From sle-updates at lists.suse.com Thu May 2 04:09:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 May 2019 12:09:59 +0200 (CEST) Subject: SUSE-RU-2019:1126-1: moderate: Recommended update for osinfo-db Message-ID: <20190502100959.90ADAF3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1126-1 Rating: moderate References: #1086715 #1132380 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for osinfo-db fixes the following issues: - Add support for CAASP 4.0 media. (bsc#1132380) - Update database to version 20190301 (bsc#1132380) - Fix volume ID for SLE15-SP1 (bsc#1086715) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1126=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): osinfo-db-20190301-3.12.1 References: https://bugzilla.suse.com/1086715 https://bugzilla.suse.com/1132380 From sle-updates at lists.suse.com Thu May 2 07:08:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 May 2019 15:08:59 +0200 (CEST) Subject: SUSE-SU-2019:1127-1: moderate: Security update for sqlite3 Message-ID: <20190502130859.D20C2F3DB@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1127-1 Rating: moderate References: #1130325 #1130326 Cross-References: CVE-2019-9936 CVE-2019-9937 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1127=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1127=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): sqlite3-doc-3.28.0-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.28.0-3.6.1 libsqlite3-0-debuginfo-3.28.0-3.6.1 sqlite3-3.28.0-3.6.1 sqlite3-debuginfo-3.28.0-3.6.1 sqlite3-debugsource-3.28.0-3.6.1 sqlite3-devel-3.28.0-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libsqlite3-0-32bit-3.28.0-3.6.1 libsqlite3-0-32bit-debuginfo-3.28.0-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-9936.html https://www.suse.com/security/cve/CVE-2019-9937.html https://bugzilla.suse.com/1130325 https://bugzilla.suse.com/1130326 From sle-updates at lists.suse.com Thu May 2 10:09:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 May 2019 18:09:58 +0200 (CEST) Subject: SUSE-RU-2019:1128-1: moderate: Recommended update for yubikey-manager, yubikey-manager-qt Message-ID: <20190502160958.281C4F3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for yubikey-manager, yubikey-manager-qt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1128-1 Rating: moderate References: #1118939 #1130839 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yubikey-manager, yubikey-manager-qt fixes the following issues: The update brings a lot of new features: - Add support for Security Key NFC - Add support for managing PIV Application - Bugfix: OATH-HOTP credentials was always configured with 6 digits - UI: Replace Succes-popups with Snackbar-messages - UX: Drop confirmation prompt for OTP Swap Slots - Support for YubiKey 5A - Bugfix: Show picture for FIDO U2F Security key - Bugfix: Swapping OTP slots or deleting OTP a slot configuration now reloads the view - Bugfix: Under some conditions the wrong device info was shown - Completely new UI - Support for YubiKey 5 Series - Support for configuring NFC and USB interfaces - Linux: Release as AppImage (experimental) - Support for YubiKey FIPS. - Support for YubiKey FIPS. - Support for YubiKey 5 Series - Add support for managing PIV Application Additional changes: - Added python3-fido2 as runtime dependency, since it is required for the GUI to work correctly and is not pulled in by yubikey-manager in this version yet (bsc#1118939). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1128=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1128=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): yubikey-manager-qt-1.1.1-3.5.3 yubikey-manager-qt-debuginfo-1.1.1-3.5.3 yubikey-manager-qt-debugsource-1.1.1-3.5.3 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python3-fido2-0.5.0-1.3.3 python3-pyfakefs-3.4.3-1.3.3 yubikey-manager-2.1.0-3.3.3 References: https://bugzilla.suse.com/1118939 https://bugzilla.suse.com/1130839 From sle-updates at lists.suse.com Thu May 2 10:10:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 May 2019 18:10:44 +0200 (CEST) Subject: SUSE-RU-2019:1130-1: moderate: Recommended update for azure-li-services Message-ID: <20190502161044.1CE73F3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-li-services ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1130-1 Rating: moderate References: #1125372 #1125373 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for azure-li-services fixes the following issues: - Create /etc/sysconfig/sbd configuration Write /etc/sysconfig/sbd which contains the disk device name used to initialize the SBD device - Add support for iSCSI SBD device setup In a new an optional stonith section the configuration for the iSCSI initiator and ip address can be setup. Once present the process to setup the iSCSI initiator as well as the device discovery is started. (bsc#1125373 and bsc#1125372) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-1130=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): azure-li-services-1.1.28-1.11.1 References: https://bugzilla.suse.com/1125372 https://bugzilla.suse.com/1125373 From sle-updates at lists.suse.com Thu May 2 10:11:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 May 2019 18:11:30 +0200 (CEST) Subject: SUSE-RU-2019:1129-1: moderate: Recommended update for azure-li-services Message-ID: <20190502161130.6ABA8F3DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-li-services ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1129-1 Rating: moderate References: #1125372 #1125373 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for azure-li-services fixes the following issues: - Create /etc/sysconfig/sbd configuration Write /etc/sysconfig/sbd which contains the disk device name used to initialize the SBD device - Add support for iSCSI SBD device setup In a new an optional stonith section the configuration for the iSCSI initiator and ip address can be setup. Once present the process to setup the iSCSI initiator as well as the device discovery is started. (bsc#1125373 and bsc#1125372) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1129=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): azure-li-services-1.1.28-1.17.1 References: https://bugzilla.suse.com/1125372 https://bugzilla.suse.com/1125373 From sle-updates at lists.suse.com Thu May 2 13:10:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 May 2019 21:10:22 +0200 (CEST) Subject: SUSE-RU-2019:1131-1: moderate: Recommended update for libidn Message-ID: <20190502191022.CC5F1F3DD@maintenance.suse.de> SUSE Recommended Update: Recommended update for libidn ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1131-1 Rating: moderate References: #1092034 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libidn fixes the following issues: - Obsoletes now the libidn 32bit package (bsc#1092034) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1131=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1131=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1131=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1131=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1131=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1131=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1131=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libidn-debugsource-1.28-5.6.1 libidn-devel-1.28-5.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libidn-debugsource-1.28-5.6.1 libidn-devel-1.28-5.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libidn-debugsource-1.28-5.6.1 libidn-tools-1.28-5.6.1 libidn-tools-debuginfo-1.28-5.6.1 libidn11-1.28-5.6.1 libidn11-debuginfo-1.28-5.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libidn11-32bit-1.28-5.6.1 libidn11-debuginfo-32bit-1.28-5.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libidn-debugsource-1.28-5.6.1 libidn-tools-1.28-5.6.1 libidn-tools-debuginfo-1.28-5.6.1 libidn11-1.28-5.6.1 libidn11-debuginfo-1.28-5.6.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libidn11-32bit-1.28-5.6.1 libidn11-debuginfo-32bit-1.28-5.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libidn-debugsource-1.28-5.6.1 libidn11-1.28-5.6.1 libidn11-32bit-1.28-5.6.1 libidn11-debuginfo-1.28-5.6.1 libidn11-debuginfo-32bit-1.28-5.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libidn-debugsource-1.28-5.6.1 libidn11-1.28-5.6.1 libidn11-32bit-1.28-5.6.1 libidn11-debuginfo-1.28-5.6.1 libidn11-debuginfo-32bit-1.28-5.6.1 - SUSE CaaS Platform ALL (x86_64): libidn-debugsource-1.28-5.6.1 libidn11-1.28-5.6.1 libidn11-debuginfo-1.28-5.6.1 - SUSE CaaS Platform 3.0 (x86_64): libidn-debugsource-1.28-5.6.1 libidn11-1.28-5.6.1 libidn11-debuginfo-1.28-5.6.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libidn-debugsource-1.28-5.6.1 libidn11-1.28-5.6.1 libidn11-debuginfo-1.28-5.6.1 References: https://bugzilla.suse.com/1092034 From sle-updates at lists.suse.com Thu May 2 13:11:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 May 2019 21:11:11 +0200 (CEST) Subject: SUSE-RU-2019:1132-1: important: Recommended update for ceph Message-ID: <20190502191111.F29DBF3DD@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1132-1 Rating: important References: #1129973 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ceph fixes the following issues: - Fixes an issue where files get corrupted when using self defined 256bit AES keys (bsc#1129973) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1132=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1132=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1132=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1132=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1132=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1132=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1132=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs-devel-12.2.12+git.1555518691.67074fa839-2.33.1 librados-devel-12.2.12+git.1555518691.67074fa839-2.33.1 librados-devel-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librbd-devel-12.2.12+git.1555518691.67074fa839-2.33.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs-devel-12.2.12+git.1555518691.67074fa839-2.33.1 librados-devel-12.2.12+git.1555518691.67074fa839-2.33.1 librados-devel-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librbd-devel-12.2.12+git.1555518691.67074fa839-2.33.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-common-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-debugsource-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-common-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-debugsource-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ceph-common-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-common-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-debugsource-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ceph-common-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-common-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-debugsource-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ceph-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-base-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-base-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-common-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-common-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-debugsource-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-fuse-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-fuse-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-mds-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-mds-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-mgr-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-mgr-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-mon-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-mon-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-osd-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-osd-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-radosgw-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-radosgw-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-ceph-compat-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python3-ceph-argparse-12.2.12+git.1555518691.67074fa839-2.33.1 python3-cephfs-12.2.12+git.1555518691.67074fa839-2.33.1 python3-cephfs-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python3-rados-12.2.12+git.1555518691.67074fa839-2.33.1 python3-rados-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python3-rbd-12.2.12+git.1555518691.67074fa839-2.33.1 python3-rbd-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python3-rgw-12.2.12+git.1555518691.67074fa839-2.33.1 python3-rgw-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 rbd-fuse-12.2.12+git.1555518691.67074fa839-2.33.1 rbd-fuse-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 rbd-mirror-12.2.12+git.1555518691.67074fa839-2.33.1 rbd-mirror-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 rbd-nbd-12.2.12+git.1555518691.67074fa839-2.33.1 rbd-nbd-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 - SUSE CaaS Platform ALL (x86_64): ceph-common-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-common-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-debugsource-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 - SUSE CaaS Platform 3.0 (x86_64): ceph-common-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-common-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 ceph-debugsource-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-12.2.12+git.1555518691.67074fa839-2.33.1 libcephfs2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-12.2.12+git.1555518691.67074fa839-2.33.1 librados2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-12.2.12+git.1555518691.67074fa839-2.33.1 libradosstriper1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-12.2.12+git.1555518691.67074fa839-2.33.1 librbd1-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-12.2.12+git.1555518691.67074fa839-2.33.1 librgw2-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-12.2.12+git.1555518691.67074fa839-2.33.1 python-cephfs-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-12.2.12+git.1555518691.67074fa839-2.33.1 python-rados-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-12.2.12+git.1555518691.67074fa839-2.33.1 python-rbd-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-12.2.12+git.1555518691.67074fa839-2.33.1 python-rgw-debuginfo-12.2.12+git.1555518691.67074fa839-2.33.1 References: https://bugzilla.suse.com/1129973 From sle-updates at lists.suse.com Thu May 2 16:09:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 00:09:57 +0200 (CEST) Subject: SUSE-RU-2019:1133-1: moderate: Recommended update for quota Message-ID: <20190502220957.6C037F3DD@maintenance.suse.de> SUSE Recommended Update: Recommended update for quota ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1133-1 Rating: moderate References: #1055450 #1069468 #1104898 #1131513 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for quota fixes the following issues: Quota was updated to the 4.05 release (jsc#SLE-5734). * This release includes mostly various smaller cleanups and fixes in various areas. * Most visible changes are addition of f2fs and exfs among recognized filesystems. * support for new kernel interface that allows for repquota(8) to work reliably also for XFS or ext4 with quota feature and generally other filesystem where quota files are not available to quota-tools * IPv6 support for rpc.quotad and all other tools. * Tons of various fixes Other changes: - Remove quot binary functionality could be achieved by using repquota instead - Fixed high cpu load issue (bsc#1104898) - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (bsc#1069468) - Enable ldapmail feature (bsc#1055450) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1133=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1133=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1133=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1133=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): quota-4.05-6.3.1 quota-debuginfo-4.05-6.3.1 quota-debugsource-4.05-6.3.1 quota-nfs-4.05-6.3.1 quota-nfs-debuginfo-4.05-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): quota-4.05-6.3.1 quota-debuginfo-4.05-6.3.1 quota-debugsource-4.05-6.3.1 quota-nfs-4.05-6.3.1 quota-nfs-debuginfo-4.05-6.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): quota-4.05-6.3.1 quota-debuginfo-4.05-6.3.1 quota-debugsource-4.05-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): quota-4.05-6.3.1 quota-debuginfo-4.05-6.3.1 quota-debugsource-4.05-6.3.1 References: https://bugzilla.suse.com/1055450 https://bugzilla.suse.com/1069468 https://bugzilla.suse.com/1104898 https://bugzilla.suse.com/1131513 From sle-updates at lists.suse.com Thu May 2 16:12:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 00:12:35 +0200 (CEST) Subject: SUSE-RU-2019:1134-1: moderate: Recommended update for quota Message-ID: <20190502221235.0768BF3DD@maintenance.suse.de> SUSE Recommended Update: Recommended update for quota ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1134-1 Rating: moderate References: #1131513 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for quota fixes the following issues: Quota was updated to 4.05 release jsc#SLE-5734 bsc#1131513: * This release includes mostly various smaller cleanups and fixes in various areas. * Most visible changes are addition of f2fs and exfs among recognized filesystems. * Remove quot binary functionality could be achieved by using repquota instead Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1134=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): quota-4.05-3.6.1 quota-debuginfo-4.05-3.6.1 quota-debugsource-4.05-3.6.1 quota-nfs-4.05-3.6.1 quota-nfs-debuginfo-4.05-3.6.1 References: https://bugzilla.suse.com/1131513 From sle-updates at lists.suse.com Fri May 3 07:09:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 15:09:29 +0200 (CEST) Subject: SUSE-RU-2019:1135-1: moderate: Recommended update for go1.12 Message-ID: <20190503130929.C3848FF94@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1135-1 Rating: moderate References: #1132310 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for go1.12 fixes the following issues: go1.12.2 (released 2019/04/05) includes fixes to the compiler, the go command, the runtime, and the doc, net, net/http/httputil, and os packages. * go#31244 go 1.12 binaries rejected from mac app store due to ___getdirentries64 * go#31211 ioutil: deadlock when WriteFile called with a 5<<30 byte buffer on Windows * go#31209 cmd/compile: struct interface{} value lost passing by value * go#31155 runtime: remove assumptions on Android Bionic's TLS layout * go#31144 net/http/httputil: ReverseProxy FlushInterval no longer flushes headers in go1.12 * go#31062 net: Error when running concurrent DNS queries using cgo on MacOS * go#31028 Go 1.12.1 dsymutil segmentation fault on MacOS Sierra * go#30996 cmd/compile: miscompilation of codependent global `var` assigments in go1.12 * go#30859 os: RemoveAll no longer returns *os.PathError * go#30666 runtime: dll injection vulnerabilities on Windows * go#30491 os: RemoveAll no longer returns *os.PathError * go#30266 cmd/go: executables are sometimes named after their module's last element, not directory Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1135=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): go1.12-1.12.2-1.6.1 go1.12-doc-1.12.2-1.6.1 References: https://bugzilla.suse.com/1132310 From sle-updates at lists.suse.com Fri May 3 07:10:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 15:10:29 +0200 (CEST) Subject: SUSE-SU-2019:1137-1: important: Security update for webkit2gtk3 Message-ID: <20190503131029.75237FF94@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1137-1 Rating: important References: #1132256 Cross-References: CVE-2019-11070 CVE-2019-6201 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8518 CVE-2019-8523 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.24.1 fixes the following issues: Security issues fixed: - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1137=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1137=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1137=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): webkit-jsc-4-2.24.1-3.24.1 webkit-jsc-4-debuginfo-2.24.1-3.24.1 webkit2gtk3-debugsource-2.24.1-3.24.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.24.1-3.24.1 typelib-1_0-WebKit2-4_0-2.24.1-3.24.1 typelib-1_0-WebKit2WebExtension-4_0-2.24.1-3.24.1 webkit2gtk3-debugsource-2.24.1-3.24.1 webkit2gtk3-devel-2.24.1-3.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.1-3.24.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-3.24.1 libwebkit2gtk-4_0-37-2.24.1-3.24.1 libwebkit2gtk-4_0-37-debuginfo-2.24.1-3.24.1 webkit2gtk-4_0-injected-bundles-2.24.1-3.24.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-3.24.1 webkit2gtk3-debugsource-2.24.1-3.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libwebkit2gtk3-lang-2.24.1-3.24.1 References: https://www.suse.com/security/cve/CVE-2019-11070.html https://www.suse.com/security/cve/CVE-2019-6201.html https://www.suse.com/security/cve/CVE-2019-6251.html https://www.suse.com/security/cve/CVE-2019-7285.html https://www.suse.com/security/cve/CVE-2019-7292.html https://www.suse.com/security/cve/CVE-2019-8503.html https://www.suse.com/security/cve/CVE-2019-8506.html https://www.suse.com/security/cve/CVE-2019-8515.html https://www.suse.com/security/cve/CVE-2019-8518.html https://www.suse.com/security/cve/CVE-2019-8523.html https://www.suse.com/security/cve/CVE-2019-8524.html https://www.suse.com/security/cve/CVE-2019-8535.html https://www.suse.com/security/cve/CVE-2019-8536.html https://www.suse.com/security/cve/CVE-2019-8544.html https://www.suse.com/security/cve/CVE-2019-8551.html https://www.suse.com/security/cve/CVE-2019-8558.html https://www.suse.com/security/cve/CVE-2019-8559.html https://www.suse.com/security/cve/CVE-2019-8563.html https://bugzilla.suse.com/1132256 From sle-updates at lists.suse.com Fri May 3 07:11:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 15:11:08 +0200 (CEST) Subject: SUSE-RU-2019:1138-1: Recommended update for python-kiwi Message-ID: <20190503131108.224E8FF94@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1138-1 Rating: low References: #1131153 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi fixes the following issues: - Various dracut plugins were shipped additionaly. (bsc#1131153) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-1138=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1138=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1138=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kiwi-pxeboot-9.17.16-3.13.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.17.16-3.13.1 dracut-kiwi-live-9.17.16-3.13.1 dracut-kiwi-oem-dump-9.17.16-3.13.1 dracut-kiwi-oem-repart-9.17.16-3.13.1 dracut-kiwi-overlay-9.17.16-3.13.1 kiwi-man-pages-9.17.16-3.13.1 kiwi-tools-9.17.16-3.13.1 kiwi-tools-debuginfo-9.17.16-3.13.1 pv-1.6.6-4.2.1 python-kiwi-debugsource-9.17.16-3.13.1 python2-kiwi-9.17.16-3.13.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kiwi-pxeboot-9.17.16-3.13.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dracut-kiwi-lib-9.17.16-3.13.1 dracut-kiwi-live-9.17.16-3.13.1 dracut-kiwi-oem-dump-9.17.16-3.13.1 dracut-kiwi-oem-repart-9.17.16-3.13.1 dracut-kiwi-overlay-9.17.16-3.13.1 kiwi-pxeboot-9.17.16-3.13.1 kiwi-tools-9.17.16-3.13.1 kiwi-tools-debuginfo-9.17.16-3.13.1 pv-1.6.6-4.2.1 python-kiwi-debugsource-9.17.16-3.13.1 References: https://bugzilla.suse.com/1131153 From sle-updates at lists.suse.com Fri May 3 07:11:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 15:11:50 +0200 (CEST) Subject: SUSE-SU-2019:1136-1: moderate: Security update for openssl Message-ID: <20190503131150.06AE6FF94@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1136-1 Rating: moderate References: #1131291 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for openssl fixes the following issues: - Reject invalid EC point coordinates (bsc#1131291) This helps openssl using services that do not do this verification on their own. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1136=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1136=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1136=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1136=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1136=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1136=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1136=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1136=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1136=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libopenssl-devel-1.0.2j-60.52.1 libopenssl1_0_0-1.0.2j-60.52.1 libopenssl1_0_0-32bit-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.52.1 libopenssl1_0_0-hmac-1.0.2j-60.52.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.52.1 openssl-1.0.2j-60.52.1 openssl-debuginfo-1.0.2j-60.52.1 openssl-debugsource-1.0.2j-60.52.1 - SUSE OpenStack Cloud 7 (noarch): openssl-doc-1.0.2j-60.52.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.52.1 openssl-debuginfo-1.0.2j-60.52.1 openssl-debugsource-1.0.2j-60.52.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libopenssl-devel-1.0.2j-60.52.1 libopenssl1_0_0-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-1.0.2j-60.52.1 libopenssl1_0_0-hmac-1.0.2j-60.52.1 openssl-1.0.2j-60.52.1 openssl-debuginfo-1.0.2j-60.52.1 openssl-debugsource-1.0.2j-60.52.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.52.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.52.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): openssl-doc-1.0.2j-60.52.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.52.1 libopenssl1_0_0-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-1.0.2j-60.52.1 libopenssl1_0_0-hmac-1.0.2j-60.52.1 openssl-1.0.2j-60.52.1 openssl-debuginfo-1.0.2j-60.52.1 openssl-debugsource-1.0.2j-60.52.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.52.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.52.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): openssl-doc-1.0.2j-60.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.52.1 libopenssl1_0_0-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-1.0.2j-60.52.1 libopenssl1_0_0-hmac-1.0.2j-60.52.1 openssl-1.0.2j-60.52.1 openssl-debuginfo-1.0.2j-60.52.1 openssl-debugsource-1.0.2j-60.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.52.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): openssl-doc-1.0.2j-60.52.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.52.1 libopenssl1_0_0-1.0.2j-60.52.1 libopenssl1_0_0-32bit-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.52.1 libopenssl1_0_0-hmac-1.0.2j-60.52.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.52.1 openssl-1.0.2j-60.52.1 openssl-debuginfo-1.0.2j-60.52.1 openssl-debugsource-1.0.2j-60.52.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.52.