 References: https://bugzilla.suse.com/1123028 From sle-updates at lists.suse.com Thu Jan 31 13:09:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Jan 2019 21:09:06 +0100 (CET) Subject: SUSE-SU-2019:0215-1: important: Security update for python3 Message-ID: <20190131200906.6BC4BF34D@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0215-1 Rating: important References: #1120644 #1122191 Cross-References: CVE-2018-20406 CVE-2019-5010 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-215=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-215=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-215=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.5-3.8.1 python3-base-debugsource-3.6.5-3.8.1 python3-testsuite-3.6.5-3.8.1 python3-testsuite-debuginfo-3.6.5-3.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python3-doc-3.6.5-3.8.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.5-3.8.1 python3-base-debugsource-3.6.5-3.8.1 python3-tools-3.6.5-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.5-3.8.1 libpython3_6m1_0-debuginfo-3.6.5-3.8.1 python3-3.6.5-3.8.1 python3-base-3.6.5-3.8.1 python3-base-debuginfo-3.6.5-3.8.1 python3-base-debugsource-3.6.5-3.8.1 python3-curses-3.6.5-3.8.1 python3-curses-debuginfo-3.6.5-3.8.1 python3-dbm-3.6.5-3.8.1 python3-dbm-debuginfo-3.6.5-3.8.1 python3-debuginfo-3.6.5-3.8.1 python3-debugsource-3.6.5-3.8.1 python3-devel-3.6.5-3.8.1 python3-devel-debuginfo-3.6.5-3.8.1 python3-idle-3.6.5-3.8.1 python3-tk-3.6.5-3.8.1 python3-tk-debuginfo-3.6.5-3.8.1 References: https://www.suse.com/security/cve/CVE-2018-20406.html https://www.suse.com/security/cve/CVE-2019-5010.html https://bugzilla.suse.com/1120644 https://bugzilla.suse.com/1122191 From sle-updates at lists.suse.com Thu Jan 31 16:09:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Feb 2019 00:09:04 +0100 (CET) Subject: SUSE-RU-2019:0219-1: moderate: Recommended update for libosinfo, virt-manager Message-ID: <20190131230904.66DD7F34D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libosinfo, virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0219-1 Rating: moderate References: #1054986 #1067018 #1086038 #1086715 #1091113 #1098054 #1102101 #1120523 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for libosinfo, virt-manager provides the following fixes: Fixes in libosinfo: - Add support for SLE-15-SP1 to the database. (bsc#1086715) - Add support for SLE-12-SP4 to the database. (bsc#1102101, bsc#1120523) - Add official release date for SLE-15. Drop 'SLES' and 'SLED' in favor of just 'SLE'. (bsc#1054986) - The osinfo-query and virt-install do not detect CaaS Platform 3.0. (bsc#1098054) - Fix version string for Leap 15. (bsc#1054986) Fixes in virt-manager: - Fix SLE-15 detection because of changes in osinfo-db. (bsc#1054986) - The osinfo-query and virt-install do not detect CaaS Platform 3.0. (bsc#1098054) - Fix the following error reported by virt-install: "No option 'version' in section: 'general'." (bsc#1091113) - Fix a problem that was causing VM guests not to be properly installed with virt-install. (bsc#1086038) - Fix KVM Guest creation when property .cmt is not found. (bsc#1067018) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-219=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-219=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-219=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-219=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-219=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libosinfo-0.3.0-15.9.1 libosinfo-1_0-0-0.3.0-15.9.1 libosinfo-1_0-0-debuginfo-0.3.0-15.9.1 libosinfo-debuginfo-0.3.0-15.9.1 libosinfo-debugsource-0.3.0-15.9.1 typelib-1_0-Libosinfo-1_0-0.3.0-15.9.1 - SUSE OpenStack Cloud 7 (noarch): libosinfo-lang-0.3.0-15.9.1 virt-install-1.4.0-21.9.4 virt-manager-1.4.0-21.9.4 virt-manager-common-1.4.0-21.9.4 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libosinfo-0.3.0-15.9.1 libosinfo-1_0-0-0.3.0-15.9.1 libosinfo-1_0-0-debuginfo-0.3.0-15.9.1 libosinfo-debuginfo-0.3.0-15.9.1 libosinfo-debugsource-0.3.0-15.9.1 typelib-1_0-Libosinfo-1_0-0.3.0-15.