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libopenssl-devel-1.0.2j-60.52.1 libopenssl1_0_0-1.0.2j-60.52.1 libopenssl1_0_0-32bit-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.52.1 openssl-1.0.2j-60.52.1 openssl-debuginfo-1.0.2j-60.52.1 openssl-debugsource-1.0.2j-60.52.1 - SUSE Enterprise Storage 4 (noarch): openssl-doc-1.0.2j-60.52.1 - SUSE Enterprise Storage 4 (x86_64): libopenssl-devel-1.0.2j-60.52.1 libopenssl1_0_0-1.0.2j-60.52.1 libopenssl1_0_0-32bit-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.52.1 libopenssl1_0_0-hmac-1.0.2j-60.52.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.52.1 openssl-1.0.2j-60.52.1 openssl-debuginfo-1.0.2j-60.52.1 openssl-debugsource-1.0.2j-60.52.1 - SUSE CaaS Platform ALL (x86_64): libopenssl1_0_0-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-1.0.2j-60.52.1 openssl-1.0.2j-60.52.1 openssl-debuginfo-1.0.2j-60.52.1 openssl-debugsource-1.0.2j-60.52.1 - SUSE CaaS Platform 3.0 (x86_64): libopenssl1_0_0-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-1.0.2j-60.52.1 openssl-1.0.2j-60.52.1 openssl-debuginfo-1.0.2j-60.52.1 openssl-debugsource-1.0.2j-60.52.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libopenssl1_0_0-1.0.2j-60.52.1 libopenssl1_0_0-debuginfo-1.0.2j-60.52.1 openssl-1.0.2j-60.52.1 openssl-debuginfo-1.0.2j-60.52.1 openssl-debugsource-1.0.2j-60.52.1 References: https://bugzilla.suse.com/1131291 From sle-updates at lists.suse.com Fri May 3 10:09:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 18:09:20 +0200 (CEST) Subject: SUSE-RU-2019:1142-1: important: Recommended update for aws-vpc-move-ip Message-ID: <20190503160920.51165FF94@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-vpc-move-ip ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1142-1 Rating: important References: #1133962 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aws-vpc-move-ip fixes the following issues: - Fixed an error when updating the route table in case VM has multiple network interfaces (bsc#1133962) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1142=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-1142=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2019-1142=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): aws-vpc-move-ip-0.2.20171113-5.14.1 - SUSE Linux Enterprise High Availability 12-SP2 (noarch): aws-vpc-move-ip-0.2.20171113-5.14.1 - SUSE Linux Enterprise High Availability 12-SP1 (noarch): aws-vpc-move-ip-0.2.20171113-5.14.1 References: https://bugzilla.suse.com/1133962 From sle-updates at lists.suse.com Fri May 3 10:09:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 18:09:56 +0200 (CEST) Subject: SUSE-SU-2019:1141-1: moderate: Security update for openssl-1_1 Message-ID: <20190503160956.A8A34FF94@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1141-1 Rating: moderate References: #1133925 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for openssl-1_1 to version 1.1.1b fixes the following issues: - Changed the info callback signals for the start and end of a post-handshake message exchange in TLSv1.3. - Fixed a bug in DTLS over SCTP. This breaks interoperability with older versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. - Fixed the handling of strerror_r with glibc. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1141=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1141=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1141=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1b-2.12.2 openssl-1_1-debuginfo-1.1.1b-2.12.2 openssl-1_1-debugsource-1.1.1b-2.12.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1b-2.12.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1b-2.12.2 libopenssl1_1-debuginfo-1.1.1b-2.12.2 openssl-1_1-debuginfo-1.1.1b-2.12.2 openssl-1_1-debugsource-1.1.1b-2.12.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libopenssl1_1-32bit-1.1.1b-2.12.2 libopenssl1_1-debuginfo-32bit-1.1.1b-2.12.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libopenssl1_1-1.1.1b-2.12.2 libopenssl1_1-32bit-1.1.1b-2.12.2 libopenssl1_1-debuginfo-1.1.1b-2.12.2 libopenssl1_1-debuginfo-32bit-1.1.1b-2.12.2 openssl-1_1-debuginfo-1.1.1b-2.12.2 openssl-1_1-debugsource-1.1.1b-2.12.2 References: https://bugzilla.suse.com/1133925 From sle-updates at lists.suse.com Fri May 3 10:12:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 18:12:00 +0200 (CEST) Subject: SUSE-RU-2019:1143-1: moderate: Recommended update for sssd Message-ID: <20190503161200.5A534FF94@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1143-1 Rating: moderate References: #1128862 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issues: - Fix race condition in monitor ping handling (bsc#1128862) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1143=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1143=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1143=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.13.4-34.34.1 libsss_idmap-devel-1.13.4-34.34.1 libsss_nss_idmap-devel-1.13.4-34.34.1 sssd-debuginfo-1.13.4-34.34.1 sssd-debugsource-1.13.4-34.34.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.13.4-34.34.1 libipa_hbac0-debuginfo-1.13.4-34.34.1 libsss_idmap0-1.13.4-34.34.1 libsss_idmap0-debuginfo-1.13.4-34.34.1 libsss_nss_idmap0-1.13.4-34.34.1 libsss_nss_idmap0-debuginfo-1.13.4-34.34.1 libsss_sudo-1.13.4-34.34.1 libsss_sudo-debuginfo-1.13.4-34.34.1 python-sssd-config-1.13.4-34.34.1 python-sssd-config-debuginfo-1.13.4-34.34.1 sssd-1.13.4-34.34.1 sssd-ad-1.13.4-34.34.1 sssd-ad-debuginfo-1.13.4-34.34.1 sssd-debuginfo-1.13.4-34.34.1 sssd-debugsource-1.13.4-34.34.1 sssd-ipa-1.13.4-34.34.1 sssd-ipa-debuginfo-1.13.4-34.34.1 sssd-krb5-1.13.4-34.34.1 sssd-krb5-common-1.13.4-34.34.1 sssd-krb5-common-debuginfo-1.13.4-34.34.1 sssd-krb5-debuginfo-1.13.4-34.34.1 sssd-ldap-1.13.4-34.34.1 sssd-ldap-debuginfo-1.13.4-34.34.1 sssd-proxy-1.13.4-34.34.1 sssd-proxy-debuginfo-1.13.4-34.34.1 sssd-tools-1.13.4-34.34.1 sssd-tools-debuginfo-1.13.4-34.34.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): sssd-32bit-1.13.4-34.34.1 sssd-debuginfo-32bit-1.13.4-34.34.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libipa_hbac0-1.13.4-34.34.1 libipa_hbac0-debuginfo-1.13.4-34.34.1 libsss_idmap0-1.13.4-34.34.1 libsss_idmap0-debuginfo-1.13.4-34.34.1 libsss_nss_idmap0-1.13.4-34.34.1 libsss_nss_idmap0-debuginfo-1.13.4-34.34.1 libsss_sudo-1.13.4-34.34.1 libsss_sudo-debuginfo-1.13.4-34.34.1 python-sssd-config-1.13.4-34.34.1 python-sssd-config-debuginfo-1.13.4-34.34.1 sssd-1.13.4-34.34.1 sssd-32bit-1.13.4-34.34.1 sssd-ad-1.13.4-34.34.1 sssd-ad-debuginfo-1.13.4-34.34.1 sssd-debuginfo-1.13.4-34.34.1 sssd-debuginfo-32bit-1.13.4-34.34.1 sssd-debugsource-1.13.4-34.34.1 sssd-ipa-1.13.4-34.34.1 sssd-ipa-debuginfo-1.13.4-34.34.1 sssd-krb5-1.13.4-34.34.1 sssd-krb5-common-1.13.4-34.34.1 sssd-krb5-common-debuginfo-1.13.4-34.34.1 sssd-krb5-debuginfo-1.13.4-34.34.1 sssd-ldap-1.13.4-34.34.1 sssd-ldap-debuginfo-1.13.4-34.34.1 sssd-proxy-1.13.4-34.34.1 sssd-proxy-debuginfo-1.13.4-34.34.1 sssd-tools-1.13.4-34.34.1 sssd-tools-debuginfo-1.13.4-34.34.1 References: https://bugzilla.suse.com/1128862 From sle-updates at lists.suse.com Fri May 3 10:12:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 18:12:40 +0200 (CEST) Subject: SUSE-RU-2019:1144-1: moderate: Recommended update for yast2-cluster Message-ID: <20190503161240.D60D7FF94@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1144-1 Rating: moderate References: #1132881 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cluster fixes the following issues: - yast2-cluster will now depend on sharutils in order to work in combination with uuencode (bsc#1132881) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1144=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): yast2-cluster-4.0.8-3.6.2 References: https://bugzilla.suse.com/1132881 From sle-updates at lists.suse.com Fri May 3 10:13:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 18:13:17 +0200 (CEST) Subject: SUSE-RU-2019:1140-1: moderate: Recommended update for mailman Message-ID: <20190503161317.7A664FF94@maintenance.suse.de> SUSE Recommended Update: Recommended update for mailman ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1140-1 Rating: moderate References: #1120345 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mailman fixes the following issues: - Correct syntax of the Apache configuration file (bsc#1120345) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1140=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1140=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): mailman-2.1.17-3.8.1 mailman-debuginfo-2.1.17-3.8.1 mailman-debugsource-2.1.17-3.8.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): mailman-2.1.17-3.8.1 mailman-debuginfo-2.1.17-3.8.1 mailman-debugsource-2.1.17-3.8.1 References: https://bugzilla.suse.com/1120345 From sle-updates at lists.suse.com Fri May 3 13:08:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 21:08:53 +0200 (CEST) Subject: SUSE-SU-2019:1149-1: moderate: Security update for go1.10 Message-ID: <20190503190853.235C2FCB5@maintenance.suse.de> SUSE Security Update: Security update for go1.10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1149-1 Rating: moderate References: #1121397 #1125768 #974800 Cross-References: CVE-2019-6486 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for go1.10 fixes the following issues: Security issues fixed: - CVE-2019-6486: A CPU denial of service vulnerability affecting P-521 and P-384 elliptic curves was fixed. Other fixes: - go1.10.8 (released 2019/01/23) security release fixes CVE-2019-6486. - Enable build for %arm (bsc#1125768), with go1.4 as building with gccgo hangs (bsc#974800) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1149=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): go1.10-1.10.8-1.8.1 go1.10-doc-1.10.8-1.8.1 References: https://www.suse.com/security/cve/CVE-2019-6486.html https://bugzilla.suse.com/1121397 https://bugzilla.suse.com/1125768 https://bugzilla.suse.com/974800 From sle-updates at lists.suse.com Fri May 3 13:09:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 21:09:47 +0200 (CEST) Subject: SUSE-RU-2019:1145-1: moderate: Recommended update for aws-efs-utils Message-ID: <20190503190947.B64BBFCB5@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-efs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1145-1 Rating: moderate References: #1101451 #1124652 #1125133 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for aws-efs-utils fixes the following issues: This ships aws-efs-utils 1.7 to the SUSE Linux Enterprise Module for Public Cloud (bsc#1101451, fate#327220, bsc#1124652, fate#327221) This package provides utilities for using the EFS file systems. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-1145=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): aws-efs-utils-1.7-1.3.1 References: https://bugzilla.suse.com/1101451 https://bugzilla.suse.com/1124652 https://bugzilla.suse.com/1125133 From sle-updates at lists.suse.com Fri May 3 13:16:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 21:16:02 +0200 (CEST) Subject: SUSE-RU-2019:1152-1: moderate: Recommended update for java-11-openjdk Message-ID: <20190503191602.83219FCB5@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1152-1 Rating: moderate References: #1131378 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for java-11-openjdk fixes the following issues: - Require update-ca-certificates by the headless subpackage (bsc#1131378) - Removed a font rendering patch with broke related to other font changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1152=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.3.0-3.24.1 java-11-openjdk-accessibility-11.0.3.0-3.24.1 java-11-openjdk-accessibility-debuginfo-11.0.3.0-3.24.1 java-11-openjdk-debuginfo-11.0.3.0-3.24.1 java-11-openjdk-debugsource-11.0.3.0-3.24.1 java-11-openjdk-demo-11.0.3.0-3.24.1 java-11-openjdk-devel-11.0.3.0-3.24.1 java-11-openjdk-headless-11.0.3.0-3.24.1 java-11-openjdk-jmods-11.0.3.0-3.24.1 java-11-openjdk-src-11.0.3.0-3.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): java-11-openjdk-javadoc-11.0.3.0-3.24.1 References: https://bugzilla.suse.com/1131378 From sle-updates at lists.suse.com Fri May 3 13:16:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 21:16:37 +0200 (CEST) Subject: SUSE-RU-2019:1146-1: moderate: Recommended update for aws-efs-utils Message-ID: <20190503191637.994E7FCB5@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-efs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1146-1 Rating: moderate References: #1101451 #1124652 #1125133 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update ships aws-efs-utils 1.7 to the SUSE Linux Enterprise Module for Public Cloud (bsc#1101451, fate#327220, bsc#1124652, fate#327221) This package provides utilities for using the EFS file systems. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1146=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): aws-efs-utils-1.7-1.3.1 References: https://bugzilla.suse.com/1101451 https://bugzilla.suse.com/1124652 https://bugzilla.suse.com/1125133 From sle-updates at lists.suse.com Fri May 3 13:17:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 21:17:29 +0200 (CEST) Subject: SUSE-RU-2019:1150-1: moderate: Recommended update for obs-service-format_spec_file Message-ID: <20190503191729.5C7F8FCB5@maintenance.suse.de> SUSE Recommended Update: Recommended update for obs-service-format_spec_file ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1150-1 Rating: moderate References: #1125035 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for obs-service-format_spec_file fixes the following issues: obs-service-format_spec_file was updated to version 20190312: - prepare_spec: try to keep rich deps unbroken (bsc#1125035) - In spec file header use https not http when pointing to bugzilla. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1150=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): obs-service-format_spec_file-20190312-3.3.1 References: https://bugzilla.suse.com/1125035 From sle-updates at lists.suse.com Fri May 3 13:18:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 21:18:06 +0200 (CEST) Subject: SUSE-RU-2019:1151-1: moderate: Recommended update for suse-xsl-stylesheets Message-ID: <20190503191806.62193FCB5@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-xsl-stylesheets ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1151-1 Rating: moderate References: #1132032 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-xsl-stylesheets fixes the following issues: Stable release of the SUSE XSL stylesheets 2.0.13 (bsc#1132032) - HTML only: - Add bypass blocks for accessibility (FATE#326549) - Bug Report links: Added section names to Bugzilla bug title - openSUSE2013 only: Fixed highlighting - PDF only: - Fixed XML issue in XEP formatter configuration - PDF/HTML: - Use reproducibly generated IDs (gh#openSUSE/daps#482) - Don't try to use no-break space in Korean, our Korean fonts do not support that - Update Italian, Japanese, Arabic localizations Stable release of the SUSE XSL stylesheets 2.0.12: - HTML only: - Add "Edit Source" link feature to draft mode documents - PDF/HTML: - Fix "infinite" recursion issue in splitscreen template Stable release of the SUSE XSL stylesheets 2.0.11 + commit 874a2ca: - Fix "infinite" recursion Stable release of the SUSE XSL stylesheets 2.0.11: - HTML only: - Fix label code for "Report Bug" links leading to GitHub - PDF/HTML - Fix display of glosslists Stable release of the SUSE XSL stylesheets 2.0.10: - HTML only: - Treat simpara in listitem like para in listitem - Allow "Draft" watermark to shine through again Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1151=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): suse-xsl-stylesheets-2.0.13-3.3.1 References: https://bugzilla.suse.com/1132032 From sle-updates at lists.suse.com Fri May 3 13:18:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 21:18:40 +0200 (CEST) Subject: SUSE-RU-2019:1147-1: moderate: Recommended update for amazon-ecs-init Message-ID: <20190503191840.6D1C3FCB5@maintenance.suse.de> SUSE Recommended Update: Recommended update for amazon-ecs-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1147-1 Rating: moderate References: #1131459 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for amazon-ecs-init fixes the following issues: amazon-ecs-init was updated to version 1.18.0: + Cache Agent version 1.18.0 + Add support for regional buckets + Bundle ECS Agent tarball in package + Download agent based on the partition + Mount Docker plugin files dir - The aarch64 build architecture is now supported. [bsc#1131459] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-1147=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): amazon-ecs-init-1.18.0-4.3.1 amazon-ecs-init-debuginfo-1.18.0-4.3.1 amazon-ecs-init-debugsource-1.18.0-4.3.1 References: https://bugzilla.suse.com/1131459 From sle-updates at lists.suse.com Fri May 3 13:19:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 May 2019 21:19:14 +0200 (CEST) Subject: SUSE-RU-2019:1148-1: moderate: Recommended update for perl-IO-Socket-SSL Message-ID: <20190503191914.72AB9FCB5@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-IO-Socket-SSL ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1148-1 Rating: moderate References: #1130684 #1131103 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for perl-IO-Socket-SSL fixes the following issues: - Update expired certificates in the build tests (bsc#1131103, bsc#1130684) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1148=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): perl-IO-Socket-SSL-2.052-3.3.1 References: https://bugzilla.suse.com/1130684 https://bugzilla.suse.com/1131103 From sle-updates at lists.suse.com Mon May 6 10:09:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 May 2019 18:09:58 +0200 (CEST) Subject: SUSE-RU-2019:1154-1: important: Recommended update for multipath-tools Message-ID: <20190506160958.7B949F7B6@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1154-1 Rating: important References: #1028857 #1107179 #1110060 #1110439 #1111116 #1118224 #1118495 #1121134 #1125043 #1125145 #1131789 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for multipath-tools fixes the following issues: multipath-tools was update to version 0.7.3+114+suse.22c2357: - Fix boot issues on certain hardware (bsc#1125145, bsc#1131789) - Fix daemon shutdown issues (bsc#1110060, bsc#1110439) * multipathd: fix daemon not really shutdown * multipath: fix rcu thread cancellation hang * multipathd: check for DAEMON_SHUTDOWN in configure * multipathd: make DAEMON_SHUTDOWN a terminal state - Other fixes * setup_map: wait for pending path checkers to finish (bsc#1118224) * multipathd: Fix miscounting active paths (bsc#1125043) * multipathd: fix device creation issues (bsc#1111116) * multipathd: fix irritating "minor number mismatch" message (bsc#1111116) * libmultipath: Increase SERIAL_SIZE to 128 bytes (bsc#1107179) * multipathd: avoid crash in cli_list_path (bsc#1121134) * multipathd: add a NVMe ANA-based path prioritizer (bsc#1118495) - Added dependency on sg3_utils (bsc#1028857) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1154=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kpartx-0.7.3+126+suse.0aeeee7-3.12.1 kpartx-debuginfo-0.7.3+126+suse.0aeeee7-3.12.1 libdmmp-devel-0.7.3+126+suse.0aeeee7-3.12.1 libdmmp0_1_0-0.7.3+126+suse.0aeeee7-3.12.1 libdmmp0_1_0-debuginfo-0.7.3+126+suse.0aeeee7-3.12.1 multipath-tools-0.7.3+126+suse.0aeeee7-3.12.1 multipath-tools-debuginfo-0.7.3+126+suse.0aeeee7-3.12.1 multipath-tools-debugsource-0.7.3+126+suse.0aeeee7-3.12.1 multipath-tools-devel-0.7.3+126+suse.0aeeee7-3.12.1 multipath-tools-rbd-0.7.3+126+suse.0aeeee7-3.12.1 multipath-tools-rbd-debuginfo-0.7.3+126+suse.0aeeee7-3.12.1 References: https://bugzilla.suse.com/1028857 https://bugzilla.suse.com/1107179 https://bugzilla.suse.com/1110060 https://bugzilla.suse.com/1110439 https://bugzilla.suse.com/1111116 https://bugzilla.suse.com/1118224 https://bugzilla.suse.com/1118495 https://bugzilla.suse.com/1121134 https://bugzilla.suse.com/1125043 https://bugzilla.suse.com/1125145 https://bugzilla.suse.com/1131789 From sle-updates at lists.suse.com Mon May 6 10:12:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 May 2019 18:12:09 +0200 (CEST) Subject: SUSE-RU-2019:1153-1: important: Recommended update for multipath-tools Message-ID: <20190506161209.455E4F7B6@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1153-1 Rating: important References: #1107179 #1110060 #1110439 #1111116 #1118224 #1118495 #1121134 #1125043 #1125145 #1131789 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for multipath-tools fixes the following issues: multipath-tools was updated to version 0.7.3+117+suse.0850f1d: - Fix boot issues on certain hardware (bsc#1125145, bsc#1131789) - Fix daemon shutdown issues (bsc#1110060, bsc#1110439) * multipathd: fix daemon not really shutdown * multipath: fix rcu thread cancellation hang * multipathd: check for DAEMON_SHUTDOWN in configure * multipathd: make DAEMON_SHUTDOWN a terminal state - Other fixes * setup_map: wait for pending path checkers to finish (bsc#1118224) * multipathd: Fix miscounting active paths (bsc#1125043) * multipathd: fix device creation issues (bsc#1111116) * multipathd: fix irritating "minor number mismatch" message (bsc#1111116) * libmultipath: Increase SERIAL_SIZE to 128 bytes (bsc#1107179) * multipathd: avoid crash in cli_list_path (bsc#1121134) * multipathd: add a NVMe ANA-based path prioritizer (bsc#1118495) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1153=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1153=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1153=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): multipath-tools-debuginfo-0.7.3+129+suse.e8ca031-2.8.1 multipath-tools-debugsource-0.7.3+129+suse.e8ca031-2.8.1 multipath-tools-devel-0.7.3+129+suse.e8ca031-2.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kpartx-0.7.3+129+suse.e8ca031-2.8.1 kpartx-debuginfo-0.7.3+129+suse.e8ca031-2.8.1 multipath-tools-0.7.3+129+suse.e8ca031-2.8.1 multipath-tools-debuginfo-0.7.3+129+suse.e8ca031-2.8.1 multipath-tools-debugsource-0.7.3+129+suse.e8ca031-2.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kpartx-0.7.3+129+suse.e8ca031-2.8.1 kpartx-debuginfo-0.7.3+129+suse.e8ca031-2.8.1 multipath-tools-0.7.3+129+suse.e8ca031-2.8.1 multipath-tools-debuginfo-0.7.3+129+suse.e8ca031-2.8.1 multipath-tools-debugsource-0.7.3+129+suse.e8ca031-2.8.1 References: https://bugzilla.suse.com/1107179 https://bugzilla.suse.com/1110060 https://bugzilla.suse.com/1110439 https://bugzilla.suse.com/1111116 https://bugzilla.suse.com/1118224 https://bugzilla.suse.com/1118495 https://bugzilla.suse.com/1121134 https://bugzilla.suse.com/1125043 https://bugzilla.suse.com/1125145 https://bugzilla.suse.com/1131789 From sle-updates at lists.suse.com Mon May 6 10:14:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 May 2019 18:14:36 +0200 (CEST) Subject: SUSE-RU-2019:1161-1: moderate: Recommended update for ardana-ansible, ardana-cobbler, ardana-db, ardana-heat, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, galera-python-clustercheck, openstack-dashboard, openstack-ec2-api, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-magnum-ui, openstack-horizon-plugin-sahara-ui, openstack-ironic, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-api, openstack-monasca-notification, openstack-monasca-persister, openstack-murano, openstack-neutron, openstack-neutron-fwaas, openstack-nova, openstack-octavia, openstack-sahara, openstack-swift, openstack-tempest, python-cinderclient, python-cryptography, python-monasca-common, python-networking-hyperv, python-os-brick, python-venvjail, ve nv-openstack-aodh, venv-openstack-barbican, venv-openstack-ceilometer, venv-openstack-cinder, venv-openstack-designate, venv-openstack-freezer, venv-openstack-glance, venv-openstack-heat, venv-openstack-horizon, venv-openstack-ironic, venv-openstack-keystone, venv-openstack-magnum, venv-openstack-manila, venv-openstack-monasca, venv-openstack-monasca-ceilometer, venv-openstack-murano, venv-openstack-nova, venv-openstack-octavia, venv-openstack-sahara, venv-openstack-swift, venv-openstack-trove Message-ID: <20190506161436.4769CF7B6@maintenance.suse.de> SUSE Recommended Update: Recommended update for ardana-ansible, ardana-cobbler, ardana-db, ardana-heat, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, galera-python-clustercheck, openstack-dashboard, openstack-ec2-api, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-magnum-ui, openstack-horizon-plugin-sahara-ui, openstack-ironic, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-api, openstack-monasca-notification, openstack-monasca-persister, openstack-murano, openstack-neutron, openstack-neutron-fwaas, openstack-nova, openstack-octavia, openstack-sahara, openstack-swift, openstack-tempest, python-cinderclient, python-cryptography, python-monasca-common, python-networking-hyperv, python-os-brick, python-venvjail, venv-openstack -aodh, venv-openstack-barbican, venv-openstack-ceilometer, venv-openstack-cinder, venv-openstack-designate, venv-openstack-freezer, venv-openstack-glance, venv-openstack-heat, venv-openstack-horizon, venv-openstack-ironic, venv-openstack-keystone, venv-openstack-magnum, venv-openstack-manila, venv-openstack-monasca, venv-openstack-monasca-ceilometer, venv-openstack-murano, venv-openstack-nova, venv-openstack-octavia, venv-openstack-sahara, venv-openstack-swift, venv-openstack-trove ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1161-1 Rating: moderate References: #1063535 #1094690 #1105822 #1111634 #1111635 #1114632 #1116501 #1116686 #1122053 #1122237 #1122875 #1124017 #1124022 #1125180 #1125216 #1127752 #1128479 #1128928 #1130414 #127227 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has 18 fixes is now available. Description: This update for ardana-ansible, ardana-cobbler, ardana-db, ardana-heat, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, galera-python-clustercheck, openstack-dashboard, openstack-ec2-api, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-magnum-ui, openstack-horizon-plugin-sahara-ui, openstack-ironic, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-api, openstack-monasca-notification, openstack-monasca-persister, openstack-murano, openstack-neutron, openstack-neutron-fwaas, openstack-nova, openstack-octavia, openstack-sahara, openstack-swift, openstack-tempest, python-cinderclient, python-cryptography, python-monasca-common, python-networking-hyperv, python-os-brick, python-venvjail, venv-openstack-aodh, venv-openstack-barbican, venv-openstack-ceilometer, venv-openstack-cinder, venv-openstack-designate, venv-openstack-freezer, venv-openstack-glance, venv-openstack-heat, venv-openstack-horizon, venv-openstack-ironic, venv-openstack-keystone, venv-openstack-magnum, venv-openstack-manila, venv-openstack-monasca, venv-openstack-monasca-ceilometer, venv-openstack-murano, venv-openstack-nova, venv-openstack-octavia, venv-openstack-sahara, venv-openstack-swift, venv-openstack-trove fixes the following issues: This update fixes the following issues: ardana-ansible: * Move manila to the correct location in verb action list files (SCRD-6812) * Enable manila service in verb action list files (SCRD-6812) * Improve user experience (bsc#1114632) ardana-cobbler: * gate cobbler import on distro existence (SCRD-6821) ardana-db: * xtrabackup no longer needed (SCRD-7640, bsc#1116686) ardana-heat: * Fix typo so that heat gets correct name for hostname certs (bsc#127227) ardana-manila: * Put all config into one template (SCRD-7770) * Fail when Manila service is not running (SCRD-7413) * Split Manila API and Share deployment (SCRD-7773) * Comment out example backends (bsc#1116501) ardana-neutron: * Fix misspelled variable names (SCRD-7836) * Neutron services require network service to be started (SCRD-7764) ardana-nova: * Add dosfstools as requirement for nova-comptue (SCRD-8175) ardana-octavia: * Remove octavia dependency from monasca (SCRD-7690) ardana-osconfig: * Clean up ifcfg- files left behind by udevadm (bsc#1105822) ardana-service: * Add support for deprecated encryption-key parameter (SCRD-7837) ardana-ses: * Run SWF-PRX tasks in dedicated play (SCRD-8602) * Make SES globals available to SWF (SCRD-8109) * Add symlink ceph.conf.j2 to ~/openstack/my_cloud/config/ses (bsc#1128479) * Add support for reusing clients (bsc#1122237) * Ensure keyring files are readable (bsc#1122237) ardana-swift: * Prefer Kronos logrotate conf to Swift RPM logrotate conf (SCRD-7410) ardana-tempest: * Enable additional keystone tests (SCRD-7496) * Enable domain specific drivers on tempest (SCRD-7496) * Fix tempest heat plugin configuration (SCRD-7508) * Add freezer to tempest available/testable list (SCRD-7496) * Fix tempest configuration for magnum (SCRD-7496) * Add missing test packages (SCRD-7496) * Set cinder/glance admin on tempest roles (SCRD-7496) * Update tempest test filters (SCRD-7496) * Configure tempest accordingly when SES enabled (SCRD-7496) * Merge test results from parallel and serial filters (SCRD-7784) crowbar: * install-chef-suse: filter comments from authorized_keys file crowbar-core: * crowbar: Do not rely on Chef::Util::FileEdit to write the file (bsc#1127752) * Revert "Disable upgrade API in Cloud8" * upgrade: Make sure all compute nodes get compute related scripts * network: run wicked ifdown for interface cleanup (bsc#1063535) crowbar-ha: * improve galera HA setup (bsc#1122875) crowbar-openstack: * ceilometer: Install package which contains cron file (bsc#1130414) * monasca: Set hostname for monasca-agent as FQDN (SCRD-8705) * memcache: Use first array element as fallback (SCRD-8255) * db: Raise default connection limit to 2048 * rabbit: fix mirroring regex * neutron: Add osprofiler support * nova: Add osprofiler support * cinder: Add osprofiler support * glance: Add osprofiler support * keystone: Make osprofiler connection_string configurable * keystone: Add basic osprofiler support documentation-suse-openstack-cloud: * Additional corrections from Carl * Fix reference to wrong neutron-reconfigure.yml playbook (SCRD-7709) * increasing url_timeout parameter (SCRD-8512) * Fix prompts in migration guide (SCRD-3763) * Revert "Fix prompts in migration guide (SCRD-3763)" * Fix prompts in migration guide (SCRD-3763) * Include additional notes for 3PAR multipath instructions (SCRD-8584) * remove L2 Gateway Agent (SCRD-7645) * Added more detail about how to test load balancer during migration * Fix RHEL SMT repo setup command (SCPM-93) * added tags * Update to octavia migration process * Support Octavia LB's during HOS 5 -> C8 migration (bsc#1094690) * change parameters ardana-update-status.yml (SCRD-8530) * Fix haproxy user deletion * Update description of kernel patch needed for RHEL 7.5 (SCPM-93) * Adding missing nova guide * Remove screenshots * Fix IDs and x-refs * Fix Magnim user guide. WIP * Add missing guide. Need fixing * change 3par multipath statements (bsc#1128928,SCRD-8396) * remove vlan transparency section (bsc#1125216,SCRD-7648) * remove ESXi create DVS from the Command Line (bsc#1125180) * make QE recommended edits (bsc#1124017, bsc#1124022) * Use &clm; instead of &lcm; for C*loud Lifec*ycle Manager * add supportconfig, sosreport cross-references (SCRD-2680) * Fixing xref tag for package builds * Fix missing ID * make hidden-tag consistent (SCRD-7870) * Nesting availability zone aware section * Removing the API content from the admin guide * Remove empty sections * Remove weird [OBJ] characters in odd places * Replace -> * Fixing broken ref * Add references to DIB back to guide * rabbitmq cluster replace node (SCRD-7468,SCRD-7469) * minor typo and prompt changes (no bsc or SCRD) galera-python-clustercheck: * Add socket read timeout (bsc#1122053) openstack-dashboard: * network topology: handle port AZ correctly openstack-ec2-api: * Replace openstack.org git:// URLs with https:// openstack-heat: * Retry on DB deadlock when updating resource openstack-heat-templates: * Replace openstack.org git:// URLs with https:// openstack-horizon-plugin-ironic-ui: * Normalize operation messages into capital case * Replace openstack.org git:// URLs with https:// penstack-horizon-plugin-magnum-ui: * Replace openstack.org git:// URLs with https:// * Set ubuntu-xenial for nodejs jobs openstack-horizon-plugin-sahara-ui: * Replace openstack.org git:// URLs with https:// * Remove the legacy integration tests job penstack-ironic: * Fix CPU count returned by introspection in Ironic iDRAC driver openstack-keystone: * create proper tmpdir for locking * Remove publish-loci post job openstack-magnum: * Replace openstack.org git:// URLs with https:// openstack-manila: * Replace openstack.org git:// URLs with https:// * Manila VMAX docs - differences between quotas * Manila VMAX docs - improve pre-configurations on VMAX section * Manila VMAX docs - clarify snapshot support * Manila VMAX docs - clarify driver\_handles\_share\_servers * VMAX manila doc - SSL Support * VMAX manila doc - use of correct VMAX tags * VMAX manila - deprecate old tags correctly * Destroy type quotas when a share type is deleted * Fix driver filter to not check share\_backend\_name * Only run the needed services for CephFS jobs * Return request-id to APIs that don't respond with a body * Fix service image boot issues * Port dummy driver manage/unmanage changes to stable openstack-monasca-api: * Replace openstack.org git:// URLs with https:// openstack-monasca-notification: * Replace openstack.org git:// URLs with https:// openstack-monasca-persister: * Replace openstack.org git:// URLs with https:// openstack-murano: * Replace openstack.org git:// URLs with https:// openstack-neutron: * Specify tenant\_id in TestRevisionPlugin objects * Fix QoS rule update * Add rootwrap filters to kill state change monitor * Fix port update deferred IP allocation with host\_id + new MAC * Try to enable dnsmasq process several times * Remove conntrack rule when FIP is deleted * More accurate agent restart state transfer * [OVS] Exception message when retrieving bridge-id and is not present * [Functional tests] Change way how conntrack entries are checked * Change duplicate OVS bridge datapath-ids * Fix KeyError in OVS firewall * ovs: raise RuntimeError in \_get\_dp if id is None * Replace openstack.org git:// URLs with https:// * [Functional] Don't assert that HA router don't have IPs configured * Improve invalid port ranges error message * Do not release DHCP lease when no client ID is set on port * ovsfw: Update SG rules even if OVSFW Port is not found * Enable ipv6\_forwarding in HA router's namespace * Spawn metadata proxy on dvr ha standby routers * Set initial ha router state in neutron-keepalived-state-change * When converting sg rules to iptables, do not emit dport if not supported * DVR edge router: avoid accidental centralized floating IP remove * ovsfw: Don't create rules if updated port doesn't exist * Add new test decorator skip\_if\_timeout * Fix notification about arp entries for dvr routers * Add lock\_path in installation guide * Fix update of ports cache in router\_info class * Ensure dnsmasq is down before enabling it in restart method * Block port update from unbound DHCP agent * Fix performance regression adding rules to security groups * Always fill UDP checksums in DHCPv6 replies * Secure dnsmasq process against external abuse * Check port VNIC type when associating a floating IP * Enable 'all' IPv6 forwarding knob correctly * protect DHCP agent cache out of sync * Add kill\_timeout to AsyncProcess * Fullstack: init trunk agent's driver only when necessary * Don't modify global variables in unit tests * Do state report after setting start\_flag on OVS restart * Do not delete trunk bridges if service port attached * Fix the bug about DHCP port whose network has multiple subnets * Force all fdb entries update after ovs-vswitchd restart * Get centralized FIP only on router's snat host * Include all rootwrap filters when building wheels openstack-neutron-fwaas: * don't package tempest plugin twice openstack-nova: * Document unset/reset wrinkle for \*\_allocation\_ratio options * Replace openstack.org git:// URLs with https:// * Refix disk size during live migration with disk over-commit * Fix WeighedHost logging regression * Correct examples in "Manage Compute services" documentation * Fix disk size during live migration with disk over-commit * Exclude build request marker from server listing * Update port device\_owner when unshelving * Handle tags in \_bury\_in\_cell0 * Null out instance.availability\_zone on shelve offload * Fix server\_group\_members quota check * Add functional regressions tests for server\_group\_members OverQuota * Fix bug case by none token context * Migrate nova v2.0 legacy job to zuulv3 * Handle missing marker during online data migration * tox: Don't write byte code (maybe) * [pike-only] Fix resize\_instance rpcapi call * Lock detach\_volume * PCI: do not force remove allocated devices * Note the aggregate allocation ratio restriction in scheduler docs * Add regression test for bug #1764883 * Create BDMs/tags in cell with instance when over-quota * Add functional regression test for bug 1806064 * Not set instance to ERROR if set\_admin\_password failed * De-dupe subnet IDs when calling neutron /subnets API * Fix destination\_type attribute in the bdm\_v2 documentation openstack-octavia: * Replace openstack.org git:// URLs with https:// openstack-sahara: * Replace openstack.org git:// URLs with https:// * Use venv-py2 to run sahara-scenario, remove the py3 job * archive-primary.cloudera.com -> archive.cloudera.com * Changing hdfs fs to hdfs dfs * Add DEBIAN\_FRONTEND=noninteractive in front of apt-get install commands openstack-swift: * Fixed a cache invalidation issue related to GET and PUT requests to containers that would occasionally cause object PUTs to a container to 404 after the container had been successfully created. * Removed a race condition where a POST to an SLO could modify the X-Static-Large-Object metadata. * Fixed rare socket leak on range requests to erasure-coded objects. * Fix SLO delete for accounts with non-ASCII names. * Fixed an issue in COPY where concurrent requests may have copied the wrong data. * Fixed time skew when using X-Delete-After. * Send ETag header in 206 Partial Content responses to SLO reads. openstack-tempest: * create lockdir on install python-cinderclient: * Update .gitreview for stable/pike * Fix get_highest_client_server_version with Cinder API + uWSGI * Updated from global requirements * import zuul job settings from project-config * Update UPPER_CONSTRAINTS_FILE for stable/pike python-cryptography: * Add X509_up_ref() function to help pyOpenSSL deal with CVE-2018-1000807 (bsc#1111635) and CVE-2018-1000808 (bsc#1111634). python-monasca-common: * update to version 2.3.1~dev4 python-networking-hyperv: * import zuul job settings from project-config python-os-brick: * iscsiadm -m session' failure handling * Handle multiple errors in multipath -l parsing * Fixing FC scanning * RemoteFS: don't fail in do_mount if already mounted * Fix multipath disconnect with path failure * import zuul job settings from project-config python-venvjail: * Set [] as default value for --no-relocate-shebang-list * Exclude some files from relocation (SCRD-8594) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1161=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1161=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1161=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): crowbar-5.0+git.1551088826.010c0399-3.12.2 crowbar-devel-5.0+git.1551088826.010c0399-3.12.2 crowbar-ha-5.0+git.1553248675.7e103ea-3.14.2 crowbar-openstack-5.0+git.1554709170.195ba0e26-4.22.2 documentation-suse-openstack-cloud-deployment-8.20190329-1.14.2 documentation-suse-openstack-cloud-supplement-8.20190329-1.14.2 documentation-suse-openstack-cloud-upstream-admin-8.20190329-1.14.2 documentation-suse-openstack-cloud-upstream-user-8.20190329-1.14.2 galera-python-clustercheck-0.0+git.1506329536.8f5878c-4.3.2 openstack-dashboard-12.0.4~dev5-3.17.3 openstack-ec2-api-5.0.1~dev10-4.6.2 openstack-ec2-api-api-5.0.1~dev10-4.6.2 openstack-ec2-api-metadata-5.0.1~dev10-4.6.2 openstack-ec2-api-s3-5.0.1~dev10-4.6.2 openstack-heat-9.0.6~dev17-3.15.3 openstack-heat-api-9.0.6~dev17-3.15.3 openstack-heat-api-cfn-9.0.6~dev17-3.15.3 openstack-heat-api-cloudwatch-9.0.6~dev17-3.15.3 openstack-heat-doc-9.0.6~dev17-3.15.2 openstack-heat-engine-9.0.6~dev17-3.15.3 openstack-heat-plugin-heat_docker-9.0.6~dev17-3.15.3 openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.9.2 openstack-heat-test-9.0.6~dev17-3.15.3 openstack-horizon-plugin-ironic-ui-3.0.4~dev3-3.6.2 openstack-horizon-plugin-magnum-ui-3.0.1~dev9-3.6.2 openstack-horizon-plugin-sahara-ui-7.0.4~dev1-3.6.2 openstack-ironic-9.1.7~dev7-3.15.3 openstack-ironic-api-9.1.7~dev7-3.15.3 openstack-ironic-conductor-9.1.7~dev7-3.15.3 openstack-ironic-doc-9.1.7~dev7-3.15.2 openstack-keystone-12.0.3~dev1-5.16.3 openstack-keystone-doc-12.0.3~dev1-5.16.2 openstack-magnum-5.0.2~dev31-4.12.3 openstack-magnum-api-5.0.2~dev31-4.12.3 openstack-magnum-conductor-5.0.2~dev31-4.12.3 openstack-magnum-doc-5.0.2~dev31-4.12.2 openstack-manila-5.0.4~dev17-3.15.3 openstack-manila-api-5.0.4~dev17-3.15.3 openstack-manila-data-5.0.4~dev17-3.15.3 openstack-manila-doc-5.0.4~dev17-3.15.2 openstack-manila-scheduler-5.0.4~dev17-3.15.3 openstack-manila-share-5.0.4~dev17-3.15.3 openstack-monasca-api-2.2.1~dev25-3.9.3 openstack-monasca-notification-1.10.2~dev2-3.6.3 openstack-monasca-persister-1.7.1~dev8-3.6.3 openstack-murano-4.0.1~dev5-3.6.2 openstack-murano-api-4.0.1~dev5-3.6.2 openstack-murano-doc-4.0.1~dev5-3.6.2 openstack-murano-engine-4.0.1~dev5-3.6.2 openstack-neutron-11.0.7~dev100-3.15.3 openstack-neutron-dhcp-agent-11.0.7~dev100-3.15.3 openstack-neutron-doc-11.0.7~dev100-3.15.2 openstack-neutron-fwaas-11.0.2~dev8-3.11.2 openstack-neutron-fwaas-doc-11.0.2~dev8-3.11.2 openstack-neutron-ha-tool-11.0.7~dev100-3.15.3 openstack-neutron-l3-agent-11.0.7~dev100-3.15.3 openstack-neutron-linuxbridge-agent-11.0.7~dev100-3.15.3 openstack-neutron-macvtap-agent-11.0.7~dev100-3.15.3 openstack-neutron-metadata-agent-11.0.7~dev100-3.15.3 openstack-neutron-metering-agent-11.0.7~dev100-3.15.3 openstack-neutron-openvswitch-agent-11.0.7~dev100-3.15.3 openstack-neutron-server-11.0.7~dev100-3.15.3 openstack-nova-16.1.8~dev53-3.20.3 openstack-nova-api-16.1.8~dev53-3.20.3 openstack-nova-cells-16.1.8~dev53-3.20.3 openstack-nova-compute-16.1.8~dev53-3.20.3 openstack-nova-conductor-16.1.8~dev53-3.20.3 openstack-nova-console-16.1.8~dev53-3.20.3 openstack-nova-consoleauth-16.1.8~dev53-3.20.3 openstack-nova-doc-16.1.8~dev53-3.20.2 openstack-nova-novncproxy-16.1.8~dev53-3.20.3 openstack-nova-placement-api-16.1.8~dev53-3.20.3 openstack-nova-scheduler-16.1.8~dev53-3.20.3 openstack-nova-serialproxy-16.1.8~dev53-3.20.3 openstack-nova-vncproxy-16.1.8~dev53-3.20.3 openstack-octavia-1.0.5~dev1-4.15.2 openstack-octavia-amphora-agent-1.0.5~dev1-4.15.2 openstack-octavia-api-1.0.5~dev1-4.15.2 openstack-octavia-health-manager-1.0.5~dev1-4.15.2 openstack-octavia-housekeeping-1.0.5~dev1-4.15.2 openstack-octavia-worker-1.0.5~dev1-4.15.2 openstack-sahara-7.0.4~dev1-3.9.3 openstack-sahara-api-7.0.4~dev1-3.9.3 openstack-sahara-doc-7.0.4~dev1-3.9.2 openstack-sahara-engine-7.0.4~dev1-3.9.3 openstack-swift-2.15.2~dev32-3.6.2 openstack-swift-account-2.15.2~dev32-3.6.2 openstack-swift-container-2.15.2~dev32-3.6.2 openstack-swift-doc-2.15.2~dev32-3.6.2 openstack-swift-object-2.15.2~dev32-3.6.2 openstack-swift-proxy-2.15.2~dev32-3.6.2 openstack-tempest-17.0.0-4.6.2 openstack-tempest-test-17.0.0-4.6.2 python-cinderclient-3.1.1-3.3.2 python-cinderclient-doc-3.1.1-3.3.2 python-ec2api-5.0.1~dev10-4.6.2 python-heat-9.0.6~dev17-3.15.3 python-horizon-12.0.4~dev5-3.17.3 python-horizon-plugin-ironic-ui-3.0.4~dev3-3.6.2 python-horizon-plugin-magnum-ui-3.0.1~dev9-3.6.2 python-horizon-plugin-sahara-ui-7.0.4~dev1-3.6.2 python-ironic-9.1.7~dev7-3.15.3 python-keystone-12.0.3~dev1-5.16.3 python-magnum-5.0.2~dev31-4.12.3 python-manila-5.0.4~dev17-3.15.3 python-monasca-api-2.2.1~dev25-3.9.3 python-monasca-common-2.3.1~dev4-4.6.2 python-monasca-notification-1.10.2~dev2-3.6.3 python-monasca-persister-1.7.1~dev8-3.6.3 python-murano-4.0.1~dev5-3.6.2 python-neutron-11.0.7~dev100-3.15.3 python-neutron-fwaas-11.0.2~dev8-3.11.2 python-nova-16.1.8~dev53-3.20.3 python-octavia-1.0.5~dev1-4.15.2 python-os-brick-1.15.8-3.3.2 python-sahara-7.0.4~dev1-3.9.3 python-swift-2.15.2~dev32-3.6.2 python-tempest-17.0.0-4.6.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1552461227.43e65d269-3.20.2 crowbar-core-branding-upstream-5.0+git.1552461227.43e65d269-3.20.2 python-cryptography-2.0.3-3.7.2 python-cryptography-debuginfo-2.0.3-3.7.2 python-cryptography-debugsource-2.0.3-3.7.2 - SUSE OpenStack Cloud 8 (x86_64): python-cryptography-2.0.3-3.7.2 python-cryptography-debuginfo-2.0.3-3.7.2 python-cryptography-debugsource-2.0.3-3.7.2 - SUSE OpenStack Cloud 8 (noarch): ardana-ansible-8.0+git.1553878455.7439e04-3.58.2 ardana-cobbler-8.0+git.1550694449.df88054-3.35.2 ardana-db-8.0+git.1550589454.df2e733-3.22.2 ardana-heat-8.0+git.1552935705.e9a92b3-3.9.2 ardana-manila-8.0+git.1551748668.7427826-1.15.2 ardana-neutron-8.0+git.1551113207.9f1db17-3.27.2 ardana-nova-8.0+git.1551718533.227cb9e-3.26.2 ardana-octavia-8.0+git.1553890679.8a50307-3.14.2 ardana-osconfig-8.0+git.1552503158.6b6b195-3.33.2 ardana-service-8.0+git.1551382173.a81d5e1-3.23.2 ardana-ses-8.0+git.1554145115.63a4cf2-1.17.2 ardana-swift-8.0+git.1551502730.f4d219d-3.24.2 ardana-tempest-8.0+git.1554307220.ed24e63-3.18.2 documentation-suse-openstack-cloud-installation-8.20190329-1.14.2 documentation-suse-openstack-cloud-operations-8.20190329-1.14.2 documentation-suse-openstack-cloud-opsconsole-8.20190329-1.14.2 documentation-suse-openstack-cloud-planning-8.20190329-1.14.2 documentation-suse-openstack-cloud-security-8.20190329-1.14.2 documentation-suse-openstack-cloud-supplement-8.20190329-1.14.2 documentation-suse-openstack-cloud-upstream-admin-8.20190329-1.14.2 documentation-suse-openstack-cloud-upstream-user-8.20190329-1.14.2 documentation-suse-openstack-cloud-user-8.20190329-1.14.2 galera-python-clustercheck-0.0+git.1506329536.8f5878c-4.3.2 openstack-dashboard-12.0.4~dev5-3.17.3 openstack-ec2-api-5.0.1~dev10-4.6.2 openstack-ec2-api-api-5.0.1~dev10-4.6.2 openstack-ec2-api-metadata-5.0.1~dev10-4.6.2 openstack-ec2-api-s3-5.0.1~dev10-4.6.2 openstack-heat-9.0.6~dev17-3.15.3 openstack-heat-api-9.0.6~dev17-3.15.3 openstack-heat-api-cfn-9.0.6~dev17-3.15.3 openstack-heat-api-cloudwatch-9.0.6~dev17-3.15.3 openstack-heat-doc-9.0.6~dev17-3.15.2 openstack-heat-engine-9.0.6~dev17-3.15.3 openstack-heat-plugin-heat_docker-9.0.6~dev17-3.15.3 openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.9.2 openstack-heat-test-9.0.6~dev17-3.15.3 openstack-horizon-plugin-ironic-ui-3.0.4~dev3-3.6.2 openstack-horizon-plugin-magnum-ui-3.0.1~dev9-3.6.2 openstack-horizon-plugin-sahara-ui-7.0.4~dev1-3.6.2 openstack-ironic-9.1.7~dev7-3.15.3 openstack-ironic-api-9.1.7~dev7-3.15.3 openstack-ironic-conductor-9.1.7~dev7-3.15.3 openstack-ironic-doc-9.1.7~dev7-3.15.2 openstack-keystone-12.0.3~dev1-5.16.3 openstack-keystone-doc-12.0.3~dev1-5.16.2 openstack-magnum-5.0.2~dev31-4.12.3 openstack-magnum-api-5.0.2~dev31-4.12.3 openstack-magnum-conductor-5.0.2~dev31-4.12.3 openstack-magnum-doc-5.0.2~dev31-4.12.2 openstack-manila-5.0.4~dev17-3.15.3 openstack-manila-api-5.0.4~dev17-3.15.3 openstack-manila-data-5.0.4~dev17-3.15.3 openstack-manila-doc-5.0.4~dev17-3.15.2 openstack-manila-scheduler-5.0.4~dev17-3.15.3 openstack-manila-share-5.0.4~dev17-3.15.3 openstack-monasca-api-2.2.1~dev25-3.9.3 openstack-monasca-notification-1.10.2~dev2-3.6.3 openstack-monasca-persister-1.7.1~dev8-3.6.3 openstack-murano-4.0.1~dev5-3.6.2 openstack-murano-api-4.0.1~dev5-3.6.2 openstack-murano-doc-4.0.1~dev5-3.6.2 openstack-murano-engine-4.0.1~dev5-3.6.2 openstack-neutron-11.0.7~dev100-3.15.3 openstack-neutron-dhcp-agent-11.0.7~dev100-3.15.3 openstack-neutron-doc-11.0.7~dev100-3.15.2 openstack-neutron-fwaas-11.0.2~dev8-3.11.2 openstack-neutron-fwaas-doc-11.0.2~dev8-3.11.2 openstack-neutron-ha-tool-11.0.7~dev100-3.15.3 openstack-neutron-l3-agent-11.0.7~dev100-3.15.3 openstack-neutron-linuxbridge-agent-11.0.7~dev100-3.15.3 openstack-neutron-macvtap-agent-11.0.7~dev100-3.15.3 openstack-neutron-metadata-agent-11.0.7~dev100-3.15.3 openstack-neutron-metering-agent-11.0.7~dev100-3.15.3 openstack-neutron-openvswitch-agent-11.0.7~dev100-3.15.3 openstack-neutron-server-11.0.7~dev100-3.15.3 openstack-nova-16.1.8~dev53-3.20.3 openstack-nova-api-16.1.8~dev53-3.20.3 openstack-nova-cells-16.1.8~dev53-3.20.3 openstack-nova-compute-16.1.8~dev53-3.20.3 openstack-nova-conductor-16.1.8~dev53-3.20.3 openstack-nova-console-16.1.8~dev53-3.20.3 openstack-nova-consoleauth-16.1.8~dev53-3.20.3 openstack-nova-doc-16.1.8~dev53-3.20.2 openstack-nova-novncproxy-16.1.8~dev53-3.20.3 openstack-nova-placement-api-16.1.8~dev53-3.20.3 openstack-nova-scheduler-16.1.8~dev53-3.20.3 openstack-nova-serialproxy-16.1.8~dev53-3.20.3 openstack-nova-vncproxy-16.1.8~dev53-3.20.3 openstack-octavia-1.0.5~dev1-4.15.2 openstack-octavia-amphora-agent-1.0.5~dev1-4.15.2 openstack-octavia-api-1.0.5~dev1-4.15.2 openstack-octavia-health-manager-1.0.5~dev1-4.15.2 openstack-octavia-housekeeping-1.0.5~dev1-4.15.2 openstack-octavia-worker-1.0.5~dev1-4.15.2 openstack-sahara-7.0.4~dev1-3.9.3 openstack-sahara-api-7.0.4~dev1-3.9.3 openstack-sahara-doc-7.0.4~dev1-3.9.2 openstack-sahara-engine-7.0.4~dev1-3.9.3 openstack-swift-2.15.2~dev32-3.6.2 openstack-swift-account-2.15.2~dev32-3.6.2 openstack-swift-container-2.15.2~dev32-3.6.2 openstack-swift-doc-2.15.2~dev32-3.6.2 openstack-swift-object-2.15.2~dev32-3.6.2 openstack-swift-proxy-2.15.2~dev32-3.6.2 openstack-tempest-17.0.0-4.6.2 openstack-tempest-test-17.0.0-4.6.2 python-cinderclient-3.1.1-3.3.2 python-cinderclient-doc-3.1.1-3.3.2 python-ec2api-5.0.1~dev10-4.6.2 python-heat-9.0.6~dev17-3.15.3 python-horizon-12.0.4~dev5-3.17.3 python-horizon-plugin-ironic-ui-3.0.4~dev3-3.6.2 python-horizon-plugin-magnum-ui-3.0.1~dev9-3.6.2 python-horizon-plugin-sahara-ui-7.0.4~dev1-3.6.2 python-ironic-9.1.7~dev7-3.15.3 python-keystone-12.0.3~dev1-5.16.3 python-magnum-5.0.2~dev31-4.12.3 python-manila-5.0.4~dev17-3.15.3 python-monasca-api-2.2.1~dev25-3.9.3 python-monasca-common-2.3.1~dev4-4.6.2 python-monasca-notification-1.10.2~dev2-3.6.3 python-monasca-persister-1.7.1~dev8-3.6.3 python-murano-4.0.1~dev5-3.6.2 python-neutron-11.0.7~dev100-3.15.3 python-neutron-fwaas-11.0.2~dev8-3.11.2 python-nova-16.1.8~dev53-3.20.3 python-octavia-1.0.5~dev1-4.15.2 python-os-brick-1.15.8-3.3.2 python-sahara-7.0.4~dev1-3.9.3 python-swift-2.15.2~dev32-3.6.2 python-tempest-17.0.0-4.6.2 venv-openstack-aodh-x86_64-5.1.1~dev6-12.14.3 venv-openstack-barbican-x86_64-5.0.2~dev2-12.15.3 venv-openstack-ceilometer-x86_64-9.0.7~dev2-12.12.3 venv-openstack-cinder-x86_64-11.1.2~dev58-14.15.3 venv-openstack-designate-x86_64-5.0.3~dev6-12.13.3 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.10.3 venv-openstack-glance-x86_64-15.0.2~dev9-12.13.3 venv-openstack-heat-x86_64-9.0.6~dev17-12.15.3 venv-openstack-horizon-x86_64-12.0.4~dev5-14.20.3 venv-openstack-ironic-x86_64-9.1.7~dev7-12.15.3 venv-openstack-keystone-x86_64-12.0.3~dev1-11.15.3 venv-openstack-magnum-x86_64-5.0.2-11.13.1 venv-openstack-manila-x86_64-5.0.4~dev17-12.17.3 venv-openstack-monasca-ceilometer-x86_64-1.5.1-8.9.1 venv-openstack-monasca-x86_64-2.2.1-11.11.1 venv-openstack-murano-x86_64-4.0.1-12.9.1 venv-openstack-neutron-x86_64-11.0.2-13.17.1 venv-openstack-nova-x86_64-16.1.8~dev53-11.16.3 venv-openstack-octavia-x86_64-1.0.5~dev1-12.15.3 venv-openstack-sahara-x86_64-7.0.4~dev1-11.14.3 venv-openstack-swift-x86_64-2.15.2-11.9.1 venv-openstack-trove-x86_64-8.0.1~dev12-11.14.3 - HPE Helion Openstack 8 (noarch): ardana-ansible-8.0+git.1553878455.7439e04-3.58.2 ardana-cobbler-8.0+git.1550694449.df88054-3.35.2 ardana-db-8.0+git.1550589454.df2e733-3.22.2 ardana-heat-8.0+git.1552935705.e9a92b3-3.9.2 ardana-manila-8.0+git.1551748668.7427826-1.15.2 ardana-neutron-8.0+git.1551113207.9f1db17-3.27.2 ardana-nova-8.0+git.1551718533.227cb9e-3.26.2 ardana-octavia-8.0+git.1553890679.8a50307-3.14.2 ardana-osconfig-8.0+git.1552503158.6b6b195-3.33.2 ardana-service-8.0+git.1551382173.a81d5e1-3.23.2 ardana-ses-8.0+git.1554145115.63a4cf2-1.17.2 ardana-swift-8.0+git.1551502730.f4d219d-3.24.2 ardana-tempest-8.0+git.1554307220.ed24e63-3.18.2 documentation-hpe-helion-openstack-installation-8.20190329-1.14.2 documentation-hpe-helion-openstack-operations-8.20190329-1.14.2 documentation-hpe-helion-openstack-opsconsole-8.20190329-1.14.2 documentation-hpe-helion-openstack-planning-8.20190329-1.14.2 documentation-hpe-helion-openstack-security-8.20190329-1.14.2 documentation-hpe-helion-openstack-user-8.20190329-1.14.2 galera-python-clustercheck-0.0+git.1506329536.8f5878c-4.3.2 openstack-dashboard-12.0.4~dev5-3.17.3 openstack-ec2-api-5.0.1~dev10-4.6.2 openstack-ec2-api-api-5.0.1~dev10-4.6.2 openstack-ec2-api-metadata-5.0.1~dev10-4.6.2 openstack-ec2-api-s3-5.0.1~dev10-4.6.2 openstack-heat-9.0.6~dev17-3.15.3 openstack-heat-api-9.0.6~dev17-3.15.3 openstack-heat-api-cfn-9.0.6~dev17-3.15.3 openstack-heat-api-cloudwatch-9.0.6~dev17-3.15.3 openstack-heat-doc-9.0.6~dev17-3.15.2 openstack-heat-engine-9.0.6~dev17-3.15.3 openstack-heat-plugin-heat_docker-9.0.6~dev17-3.15.3 openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.9.2 openstack-heat-test-9.0.6~dev17-3.15.3 openstack-horizon-plugin-ironic-ui-3.0.4~dev3-3.6.2 openstack-horizon-plugin-magnum-ui-3.0.1~dev9-3.6.2 openstack-horizon-plugin-sahara-ui-7.0.4~dev1-3.6.2 openstack-ironic-9.1.7~dev7-3.15.3 openstack-ironic-api-9.1.7~dev7-3.15.3 openstack-ironic-conductor-9.1.7~dev7-3.15.3 openstack-ironic-doc-9.1.7~dev7-3.15.2 openstack-keystone-12.0.3~dev1-5.16.3 openstack-keystone-doc-12.0.3~dev1-5.16.2 openstack-magnum-5.0.2~dev31-4.12.3 openstack-magnum-api-5.0.2~dev31-4.12.3 openstack-magnum-conductor-5.0.2~dev31-4.12.3 openstack-magnum-doc-5.0.2~dev31-4.12.2 openstack-manila-5.0.4~dev17-3.15.3 openstack-manila-api-5.0.4~dev17-3.15.3 openstack-manila-data-5.0.4~dev17-3.15.3 openstack-manila-doc-5.0.4~dev17-3.15.2 openstack-manila-scheduler-5.0.4~dev17-3.15.3 openstack-manila-share-5.0.4~dev17-3.15.3 openstack-monasca-api-2.2.1~dev25-3.9.3 openstack-monasca-notification-1.10.2~dev2-3.6.3 openstack-monasca-persister-1.7.1~dev8-3.6.3 openstack-murano-4.0.1~dev5-3.6.2 openstack-murano-api-4.0.1~dev5-3.6.2 openstack-murano-doc-4.0.1~dev5-3.6.2 