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libosinfo-lang-0.3.0-15.9.1 virt-install-1.4.0-21.9.4 virt-manager-1.4.0-21.9.4 virt-manager-common-1.4.0-21.9.4 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libosinfo-0.3.0-15.9.1 libosinfo-1_0-0-0.3.0-15.9.1 libosinfo-1_0-0-debuginfo-0.3.0-15.9.1 libosinfo-debuginfo-0.3.0-15.9.1 libosinfo-debugsource-0.3.0-15.9.1 typelib-1_0-Libosinfo-1_0-0.3.0-15.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libosinfo-lang-0.3.0-15.9.1 virt-install-1.4.0-21.9.4 virt-manager-1.4.0-21.9.4 virt-manager-common-1.4.0-21.9.4 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libosinfo-0.3.0-15.9.1 libosinfo-1_0-0-0.3.0-15.9.1 libosinfo-1_0-0-debuginfo-0.3.0-15.9.1 libosinfo-debuginfo-0.3.0-15.9.1 libosinfo-debugsource-0.3.0-15.9.1 typelib-1_0-Libosinfo-1_0-0.3.0-15.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libosinfo-lang-0.3.0-15.9.1 virt-install-1.4.0-21.9.4 virt-manager-1.4.0-21.9.4 virt-manager-common-1.4.0-21.9.4 - SUSE Enterprise Storage 4 (x86_64): libosinfo-0.3.0-15.9.1 libosinfo-1_0-0-0.3.0-15.9.1 libosinfo-1_0-0-debuginfo-0.3.0-15.9.1 libosinfo-debuginfo-0.3.0-15.9.1 libosinfo-debugsource-0.3.0-15.9.1 typelib-1_0-Libosinfo-1_0-0.3.0-15.9.1 - SUSE Enterprise Storage 4 (noarch): libosinfo-lang-0.3.0-15.9.1 virt-install-1.4.0-21.9.4 virt-manager-1.4.0-21.9.4 virt-manager-common-1.4.0-21.9.4 References: https://bugzilla.suse.com/1054986 https://bugzilla.suse.com/1067018 https://bugzilla.suse.com/1086038 https://bugzilla.suse.com/1086715 https://bugzilla.suse.com/1091113 https://bugzilla.suse.com/1098054 https://bugzilla.suse.com/1102101 https://bugzilla.suse.com/1120523 From sle-updates at lists.suse.com Thu Jan 31 16:11:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Feb 2019 00:11:07 +0100 (CET) Subject: SUSE-RU-2019:0216-1: Recommended update for sssd Message-ID: <20190131231107.D06EFFEBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0216-1 Rating: low References: #1105307 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd provides the following fix: - Ship the sssd-dbus on the product. (bsc#1105307) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-216=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-216=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libnfsidmap-sss-1.16.1-3.8.1 libnfsidmap-sss-debuginfo-1.16.1-3.8.1 python3-ipa_hbac-1.16.1-3.8.1 python3-ipa_hbac-debuginfo-1.16.1-3.8.1 python3-sss-murmur-1.16.1-3.8.1 python3-sss-murmur-debuginfo-1.16.1-3.8.1 python3-sss_nss_idmap-1.16.1-3.8.1 python3-sss_nss_idmap-debuginfo-1.16.1-3.8.1 sssd-dbus-1.16.1-3.8.1 sssd-dbus-debuginfo-1.16.1-3.8.1 sssd-debuginfo-1.16.1-3.8.1 sssd-debugsource-1.16.1-3.8.1 sssd-winbind-idmap-1.16.1-3.8.1 sssd-winbind-idmap-debuginfo-1.16.1-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-3.8.1 libipa_hbac0-1.16.1-3.8.1 libipa_hbac0-debuginfo-1.16.1-3.8.1 libsss_certmap-devel-1.16.1-3.8.1 libsss_certmap0-1.16.1-3.8.1 libsss_certmap0-debuginfo-1.16.1-3.8.1 libsss_idmap-devel-1.16.1-3.8.1 libsss_idmap0-1.16.1-3.8.1 libsss_idmap0-debuginfo-1.16.1-3.8.1 libsss_nss_idmap-devel-1.16.1-3.8.1 libsss_nss_idmap0-1.16.1-3.8.1 libsss_nss_idmap0-debuginfo-1.16.1-3.8.1 libsss_simpleifp-devel-1.16.1-3.8.1 libsss_simpleifp0-1.16.1-3.8.1 libsss_simpleifp0-debuginfo-1.16.1-3.8.1 python3-sssd-config-1.16.1-3.8.1 python3-sssd-config-debuginfo-1.16.1-3.8.1 sssd-1.16.1-3.8.1 sssd-ad-1.16.1-3.8.1 sssd-ad-debuginfo-1.16.1-3.8.1 sssd-dbus-1.16.1-3.8.1 sssd-dbus-debuginfo-1.16.1-3.8.1 sssd-debuginfo-1.16.1-3.8.1 sssd-debugsource-1.16.1-3.8.1 sssd-ipa-1.16.1-3.8.1 sssd-ipa-debuginfo-1.16.1-3.8.1 sssd-krb5-1.16.1-3.8.1 sssd-krb5-common-1.16.1-3.8.1 sssd-krb5-common-debuginfo-1.16.1-3.8.1 sssd-krb5-debuginfo-1.16.1-3.8.1 sssd-ldap-1.16.1-3.8.1 sssd-ldap-debuginfo-1.16.1-3.8.1 sssd-proxy-1.16.1-3.8.1 sssd-proxy-debuginfo-1.16.1-3.8.1 sssd-tools-1.16.1-3.8.1 sssd-tools-debuginfo-1.16.1-3.8.1 sssd-wbclient-1.16.1-3.8.1 sssd-wbclient-debuginfo-1.16.1-3.8.1 sssd-wbclient-devel-1.16.1-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): sssd-32bit-1.16.1-3.8.1 sssd-32bit-debuginfo-1.16.1-3.8.1 References: https://bugzilla.suse.com/1105307 From sle-updates at lists.suse.com Thu Jan 31 16:11:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Feb 2019 00:11:51 +0100 (CET) Subject: SUSE-RU-2019:0218-1: moderate: Recommended update for kmod Message-ID: <20190131231151.3224AF7C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for kmod ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:0218-1 Rating: moderate References: #1118629 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kmod fixes the following issues: - Fix module dependency file corruption on parallel invocation (bsc#1118629). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-218=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-218=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-218=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-218=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kmod-debuginfo-17-9.9.1 kmod-debugsource-17-9.9.1 libkmod-devel-17-9.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kmod-17-9.9.1 kmod-compat-17-9.9.1 kmod-debuginfo-17-9.9.1 kmod-debugsource-17-9.9.1 libkmod2-17-9.9.1 libkmod2-debuginfo-17-9.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kmod-17-9.9.1 kmod-compat-17-9.9.1 kmod-debuginfo-17-9.9.1 kmod-debugsource-17-9.9.1 libkmod2-17-9.9.1 libkmod2-debuginfo-17-9.9.1 - SUSE CaaS Platform ALL (x86_64): kmod-17-9.9.1 kmod-compat-17-9.9.1 kmod-debuginfo-17-9.9.1 kmod-debugsource-17-9.9.1 libkmod2-17-9.9.1 libkmod2-debuginfo-17-9.9.1 - SUSE CaaS Platform 3.0 (x86_64): kmod-17-9.9.1 kmod-compat-17-9.9.1 kmod-debuginfo-17-9.9.1 kmod-debugsource-17-9.9.1 libkmod2-17-9.9.1 libkmod2-debuginfo-17-9.9.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kmod-17-9.9.1 kmod-compat-17-9.9.1 kmod-debuginfo-17-9.9.1 kmod-debugsource-17-9.9.1 libkmod2-17-9.9.1 libkmod2-debuginfo-17-9.9.1 References: https://bugzilla.suse.com/1118629 From sle-updates at lists.suse.com Thu Jan 31 16:12:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Feb 2019 00:12:40 +0100 (CET) Subject: SUSE-RU-2019:13940-1: moderate: Recommended update for php53 Message-ID: <20190131231240.7F51AF7C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for php53 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:13940-1 Rating: moderate References: #824947 #824953 #824954 #824956 #824958 #824959 #824961 #824963 #824972 #824974 #824975 #824976 #824983 #824985 #824989 #824991 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 16 