openstack-murano-engine-4.0.1~dev5-3.6.2 openstack-neutron-11.0.7~dev100-3.15.3 openstack-neutron-dhcp-agent-11.0.7~dev100-3.15.3 openstack-neutron-doc-11.0.7~dev100-3.15.2 openstack-neutron-fwaas-11.0.2~dev8-3.11.2 openstack-neutron-fwaas-doc-11.0.2~dev8-3.11.2 openstack-neutron-ha-tool-11.0.7~dev100-3.15.3 openstack-neutron-l3-agent-11.0.7~dev100-3.15.3 openstack-neutron-linuxbridge-agent-11.0.7~dev100-3.15.3 openstack-neutron-macvtap-agent-11.0.7~dev100-3.15.3 openstack-neutron-metadata-agent-11.0.7~dev100-3.15.3 openstack-neutron-metering-agent-11.0.7~dev100-3.15.3 openstack-neutron-openvswitch-agent-11.0.7~dev100-3.15.3 openstack-neutron-server-11.0.7~dev100-3.15.3 openstack-nova-16.1.8~dev53-3.20.3 openstack-nova-api-16.1.8~dev53-3.20.3 openstack-nova-cells-16.1.8~dev53-3.20.3 openstack-nova-compute-16.1.8~dev53-3.20.3 openstack-nova-conductor-16.1.8~dev53-3.20.3 openstack-nova-console-16.1.8~dev53-3.20.3 openstack-nova-consoleauth-16.1.8~dev53-3.20.3 openstack-nova-doc-16.1.8~dev53-3.20.2 openstack-nova-novncproxy-16.1.8~dev53-3.20.3 openstack-nova-placement-api-16.1.8~dev53-3.20.3 openstack-nova-scheduler-16.1.8~dev53-3.20.3 openstack-nova-serialproxy-16.1.8~dev53-3.20.3 openstack-nova-vncproxy-16.1.8~dev53-3.20.3 openstack-octavia-1.0.5~dev1-4.15.2 openstack-octavia-amphora-agent-1.0.5~dev1-4.15.2 openstack-octavia-api-1.0.5~dev1-4.15.2 openstack-octavia-health-manager-1.0.5~dev1-4.15.2 openstack-octavia-housekeeping-1.0.5~dev1-4.15.2 openstack-octavia-worker-1.0.5~dev1-4.15.2 openstack-sahara-7.0.4~dev1-3.9.3 openstack-sahara-api-7.0.4~dev1-3.9.3 openstack-sahara-doc-7.0.4~dev1-3.9.2 openstack-sahara-engine-7.0.4~dev1-3.9.3 openstack-swift-2.15.2~dev32-3.6.2 openstack-swift-account-2.15.2~dev32-3.6.2 openstack-swift-container-2.15.2~dev32-3.6.2 openstack-swift-doc-2.15.2~dev32-3.6.2 openstack-swift-object-2.15.2~dev32-3.6.2 openstack-swift-proxy-2.15.2~dev32-3.6.2 openstack-tempest-17.0.0-4.6.2 openstack-tempest-test-17.0.0-4.6.2 python-cinderclient-3.1.1-3.3.2 python-cinderclient-doc-3.1.1-3.3.2 python-ec2api-5.0.1~dev10-4.6.2 python-heat-9.0.6~dev17-3.15.3 python-horizon-12.0.4~dev5-3.17.3 python-horizon-plugin-ironic-ui-3.0.4~dev3-3.6.2 python-horizon-plugin-magnum-ui-3.0.1~dev9-3.6.2 python-horizon-plugin-sahara-ui-7.0.4~dev1-3.6.2 python-ironic-9.1.7~dev7-3.15.3 python-keystone-12.0.3~dev1-5.16.3 python-magnum-5.0.2~dev31-4.12.3 python-manila-5.0.4~dev17-3.15.3 python-monasca-api-2.2.1~dev25-3.9.3 python-monasca-common-2.3.1~dev4-4.6.2 python-monasca-notification-1.10.2~dev2-3.6.3 python-monasca-persister-1.7.1~dev8-3.6.3 python-murano-4.0.1~dev5-3.6.2 python-neutron-11.0.7~dev100-3.15.3 python-neutron-fwaas-11.0.2~dev8-3.11.2 python-nova-16.1.8~dev53-3.20.3 python-octavia-1.0.5~dev1-4.15.2 python-os-brick-1.15.8-3.3.2 python-sahara-7.0.4~dev1-3.9.3 python-swift-2.15.2~dev32-3.6.2 python-tempest-17.0.0-4.6.2 venv-openstack-aodh-x86_64-5.1.1~dev6-12.14.3 venv-openstack-barbican-x86_64-5.0.2~dev2-12.15.3 venv-openstack-ceilometer-x86_64-9.0.7~dev2-12.12.3 venv-openstack-cinder-x86_64-11.1.2~dev58-14.15.3 venv-openstack-designate-x86_64-5.0.3~dev6-12.13.3 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.10.3 venv-openstack-glance-x86_64-15.0.2~dev9-12.13.3 venv-openstack-heat-x86_64-9.0.6~dev17-12.15.3 venv-openstack-horizon-hpe-x86_64-12.0.4~dev5-14.20.3 venv-openstack-ironic-x86_64-9.1.7~dev7-12.15.3 venv-openstack-keystone-x86_64-12.0.3~dev1-11.15.3 venv-openstack-magnum-x86_64-5.0.2-11.13.1 venv-openstack-manila-x86_64-5.0.4~dev17-12.17.3 venv-openstack-monasca-ceilometer-x86_64-1.5.1-8.9.1 venv-openstack-monasca-x86_64-2.2.1-11.11.1 venv-openstack-murano-x86_64-4.0.1-12.9.1 venv-openstack-neutron-x86_64-11.0.2-13.17.1 venv-openstack-nova-x86_64-16.1.8~dev53-11.16.3 venv-openstack-octavia-x86_64-1.0.5~dev1-12.15.3 venv-openstack-sahara-x86_64-7.0.4~dev1-11.14.3 venv-openstack-swift-x86_64-2.15.2-11.9.1 venv-openstack-trove-x86_64-8.0.1~dev12-11.14.3 - HPE Helion Openstack 8 (x86_64): python-cryptography-2.0.3-3.7.2 python-cryptography-debuginfo-2.0.3-3.7.2 python-cryptography-debugsource-2.0.3-3.7.2 References: https://www.suse.com/security/cve/CVE-2018-1000807.html https://www.suse.com/security/cve/CVE-2018-1000808.html https://bugzilla.suse.com/1063535 https://bugzilla.suse.com/1094690 https://bugzilla.suse.com/1105822 https://bugzilla.suse.com/1111634 https://bugzilla.suse.com/1111635 https://bugzilla.suse.com/1114632 https://bugzilla.suse.com/1116501 https://bugzilla.suse.com/1116686 https://bugzilla.suse.com/1122053 https://bugzilla.suse.com/1122237 https://bugzilla.suse.com/1122875 https://bugzilla.suse.com/1124017 https://bugzilla.suse.com/1124022 https://bugzilla.suse.com/1125180 https://bugzilla.suse.com/1125216 https://bugzilla.suse.com/1127752 https://bugzilla.suse.com/1128479 https://bugzilla.suse.com/1128928 https://bugzilla.suse.com/1130414 https://bugzilla.suse.com/127227 From sle-updates at lists.suse.com Mon May 6 10:19:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 May 2019 18:19:18 +0200 (CEST) Subject: SUSE-SU-2019:1156-1: important: Security update for python-Jinja2 Message-ID: <20190506161918.C4FD9F7B6@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1156-1 Rating: important References: #1125815 #1132174 #1132323 Cross-References: CVE-2016-10745 CVE-2019-10906 CVE-2019-8341 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-Jinja2 to version 2.10.1 fixes the following issues: Security issues fixed: - CVE-2019-8341: Fixed a command injection in from_string() (bsc#1125815). - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1156=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1156=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-Jinja2-emacs-2.10.1-3.5.1 python-Jinja2-vim-2.10.1-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python2-Jinja2-2.10.1-3.5.1 python3-Jinja2-2.10.1-3.5.1 References: https://www.suse.com/security/cve/CVE-2016-10745.html https://www.suse.com/security/cve/CVE-2019-10906.html https://www.suse.com/security/cve/CVE-2019-8341.html https://bugzilla.suse.com/1125815 https://bugzilla.suse.com/1132174 https://bugzilla.suse.com/1132323 From sle-updates at lists.suse.com Mon May 6 10:20:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 May 2019 18:20:14 +0200 (CEST) Subject: SUSE-RU-2019:1158-1: moderate: Recommended update for procinfo Message-ID: <20190506162014.9253AF7B6@maintenance.suse.de> SUSE Recommended Update: Recommended update for procinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1158-1 Rating: moderate References: #1131008 #900125 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for procinfo fixes the following issues: - Fix a segfault during "procinfo -a" by increasing the number of available devices. (bsc#900125, bsc#1131008) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1158=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1158=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1158=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1158=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): procinfo-18-221.3.1 procinfo-debuginfo-18-221.3.1 procinfo-debugsource-18-221.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): procinfo-18-221.3.1 procinfo-debuginfo-18-221.3.1 procinfo-debugsource-18-221.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): procinfo-18-221.3.1 procinfo-debuginfo-18-221.3.1 procinfo-debugsource-18-221.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): procinfo-18-221.3.1 procinfo-debuginfo-18-221.3.1 procinfo-debugsource-18-221.3.1 References: https://bugzilla.suse.com/1131008 https://bugzilla.suse.com/900125 From sle-updates at lists.suse.com Mon May 6 10:21:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 May 2019 18:21:02 +0200 (CEST) Subject: SUSE-SU-2019:1157-1: moderate: Security update for ovmf Message-ID: <20190506162102.EAFA3F7B6@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1157-1 Rating: moderate References: #1131361 Cross-References: CVE-2019-0161 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ovmf fixes the following issues: Security issue fixed: - CVE-2019-0161: Fixed a stack overflow in UsbBusDxe and UsbBusPei, which could potentially be triggered by a local unauthenticated user (bsc#1131361). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1157=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1157=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-3.16.1 ovmf-tools-2017+git1510945757.b2662641d5-3.16.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.16.1 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.16.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.16.1 References: https://www.suse.com/security/cve/CVE-2019-0161.html https://bugzilla.suse.com/1131361 From sle-updates at lists.suse.com Mon May 6 10:21:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 May 2019 18:21:43 +0200 (CEST) Subject: SUSE-RU-2019:1160-1: moderate: Recommended update for sg3_utils Message-ID: <20190506162143.A9C6EF7B6@maintenance.suse.de> SUSE Recommended Update: Recommended update for sg3_utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1160-1 Rating: moderate References: #1005063 #1069384 #1131482 #1133418 #840054 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for sg3_utils fixes the following issues: - Update to version 1.44~763+19.1ed0757: * rescan-scsi-bus.sh: use LUN wildcard in idlist (bsc#1069384) * 40-usb-blacklist.rules: use ID_SCSI_INQUIRY (bsc#840054, bsc#1131482) * Changed versioning scheme (svn r763, pre-release of upstream 1.44, plus 16 SUSE patches, SUSE git commit b2fedfa) * 59-fc-wwpn-id.rules: fix rule syntax (bsc#1133418) - Spec file: add fc_wwpn_id to generate by-path links for fibrechannel (bsc#1005063) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1160=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsgutils-devel-1.44~763+19.1ed0757-9.3.1 libsgutils2-1_43-2-1.44~763+19.1ed0757-9.3.1 libsgutils2-1_43-2-debuginfo-1.44~763+19.1ed0757-9.3.1 sg3_utils-1.44~763+19.1ed0757-9.3.1 sg3_utils-debuginfo-1.44~763+19.1ed0757-9.3.1 sg3_utils-debugsource-1.44~763+19.1ed0757-9.3.1 References: https://bugzilla.suse.com/1005063 https://bugzilla.suse.com/1069384 https://bugzilla.suse.com/1131482 https://bugzilla.suse.com/1133418 https://bugzilla.suse.com/840054 From sle-updates at lists.suse.com Mon May 6 10:23:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 May 2019 18:23:26 +0200 (CEST) Subject: SUSE-SU-2019:1155-1: important: Security update for webkit2gtk3 Message-ID: <20190506162326.48B48F7B6@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1155-1 Rating: important References: #1132256 Cross-References: CVE-2019-11070 CVE-2019-6201 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.24.1 fixes the following issues: Security issues fixed: - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1155=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1155=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1155=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1155=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1155=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1155=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1155=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1155=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1155=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1155=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1155=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1155=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1155=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.1-2.41.5 libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5 libwebkit2gtk-4_0-37-2.24.1-2.41.5 libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5 typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2WebExtension-4_0-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5 webkit2gtk3-debugsource-2.24.1-2.41.5 webkit2gtk3-devel-2.24.1-2.41.5 - SUSE OpenStack Cloud 7 (noarch): libwebkit2gtk3-lang-2.24.1-2.41.5 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libwebkit2gtk3-lang-2.24.1-2.41.5 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libwebkit2gtk3-lang-2.24.1-2.41.5 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.24.1-2.41.5 webkit2gtk3-debugsource-2.24.1-2.41.5 webkit2gtk3-devel-2.24.1-2.41.5 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.24.1-2.41.5 webkit2gtk3-debugsource-2.24.1-2.41.5 webkit2gtk3-devel-2.24.1-2.41.5 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.24.1-2.41.5 libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5 libwebkit2gtk-4_0-37-2.24.1-2.41.5 libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5 typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2WebExtension-4_0-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5 webkit2gtk3-debugsource-2.24.1-2.41.5 webkit2gtk3-devel-2.24.1-2.41.5 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libwebkit2gtk3-lang-2.24.1-2.41.5 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.1-2.41.5 libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5 libwebkit2gtk-4_0-37-2.24.1-2.41.5 libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5 typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2-4_0-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5 webkit2gtk3-debugsource-2.24.1-2.41.5 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.1-2.41.5 libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5 libwebkit2gtk-4_0-37-2.24.1-2.41.5 libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5 typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2-4_0-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5 webkit2gtk3-debugsource-2.24.1-2.41.5 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.1-2.41.5 libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5 libwebkit2gtk-4_0-37-2.24.1-2.41.5 libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5 typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2WebExtension-4_0-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5 webkit2gtk3-debugsource-2.24.1-2.41.5 webkit2gtk3-devel-2.24.1-2.41.5 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.24.1-2.41.5 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.24.1-2.41.5 libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5 libwebkit2gtk-4_0-37-2.24.1-2.41.5 libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5 typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2WebExtension-4_0-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5 webkit2gtk3-debugsource-2.24.1-2.41.5 webkit2gtk3-devel-2.24.1-2.41.5 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.24.1-2.41.5 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libjavascriptcoregtk-4_0-18-2.24.1-2.41.5 libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5 libwebkit2gtk-4_0-37-2.24.1-2.41.5 libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5 typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2-4_0-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5 webkit2gtk3-debugsource-2.24.1-2.41.5 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): libwebkit2gtk3-lang-2.24.1-2.41.5 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libjavascriptcoregtk-4_0-18-2.24.1-2.41.5 libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5 libwebkit2gtk-4_0-37-2.24.1-2.41.5 libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5 typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2-4_0-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5 webkit2gtk3-debugsource-2.24.1-2.41.5 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libwebkit2gtk3-lang-2.24.1-2.41.5 - SUSE Enterprise Storage 4 (x86_64): libjavascriptcoregtk-4_0-18-2.24.1-2.41.5 libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-2.41.5 libwebkit2gtk-4_0-37-2.24.1-2.41.5 libwebkit2gtk-4_0-37-debuginfo-2.24.1-2.41.5 typelib-1_0-JavaScriptCore-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2-4_0-2.24.1-2.41.5 typelib-1_0-WebKit2WebExtension-4_0-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-2.24.1-2.41.5 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-2.41.5 webkit2gtk3-debugsource-2.24.1-2.41.5 webkit2gtk3-devel-2.24.1-2.41.5 - SUSE Enterprise Storage 4 (noarch): libwebkit2gtk3-lang-2.24.1-2.41.5 References: https://www.suse.com/security/cve/CVE-2019-11070.html https://www.suse.com/security/cve/CVE-2019-6201.html https://www.suse.com/security/cve/CVE-2019-6251.html https://www.suse.com/security/cve/CVE-2019-7285.html https://www.suse.com/security/cve/CVE-2019-7292.html https://www.suse.com/security/cve/CVE-2019-8503.html https://www.suse.com/security/cve/CVE-2019-8506.html https://www.suse.com/security/cve/CVE-2019-8515.html https://www.suse.com/security/cve/CVE-2019-8524.html https://www.suse.com/security/cve/CVE-2019-8535.html https://www.suse.com/security/cve/CVE-2019-8536.html https://www.suse.com/security/cve/CVE-2019-8544.html https://www.suse.com/security/cve/CVE-2019-8551.html https://www.suse.com/security/cve/CVE-2019-8558.html https://www.suse.com/security/cve/CVE-2019-8559.html https://www.suse.com/security/cve/CVE-2019-8563.html https://bugzilla.suse.com/1132256 From sle-updates at lists.suse.com Mon May 6 13:08:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 May 2019 21:08:46 +0200 (CEST) Subject: SUSE-SU-2019:1162-1: Security update for mariadb Message-ID: <20190506190846.33E62F7B6@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1162-1 Rating: low References: #1112767 #1122198 #1122475 #1127027 Cross-References: CVE-2019-2510 CVE-2019-2537 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for mariadb to version 10.2.22 fixes the following issues: Security issues fixed (bsc#1122198): - CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service. - CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service. Other issues fixed: - Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). - Fixed an issue where the lograte was not working (bsc#1112767). - Backport Information Schema CHECK_CONSTRAINTS Table. - Maximum value of table_definition_cache is now 2097152. - InnoDB ALTER TABLE fixes. - Galera crash recovery fixes. - Encryption fixes. - Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). The complete changelog can be found at: https://mariadb.com/kb/en/library/mariadb-10222-changelog/ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1162=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1162=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1162=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): mariadb-10.2.22-4.11.1 mariadb-client-10.2.22-4.11.1 mariadb-client-debuginfo-10.2.22-4.11.1 mariadb-debuginfo-10.2.22-4.11.1 mariadb-debugsource-10.2.22-4.11.1 mariadb-galera-10.2.22-4.11.1 mariadb-tools-10.2.22-4.11.1 mariadb-tools-debuginfo-10.2.22-4.11.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): mariadb-errormessages-10.2.22-4.11.1 - SUSE OpenStack Cloud 8 (x86_64): mariadb-10.2.22-4.11.1 mariadb-client-10.2.22-4.11.1 mariadb-client-debuginfo-10.2.22-4.11.1 mariadb-debuginfo-10.2.22-4.11.1 mariadb-debugsource-10.2.22-4.11.1 mariadb-galera-10.2.22-4.11.1 mariadb-tools-10.2.22-4.11.1 mariadb-tools-debuginfo-10.2.22-4.11.1 - SUSE OpenStack Cloud 8 (noarch): mariadb-errormessages-10.2.22-4.11.1 - HPE Helion Openstack 8 (x86_64): mariadb-10.2.22-4.11.1 mariadb-client-10.2.22-4.11.1 mariadb-client-debuginfo-10.2.22-4.11.1 mariadb-debuginfo-10.2.22-4.11.1 mariadb-debugsource-10.2.22-4.11.1 mariadb-galera-10.2.22-4.11.1 mariadb-tools-10.2.22-4.11.1 mariadb-tools-debuginfo-10.2.22-4.11.1 - HPE Helion Openstack 8 (noarch): mariadb-errormessages-10.2.22-4.11.1 References: https://www.suse.com/security/cve/CVE-2019-2510.html https://www.suse.com/security/cve/CVE-2019-2537.html https://bugzilla.suse.com/1112767 https://bugzilla.suse.com/1122198 https://bugzilla.suse.com/1122475 https://bugzilla.suse.com/1127027 From sle-updates at lists.suse.com Tue May 7 07:09:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 15:09:54 +0200 (CEST) Subject: SUSE-RU-2019:1164-1: moderate: Recommended update for perl-IO-Socket-SSL Message-ID: <20190507130954.C248AF7B6@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-IO-Socket-SSL ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1164-1 Rating: moderate References: #1130684 #1131103 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for perl-IO-Socket-SSL fixes the following issues: - Update expired certificates in the build tests [bsc#1131103, bsc#1130684] perl-IO-Socket-SSL updated to 2.052. See /usr/share/doc/packages/perl-IO-Socket-SSL/Changes for more information. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1164=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1164=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1164=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1164=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): perl-IO-Socket-SSL-2.052-4.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): perl-IO-Socket-SSL-2.052-4.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): perl-IO-Socket-SSL-2.052-4.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): perl-IO-Socket-SSL-2.052-4.3.1 References: https://bugzilla.suse.com/1130684 https://bugzilla.suse.com/1131103 From sle-updates at lists.suse.com Tue May 7 07:10:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 15:10:39 +0200 (CEST) Subject: SUSE-RU-2019:1163-1: important: Recommended update for aws-vpc-move-ip Message-ID: <20190507131039.0FC6AF7B6@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-vpc-move-ip ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1163-1 Rating: important References: #1133962 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aws-vpc-move-ip fixes the following issues: - Fixed an error when updating the route table in case VM has multiple network interfaces (bsc#1133962) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1163=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): aws-vpc-move-ip-0.2.20171113-3.9.1 References: https://bugzilla.suse.com/1133962 From sle-updates at lists.suse.com Tue May 7 07:11:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 15:11:10 +0200 (CEST) Subject: SUSE-RU-2019:1165-1: moderate: Recommended update for linux-glibc-devel Message-ID: <20190507131110.54756F7B6@maintenance.suse.de> SUSE Recommended Update: Recommended update for linux-glibc-devel ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1165-1 Rating: moderate References: #1130171 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for linux-glibc-devel fixes the following issues: - psp-sev.patch: add (bsc#1130171) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1165=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1165=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): linux-glibc-devel-4.12-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): linux-glibc-devel-4.12-3.3.1 References: https://bugzilla.suse.com/1130171 From sle-updates at lists.suse.com Tue May 7 07:11:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 15:11:48 +0200 (CEST) Subject: SUSE-SU-2019:1166-1: moderate: Security update for audit Message-ID: <20190507131148.41E2CF7B6@maintenance.suse.de> SUSE Security Update: Security update for audit ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1166-1 Rating: moderate References: #1042781 #1085003 #1125535 #941922 Cross-References: CVE-2015-5186 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for audit fixes the following issues: Audit on SUSE Linux Enterprise 12 SP3 was updated to 2.8.1 to bring new features and bugfixes. (bsc#1125535 FATE#326346) * Many features were added to auparse_normalize * cli option added to auditd and audispd for setting config dir * In auditd, restore the umask after creating a log file * Option added to auditd for skipping email verification The full changelog can be found here: http://people.redhat.com/sgrubb/audit/ChangeLog - Change openldap dependency to client only (bsc#1085003) Minor security issue fixed: - CVE-2015-5186: Audit: log terminal emulator escape sequences handling (bsc#941922) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1166=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1166=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1166=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): audit-debugsource-2.8.1-8.3.1 audit-devel-2.8.1-8.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): audit-2.8.1-8.3.3 audit-audispd-plugins-2.8.1-8.3.3 audit-debugsource-2.8.1-8.3.1 libaudit1-2.8.1-8.3.1 libaudit1-debuginfo-2.8.1-8.3.1 libauparse0-2.8.1-8.3.1 libauparse0-debuginfo-2.8.1-8.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libaudit1-32bit-2.8.1-8.3.1 libaudit1-debuginfo-32bit-2.8.1-8.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): audit-2.8.1-8.3.3 audit-debugsource-2.8.1-8.3.1 libaudit1-2.8.1-8.3.1 libaudit1-32bit-2.8.1-8.3.1 libaudit1-debuginfo-2.8.1-8.3.1 libaudit1-debuginfo-32bit-2.8.1-8.3.1 libauparse0-2.8.1-8.3.1 libauparse0-debuginfo-2.8.1-8.3.1 References: https://www.suse.com/security/cve/CVE-2015-5186.html https://bugzilla.suse.com/1042781 https://bugzilla.suse.com/1085003 https://bugzilla.suse.com/1125535 https://bugzilla.suse.com/941922 From sle-updates at lists.suse.com Tue May 7 07:12:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 15:12:54 +0200 (CEST) Subject: SUSE-RU-2019:1168-1: moderate: Recommended update for SUSEConnect Message-ID: <20190507131254.38448F7B6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1168-1 Rating: moderate References: #1128969 #959561 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Does no longer try to remove a service during migration, if a zypper service plugin already exists (bsc#1128969) - Shows non-enabled extensions with a remark about availability - Adds output information about registration and unregistration progress - Output proper message when SUSEConnect is called without parameters (bsc#959561) - Default to https URI when no protocol prefix is provided for --url - Support transactional-update systems (fate#326482) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1168=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1168=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1168=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1168=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1168=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1168=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): SUSEConnect-0.3.17-19.10.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): SUSEConnect-0.3.17-19.10.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.17-19.10.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): SUSEConnect-0.3.17-19.10.20.1 - SUSE Enterprise Storage 4 (x86_64): SUSEConnect-0.3.17-19.10.20.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): SUSEConnect-0.3.17-19.10.20.1 References: https://bugzilla.suse.com/1128969 https://bugzilla.suse.com/959561 From sle-updates at lists.suse.com Tue May 7 07:13:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 15:13:39 +0200 (CEST) Subject: SUSE-RU-2019:1167-1: moderate: Recommended update for SUSEConnect Message-ID: <20190507131339.05051F7B6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1167-1 Rating: moderate References: #1128969 #959561 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Does no longer try to remove a service during migration, if a zypper service plugin already exists (bsc#1128969) - Shows non-enabled extensions with a remark about availability - Adds output information about registration and unregistration progress - Output proper message when SUSEConnect is called without parameters (bsc#959561) - Default to https URI when no protocol prefix is provided for --url - Support transactional-update systems (fate#326482) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1167=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.17-9.39.1 References: https://bugzilla.suse.com/1128969 https://bugzilla.suse.com/959561 From sle-updates at lists.suse.com Tue May 7 10:09:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 18:09:46 +0200 (CEST) Subject: SUSE-RU-2019:1171-1: moderate: Recommended update for sles12sp3-docker-image, sles12sp4-image, sles15-image Message-ID: <20190507160946.38EE7F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for sles12sp3-docker-image, sles12sp4-image, sles15-image ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1171-1 Rating: moderate References: #1126736 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sles12sp3-docker-image, sles12sp4-image, sles15-image fixes the following issues: - Wrong org.opencontainers.image prefix in labels (bsc#1126736) - Add comment for obsrepositories:/ back to avoid it in Dockerfiles Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-1171=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): suse-sles12sp3-image-2.0.2-19.1 References: https://bugzilla.suse.com/1126736 From sle-updates at lists.suse.com Tue May 7 10:10:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 18:10:33 +0200 (CEST) Subject: SUSE-RU-2019:1170-1: important: Recommended update for multipath-tools Message-ID: <20190507161033.B60FBF528@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1170-1 Rating: important References: #1075129 #1085212 #1107179 #1118224 #1121134 #1125145 #1131789 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server Installer 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for multipath-tools fixes the following issues: multipath-tools was updated to version 0.7.1+106+suse.cff2238: - Fix boot issues on certain hardware (bsc#1125145, bsc#1131789) - Other fixes * libmultipath: Increase SERIAL_SIZE to 128 bytes (bsc#1107179) * setup_map: wait for pending path checkers to finish (bsc#1118224) * multipathd: avoid crash in cli_list_path (bsc#1121134) * libmultipath/hwtable: don't hard-code ALUA for IBM IPR (bsc#1085212, bsc#1075129) * libmultipath: don't reject maps with undefined prio (bsc#1085212, bsc#1075129) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1170=1 - SUSE Linux Enterprise Server Installer 12-SP3: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP3-2019-1170=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1170=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1170=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): multipath-tools-debuginfo-0.7.1+108+suse.29efb7b-2.16.1 multipath-tools-debugsource-0.7.1+108+suse.29efb7b-2.16.1 multipath-tools-devel-0.7.1+108+suse.29efb7b-2.16.1 - SUSE Linux Enterprise Server Installer 12-SP3 (aarch64 ppc64le s390x x86_64): kpartx-0.7.1+108+suse.29efb7b-2.16.1 multipath-tools-0.7.1+108+suse.29efb7b-2.16.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kpartx-0.7.1+108+suse.29efb7b-2.16.1 kpartx-debuginfo-0.7.1+108+suse.29efb7b-2.16.1 multipath-tools-0.7.1+108+suse.29efb7b-2.16.1 multipath-tools-debuginfo-0.7.1+108+suse.29efb7b-2.16.1 multipath-tools-debugsource-0.7.1+108+suse.29efb7b-2.16.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kpartx-0.7.1+108+suse.29efb7b-2.16.1 kpartx-debuginfo-0.7.1+108+suse.29efb7b-2.16.1 multipath-tools-0.7.1+108+suse.29efb7b-2.16.1 multipath-tools-debuginfo-0.7.1+108+suse.29efb7b-2.16.1 multipath-tools-debugsource-0.7.1+108+suse.29efb7b-2.16.1 - SUSE CaaS Platform 3.0 (x86_64): kpartx-0.7.1+108+suse.29efb7b-2.16.1 kpartx-debuginfo-0.7.1+108+suse.29efb7b-2.16.1 multipath-tools-0.7.1+108+suse.29efb7b-2.16.1 multipath-tools-debuginfo-0.7.1+108+suse.29efb7b-2.16.1 multipath-tools-debugsource-0.7.1+108+suse.29efb7b-2.16.1 References: https://bugzilla.suse.com/1075129 https://bugzilla.suse.com/1085212 https://bugzilla.suse.com/1107179 https://bugzilla.suse.com/1118224 https://bugzilla.suse.com/1121134 https://bugzilla.suse.com/1125145 https://bugzilla.suse.com/1131789 From sle-updates at lists.suse.com Tue May 7 10:12:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 18:12:48 +0200 (CEST) Subject: SUSE-RU-2019:1169-1: important: Recommended update for MozillaFirefox Message-ID: <20190507161248.EA952F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1169-1 Rating: important References: #1134126 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for MozillaFirefox fixes the following issues: - An internal certificate in Firefox expired recently and that certificate was used to ensure the validity of installed extensions modules. This update includes a new, valid copy of that certificate so that users can continue to use and install their preferred extensions. (bsc#1134126) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1169=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1169=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.6.2-3.32.1 MozillaFirefox-debuginfo-60.6.2-3.32.1 MozillaFirefox-debugsource-60.6.2-3.32.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.6.2-3.32.1 MozillaFirefox-debuginfo-60.6.2-3.32.1 MozillaFirefox-debugsource-60.6.2-3.32.1 MozillaFirefox-devel-60.6.2-3.32.1 MozillaFirefox-translations-common-60.6.2-3.32.1 MozillaFirefox-translations-other-60.6.2-3.32.1 References: https://bugzilla.suse.com/1134126 From sle-updates at lists.suse.com Tue May 7 13:09:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 21:09:03 +0200 (CEST) Subject: SUSE-RU-2019:1178-1: important: Recommended update for MozillaFirefox Message-ID: <20190507190903.08006F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1178-1 Rating: important References: #1134126 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for MozillaFirefox fixes the following issues: - An internal certificate in Firefox expired recently and that certificate was used to ensure the validity of installed extensions modules. This update includes a new, valid copy of that certificate so that users can continue to use and install their preferred extensions. (bsc#1134126) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1178=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1178=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1178=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1178=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1178=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1178=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1178=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1178=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1178=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1178=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1178=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1178=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1178=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1178=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.6.2esr-109.66.1 MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-devel-60.6.2esr-109.66.1 MozillaFirefox-translations-common-60.6.2esr-109.66.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-devel-60.6.2esr-109.66.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-devel-60.6.2esr-109.66.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.6.2esr-109.66.1 MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-devel-60.6.2esr-109.66.1 MozillaFirefox-translations-common-60.6.2esr-109.66.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.6.2esr-109.66.1 MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-devel-60.6.2esr-109.66.1 MozillaFirefox-translations-common-60.6.2esr-109.66.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.6.2esr-109.66.1 MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-translations-common-60.6.2esr-109.66.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.6.2esr-109.66.1 MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-translations-common-60.6.2esr-109.66.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.6.2esr-109.66.1 MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-devel-60.6.2esr-109.66.1 MozillaFirefox-translations-common-60.6.2esr-109.66.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-60.6.2esr-109.66.1 MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-devel-60.6.2esr-109.66.1 MozillaFirefox-translations-common-60.6.2esr-109.66.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.6.2esr-109.66.1 MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-devel-60.6.2esr-109.66.1 MozillaFirefox-translations-common-60.6.2esr-109.66.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.6.2esr-109.66.1 MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-devel-60.6.2esr-109.66.1 MozillaFirefox-translations-common-60.6.2esr-109.66.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.6.2esr-109.66.1 MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-translations-common-60.6.2esr-109.66.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-60.6.2esr-109.66.1 MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-translations-common-60.6.2esr-109.66.1 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.6.2esr-109.66.1 MozillaFirefox-debuginfo-60.6.2esr-109.66.1 MozillaFirefox-debugsource-60.6.2esr-109.66.1 MozillaFirefox-devel-60.6.2esr-109.66.1 MozillaFirefox-translations-common-60.6.2esr-109.66.1 References: https://bugzilla.suse.com/1134126 From sle-updates at lists.suse.com Tue May 7 13:09:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 21:09:41 +0200 (CEST) Subject: SUSE-RU-2019:1177-1: moderate: Recommended update for kernel-firmware Message-ID: <20190507190941.88446F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1177-1 Rating: moderate References: #1132303 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kernel-firmware fixes the following issues: kernel firmware was updated to version 20190312: * drm/amdgpu: update picasso to latest from 18.50 branch * drm/amdgpu: update polaris12 to latest from 18.50 branch * drm/amdgpu: update vega20 to latest from 18.50 branch * rtw88: RTL8822C: update rtw8822c_fw.bin to v5.0 * rtl_bt: Update firmware for BT part of RTL8822C * linux-firmware: update Marvell 8787/8801/8887 firmware images * linux-firmware: update Marvell 8897/8997 firmware images * nfp: update Agilio SmartNIC firmware to rev 2.1.16.1 * QCA: Add the fw files for BT Chip QCA6174. The update to version 20190221 contained: * linux-firmware: Add AMD SEV firmware * WHENCE: Correct errant entries * amdgpu: update raven2 rlc firmware * amdgpu: drop raven2_sdma1.bin * linux-firmware: Update firmware file for Intel Bluetooth,9560 * linux-firmware: Update firmware file for Intel Bluetooth,9260 * qca: Add firmware files for BT chip wcn3990. * nvidia: add TU10x typec controller firmware The update to version 20190212 contained: * bnx2x: Add FW 7.13.11.0. (bsc#1132303) * amdgpu: add firmware for vega20 from 18.50 * amdgpu: bump year on license * linux-firmware: update Marvell PCIe-USB8997 firmware image * linux-firmware: update Marvell SD8897-B0 firmware image * linux-firmware: add Marvell SD8977 firmware image * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00021 * ath10k: QCA988X hw2.0: update firmware-5.bin to 10.2.4-1.0-00043 * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00024 * ath10k: QCA6174 hw3.0: update board-2.bin Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1177=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-firmware-20190312-3.17.1 ucode-amd-20190312-3.17.1 References: https://bugzilla.suse.com/1132303 From sle-updates at lists.suse.com Tue May 7 13:10:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 21:10:19 +0200 (CEST) Subject: SUSE-RU-2019:1174-1: moderate: Recommended update for SUSEConnect Message-ID: <20190507191019.B8EF7F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1174-1 Rating: moderate References: #1128969 #959561 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Does no longer try to remove a service during migration, if a zypper service plugin already exists (bsc#1128969) - Shows non-enabled extensions with a remark about availability - Adds output information about registration and unregistration progress - Output proper message when SUSEConnect is called without parameters (bsc#959561) - Default to https URI when no protocol prefix is provided for --url - Support transactional-update systems (fate#326482) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1174=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1174=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1174=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1174=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.17-3.28.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.17-3.28.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): SUSEConnect-0.3.17-3.28.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): SUSEConnect-0.3.17-3.28.1 - SUSE CaaS Platform ALL (x86_64): SUSEConnect-0.3.17-3.28.1 - SUSE CaaS Platform 3.0 (x86_64): SUSEConnect-0.3.17-3.28.1 References: https://bugzilla.suse.com/1128969 https://bugzilla.suse.com/959561 From sle-updates at lists.suse.com Tue May 7 13:11:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 21:11:09 +0200 (CEST) Subject: SUSE-SU-2019:1181-1: important: Security update for freeradius-server Message-ID: <20190507191109.EBF56F528@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1181-1 Rating: important References: #1132549 #1132664 Cross-References: CVE-2019-11234 CVE-2019-11235 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1181=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1181=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1181=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1181=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): freeradius-server-debuginfo-3.0.15-2.11.2 freeradius-server-debugsource-3.0.15-2.11.2 freeradius-server-devel-3.0.15-2.11.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): freeradius-server-debuginfo-3.0.15-2.11.2 freeradius-server-debugsource-3.0.15-2.11.2 freeradius-server-devel-3.0.15-2.11.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.15-2.11.2 freeradius-server-debuginfo-3.0.15-2.11.2 freeradius-server-debugsource-3.0.15-2.11.2 freeradius-server-doc-3.0.15-2.11.2 freeradius-server-krb5-3.0.15-2.11.2 freeradius-server-krb5-debuginfo-3.0.15-2.11.2 freeradius-server-ldap-3.0.15-2.11.2 freeradius-server-ldap-debuginfo-3.0.15-2.11.2 freeradius-server-libs-3.0.15-2.11.2 freeradius-server-libs-debuginfo-3.0.15-2.11.2 freeradius-server-mysql-3.0.15-2.11.2 freeradius-server-mysql-debuginfo-3.0.15-2.11.2 freeradius-server-perl-3.0.15-2.11.2 freeradius-server-perl-debuginfo-3.0.15-2.11.2 freeradius-server-postgresql-3.0.15-2.11.2 freeradius-server-postgresql-debuginfo-3.0.15-2.11.2 freeradius-server-python-3.0.15-2.11.2 freeradius-server-python-debuginfo-3.0.15-2.11.2 freeradius-server-sqlite-3.0.15-2.11.2 freeradius-server-sqlite-debuginfo-3.0.15-2.11.2 freeradius-server-utils-3.0.15-2.11.2 freeradius-server-utils-debuginfo-3.0.15-2.11.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.15-2.11.2 freeradius-server-debuginfo-3.0.15-2.11.2 freeradius-server-debugsource-3.0.15-2.11.2 freeradius-server-doc-3.0.15-2.11.2 freeradius-server-krb5-3.0.15-2.11.2 freeradius-server-krb5-debuginfo-3.0.15-2.11.2 freeradius-server-ldap-3.0.15-2.11.2 freeradius-server-ldap-debuginfo-3.0.15-2.11.2 freeradius-server-libs-3.0.15-2.11.2 freeradius-server-libs-debuginfo-3.0.15-2.11.2 freeradius-server-mysql-3.0.15-2.11.2 freeradius-server-mysql-debuginfo-3.0.15-2.11.2 freeradius-server-perl-3.0.15-2.11.2 freeradius-server-perl-debuginfo-3.0.15-2.11.2 freeradius-server-postgresql-3.0.15-2.11.2 freeradius-server-postgresql-debuginfo-3.0.15-2.11.2 freeradius-server-python-3.0.15-2.11.2 freeradius-server-python-debuginfo-3.0.15-2.11.2 freeradius-server-sqlite-3.0.15-2.11.2 freeradius-server-sqlite-debuginfo-3.0.15-2.11.2 freeradius-server-utils-3.0.15-2.11.2 freeradius-server-utils-debuginfo-3.0.15-2.11.2 References: https://www.suse.com/security/cve/CVE-2019-11234.html https://www.suse.com/security/cve/CVE-2019-11235.html https://bugzilla.suse.com/1132549 https://bugzilla.suse.com/1132664 From sle-updates at lists.suse.com Tue May 7 13:11:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 21:11:57 +0200 (CEST) Subject: SUSE-RU-2019:1176-1: moderate: Recommended update for rpmlint Message-ID: <20190507191157.3E973F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpmlint ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1176-1 Rating: moderate References: #1132530 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rpmlint fixes the following issues: - fix rpmlint-tests build by reverting changes to reference output that do not apply on SLE15 (bsc#1132530) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1176=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (noarch): rpmlint-1.10-7.6.1 References: https://bugzilla.suse.com/1132530 From sle-updates at lists.suse.com Tue May 7 13:12:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 May 2019 21:12:31 +0200 (CEST) Subject: SUSE-RU-2019:1173-1: moderate: Recommended update for cifs-utils Message-ID: <20190507191231.E4DC1F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1173-1 Rating: moderate References: #1130528 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cifs-utils fixes the following issues: - Allow cached DNS entry to expire (fate#325270). - Document new SMB2.1+ defaults (bsc#1130528). - Add typo corrections, better doc and configure fixes from upstream - Update to cifs-utils 6.8 (please find all 6.8 changes in the changelog) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1173=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1173=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): cifs-utils-debuginfo-6.8-3.7.1 cifs-utils-debugsource-6.8-3.7.1 pam_cifscreds-6.8-3.7.1 pam_cifscreds-debuginfo-6.8-3.7.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): cifs-utils-6.8-3.7.1 cifs-utils-debuginfo-6.8-3.7.1 cifs-utils-debugsource-6.8-3.7.1 cifs-utils-devel-6.8-3.7.1 References: https://bugzilla.suse.com/1130528 From sle-updates at lists.suse.com Wed May 8 04:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 May 2019 12:11:03 +0200 (CEST) Subject: SUSE-RU-2019:1188-1: moderate: Recommended update for gdm Message-ID: <20190508101103.3A204F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1188-1 Rating: moderate References: #1129412 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdm fixes the following issues: - Remove the gnome session runtime requirement of g-s-d Wacom plugin because it is not build on s390 (bsc#1129412). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1188=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1188=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): gdm-branding-upstream-3.26.2.1-13.22.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gdm-3.26.2.1-13.22.2 gdm-debuginfo-3.26.2.1-13.22.2 gdm-debugsource-3.26.2.1-13.22.2 gdm-devel-3.26.2.1-13.22.2 libgdm1-3.26.2.1-13.22.2 libgdm1-debuginfo-3.26.2.1-13.22.2 typelib-1_0-Gdm-1_0-3.26.2.1-13.22.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gdm-lang-3.26.2.1-13.22.2 gdmflexiserver-3.26.2.1-13.22.2 References: https://bugzilla.suse.com/1129412 From sle-updates at lists.suse.com Wed May 8 07:09:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 May 2019 15:09:47 +0200 (CEST) Subject: SUSE-RU-2019:1190-1: important: Recommended update for multipath-tools Message-ID: <20190508130947.32BBEF528@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1190-1 Rating: important References: #1121134 #1125145 #1131789 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for multipath-tools fixes the following issues: - Update to version 0.6.2+suse20190430.66550c1: * Avoid deadlock situation during udev settle (bsc#1131789, bsc#1125145) - multipath -u: test socket connection in non-blocking mode * multipathd: avoid crash in cli_list_path (bsc#1121134) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1190=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1190=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1190=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1190=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1190=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1190=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kpartx-0.6.2+suse20190430.66550c1-71.19.1 kpartx-debuginfo-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-debuginfo-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-debugsource-0.6.2+suse20190430.66550c1-71.19.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kpartx-0.6.2+suse20190430.66550c1-71.19.1 kpartx-debuginfo-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-debuginfo-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-debugsource-0.6.2+suse20190430.66550c1-71.19.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kpartx-0.6.2+suse20190430.66550c1-71.19.1 kpartx-debuginfo-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-debuginfo-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-debugsource-0.6.2+suse20190430.66550c1-71.19.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kpartx-0.6.2+suse20190430.66550c1-71.19.1 kpartx-debuginfo-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-debuginfo-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-debugsource-0.6.2+suse20190430.66550c1-71.19.1 - SUSE Enterprise Storage 4 (x86_64): kpartx-0.6.2+suse20190430.66550c1-71.19.1 kpartx-debuginfo-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-debuginfo-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-debugsource-0.6.2+suse20190430.66550c1-71.19.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kpartx-0.6.2+suse20190430.66550c1-71.19.1 kpartx-debuginfo-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-debuginfo-0.6.2+suse20190430.66550c1-71.19.1 multipath-tools-debugsource-0.6.2+suse20190430.66550c1-71.19.1 References: https://bugzilla.suse.com/1121134 https://bugzilla.suse.com/1125145 https://bugzilla.suse.com/1131789 From sle-updates at lists.suse.com Wed May 8 07:13:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 May 2019 15:13:23 +0200 (CEST) Subject: SUSE-RU-2019:1189-1: important: Recommended update for resource-agents Message-ID: <20190508131323.452A3F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1189-1 Rating: important References: #1133962 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed an error when updating the route table in case VM has multiple network interfaces (bsc#1133962) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1189=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.1.9+git24.9b664917-3.6.1 resource-agents-4.1.9+git24.9b664917-3.6.1 resource-agents-debuginfo-4.1.9+git24.9b664917-3.6.1 resource-agents-debugsource-4.1.9+git24.9b664917-3.6.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.1.9+git24.9b664917-3.6.1 References: https://bugzilla.suse.com/1133962 From sle-updates at lists.suse.com Wed May 8 10:10:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 May 2019 18:10:34 +0200 (CEST) Subject: SUSE-RU-2019:1192-1: moderate: Recommended update for mgetty Message-ID: <20190508161034.0F567F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for mgetty ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1192-1 Rating: moderate References: #1129954 #968571 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mgetty fixes the following issues: - Use correct permissions for unit files (bsc#1129954, bsc#968571). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1192=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1192=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1192=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1192=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): g3utils-1.1.36-58.6.1 g3utils-debuginfo-1.1.36-58.6.1 mgetty-1.1.36-58.6.1 mgetty-debuginfo-1.1.36-58.6.1 mgetty-debugsource-1.1.36-58.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): g3utils-1.1.36-58.6.1 g3utils-debuginfo-1.1.36-58.6.1 mgetty-1.1.36-58.6.1 mgetty-debuginfo-1.1.36-58.6.1 mgetty-debugsource-1.1.36-58.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): g3utils-1.1.36-58.6.1 g3utils-debuginfo-1.1.36-58.6.1 mgetty-1.1.36-58.6.1 mgetty-debuginfo-1.1.36-58.6.1 mgetty-debugsource-1.1.36-58.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): g3utils-1.1.36-58.6.1 g3utils-debuginfo-1.1.36-58.6.1 mgetty-1.1.36-58.6.1 mgetty-debuginfo-1.1.36-58.6.1 mgetty-debugsource-1.1.36-58.6.1 References: https://bugzilla.suse.com/1129954 https://bugzilla.suse.com/968571 From sle-updates at lists.suse.com Wed May 8 10:12:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 May 2019 18:12:13 +0200 (CEST) Subject: SUSE-RU-2019:14041-1: moderate: Recommended update for systemtap Message-ID: <20190508161213.8A0C4F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemtap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14041-1 Rating: moderate References: #1060073 #1131394 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemtap provides the following fix: systemtap was upgraded to version 1.8 (FATE#324284 bsc#1131394) Changelog: - v1.8: https://sourceware.org/ml/systemtap/2012-q2/msg00277.html - v1.7: https://sourceware.org/ml/systemtap/2012-q1/msg00097.html - v1.6: https://sourceware.org/ml/systemtap/2011-q3/msg00105.html Additional fixes: - Fix argv access on newer kernels (bsc#1060073) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-systemtap-14041=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-systemtap-14041=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-systemtap-14041=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): systemtap-1.8-0.9.8.1 systemtap-server-1.8-0.9.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): systemtap-1.8-0.9.8.1 systemtap-server-1.8-0.9.