recommended fixes can now be installed. Description: This update for php53 fixes the following issues: * Wrongly called method as callback with inheritance (bsc#824959) * Fixes a bug in stream_get_line() where the delimiter was interpreted incorrectly (bsc#824985) * Fixes a segfault in gc_collect_cycles (bsc#824961) * Sigsegv was raised when Exception::$trace is changed by user (bsc#824963) * Datetime::format('u') was sometimes wrong by 1 microsecond (bsc#824972) * Magic methods were called twice for unset protected properties (bsc#824958) * is_callable() lies for abstract static method (bsc#824956) * get_declared_class() shows now the class alias (bsc#824954) * SplFixedArray[][x] = y raised a segfault when it was extended (bsc#824975) * unset failed with ArrayObject and deep arrays (bsc#824974) * Shutdown functions were not called in a certain error situation (bsc#824953) * parse_ini_file() with INI_SCANNER_RAW removed quotes from value (bsc#824983) * Fixed bug where a segfault was raised on output buffer (bsc#824989) * RecursiveDirectoryIterator always used SKIP_DOTS flag (bsc#824976) * Concatenation of overloaded __toString() magic method did not work properly for extended SplFileInfo class (bsc#824991) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-13940=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-13940=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-13940=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-112.50.1 php53-imap-5.3.17-112.50.1 php53-posix-5.3.17-112.50.1 php53-readline-5.3.17-112.50.1 php53-sockets-5.3.17-112.50.1 php53-sqlite-5.3.17-112.50.1 php53-tidy-5.3.17-112.50.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.50.1 php53-5.3.17-112.50.1 php53-bcmath-5.3.17-112.50.1 php53-bz2-5.3.17-112.50.1 php53-calendar-5.3.17-112.50.1 php53-ctype-5.3.17-112.50.1 php53-curl-5.3.17-112.50.1 php53-dba-5.3.17-112.50.1 php53-dom-5.3.17-112.50.1 php53-exif-5.3.17-112.50.1 php53-fastcgi-5.3.17-112.50.1 php53-fileinfo-5.3.17-112.50.1 php53-ftp-5.3.17-112.50.1 php53-gd-5.3.17-112.50.1 php53-gettext-5.3.17-112.50.1 php53-gmp-5.3.17-112.50.1 php53-iconv-5.3.17-112.50.1 php53-intl-5.3.17-112.50.1 php53-json-5.3.17-112.50.1 php53-ldap-5.3.17-112.50.1 php53-mbstring-5.3.17-112.50.1 php53-mcrypt-5.3.17-112.50.1 php53-mysql-5.3.17-112.50.1 php53-odbc-5.3.17-112.50.1 php53-openssl-5.3.17-112.50.1 php53-pcntl-5.3.17-112.50.1 php53-pdo-5.3.17-112.50.1 php53-pear-5.3.17-112.50.1 php53-pgsql-5.3.17-112.50.1 php53-pspell-5.3.17-112.50.1 php53-shmop-5.3.17-112.50.1 php53-snmp-5.3.17-112.50.1 php53-soap-5.3.17-112.50.1 php53-suhosin-5.3.17-112.50.1 php53-sysvmsg-5.3.17-112.50.1 php53-sysvsem-5.3.17-112.50.1 php53-sysvshm-5.3.17-112.50.1 php53-tokenizer-5.3.17-112.50.1 php53-wddx-5.3.17-112.50.1 php53-xmlreader-5.3.17-112.50.1 php53-xmlrpc-5.3.17-112.50.1 php53-xmlwriter-5.3.17-112.50.1 php53-xsl-5.3.17-112.50.1 php53-zip-5.3.17-112.50.1 php53-zlib-5.3.17-112.50.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.50.1 php53-debugsource-5.3.17-112.50.1 References: https://bugzilla.suse.com/824947 https://bugzilla.suse.com/824953 https://bugzilla.suse.com/824954 https://bugzilla.suse.com/824956 https://bugzilla.suse.com/824958 https://bugzilla.suse.com/824959 https://bugzilla.suse.com/824961 https://bugzilla.suse.com/824963 https://bugzilla.suse.com/824972 https://bugzilla.suse.com/824974 https://bugzilla.suse.com/824975 https://bugzilla.suse.com/824976 https://bugzilla.suse.com/824983 https://bugzilla.suse.com/824985 https://bugzilla.suse.com/824989 https://bugzilla.suse.com/824991