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): systemtap-debuginfo-1.8-0.9.8.1 systemtap-debugsource-1.8-0.9.8.1 References: https://bugzilla.suse.com/1060073 https://bugzilla.suse.com/1131394 From sle-updates at lists.suse.com Wed May 8 10:13:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 May 2019 18:13:06 +0200 (CEST) Subject: SUSE-RU-2019:1191-1: moderate: Recommended update for ethtool Message-ID: <20190508161306.7EB26F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for ethtool ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1191-1 Rating: moderate References: #1092037 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ethtool fixes the following issues: - Fix stack clash for PHY tunables (bsc#1092037) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1191=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1191=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ethtool-4.13-14.3.7 ethtool-debuginfo-4.13-14.3.7 ethtool-debugsource-4.13-14.3.7 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ethtool-4.13-14.3.7 ethtool-debuginfo-4.13-14.3.7 ethtool-debugsource-4.13-14.3.7 References: https://bugzilla.suse.com/1092037 From sle-updates at lists.suse.com Wed May 8 13:11:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 May 2019 21:11:45 +0200 (CEST) Subject: SUSE-SU-2019:1195-1: moderate: Security update for samba Message-ID: <20190508191145.B472DF528@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1195-1 Rating: moderate References: #1106119 #1131060 Cross-References: CVE-2019-3880 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise High Availability 12-SP1 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Save registry file outside share as unprivileged user (bsc#1131060). Non-security issue fixed: - Backport changes to support quotas with SMB2 (bsc#1106119). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1195=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1195=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1195=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1195=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1195=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1195=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2019-1195=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1195=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libdcerpc-atsvc0-4.2.4-28.32.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.32.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libdcerpc-atsvc0-4.2.4-28.32.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.32.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): samba-doc-4.2.4-28.32.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ctdb-4.2.4-28.32.1 ctdb-debuginfo-4.2.4-28.32.1 libdcerpc-binding0-32bit-4.2.4-28.32.1 libdcerpc-binding0-4.2.4-28.32.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.32.1 libdcerpc-binding0-debuginfo-4.2.4-28.32.1 libdcerpc0-32bit-4.2.4-28.32.1 libdcerpc0-4.2.4-28.32.1 libdcerpc0-debuginfo-32bit-4.2.4-28.32.1 libdcerpc0-debuginfo-4.2.4-28.32.1 libgensec0-32bit-4.2.4-28.32.1 libgensec0-4.2.4-28.32.1 libgensec0-debuginfo-32bit-4.2.4-28.32.1 libgensec0-debuginfo-4.2.4-28.32.1 libndr-krb5pac0-32bit-4.2.4-28.32.1 libndr-krb5pac0-4.2.4-28.32.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.32.1 libndr-krb5pac0-debuginfo-4.2.4-28.32.1 libndr-nbt0-32bit-4.2.4-28.32.1 libndr-nbt0-4.2.4-28.32.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.32.1 libndr-nbt0-debuginfo-4.2.4-28.32.1 libndr-standard0-32bit-4.2.4-28.32.1 libndr-standard0-4.2.4-28.32.1 libndr-standard0-debuginfo-32bit-4.2.4-28.32.1 libndr-standard0-debuginfo-4.2.4-28.32.1 libndr0-32bit-4.2.4-28.32.1 libndr0-4.2.4-28.32.1 libndr0-debuginfo-32bit-4.2.4-28.32.1 libndr0-debuginfo-4.2.4-28.32.1 libnetapi0-32bit-4.2.4-28.32.1 libnetapi0-4.2.4-28.32.1 libnetapi0-debuginfo-32bit-4.2.4-28.32.1 libnetapi0-debuginfo-4.2.4-28.32.1 libregistry0-4.2.4-28.32.1 libregistry0-debuginfo-4.2.4-28.32.1 libsamba-credentials0-32bit-4.2.4-28.32.1 libsamba-credentials0-4.2.4-28.32.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.32.1 libsamba-credentials0-debuginfo-4.2.4-28.32.1 libsamba-hostconfig0-32bit-4.2.4-28.32.1 libsamba-hostconfig0-4.2.4-28.32.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.32.1 libsamba-hostconfig0-debuginfo-4.2.4-28.32.1 libsamba-passdb0-32bit-4.2.4-28.32.1 libsamba-passdb0-4.2.4-28.32.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.32.1 libsamba-passdb0-debuginfo-4.2.4-28.32.1 libsamba-util0-32bit-4.2.4-28.32.1 libsamba-util0-4.2.4-28.32.1 libsamba-util0-debuginfo-32bit-4.2.4-28.32.1 libsamba-util0-debuginfo-4.2.4-28.32.1 libsamdb0-32bit-4.2.4-28.32.1 libsamdb0-4.2.4-28.32.1 libsamdb0-debuginfo-32bit-4.2.4-28.32.1 libsamdb0-debuginfo-4.2.4-28.32.1 libsmbclient-raw0-32bit-4.2.4-28.32.1 libsmbclient-raw0-4.2.4-28.32.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.32.1 libsmbclient-raw0-debuginfo-4.2.4-28.32.1 libsmbclient0-32bit-4.2.4-28.32.1 libsmbclient0-4.2.4-28.32.1 libsmbclient0-debuginfo-32bit-4.2.4-28.32.1 libsmbclient0-debuginfo-4.2.4-28.32.1 libsmbconf0-32bit-4.2.4-28.32.1 libsmbconf0-4.2.4-28.32.1 libsmbconf0-debuginfo-32bit-4.2.4-28.32.1 libsmbconf0-debuginfo-4.2.4-28.32.1 libsmbldap0-32bit-4.2.4-28.32.1 libsmbldap0-4.2.4-28.32.1 libsmbldap0-debuginfo-32bit-4.2.4-28.32.1 libsmbldap0-debuginfo-4.2.4-28.32.1 libtevent-util0-32bit-4.2.4-28.32.1 libtevent-util0-4.2.4-28.32.1 libtevent-util0-debuginfo-32bit-4.2.4-28.32.1 libtevent-util0-debuginfo-4.2.4-28.32.1 libwbclient0-32bit-4.2.4-28.32.1 libwbclient0-4.2.4-28.32.1 libwbclient0-debuginfo-32bit-4.2.4-28.32.1 libwbclient0-debuginfo-4.2.4-28.32.1 samba-32bit-4.2.4-28.32.1 samba-4.2.4-28.32.1 samba-client-32bit-4.2.4-28.32.1 samba-client-4.2.4-28.32.1 samba-client-debuginfo-32bit-4.2.4-28.32.1 samba-client-debuginfo-4.2.4-28.32.1 samba-debuginfo-32bit-4.2.4-28.32.1 samba-debuginfo-4.2.4-28.32.1 samba-debugsource-4.2.4-28.32.1 samba-libs-32bit-4.2.4-28.32.1 samba-libs-4.2.4-28.32.1 samba-libs-debuginfo-32bit-4.2.4-28.32.1 samba-libs-debuginfo-4.2.4-28.32.1 samba-winbind-32bit-4.2.4-28.32.1 samba-winbind-4.2.4-28.32.1 samba-winbind-debuginfo-32bit-4.2.4-28.32.1 samba-winbind-debuginfo-4.2.4-28.32.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libdcerpc-atsvc0-4.2.4-28.32.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.32.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-atsvc0-4.2.4-28.32.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ctdb-4.2.4-28.32.1 ctdb-debuginfo-4.2.4-28.32.1 libdcerpc-binding0-4.2.4-28.32.1 libdcerpc-binding0-debuginfo-4.2.4-28.32.1 libdcerpc0-4.2.4-28.32.1 libdcerpc0-debuginfo-4.2.4-28.32.1 libgensec0-4.2.4-28.32.1 libgensec0-debuginfo-4.2.4-28.32.1 libndr-krb5pac0-4.2.4-28.32.1 libndr-krb5pac0-debuginfo-4.2.4-28.32.1 libndr-nbt0-4.2.4-28.32.1 libndr-nbt0-debuginfo-4.2.4-28.32.1 libndr-standard0-4.2.4-28.32.1 libndr-standard0-debuginfo-4.2.4-28.32.1 libndr0-4.2.4-28.32.1 libndr0-debuginfo-4.2.4-28.32.1 libnetapi0-4.2.4-28.32.1 libnetapi0-debuginfo-4.2.4-28.32.1 libregistry0-4.2.4-28.32.1 libregistry0-debuginfo-4.2.4-28.32.1 libsamba-credentials0-4.2.4-28.32.1 libsamba-credentials0-debuginfo-4.2.4-28.32.1 libsamba-hostconfig0-4.2.4-28.32.1 libsamba-hostconfig0-debuginfo-4.2.4-28.32.1 libsamba-passdb0-4.2.4-28.32.1 libsamba-passdb0-debuginfo-4.2.4-28.32.1 libsamba-util0-4.2.4-28.32.1 libsamba-util0-debuginfo-4.2.4-28.32.1 libsamdb0-4.2.4-28.32.1 libsamdb0-debuginfo-4.2.4-28.32.1 libsmbclient-raw0-4.2.4-28.32.1 libsmbclient-raw0-debuginfo-4.2.4-28.32.1 libsmbclient0-4.2.4-28.32.1 libsmbclient0-debuginfo-4.2.4-28.32.1 libsmbconf0-4.2.4-28.32.1 libsmbconf0-debuginfo-4.2.4-28.32.1 libsmbldap0-4.2.4-28.32.1 libsmbldap0-debuginfo-4.2.4-28.32.1 libtevent-util0-4.2.4-28.32.1 libtevent-util0-debuginfo-4.2.4-28.32.1 libwbclient0-4.2.4-28.32.1 libwbclient0-debuginfo-4.2.4-28.32.1 samba-4.2.4-28.32.1 samba-client-4.2.4-28.32.1 samba-client-debuginfo-4.2.4-28.32.1 samba-debuginfo-4.2.4-28.32.1 samba-debugsource-4.2.4-28.32.1 samba-libs-4.2.4-28.32.1 samba-libs-debuginfo-4.2.4-28.32.1 samba-winbind-4.2.4-28.32.1 samba-winbind-debuginfo-4.2.4-28.32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-28.32.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.32.1 libdcerpc0-32bit-4.2.4-28.32.1 libdcerpc0-debuginfo-32bit-4.2.4-28.32.1 libgensec0-32bit-4.2.4-28.32.1 libgensec0-debuginfo-32bit-4.2.4-28.32.1 libndr-krb5pac0-32bit-4.2.4-28.32.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.32.1 libndr-nbt0-32bit-4.2.4-28.32.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.32.1 libndr-standard0-32bit-4.2.4-28.32.1 libndr-standard0-debuginfo-32bit-4.2.4-28.32.1 libndr0-32bit-4.2.4-28.32.1 libndr0-debuginfo-32bit-4.2.4-28.32.1 libnetapi0-32bit-4.2.4-28.32.1 libnetapi0-debuginfo-32bit-4.2.4-28.32.1 libsamba-credentials0-32bit-4.2.4-28.32.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.32.1 libsamba-hostconfig0-32bit-4.2.4-28.32.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.32.1 libsamba-passdb0-32bit-4.2.4-28.32.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.32.1 libsamba-util0-32bit-4.2.4-28.32.1 libsamba-util0-debuginfo-32bit-4.2.4-28.32.1 libsamdb0-32bit-4.2.4-28.32.1 libsamdb0-debuginfo-32bit-4.2.4-28.32.1 libsmbclient-raw0-32bit-4.2.4-28.32.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.32.1 libsmbclient0-32bit-4.2.4-28.32.1 libsmbclient0-debuginfo-32bit-4.2.4-28.32.1 libsmbconf0-32bit-4.2.4-28.32.1 libsmbconf0-debuginfo-32bit-4.2.4-28.32.1 libsmbldap0-32bit-4.2.4-28.32.1 libsmbldap0-debuginfo-32bit-4.2.4-28.32.1 libtevent-util0-32bit-4.2.4-28.32.1 libtevent-util0-debuginfo-32bit-4.2.4-28.32.1 libwbclient0-32bit-4.2.4-28.32.1 libwbclient0-debuginfo-32bit-4.2.4-28.32.1 samba-32bit-4.2.4-28.32.1 samba-client-32bit-4.2.4-28.32.1 samba-client-debuginfo-32bit-4.2.4-28.32.1 samba-debuginfo-32bit-4.2.4-28.32.1 samba-libs-32bit-4.2.4-28.32.1 samba-libs-debuginfo-32bit-4.2.4-28.32.1 samba-winbind-32bit-4.2.4-28.32.1 samba-winbind-debuginfo-32bit-4.2.4-28.32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): samba-doc-4.2.4-28.32.1 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): ctdb-4.2.4-28.32.1 ctdb-debuginfo-4.2.4-28.32.1 - SUSE Enterprise Storage 4 (x86_64): libdcerpc-atsvc0-4.2.4-28.32.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.32.1 References: https://www.suse.com/security/cve/CVE-2019-3880.html https://bugzilla.suse.com/1106119 https://bugzilla.suse.com/1131060 From sle-updates at lists.suse.com Wed May 8 13:13:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 May 2019 21:13:12 +0200 (CEST) Subject: SUSE-SU-2019:1194-1: moderate: Security update for samba Message-ID: <20190508191312.95F88F528@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1194-1 Rating: moderate References: #1106119 #1131060 Cross-References: CVE-2019-3880 Affected Products: SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Save registry file outside share as unprivileged user (bsc#1131060). Non-security issue fixed: - Backport changes to support quotas with SMB2 (bsc#1106119). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1194=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2019-1194=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ctdb-4.2.4-18.52.1 ctdb-debuginfo-4.2.4-18.52.1 libdcerpc-binding0-4.2.4-18.52.1 libdcerpc-binding0-debuginfo-4.2.4-18.52.1 libdcerpc0-4.2.4-18.52.1 libdcerpc0-debuginfo-4.2.4-18.52.1 libgensec0-4.2.4-18.52.1 libgensec0-debuginfo-4.2.4-18.52.1 libndr-krb5pac0-4.2.4-18.52.1 libndr-krb5pac0-debuginfo-4.2.4-18.52.1 libndr-nbt0-4.2.4-18.52.1 libndr-nbt0-debuginfo-4.2.4-18.52.1 libndr-standard0-4.2.4-18.52.1 libndr-standard0-debuginfo-4.2.4-18.52.1 libndr0-4.2.4-18.52.1 libndr0-debuginfo-4.2.4-18.52.1 libnetapi0-4.2.4-18.52.1 libnetapi0-debuginfo-4.2.4-18.52.1 libregistry0-4.2.4-18.52.1 libregistry0-debuginfo-4.2.4-18.52.1 libsamba-credentials0-4.2.4-18.52.1 libsamba-credentials0-debuginfo-4.2.4-18.52.1 libsamba-hostconfig0-4.2.4-18.52.1 libsamba-hostconfig0-debuginfo-4.2.4-18.52.1 libsamba-passdb0-4.2.4-18.52.1 libsamba-passdb0-debuginfo-4.2.4-18.52.1 libsamba-util0-4.2.4-18.52.1 libsamba-util0-debuginfo-4.2.4-18.52.1 libsamdb0-4.2.4-18.52.1 libsamdb0-debuginfo-4.2.4-18.52.1 libsmbclient-raw0-4.2.4-18.52.1 libsmbclient-raw0-debuginfo-4.2.4-18.52.1 libsmbclient0-4.2.4-18.52.1 libsmbclient0-debuginfo-4.2.4-18.52.1 libsmbconf0-4.2.4-18.52.1 libsmbconf0-debuginfo-4.2.4-18.52.1 libsmbldap0-4.2.4-18.52.1 libsmbldap0-debuginfo-4.2.4-18.52.1 libtevent-util0-4.2.4-18.52.1 libtevent-util0-debuginfo-4.2.4-18.52.1 libwbclient0-4.2.4-18.52.1 libwbclient0-debuginfo-4.2.4-18.52.1 samba-4.2.4-18.52.1 samba-client-4.2.4-18.52.1 samba-client-debuginfo-4.2.4-18.52.1 samba-debuginfo-4.2.4-18.52.1 samba-debugsource-4.2.4-18.52.1 samba-libs-4.2.4-18.52.1 samba-libs-debuginfo-4.2.4-18.52.1 samba-winbind-4.2.4-18.52.1 samba-winbind-debuginfo-4.2.4-18.52.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-18.52.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.52.1 libdcerpc0-32bit-4.2.4-18.52.1 libdcerpc0-debuginfo-32bit-4.2.4-18.52.1 libgensec0-32bit-4.2.4-18.52.1 libgensec0-debuginfo-32bit-4.2.4-18.52.1 libndr-krb5pac0-32bit-4.2.4-18.52.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.52.1 libndr-nbt0-32bit-4.2.4-18.52.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.52.1 libndr-standard0-32bit-4.2.4-18.52.1 libndr-standard0-debuginfo-32bit-4.2.4-18.52.1 libndr0-32bit-4.2.4-18.52.1 libndr0-debuginfo-32bit-4.2.4-18.52.1 libnetapi0-32bit-4.2.4-18.52.1 libnetapi0-debuginfo-32bit-4.2.4-18.52.1 libsamba-credentials0-32bit-4.2.4-18.52.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.52.1 libsamba-hostconfig0-32bit-4.2.4-18.52.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.52.1 libsamba-passdb0-32bit-4.2.4-18.52.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.52.1 libsamba-util0-32bit-4.2.4-18.52.1 libsamba-util0-debuginfo-32bit-4.2.4-18.52.1 libsamdb0-32bit-4.2.4-18.52.1 libsamdb0-debuginfo-32bit-4.2.4-18.52.1 libsmbclient-raw0-32bit-4.2.4-18.52.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.52.1 libsmbclient0-32bit-4.2.4-18.52.1 libsmbclient0-debuginfo-32bit-4.2.4-18.52.1 libsmbconf0-32bit-4.2.4-18.52.1 libsmbconf0-debuginfo-32bit-4.2.4-18.52.1 libsmbldap0-32bit-4.2.4-18.52.1 libsmbldap0-debuginfo-32bit-4.2.4-18.52.1 libtevent-util0-32bit-4.2.4-18.52.1 libtevent-util0-debuginfo-32bit-4.2.4-18.52.1 libwbclient0-32bit-4.2.4-18.52.1 libwbclient0-debuginfo-32bit-4.2.4-18.52.1 samba-32bit-4.2.4-18.52.1 samba-client-32bit-4.2.4-18.52.1 samba-client-debuginfo-32bit-4.2.4-18.52.1 samba-debuginfo-32bit-4.2.4-18.52.1 samba-libs-32bit-4.2.4-18.52.1 samba-libs-debuginfo-32bit-4.2.4-18.52.1 samba-winbind-32bit-4.2.4-18.52.1 samba-winbind-debuginfo-32bit-4.2.4-18.52.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): samba-doc-4.2.4-18.52.1 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): ctdb-4.2.4-18.52.1 ctdb-debuginfo-4.2.4-18.52.1 References: https://www.suse.com/security/cve/CVE-2019-3880.html https://bugzilla.suse.com/1106119 https://bugzilla.suse.com/1131060 From sle-updates at lists.suse.com Thu May 9 04:08:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 May 2019 12:08:55 +0200 (CEST) Subject: SUSE-SU-2019:1196-1: important: Security update for mutt Message-ID: <20190509100855.D538EF528@maintenance.suse.de> SUSE Security Update: Security update for mutt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1196-1 Rating: important References: #1061343 #1094717 #1101428 #1101566 #1101567 #1101568 #1101569 #1101570 #1101571 #1101573 #1101576 #1101577 #1101578 #1101581 #1101582 #1101583 #1101588 #1101589 #980830 #982129 #986534 Cross-References: CVE-2014-9116 CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362 CVE-2018-14363 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 5 fixes is now available. Description: This update for mutt fixes the following issues: Security issues fixed: - bsc#1101428: Mutt 1.10.1 security release update. - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles ".." directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568). Bug fixes: - mutt reports as neomutt and incorrect version (bsc#1094717) - No sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517 (bsc#980830) - mutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129) - (neo)mutt displaying times in Zulu time (bsc#1061343) - mutt unconditionally segfaults when displaying a message (bsc#986534) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1196=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1196=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-55.6.1 mutt-debuginfo-1.10.1-55.6.1 mutt-debugsource-1.10.1-55.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): mutt-1.10.1-55.6.1 mutt-debuginfo-1.10.1-55.6.1 mutt-debugsource-1.10.1-55.6.1 References: https://www.suse.com/security/cve/CVE-2014-9116.html https://www.suse.com/security/cve/CVE-2018-14349.html https://www.suse.com/security/cve/CVE-2018-14350.html https://www.suse.com/security/cve/CVE-2018-14351.html https://www.suse.com/security/cve/CVE-2018-14352.html https://www.suse.com/security/cve/CVE-2018-14353.html https://www.suse.com/security/cve/CVE-2018-14354.html https://www.suse.com/security/cve/CVE-2018-14355.html https://www.suse.com/security/cve/CVE-2018-14356.html https://www.suse.com/security/cve/CVE-2018-14357.html https://www.suse.com/security/cve/CVE-2018-14358.html https://www.suse.com/security/cve/CVE-2018-14359.html https://www.suse.com/security/cve/CVE-2018-14360.html https://www.suse.com/security/cve/CVE-2018-14361.html https://www.suse.com/security/cve/CVE-2018-14362.html https://www.suse.com/security/cve/CVE-2018-14363.html https://bugzilla.suse.com/1061343 https://bugzilla.suse.com/1094717 https://bugzilla.suse.com/1101428 https://bugzilla.suse.com/1101566 https://bugzilla.suse.com/1101567 https://bugzilla.suse.com/1101568 https://bugzilla.suse.com/1101569 https://bugzilla.suse.com/1101570 https://bugzilla.suse.com/1101571 https://bugzilla.suse.com/1101573 https://bugzilla.suse.com/1101576 https://bugzilla.suse.com/1101577 https://bugzilla.suse.com/1101578 https://bugzilla.suse.com/1101581 https://bugzilla.suse.com/1101582 https://bugzilla.suse.com/1101583 https://bugzilla.suse.com/1101588 https://bugzilla.suse.com/1101589 https://bugzilla.suse.com/980830 https://bugzilla.suse.com/982129 https://bugzilla.suse.com/986534 From sle-updates at lists.suse.com Thu May 9 10:09:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 May 2019 18:09:16 +0200 (CEST) Subject: SUSE-RU-2019:1197-1: moderate: Recommended update for rubygem-crowbar-client Message-ID: <20190509160916.C372CF528@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-crowbar-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1197-1 Rating: moderate References: #1118004 Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-crowbar-client fixes the following issues: - Update to 3.9.0 - Add support for the restricted APIs - Add --raw to "proposal show" & "proposal edit" - Correctly parse error messages that we don't handle natively - Better upgrade repocheck output - Update to 3.7.0 - upgrade: Use cloud_version config for upgrade - ses: Add ses upload subcommand - Add cloud_version config field. - Wrap os-release file parsing for better reuse. - upgrade: Fix repocheck component in error message - upgrade: Better repocheck output - updated to version 3.6.1 see installed CHANGELOG.md ## [3.6.1](https://github.com/crowbar/crowbar-client/releases/tag/v3.6.1) - 2018-12-07 * BUGFIX * Hide the database step when it is not used (bsc#1118004) * ENHANCEMENT * Fix help strings * Describe how to upgrade more nodes with one command Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1197=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-crowbar-client-3.9.0-3.6.1 References: https://bugzilla.suse.com/1118004 From sle-updates at lists.suse.com Thu May 9 10:09:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 May 2019 18:09:50 +0200 (CEST) Subject: SUSE-RU-2019:1198-1: moderate: Recommended update for patterns-sap Message-ID: <20190509160950.CCA66F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1198-1 Rating: moderate References: #1132119 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-sap fixes the following issues: - The newest HANA 2 SPS04 Installer requires additional libraries for the installation. (bsc#1132119) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1198=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): patterns-sap-b1-12.1-15.3.1 patterns-sap-hana-12.1-15.3.1 patterns-sap-nw-12.1-15.3.1 References: https://bugzilla.suse.com/1132119 From sle-updates at lists.suse.com Fri May 10 04:13:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 12:13:59 +0200 (CEST) Subject: SUSE-RU-2019:1200-1: moderate: Recommended update for nvme-cli Message-ID: <20190510101359.1319EF528@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1200-1 Rating: moderate References: #1044189 #1076004 #1127076 #1128538 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: nvme-cli changes: - add fields into identify controller data structure (bsc#1076004) - Add 'rae' argument to nvme_get_log() (bsc#1076004) - add support of RAE (bsc#1076004) - Implement nvme_get_log13 (bsc#1076004) - Remove unnecessary nsid field in error-log (bsc#1076004) - replace values of all namespaces with NVME_NSID_ALL (bsc#1076004) - resync nvme.h with the kernel's (bsc#1076004) - fixes an issue where nvme-cli showed errors when uninstalling it (bsc#1127076) nvme-discover changes: - Re-check generation counter after log page transfer (bsc#1076004) - Retry discovery log if the generation counter changes (bsc#1076004) Other changes: - nvme-ioctl: retrieve log pages in 4k chunks (bsc#1076004) - nvme/vendor: Add get log LSP/LSO fields from 1.3 spec (bsc#1076004) - nvme_fc auto-connect scripts (bsc#1044189) - Increase default format timeout (bsc#1076004) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1200=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): nvme-cli-1.2-6.27.1 nvme-cli-debuginfo-1.2-6.27.1 nvme-cli-debugsource-1.2-6.27.1 References: https://bugzilla.suse.com/1044189 https://bugzilla.suse.com/1076004 https://bugzilla.suse.com/1127076 https://bugzilla.suse.com/1128538 From sle-updates at lists.suse.com Fri May 10 04:16:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 12:16:01 +0200 (CEST) Subject: SUSE-RU-2019:1199-1: moderate: Recommended update for nvmetcli Message-ID: <20190510101601.E8ED1F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvmetcli ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1199-1 Rating: moderate References: #1130981 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nvmetcli fixes the following issues: - Add ANA support to nvmetcli (bsc#1130981) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1199=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): nvmetcli-0.6-5.3.1 References: https://bugzilla.suse.com/1130981 From sle-updates at lists.suse.com Fri May 10 07:10:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 15:10:10 +0200 (CEST) Subject: SUSE-RU-2019:1201-1: moderate: Recommended update for crowbar Message-ID: <20190510131010.2A85BF528@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1201-1 Rating: moderate References: Affected Products: SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for crowbar fixes the following issues: - Update to version 6.0+git.1556630628.d072a750: * Update barclamp_development_exercises.md Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-1201=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): crowbar-6.0+git.1556630628.d072a750-3.3.1 crowbar-devel-6.0+git.1556630628.d072a750-3.3.1 References: From sle-updates at lists.suse.com Fri May 10 07:10:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 15:10:40 +0200 (CEST) Subject: SUSE-RU-2019:1202-1: moderate: Recommended update for yast2-network Message-ID: <20190510131040.AEBE4F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1202-1 Rating: moderate References: #709176 Affected Products: SUSE Linux Enterprise Server for SAP Installer 12-SP3 SUSE Linux Enterprise Server Installer 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop Installer 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-network fixes the following issues: - Update to 3.2.56 * keep original hostnames untouched in /etc/hosts when only IP changed (bsc#709176) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP Installer 12-SP3: zypper in -t patch SUSE-SLE-SAP-INSTALLER-12-SP3-2019-1202=1 - SUSE Linux Enterprise Server Installer 12-SP3: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP3-2019-1202=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1202=1 - SUSE Linux Enterprise Desktop Installer 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-INSTALLER-12-SP3-2019-1202=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1202=1 Package List: - SUSE Linux Enterprise Server for SAP Installer 12-SP3 (noarch): yast2-network-3.2.56-2.45.1 - SUSE Linux Enterprise Server Installer 12-SP3 (noarch): yast2-network-3.2.56-2.45.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-network-3.2.56-2.45.1 - SUSE Linux Enterprise Desktop Installer 12-SP3 (noarch): yast2-network-3.2.56-2.45.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-network-3.2.56-2.45.1 References: https://bugzilla.suse.com/709176 From sle-updates at lists.suse.com Fri May 10 10:10:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 18:10:45 +0200 (CEST) Subject: SUSE-SU-2019:1214-1: important: Security update for jakarta-commons-fileupload Message-ID: <20190510161045.5283DF528@maintenance.suse.de> SUSE Security Update: Security update for jakarta-commons-fileupload ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1214-1 Rating: important References: #1128829 #1128963 Cross-References: CVE-2016-1000031 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1214=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1214=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1214=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1214=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1214=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1214=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1214=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1214=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1214=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1214=1 Package List: - SUSE OpenStack Cloud 7 (noarch): jakarta-commons-fileupload-1.1.1-122.3.1 jakarta-commons-fileupload-javadoc-1.1.1-122.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): jakarta-commons-fileupload-1.1.1-122.3.1 jakarta-commons-fileupload-javadoc-1.1.1-122.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): jakarta-commons-fileupload-1.1.1-122.3.1 jakarta-commons-fileupload-javadoc-1.1.1-122.3.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): jakarta-commons-fileupload-1.1.1-122.3.1 jakarta-commons-fileupload-javadoc-1.1.1-122.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): jakarta-commons-fileupload-1.1.1-122.3.1 jakarta-commons-fileupload-javadoc-1.1.1-122.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): jakarta-commons-fileupload-1.1.1-122.3.1 jakarta-commons-fileupload-javadoc-1.1.1-122.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): jakarta-commons-fileupload-1.1.1-122.3.1 jakarta-commons-fileupload-javadoc-1.1.1-122.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): jakarta-commons-fileupload-1.1.1-122.3.1 jakarta-commons-fileupload-javadoc-1.1.1-122.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): jakarta-commons-fileupload-1.1.1-122.3.1 jakarta-commons-fileupload-javadoc-1.1.1-122.3.1 - SUSE Enterprise Storage 4 (noarch): jakarta-commons-fileupload-1.1.1-122.3.1 jakarta-commons-fileupload-javadoc-1.1.1-122.3.1 References: https://www.suse.com/security/cve/CVE-2016-1000031.html https://bugzilla.suse.com/1128829 https://bugzilla.suse.com/1128963 From sle-updates at lists.suse.com Fri May 10 10:11:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 18:11:39 +0200 (CEST) Subject: SUSE-SU-2019:14044-1: important: Security update for jakarta-commons-fileupload Message-ID: <20190510161139.32154F528@maintenance.suse.de> SUSE Security Update: Security update for jakarta-commons-fileupload ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14044-1 Rating: important References: #1128829 #1128963 Cross-References: CVE-2016-1000031 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-jakarta-commons-fileupload-14044=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-jakarta-commons-fileupload-14044=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): jakarta-commons-fileupload-1.1.1-1.37.3.1 jakarta-commons-fileupload-javadoc-1.1.1-1.37.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): jakarta-commons-fileupload-1.1.1-1.37.3.1 jakarta-commons-fileupload-javadoc-1.1.1-1.37.3.1 References: https://www.suse.com/security/cve/CVE-2016-1000031.html https://bugzilla.suse.com/1128829 https://bugzilla.suse.com/1128963 From sle-updates at lists.suse.com Fri May 10 13:09:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 21:09:02 +0200 (CEST) Subject: SUSE-SU-2019:1212-1: important: Security update for jakarta-commons-fileupload Message-ID: <20190510190902.D11D3F528@maintenance.suse.de> SUSE Security Update: Security update for jakarta-commons-fileupload ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1212-1 Rating: important References: #1128829 #1128963 Cross-References: CVE-2016-1000031 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-1212=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1212=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): jakarta-commons-fileupload-1.1.1-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): jakarta-commons-fileupload-javadoc-1.1.1-4.3.1 References: https://www.suse.com/security/cve/CVE-2016-1000031.html https://bugzilla.suse.com/1128829 https://bugzilla.suse.com/1128963 From sle-updates at lists.suse.com Fri May 10 13:10:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 21:10:15 +0200 (CEST) Subject: SUSE-SU-2019:14042-1: moderate: Security update for samba Message-ID: <20190510191015.BC368F528@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14042-1 Rating: moderate References: #1101499 #1131060 Cross-References: CVE-2019-3880 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issue fixed: - Make init scripts create log directories before running daemons (bsc#1101499) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-samba-14042=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-samba-14042=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-14042=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-14042=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): ldapsmb-1.34b-94.19.2 libldb1-3.6.3-94.19.2 libsmbclient0-3.6.3-94.19.2 libtalloc2-3.6.3-94.19.2 libtdb1-3.6.3-94.19.2 libtevent0-3.6.3-94.19.2 libwbclient0-3.6.3-94.19.2 samba-3.6.3-94.19.2 samba-client-3.6.3-94.19.2 samba-krb-printing-3.6.3-94.19.2 samba-winbind-3.6.3-94.19.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-94.19.2 libtalloc2-32bit-3.6.3-94.19.2 libtdb1-32bit-3.6.3-94.19.2 libtevent0-32bit-3.6.3-94.19.2 libwbclient0-32bit-3.6.3-94.19.2 samba-32bit-3.6.3-94.19.2 samba-client-32bit-3.6.3-94.19.2 samba-winbind-32bit-3.6.3-94.19.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): samba-doc-3.6.3-94.19.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): samba-doc-3.6.3-94.19.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ldapsmb-1.34b-94.19.2 libldb1-3.6.3-94.19.2 libsmbclient0-3.6.3-94.19.2 libtalloc2-3.6.3-94.19.2 libtdb1-3.6.3-94.19.2 libtevent0-3.6.3-94.19.2 libwbclient0-3.6.3-94.19.2 samba-3.6.3-94.19.2 samba-client-3.6.3-94.19.2 samba-krb-printing-3.6.3-94.19.2 samba-winbind-3.6.3-94.19.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): samba-debuginfo-3.6.3-94.19.2 samba-debugsource-3.6.3-94.19.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-94.19.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): samba-debuginfo-3.6.3-94.19.2 samba-debugsource-3.6.3-94.19.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): samba-debuginfo-32bit-3.6.3-94.19.2 References: https://www.suse.com/security/cve/CVE-2019-3880.html https://bugzilla.suse.com/1101499 https://bugzilla.suse.com/1131060 From sle-updates at lists.suse.com Fri May 10 13:11:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 21:11:05 +0200 (CEST) Subject: SUSE-SU-2019:1209-1: important: Security update for pacemaker Message-ID: <20190510191105.F23D1F528@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1209-1 Rating: important References: #1117381 #1131353 #1131356 #1131357 Cross-References: CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2019-3885: Fixed an information disclosure in log output. (bsc#1131357) - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356) - CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353) Non-security issue fixed: - crmd: delete resource from lrmd when appropriate to avoid timeouts with crmsh (bsc#1117381). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1209=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.18+20180430.b12c320f5-3.9.4 libpacemaker3-1.1.18+20180430.b12c320f5-3.9.4 libpacemaker3-debuginfo-1.1.18+20180430.b12c320f5-3.9.4 pacemaker-1.1.18+20180430.b12c320f5-3.9.4 pacemaker-cli-1.1.18+20180430.b12c320f5-3.9.4 pacemaker-cli-debuginfo-1.1.18+20180430.b12c320f5-3.9.4 pacemaker-debuginfo-1.1.18+20180430.b12c320f5-3.9.4 pacemaker-debugsource-1.1.18+20180430.b12c320f5-3.9.4 pacemaker-remote-1.1.18+20180430.b12c320f5-3.9.4 pacemaker-remote-debuginfo-1.1.18+20180430.b12c320f5-3.9.4 - SUSE Linux Enterprise High Availability 15 (noarch): pacemaker-cts-1.1.18+20180430.b12c320f5-3.9.4 References: https://www.suse.com/security/cve/CVE-2018-16877.html https://www.suse.com/security/cve/CVE-2018-16878.html https://www.suse.com/security/cve/CVE-2019-3885.html https://bugzilla.suse.com/1117381 https://bugzilla.suse.com/1131353 https://bugzilla.suse.com/1131356 https://bugzilla.suse.com/1131357 From sle-updates at lists.suse.com Fri May 10 13:13:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 21:13:08 +0200 (CEST) Subject: SUSE-SU-2019:1211-1: important: Security update for java-1_8_0-openjdk Message-ID: <20190510191308.EE6F9F528@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1211-1 Rating: important References: #1132728 #1132729 #1132732 #1133135 Cross-References: CVE-2018-3639 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE Non-Security issue fixed: - Disable LTO (bsc#1133135). - Added Japanese new era name. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1211=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1211=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-1211=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.212-3.19.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-accessibility-1.8.0.212-3.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-3.19.1 java-1_8_0-openjdk-debugsource-1.8.0.212-3.19.1 java-1_8_0-openjdk-src-1.8.0.212-3.19.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.212-3.19.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.212-3.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-3.19.1 java-1_8_0-openjdk-debugsource-1.8.0.212-3.19.1 java-1_8_0-openjdk-demo-1.8.0.212-3.19.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.212-3.19.1 java-1_8_0-openjdk-devel-1.8.0.212-3.19.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.212-3.19.1 java-1_8_0-openjdk-headless-1.8.0.212-3.19.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-3.19.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2019-2602.html https://www.suse.com/security/cve/CVE-2019-2684.html https://www.suse.com/security/cve/CVE-2019-2698.html https://bugzilla.suse.com/1132728 https://bugzilla.suse.com/1132729 https://bugzilla.suse.com/1132732 https://bugzilla.suse.com/1133135 From sle-updates at lists.suse.com Fri May 10 13:14:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 21:14:07 +0200 (CEST) Subject: SUSE-SU-2019:1204-1: moderate: Security update for ovmf Message-ID: <20190510191407.9E4B7F528@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1204-1 Rating: moderate References: #1131361 Cross-References: CVE-2019-0161 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ovmf fixes the following issues: Security issue fixed: - CVE-2019-0161: Fixed a stack overflow in UsbBusDxe and UsbBusPei, which could potentially be triggered by a local unauthenticated user (bsc#1131361). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1204=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): ovmf-2017+git1492060560.b6d11d7c46-4.26.1 ovmf-tools-2017+git1492060560.b6d11d7c46-4.26.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.26.1 qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.26.1 References: https://www.suse.com/security/cve/CVE-2019-0161.html https://bugzilla.suse.com/1131361 From sle-updates at lists.suse.com Fri May 10 13:15:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 21:15:15 +0200 (CEST) Subject: SUSE-SU-2019:14044-1: important: Security update for jakarta-commons-fileupload Message-ID: <20190510191515.5078DF528@maintenance.suse.de> SUSE Security Update: Security update for jakarta-commons-fileupload ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14044-1 Rating: important References: #1128829 #1128963 Cross-References: CVE-2016-1000031 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-jakarta-commons-fileupload-14044=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-jakarta-commons-fileupload-14044=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): jakarta-commons-fileupload-1.1.1-1.37.3.1 jakarta-commons-fileupload-javadoc-1.1.1-1.37.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): jakarta-commons-fileupload-1.1.1-1.37.3.1 jakarta-commons-fileupload-javadoc-1.1.1-1.37.3.1 References: https://www.suse.com/security/cve/CVE-2016-1000031.html https://bugzilla.suse.com/1128829 https://bugzilla.suse.com/1128963 From sle-updates at lists.suse.com Fri May 10 13:16:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 21:16:00 +0200 (CEST) Subject: SUSE-SU-2019:1206-1: Security update for bzip2 Message-ID: <20190510191600.8620BF528@maintenance.suse.de> SUSE Security Update: Security update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1206-1 Rating: low References: #985657 Cross-References: CVE-2016-3189 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1206=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1206=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): bzip2-doc-1.0.6-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-5.3.1 bzip2-debuginfo-1.0.6-5.3.1 bzip2-debugsource-1.0.6-5.3.1 libbz2-1-1.0.6-5.3.1 libbz2-1-debuginfo-1.0.6-5.3.1 libbz2-devel-1.0.6-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libbz2-1-32bit-1.0.6-5.3.1 libbz2-1-32bit-debuginfo-1.0.6-5.3.1 References: https://www.suse.com/security/cve/CVE-2016-3189.html https://bugzilla.suse.com/985657 From sle-updates at lists.suse.com Fri May 10 13:16:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 21:16:39 +0200 (CEST) Subject: SUSE-SU-2019:1203-1: moderate: Security update for samba Message-ID: <20190510191639.91DF9F528@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1203-1 Rating: moderate References: #1087481 #1106119 #1114459 #1126463 #1131060 Cross-References: CVE-2019-3880 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issues fixed: - Fixed an issue where the first login failed and subsequent ones work (bsc#1126463). - Fixed winbind running out of memory with high number of domain groups (bsc#1114459). - Backport changes to support quotas with SMB2 (bsc#1106119). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1203=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1203=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1203=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1203=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-1203=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1203=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.25.1 libdcerpc-binding0-4.4.2-38.25.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.25.1 libdcerpc-binding0-debuginfo-4.4.2-38.25.1 libdcerpc0-32bit-4.4.2-38.25.1 libdcerpc0-4.4.2-38.25.1 libdcerpc0-debuginfo-32bit-4.4.2-38.25.1 libdcerpc0-debuginfo-4.4.2-38.25.1 libndr-krb5pac0-32bit-4.4.2-38.25.1 libndr-krb5pac0-4.4.2-38.25.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.25.1 libndr-krb5pac0-debuginfo-4.4.2-38.25.1 libndr-nbt0-32bit-4.4.2-38.25.1 libndr-nbt0-4.4.2-38.25.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.25.1 libndr-nbt0-debuginfo-4.4.2-38.25.1 libndr-standard0-32bit-4.4.2-38.25.1 libndr-standard0-4.4.2-38.25.1 libndr-standard0-debuginfo-32bit-4.4.2-38.25.1 libndr-standard0-debuginfo-4.4.2-38.25.1 libndr0-32bit-4.4.2-38.25.1 libndr0-4.4.2-38.25.1 libndr0-debuginfo-32bit-4.4.2-38.25.1 libndr0-debuginfo-4.4.2-38.25.1 libnetapi0-32bit-4.4.2-38.25.1 libnetapi0-4.4.2-38.25.1 libnetapi0-debuginfo-32bit-4.4.2-38.25.1 libnetapi0-debuginfo-4.4.2-38.25.1 libsamba-credentials0-32bit-4.4.2-38.25.1 libsamba-credentials0-4.4.2-38.25.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.25.1 libsamba-credentials0-debuginfo-4.4.2-38.25.1 libsamba-errors0-32bit-4.4.2-38.25.1 libsamba-errors0-4.4.2-38.25.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.25.1 libsamba-errors0-debuginfo-4.4.2-38.25.1 libsamba-hostconfig0-32bit-4.4.2-38.25.1 libsamba-hostconfig0-4.4.2-38.25.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.25.1 libsamba-hostconfig0-debuginfo-4.4.2-38.25.1 libsamba-passdb0-32bit-4.4.2-38.25.1 libsamba-passdb0-4.4.2-38.25.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.25.1 libsamba-passdb0-debuginfo-4.4.2-38.25.1 libsamba-util0-32bit-4.4.2-38.25.1 libsamba-util0-4.4.2-38.25.1 libsamba-util0-debuginfo-32bit-4.4.2-38.25.1 libsamba-util0-debuginfo-4.4.2-38.25.1 libsamdb0-32bit-4.4.2-38.25.1 libsamdb0-4.4.2-38.25.1 libsamdb0-debuginfo-32bit-4.4.2-38.25.1 libsamdb0-debuginfo-4.4.2-38.25.1 libsmbclient0-32bit-4.4.2-38.25.1 libsmbclient0-4.4.2-38.25.1 libsmbclient0-debuginfo-32bit-4.4.2-38.25.1 libsmbclient0-debuginfo-4.4.2-38.25.1 libsmbconf0-32bit-4.4.2-38.25.1 libsmbconf0-4.4.2-38.25.1 libsmbconf0-debuginfo-32bit-4.4.2-38.25.1 libsmbconf0-debuginfo-4.4.2-38.25.1 libsmbldap0-32bit-4.4.2-38.25.1 libsmbldap0-4.4.2-38.25.1 libsmbldap0-debuginfo-32bit-4.4.2-38.25.1 libsmbldap0-debuginfo-4.4.2-38.25.1 libtevent-util0-32bit-4.4.2-38.25.1 libtevent-util0-4.4.2-38.25.1 libtevent-util0-debuginfo-32bit-4.4.2-38.25.1 libtevent-util0-debuginfo-4.4.2-38.25.1 libwbclient0-32bit-4.4.2-38.25.1 libwbclient0-4.4.2-38.25.1 libwbclient0-debuginfo-32bit-4.4.2-38.25.1 libwbclient0-debuginfo-4.4.2-38.25.1 samba-4.4.2-38.25.1 samba-client-32bit-4.4.2-38.25.1 samba-client-4.4.2-38.25.1 samba-client-debuginfo-32bit-4.4.2-38.25.1 samba-client-debuginfo-4.4.2-38.25.1 samba-debuginfo-4.4.2-38.25.1 samba-debugsource-4.4.2-38.25.1 samba-libs-32bit-4.4.2-38.25.1 samba-libs-4.4.2-38.25.1 samba-libs-debuginfo-32bit-4.4.2-38.25.1 samba-libs-debuginfo-4.4.2-38.25.1 samba-winbind-32bit-4.4.2-38.25.1 samba-winbind-4.4.2-38.25.1 samba-winbind-debuginfo-32bit-4.4.2-38.25.1 samba-winbind-debuginfo-4.4.2-38.25.1 - SUSE OpenStack Cloud 7 (noarch): samba-doc-4.4.2-38.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libdcerpc-binding0-4.4.2-38.25.1 libdcerpc-binding0-debuginfo-4.4.2-38.25.1 libdcerpc0-4.4.2-38.25.1 libdcerpc0-debuginfo-4.4.2-38.25.1 libndr-krb5pac0-4.4.2-38.25.1 libndr-krb5pac0-debuginfo-4.4.2-38.25.1 libndr-nbt0-4.4.2-38.25.1 libndr-nbt0-debuginfo-4.4.2-38.25.1 libndr-standard0-4.4.2-38.25.1 libndr-standard0-debuginfo-4.4.2-38.25.1 libndr0-4.4.2-38.25.1 libndr0-debuginfo-4.4.2-38.25.1 libnetapi0-4.4.2-38.25.1 libnetapi0-debuginfo-4.4.2-38.25.1 libsamba-credentials0-4.4.2-38.25.1 libsamba-credentials0-debuginfo-4.4.2-38.25.1 libsamba-errors0-4.4.2-38.25.1 libsamba-errors0-debuginfo-4.4.2-38.25.1 libsamba-hostconfig0-4.4.2-38.25.1 libsamba-hostconfig0-debuginfo-4.4.2-38.25.1 libsamba-passdb0-4.4.2-38.25.1 libsamba-passdb0-debuginfo-4.4.2-38.25.1 libsamba-util0-4.4.2-38.25.1 libsamba-util0-debuginfo-4.4.2-38.25.1 libsamdb0-4.4.2-38.25.1 libsamdb0-debuginfo-4.4.2-38.25.1 libsmbclient0-4.4.2-38.25.1 libsmbclient0-debuginfo-4.4.2-38.25.1 libsmbconf0-4.4.2-38.25.1 libsmbconf0-debuginfo-4.4.2-38.25.1 libsmbldap0-4.4.2-38.25.1 libsmbldap0-debuginfo-4.4.2-38.25.1 libtevent-util0-4.4.2-38.25.1 libtevent-util0-debuginfo-4.4.2-38.25.1 libwbclient0-4.4.2-38.25.1 libwbclient0-debuginfo-4.4.2-38.25.1 samba-4.4.2-38.25.1 samba-client-4.4.2-38.25.1 samba-client-debuginfo-4.4.2-38.25.1 samba-debuginfo-4.4.2-38.25.1 samba-debugsource-4.4.2-38.25.1 samba-libs-4.4.2-38.25.1 samba-libs-debuginfo-4.4.2-38.25.1 samba-winbind-4.4.2-38.25.1 samba-winbind-debuginfo-4.4.2-38.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.25.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.25.1 libdcerpc0-32bit-4.4.2-38.25.1 libdcerpc0-debuginfo-32bit-4.4.2-38.25.1 libndr-krb5pac0-32bit-4.4.2-38.25.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.25.1 libndr-nbt0-32bit-4.4.2-38.25.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.25.1 libndr-standard0-32bit-4.4.2-38.25.1 libndr-standard0-debuginfo-32bit-4.4.2-38.25.1 libndr0-32bit-4.4.2-38.25.1 libndr0-debuginfo-32bit-4.4.2-38.25.1 libnetapi0-32bit-4.4.2-38.25.1 libnetapi0-debuginfo-32bit-4.4.2-38.25.1 libsamba-credentials0-32bit-4.4.2-38.25.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.25.1 libsamba-errors0-32bit-4.4.2-38.25.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.25.1 libsamba-hostconfig0-32bit-4.4.2-38.25.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.25.1 libsamba-passdb0-32bit-4.4.2-38.25.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.25.1 libsamba-util0-32bit-4.4.2-38.25.1 libsamba-util0-debuginfo-32bit-4.4.2-38.25.1 libsamdb0-32bit-4.4.2-38.25.1 libsamdb0-debuginfo-32bit-4.4.2-38.25.1 libsmbclient0-32bit-4.4.2-38.25.1 libsmbclient0-debuginfo-32bit-4.4.2-38.25.1 libsmbconf0-32bit-4.4.2-38.25.1 libsmbconf0-debuginfo-32bit-4.4.2-38.25.1 libsmbldap0-32bit-4.4.2-38.25.1 libsmbldap0-debuginfo-32bit-4.4.2-38.25.1 libtevent-util0-32bit-4.4.2-38.25.1 libtevent-util0-debuginfo-32bit-4.4.2-38.25.1 libwbclient0-32bit-4.4.2-38.25.1 libwbclient0-debuginfo-32bit-4.4.2-38.25.1 samba-client-32bit-4.4.2-38.25.1 samba-client-debuginfo-32bit-4.4.2-38.25.1 samba-libs-32bit-4.4.2-38.25.1 samba-libs-debuginfo-32bit-4.4.2-38.25.1 samba-winbind-32bit-4.4.2-38.25.1 samba-winbind-debuginfo-32bit-4.4.2-38.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): samba-doc-4.4.2-38.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libdcerpc-binding0-4.4.2-38.25.1 libdcerpc-binding0-debuginfo-4.4.2-38.25.1 libdcerpc0-4.4.2-38.25.1 libdcerpc0-debuginfo-4.4.2-38.25.1 libndr-krb5pac0-4.4.2-38.25.1 libndr-krb5pac0-debuginfo-4.4.2-38.25.1 libndr-nbt0-4.4.2-38.25.1 libndr-nbt0-debuginfo-4.4.2-38.25.1 libndr-standard0-4.4.2-38.25.1 libndr-standard0-debuginfo-4.4.2-38.25.1 libndr0-4.4.2-38.25.1 libndr0-debuginfo-4.4.2-38.25.1 libnetapi0-4.4.2-38.25.1 libnetapi0-debuginfo-4.4.2-38.25.1 libsamba-credentials0-4.4.2-38.25.1 libsamba-credentials0-debuginfo-4.4.2-38.25.1 libsamba-errors0-4.4.2-38.25.1 libsamba-errors0-debuginfo-4.4.2-38.25.1 libsamba-hostconfig0-4.4.2-38.25.1 libsamba-hostconfig0-debuginfo-4.4.2-38.25.1 libsamba-passdb0-4.4.2-38.25.1 libsamba-passdb0-debuginfo-4.4.2-38.25.1 libsamba-util0-4.4.2-38.25.1 libsamba-util0-debuginfo-4.4.2-38.25.1 libsamdb0-4.4.2-38.25.1 libsamdb0-debuginfo-4.4.2-38.25.1 libsmbclient0-4.4.2-38.25.1 libsmbclient0-debuginfo-4.4.2-38.25.1 libsmbconf0-4.4.2-38.25.1 libsmbconf0-debuginfo-4.4.2-38.25.1 libsmbldap0-4.4.2-38.25.1 libsmbldap0-debuginfo-4.4.2-38.25.1 libtevent-util0-4.4.2-38.25.1 libtevent-util0-debuginfo-4.4.2-38.25.1 libwbclient0-4.4.2-38.25.1 libwbclient0-debuginfo-4.4.2-38.25.1 samba-4.4.2-38.25.1 samba-client-4.4.2-38.25.1 samba-client-debuginfo-4.4.2-38.25.1 samba-debuginfo-4.4.2-38.25.1 samba-debugsource-4.4.2-38.25.1 samba-libs-4.4.2-38.25.1 samba-libs-debuginfo-4.4.2-38.25.1 samba-winbind-4.4.2-38.25.1 samba-winbind-debuginfo-4.4.2-38.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.25.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.25.1 libdcerpc0-32bit-4.4.2-38.25.1 libdcerpc0-debuginfo-32bit-4.4.2-38.25.1 libndr-krb5pac0-32bit-4.4.2-38.25.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.25.1 libndr-nbt0-32bit-4.4.2-38.25.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.25.1 libndr-standard0-32bit-4.4.2-38.25.1 libndr-standard0-debuginfo-32bit-4.4.2-38.25.1 libndr0-32bit-4.4.2-38.25.1 libndr0-debuginfo-32bit-4.4.2-38.25.1 libnetapi0-32bit-4.4.2-38.25.1 libnetapi0-debuginfo-32bit-4.4.2-38.25.1 libsamba-credentials0-32bit-4.4.2-38.25.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.25.1 libsamba-errors0-32bit-4.4.2-38.25.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.25.1 libsamba-hostconfig0-32bit-4.4.2-38.25.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.25.1 libsamba-passdb0-32bit-4.4.2-38.25.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.25.1 libsamba-util0-32bit-4.4.2-38.25.1 libsamba-util0-debuginfo-32bit-4.4.2-38.25.1 libsamdb0-32bit-4.4.2-38.25.1 libsamdb0-debuginfo-32bit-4.4.2-38.25.1 libsmbclient0-32bit-4.4.2-38.25.1 libsmbclient0-debuginfo-32bit-4.4.2-38.25.1 libsmbconf0-32bit-4.4.2-38.25.1 libsmbconf0-debuginfo-32bit-4.4.2-38.25.1 libsmbldap0-32bit-4.4.2-38.25.1 libsmbldap0-debuginfo-32bit-4.4.2-38.25.1 libtevent-util0-32bit-4.4.2-38.25.1 libtevent-util0-debuginfo-32bit-4.4.2-38.25.1 libwbclient0-32bit-4.4.2-38.25.1 libwbclient0-debuginfo-32bit-4.4.2-38.25.1 samba-client-32bit-4.4.2-38.25.1 samba-client-debuginfo-32bit-4.4.2-38.25.1 samba-libs-32bit-4.4.2-38.25.1 samba-libs-debuginfo-32bit-4.4.2-38.25.1 samba-winbind-32bit-4.4.2-38.25.1 samba-winbind-debuginfo-32bit-4.4.2-38.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): samba-doc-4.4.2-38.25.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): samba-doc-4.4.2-38.25.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-binding0-32bit-4.4.2-38.25.1 libdcerpc-binding0-4.4.2-38.25.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.25.1 libdcerpc-binding0-debuginfo-4.4.2-38.25.1 libdcerpc0-32bit-4.4.2-38.25.1 libdcerpc0-4.4.2-38.25.1 libdcerpc0-debuginfo-32bit-4.4.2-38.25.1 libdcerpc0-debuginfo-4.4.2-38.25.1 libndr-krb5pac0-32bit-4.4.2-38.25.1 libndr-krb5pac0-4.4.2-38.25.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.25.1 libndr-krb5pac0-debuginfo-4.4.2-38.25.1 libndr-nbt0-32bit-4.4.2-38.25.1 libndr-nbt0-4.4.2-38.25.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.25.1 libndr-nbt0-debuginfo-4.4.2-38.25.1 libndr-standard0-32bit-4.4.2-38.25.1 libndr-standard0-4.4.2-38.25.1 libndr-standard0-debuginfo-32bit-4.4.2-38.25.1 libndr-standard0-debuginfo-4.4.2-38.25.1 libndr0-32bit-4.4.2-38.25.1 libndr0-4.4.2-38.25.1 libndr0-debuginfo-32bit-4.4.2-38.25.1 libndr0-debuginfo-4.4.2-38.25.1 libnetapi0-32bit-4.4.2-38.25.1 libnetapi0-4.4.2-38.25.1 libnetapi0-debuginfo-32bit-4.4.2-38.25.1 libnetapi0-debuginfo-4.4.2-38.25.1 libsamba-credentials0-32bit-4.4.2-38.25.1 libsamba-credentials0-4.4.2-38.25.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.25.1 libsamba-credentials0-debuginfo-4.4.2-38.25.1 libsamba-errors0-32bit-4.4.2-38.25.1 libsamba-errors0-4.4.2-38.25.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.25.1 libsamba-errors0-debuginfo-4.4.2-38.25.1 libsamba-hostconfig0-32bit-4.4.2-38.25.1 libsamba-hostconfig0-4.4.2-38.25.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.25.1 libsamba-hostconfig0-debuginfo-4.4.2-38.25.1 libsamba-passdb0-32bit-4.4.2-38.25.1 libsamba-passdb0-4.4.2-38.25.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.25.1 libsamba-passdb0-debuginfo-4.4.2-38.25.1 libsamba-util0-32bit-4.4.2-38.25.1 libsamba-util0-4.4.2-38.25.1 libsamba-util0-debuginfo-32bit-4.4.2-38.25.1 libsamba-util0-debuginfo-4.4.2-38.25.1 libsamdb0-32bit-4.4.2-38.25.1 libsamdb0-4.4.2-38.25.1 libsamdb0-debuginfo-32bit-4.4.2-38.25.1 libsamdb0-debuginfo-4.4.2-38.25.1 libsmbclient0-32bit-4.4.2-38.25.1 libsmbclient0-4.4.2-38.25.1 libsmbclient0-debuginfo-32bit-4.4.2-38.25.1 libsmbclient0-debuginfo-4.4.2-38.25.1 libsmbconf0-32bit-4.4.2-38.25.1 libsmbconf0-4.4.2-38.25.1 libsmbconf0-debuginfo-32bit-4.4.2-38.25.1 libsmbconf0-debuginfo-4.4.2-38.25.1 libsmbldap0-32bit-4.4.2-38.25.1 libsmbldap0-4.4.2-38.25.1 libsmbldap0-debuginfo-32bit-4.4.2-38.25.1 libsmbldap0-debuginfo-4.4.2-38.25.1 libtevent-util0-32bit-4.4.2-38.25.1 libtevent-util0-4.4.2-38.25.1 libtevent-util0-debuginfo-32bit-4.4.2-38.25.1 libtevent-util0-debuginfo-4.4.2-38.25.1 libwbclient0-32bit-4.4.2-38.25.1 libwbclient0-4.4.2-38.25.1 libwbclient0-debuginfo-32bit-4.4.2-38.25.1 libwbclient0-debuginfo-4.4.2-38.25.1 samba-4.4.2-38.25.1 samba-client-32bit-4.4.2-38.25.1 samba-client-4.4.2-38.25.1 samba-client-debuginfo-32bit-4.4.2-38.25.1 samba-client-debuginfo-4.4.2-38.25.1 samba-debuginfo-4.4.2-38.25.1 samba-debugsource-4.4.2-38.25.1 samba-libs-32bit-4.4.2-38.25.1 samba-libs-4.4.2-38.25.1 samba-libs-debuginfo-32bit-4.4.2-38.25.1 samba-libs-debuginfo-4.4.2-38.25.1 samba-winbind-32bit-4.4.2-38.25.1 samba-winbind-4.4.2-38.25.1 samba-winbind-debuginfo-32bit-4.4.2-38.25.1 samba-winbind-debuginfo-4.4.2-38.25.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ctdb-4.4.2-38.25.1 ctdb-debuginfo-4.4.2-38.25.1 samba-debuginfo-4.4.2-38.25.1 samba-debugsource-4.4.2-38.25.1 - SUSE Enterprise Storage 4 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.25.1 libdcerpc-binding0-4.4.2-38.25.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.25.1 libdcerpc-binding0-debuginfo-4.4.2-38.25.1 libdcerpc0-32bit-4.4.2-38.25.1 libdcerpc0-4.4.2-38.25.1 libdcerpc0-debuginfo-32bit-4.4.2-38.25.1 libdcerpc0-debuginfo-4.4.2-38.25.1 libndr-krb5pac0-32bit-4.4.2-38.25.1 libndr-krb5pac0-4.4.2-38.25.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.25.1 libndr-krb5pac0-debuginfo-4.4.2-38.25.1 libndr-nbt0-32bit-4.4.2-38.25.1 libndr-nbt0-4.4.2-38.25.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.25.1 libndr-nbt0-debuginfo-4.4.2-38.25.1 libndr-standard0-32bit-4.4.2-38.25.1 libndr-standard0-4.4.2-38.25.1 libndr-standard0-debuginfo-32bit-4.4.2-38.25.1 libndr-standard0-debuginfo-4.4.2-38.25.1 libndr0-32bit-4.4.2-38.25.1 libndr0-4.4.2-38.25.1 libndr0-debuginfo-32bit-4.4.2-38.25.1 libndr0-debuginfo-4.4.2-38.25.1 libnetapi0-32bit-4.4.2-38.25.1 libnetapi0-4.4.2-38.25.1 libnetapi0-debuginfo-32bit-4.4.2-38.25.1 libnetapi0-debuginfo-4.4.2-38.25.1 libsamba-credentials0-32bit-4.4.2-38.25.1 libsamba-credentials0-4.4.2-38.25.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.25.1 libsamba-credentials0-debuginfo-4.4.2-38.25.1 libsamba-errors0-32bit-4.4.2-38.25.1 libsamba-errors0-4.4.2-38.25.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.25.1 libsamba-errors0-debuginfo-4.4.2-38.25.1 libsamba-hostconfig0-32bit-4.4.2-38.25.1 libsamba-hostconfig0-4.4.2-38.25.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.25.1 libsamba-hostconfig0-debuginfo-4.4.2-38.25.1 libsamba-passdb0-32bit-4.4.2-38.25.1 libsamba-passdb0-4.4.2-38.25.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.25.1 libsamba-passdb0-debuginfo-4.4.2-38.25.1 libsamba-util0-32bit-4.4.2-38.25.1 libsamba-util0-4.4.2-38.25.1 libsamba-util0-debuginfo-32bit-4.4.2-38.25.1 libsamba-util0-debuginfo-4.4.2-38.25.1 libsamdb0-32bit-4.4.2-38.25.1 libsamdb0-4.4.2-38.25.1 libsamdb0-debuginfo-32bit-4.4.2-38.25.1 libsamdb0-debuginfo-4.4.2-38.25.1 libsmbclient0-32bit-4.4.2-38.25.1 libsmbclient0-4.4.2-38.25.1 libsmbclient0-debuginfo-32bit-4.4.2-38.25.1 libsmbclient0-debuginfo-4.4.2-38.25.1 libsmbconf0-32bit-4.4.2-38.25.1 libsmbconf0-4.4.2-38.25.1 libsmbconf0-debuginfo-32bit-4.4.2-38.25.1 libsmbconf0-debuginfo-4.4.2-38.25.1 libsmbldap0-32bit-4.4.2-38.25.1 libsmbldap0-4.4.2-38.25.1 libsmbldap0-debuginfo-32bit-4.4.2-38.25.1 libsmbldap0-debuginfo-4.4.2-38.25.1 libtevent-util0-32bit-4.4.2-38.25.1 libtevent-util0-4.4.2-38.25.1 libtevent-util0-debuginfo-32bit-4.4.2-38.25.1 libtevent-util0-debuginfo-4.4.2-38.25.1 libwbclient0-32bit-4.4.2-38.25.1 libwbclient0-4.4.2-38.25.1 libwbclient0-debuginfo-32bit-4.4.2-38.25.1 libwbclient0-debuginfo-4.4.2-38.25.1 samba-4.4.2-38.25.1 samba-client-32bit-4.4.2-38.25.1 samba-client-4.4.2-38.25.1 samba-client-debuginfo-32bit-4.4.2-38.25.1 samba-client-debuginfo-4.4.2-38.25.1 samba-debuginfo-4.4.2-38.25.1 samba-debugsource-4.4.2-38.25.1 samba-libs-32bit-4.4.2-38.25.1 samba-libs-4.4.2-38.25.1 samba-libs-debuginfo-32bit-4.4.2-38.25.1 samba-libs-debuginfo-4.4.2-38.25.1 samba-winbind-32bit-4.4.2-38.25.1 samba-winbind-4.4.2-38.25.1 samba-winbind-debuginfo-32bit-4.4.2-38.25.1 samba-winbind-debuginfo-4.4.2-38.25.1 - SUSE Enterprise Storage 4 (noarch): samba-doc-4.4.2-38.25.1 References: https://www.suse.com/security/cve/CVE-2019-3880.html https://bugzilla.suse.com/1087481 https://bugzilla.suse.com/1106119 https://bugzilla.suse.com/1114459 https://bugzilla.suse.com/1126463 https://bugzilla.suse.com/1131060 From sle-updates at lists.suse.com Fri May 10 13:18:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 21:18:08 +0200 (CEST) Subject: SUSE-SU-2019:14043-1: moderate: Security update for ImageMagick Message-ID: <20190510191808.89BC1F528@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14043-1 Rating: moderate References: #1130330 #1131317 #1132053 #1132060 #1133204 #1133205 #1133498 #1133501 Cross-References: CVE-2019-10650 CVE-2019-11007 CVE-2019-11009 CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-9956 Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - CVE-2019-11472: Fixed a denial-of-service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial-of-service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-14043=1 Package List: - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-78.97.1 ImageMagick-debugsource-6.4.3.6-78.97.1 References: https://www.suse.com/security/cve/CVE-2019-10650.html https://www.suse.com/security/cve/CVE-2019-11007.html https://www.suse.com/security/cve/CVE-2019-11009.html https://www.suse.com/security/cve/CVE-2019-11470.html https://www.suse.com/security/cve/CVE-2019-11472.html https://www.suse.com/security/cve/CVE-2019-11505.html https://www.suse.com/security/cve/CVE-2019-11506.html https://www.suse.com/security/cve/CVE-2019-9956.html https://bugzilla.suse.com/1130330 https://bugzilla.suse.com/1131317 https://bugzilla.suse.com/1132053 https://bugzilla.suse.com/1132060 https://bugzilla.suse.com/1133204 https://bugzilla.suse.com/1133205 https://bugzilla.suse.com/1133498 https://bugzilla.suse.com/1133501 From sle-updates at lists.suse.com Fri May 10 13:19:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 21:19:41 +0200 (CEST) Subject: SUSE-SU-2019:1208-1: moderate: Security update for sqlite3 Message-ID: <20190510191941.8DBE7F528@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1208-1 Rating: moderate References: #1085790 #1132045 Cross-References: CVE-2017-10989 CVE-2018-8740 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). - CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1208=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1208=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1208=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1208=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1208=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1208=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1208=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): sqlite3-debuginfo-3.8.10.2-9.6.1 sqlite3-debugsource-3.8.10.2-9.6.1 sqlite3-devel-3.8.10.2-9.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): sqlite3-debuginfo-3.8.10.2-9.6.1 sqlite3-debugsource-3.8.10.2-9.6.1 sqlite3-devel-3.8.10.2-9.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.6.1 libsqlite3-0-debuginfo-3.8.10.2-9.6.1 sqlite3-3.8.10.2-9.6.1 sqlite3-debuginfo-3.8.10.2-9.6.1 sqlite3-debugsource-3.8.10.2-9.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.6.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.6.1 libsqlite3-0-debuginfo-3.8.10.2-9.6.1 sqlite3-3.8.10.2-9.6.1 sqlite3-debuginfo-3.8.10.2-9.6.1 sqlite3-debugsource-3.8.10.2-9.6.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.6.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsqlite3-0-3.8.10.2-9.6.1 libsqlite3-0-32bit-3.8.10.2-9.6.1 libsqlite3-0-debuginfo-3.8.10.2-9.6.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.6.1 sqlite3-3.8.10.2-9.6.1 sqlite3-debuginfo-3.8.10.2-9.6.1 sqlite3-debugsource-3.8.10.2-9.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsqlite3-0-3.8.10.2-9.6.1 libsqlite3-0-32bit-3.8.10.2-9.6.1 libsqlite3-0-debuginfo-3.8.10.2-9.6.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.6.1 sqlite3-3.8.10.2-9.6.1 sqlite3-debuginfo-3.8.10.2-9.6.1 sqlite3-debugsource-3.8.10.2-9.6.1 - SUSE CaaS Platform ALL (x86_64): libsqlite3-0-3.8.10.2-9.6.1 libsqlite3-0-debuginfo-3.8.10.2-9.6.1 sqlite3-debuginfo-3.8.10.2-9.6.1 sqlite3-debugsource-3.8.10.2-9.6.1 - SUSE CaaS Platform 3.0 (x86_64): libsqlite3-0-3.8.10.2-9.6.1 libsqlite3-0-debuginfo-3.8.10.2-9.6.1 sqlite3-debuginfo-3.8.10.2-9.6.1 sqlite3-debugsource-3.8.10.2-9.6.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsqlite3-0-3.8.10.2-9.6.1 libsqlite3-0-debuginfo-3.8.10.2-9.6.1 sqlite3-debuginfo-3.8.10.2-9.6.1 sqlite3-debugsource-3.8.10.2-9.6.1 References: https://www.suse.com/security/cve/CVE-2017-10989.html https://www.suse.com/security/cve/CVE-2018-8740.html https://bugzilla.suse.com/1085790 https://bugzilla.suse.com/1132045 From sle-updates at lists.suse.com Fri May 10 13:20:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 21:20:27 +0200 (CEST) Subject: SUSE-SU-2019:1215-1: moderate: Security update for python-Django1 Message-ID: <20190510192027.4F01CF528@maintenance.suse.de> SUSE Security Update: Security update for python-Django1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1215-1 Rating: moderate References: #1124991 Cross-References: CVE-2019-6975 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django1 fixes the following issue: Security issue fixed: - CVE-2019-6975: Fixed memory exhaustion in django.utils.numberformat.format() (bsc#1124991). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-1215=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-1215=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-Django1-1.11.20-3.3.1 - SUSE OpenStack Cloud 9 (noarch): python-Django1-1.11.20-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-6975.html https://bugzilla.suse.com/1124991 From sle-updates at lists.suse.com Fri May 10 13:21:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 May 2019 21:21:04 +0200 (CEST) Subject: SUSE-SU-2019:1207-1: important: Security update for 389-ds Message-ID: <20190510192104.BF984F528@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1207-1 Rating: important References: #1076530 #1096368 #1105606 #1106699 Cross-References: CVE-2017-15134 CVE-2017-15135 CVE-2018-10850 CVE-2018-10935 CVE-2018-14624 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for 389-ds fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10850: Fixed a race condition on reference counter that would lead to a denial of service using persistent search (bsc#1096368) - CVE-2017-15134: Fixed a remote denial of service via search filters in slapi_filter_sprintf in slapd/util.c (bsc#1076530) - CVE-2017-15135: Fixed authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (bsc#1076530) - CVE-2018-10935: Fixed an issue that allowed users to cause a crash via ldapsearch with server side sorts (bsc#1105606) - CVE-2018-14624: The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(), allowing an attacker to send a flood of modifications to a very large DN, which could have caused slapd to crash (bsc#1106699). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1207=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1207=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.0.3-4.7.52 389-ds-debuginfo-1.4.0.3-4.7.52 389-ds-debugsource-1.4.0.3-4.7.52 389-ds-devel-1.4.0.3-4.7.52 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): 389-ds-debuginfo-1.4.0.3-4.7.52 389-ds-debugsource-1.4.0.3-4.7.52 389-ds-snmp-1.4.0.3-4.7.52 389-ds-snmp-debuginfo-1.4.0.3-4.7.52 References: https://www.suse.com/security/cve/CVE-2017-15134.html https://www.suse.com/security/cve/CVE-2017-15135.html https://www.suse.com/security/cve/CVE-2018-10850.html https://www.suse.com/security/cve/CVE-2018-10935.html https://www.suse.com/security/cve/CVE-2018-14624.html https://bugzilla.suse.com/1076530 https://bugzilla.suse.com/1096368 https://bugzilla.suse.com/1105606 https://bugzilla.suse.com/1106699 From sle-updates at lists.suse.com Mon May 13 10:09:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 May 2019 18:09:23 +0200 (CEST) Subject: SUSE-SU-2019:1220-1: moderate: Security update for cf-cli Message-ID: <20190513160923.33E09F528@maintenance.suse.de> SUSE Security Update: Security update for cf-cli ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1220-1 Rating: moderate References: #1132242 Cross-References: CVE-2019-3781 Affected Products: SUSE Linux Enterprise Module for CAP 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cf-cli fixes the following issues: cf-cli was updated: to version 6.43.0 (bsc#1132242) Enhancements : - `cf curl` supports a new `--fail` flag (primarily for scripting purposes) which returns exit code `22` for server errors [story](https://www.pivotaltracker.com/story/show/130060949) - Improves `cf delete-orphaned-routes` such that it uses a different endpoint, reducing the chance of a race condition when two users are simultaneously deleting orphaned routes and associating routes with applications [story](https://www.pivotaltracker.com/story/show/163156064) - we've improved the speed of cf services - it now hits a single endpoint instead of making individual API calls Security: - CVE-2019-3781: CF CLI does not sanitize user???s password in verbose/trace/debug. - Fixes issue with running cf login in verbose mode whereby passwords which contains regex were not completely redacted - Fixes issue whilst running commands in verbose mode refresh tokens were not completely redacted Other Bug Fixes: - Updates help text for cf curlstory - Now refresh tokens work properly whilst using cf curl with V3 CC API endpoints story - Fixes performance degradation for cf services story - cf delete-service requires that you are targeting a space story - cf enable-service access for a service in an org will succeed if you have already enabled access for that service in that org story cf-cli was updated to version 6.42.0: Minor Enhancements: - updated `cf restage` help text and the first line in the command's output to indicate that using this command will cause app downtime [story](https://www.pivotaltracker.com/story/show/151841382) - updated the `cf bind-route-service` help text to clarify usage instructions [story](https://www.pivotaltracker.com/story/show/150111078) - improved an error message for `cf create-service-boker` to be more helpful when the CC API returns a `502` due to an invalid service broker catalog - upgraded to Golang 1.11.4 [story](https://www.pivotaltracker.com/story/show/162745359) - added a short name `ue` for `cf unset-env` [story](https://www.pivotaltracker.com/story/show/161632713) - updated `cf marketplace` command to include a new `broker` column to prepare for a upcoming services-related feature which will allow services to have the same name as long as they are associated with different service brokers [story](https://www.pivotaltracker.com/story/show/162699756) Bugs: - fix for `cf enable-service-access -p plan` whereby when we refactored the code in CLI `v6.41.0` it created service plan visibilities as part of a subsequent run of the command (the unrefactored code skipped creating the service plan visibilities); now the command will skip creating service plan visibilities as it did prior to the refactor [story](https://www.pivotaltracker.com/story/show/162747373) - updated the `cf rename-buildpack` help text which was missing reference to the `-s` stack flag [story](https://www.pivotaltracker.com/story/show/162428661) - updated help text for when users use `brew search cloudfoundry-cli` [story](https://www.pivotaltracker.com/story/show/161770940) - now when you run `cf service service-instance` for a route service, the route service url appears in the key value table [story](https://www.pivotaltracker.com/story/show/162498211) Update to version 6.41.0: Enhancements: - updated `cf --help` to include the `delete` command [story](https://www.pivotaltracker.com/story/show/161556511) Update to version 6.40.1: Bug Fixes: - Updates the minimum version for the buildpacks-stacks association feature. In [CLI v6.39.0](https://github.com/cloudfoundry/cli/releases/tag/v6.39.0), when the feature was released, we incorrectly set the minimum to cc api version as`2.114`. The minimum cc api version is now correctly set to [`2.112`](https://github.com/cloudfoundry/capi-release/releases/tag/1.58.0) . [story](https://www.pivotaltracker.com/story/show/161464797) - Fixes a bug with inspecting a service instance `cf service service-instance`, now the `documentation` url displays correctly for services which populate that field [story](https://www.pivotaltracker.com/story/show/161251875) Update to version 6.40.0: Bug Fixes: - Fix bug where trailing slash on cf api would break listing commands for older CC APIs story. For older versions of CC API, if the API URL had a trailing slash, some requests would fail with an "Unknown request" error. These requests are now handled properly. Update to version 6.39.0: Enhancements: - for users on cc api 3.27, cf start is enhanced to display the new cf app v3 output. For users on cc api 3.27 or lower, users will see the same v2 output. Note that if you use v3 commands to create and start your app, if you subsequently use cf stop and cf start, the routes property in cf app will not populate even though the route exists story - for users on cc api 3.27, cf restart is enhanced to display the new cf app v3 output. For users on cc api 3.27 or lower, users will see the same v2 output. story - for users on cc api 3.27, cf restage is enhanced to display the new cf app v3 output. For users on cc api 3.27 or lower, users will see the same v2 output. story - improved help text for -d domains for cf push to include examples of usage story - cf v3-scale displays additional app information story - if you've created an internal domain, and it is the first domain in cc, the CLI will now ignore the internal domain and instead choose the next non-internal domain when you push an app story Bug Fixes: - Fix for users on macOS attempting to brew install cf-cli the CF CLI using the unreleased master branch of Homebrew story - Fixes an issue whereby, due to a recent cc api change, when you execute cf push and watch the cf app command, the app display returned a 400 error story - Fixes a bug whereby if you logged in using client credentials, cf auth user pass --client credentials you were unable to create an org; now create-org will assign the role to the user id specified in your manifest story - fixes an issue introduced when we refactored cf start and as part of that work, we stopped blocking on the initial connection with the logging backend; now the CLI blocks until the NOAA connection is made, or the default dial timeout of five seconds is reached story update to version 6.38.0: Enhancements: - v3-ssh process type now defaults to web story - Support added for setting tags for user provided service instances story - Now a warning appears if you attempt to use deprecated properties and variable substitution story - Updated usage so now you can rename the cf binary use it with every command story - cf events now displays the Diego cell_id and instance guid in crash events story - Includes cf service service-instance table display improvements wherein the service instance information is now grouped separately from the binding information story - cf service service-instance table display information for user provided services changed: status has been added to the table story Bug Fixes: - the CLI now properly handles escaped commas in the X-Cf-Warnings header Update to version 6.37.0: Enhancements - The api/cloudcontroller/ccv2 package has been updated with more functions #1343 - Now a warning appears if you are using a API version older than 2.69.0, which is no longer officially supported - Now the CLI reads the username and password from the environment variables #1358 Bug Fixes: - Fixes bug whereby X-Cf-Warnings were not being unescaped when displayed to user #1361 - When using CF_TRACE=1, passwords are now sanitized #1375 and tracker Update to version 6.36.0: Bug Fixes: - int64 support for cf/flags library, #1333 - Debian package, #1336 - Web action flag not working on CLI 0.6.5, #1337 - When a cf push upload fails/Consul is down, a panic occurs, #1340 and #1351 update to version 6.35.2: Bug Fixes: - Providing a clearer services authorization warning message when a service has been disabled for the organization, fixing #1344 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for CAP 15: zypper in -t patch SUSE-SLE-Module-CAP-Tools-15-2019-1220=1 Package List: - SUSE Linux Enterprise Module for CAP 15 (x86_64): cf-cli-6.43.0-3.3.2 References: https://www.suse.com/security/cve/CVE-2019-3781.html https://bugzilla.suse.com/1132242 From sle-updates at lists.suse.com Mon May 13 10:12:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 May 2019 18:12:48 +0200 (CEST) Subject: SUSE-SU-2019:1219-1: important: Security update for java-1_8_0-openjdk Message-ID: <20190513161248.AAD80F528@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1219-1 Rating: important References: #1122293 #1122299 #1132728 #1132729 #1132732 #1133135 Cross-References: CVE-2018-11212 CVE-2018-3639 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2019-2422: Better FileChannel (bsc#1122293). - CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed: - Disable LTO (bsc#1133135). - Added Japanese new era name. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1219=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1219=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1219=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1219=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1219=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1219=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1219=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1219=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1219=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1219=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1219=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-openjdk-1.8.0.212-27.32.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-debugsource-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-27.32.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.212-27.32.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-debugsource-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-27.32.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-openjdk-1.8.0.212-27.32.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-debugsource-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-27.32.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.212-27.32.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-debugsource-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-27.32.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.212-27.32.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-debugsource-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-27.32.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.212-27.32.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-debugsource-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-27.32.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.212-27.32.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-debugsource-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-27.32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.212-27.32.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-debugsource-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-27.32.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): java-1_8_0-openjdk-1.8.0.212-27.32.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-debugsource-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-27.32.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): java-1_8_0-openjdk-1.8.0.212-27.32.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-debugsource-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-27.32.1 - SUSE Enterprise Storage 4 (x86_64): java-1_8_0-openjdk-1.8.0.212-27.32.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-debugsource-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-1.8.0.212-27.32.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-1.8.0.212-27.32.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-1.8.0.212-27.32.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-27.32.1 References: https://www.suse.com/security/cve/CVE-2018-11212.html https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2019-2422.html https://www.suse.com/security/cve/CVE-2019-2426.html https://www.suse.com/security/cve/CVE-2019-2602.html https://www.suse.com/security/cve/CVE-2019-2684.html https://www.suse.com/security/cve/CVE-2019-2698.html https://bugzilla.suse.com/1122293 https://bugzilla.suse.com/1122299 https://bugzilla.suse.com/1132728 https://bugzilla.suse.com/1132729 https://bugzilla.suse.com/1132732 https://bugzilla.suse.com/1133135 From sle-updates at lists.suse.com Mon May 13 10:16:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 May 2019 18:16:54 +0200 (CEST) Subject: SUSE-RU-2019:1224-1: moderate: Recommended update for yast2-network Message-ID: <20190513161654.C2A86F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1224-1 Rating: moderate References: #1129012 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-network fixes the following issues: - Use the bus_id of the udev parent device when using virtio netcards and matching the existent rules with the defined in in the profile. (bsc#1129012) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1224=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1224=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): yast2-network-3.4.3-3.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): yast2-network-3.4.3-3.9.1 References: https://bugzilla.suse.com/1129012 From sle-updates at lists.suse.com Mon May 13 10:18:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 May 2019 18:18:07 +0200 (CEST) Subject: SUSE-RU-2019:1222-1: moderate: Recommended update for nvme-cli Message-ID: <20190513161807.9896EF528@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1222-1 Rating: moderate References: #1127076 #1131930 #1133594 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - Add new 'ontapdevices' command and corresponding documentation (bsc#1131930). - Add nvmefc-connect.target to allow stopping the parameterized services (bsc#1127076). Also change the service type so udevd doesn't have to wait for the termination of the service process. - Increase size of ONTAP namespace path variable - Fix failing service on devices without fc-hardware (bsc#1133594) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1222=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): nvme-cli-1.5-7.16.1 nvme-cli-debuginfo-1.5-7.16.1 nvme-cli-debugsource-1.5-7.16.1 References: https://bugzilla.suse.com/1127076 https://bugzilla.suse.com/1131930 https://bugzilla.suse.com/1133594 From sle-updates at lists.suse.com Mon May 13 10:19:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 May 2019 18:19:00 +0200 (CEST) Subject: SUSE-SU-2019:1221-1: moderate: Security update for libxslt Message-ID: <20190513161900.4932EF528@maintenance.suse.de> SUSE Security Update: Security update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1221-1 Rating: moderate References: #1132160 Cross-References: CVE-2019-11068 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxslt fixes the following issues: Security issue fixed: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1221=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1221=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libxslt-python-1.1.32-3.3.1 libxslt-python-debuginfo-1.1.32-3.3.1 libxslt-python-debugsource-1.1.32-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.32-3.3.1 libxslt-devel-1.1.32-3.3.1 libxslt-tools-1.1.32-3.3.1 libxslt-tools-debuginfo-1.1.32-3.3.1 libxslt1-1.1.32-3.3.1 libxslt1-debuginfo-1.1.32-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-11068.html https://bugzilla.suse.com/1132160 From sle-updates at lists.suse.com Mon May 13 10:19:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 May 2019 18:19:39 +0200 (CEST) Subject: SUSE-RU-2019:1223-1: moderate: Recommended update for wicked Message-ID: <20190513161939.3A5E4F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1223-1 Rating: moderate References: #1106809 #1118206 #1118378 #1123555 #1127340 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for wicked fixes the following issues: wicked was updated to version 0.6.54: - switch to use systemd notify and prevent event backlog at start by calling udevadm settle before starting wickedd (bsc#1118206) - dhcp6: don't discard confirm reply without status (bsc#1127340) - ethtool: set lro legacy flag and not txvlan (bsc#1123555) - init memory before use in ioctl - fsm: fix find pending worker loop segfault (bsc#1106809) - dhcp: request hostname/fqdn option in the tester (bsc#1118378) - build: link with relro by default for binary hardening Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1223=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1223=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libwicked-0-6-0.6.54-28.17.1 libwicked-0-6-debuginfo-0.6.54-28.17.1 wicked-0.6.54-28.17.1 wicked-debuginfo-0.6.54-28.17.1 wicked-debugsource-0.6.54-28.17.1 wicked-service-0.6.54-28.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libwicked-0-6-0.6.54-28.17.1 libwicked-0-6-debuginfo-0.6.54-28.17.1 wicked-0.6.54-28.17.1 wicked-debuginfo-0.6.54-28.17.1 wicked-debugsource-0.6.54-28.17.1 wicked-service-0.6.54-28.17.1 References: https://bugzilla.suse.com/1106809 https://bugzilla.suse.com/1118206 https://bugzilla.suse.com/1118378 https://bugzilla.suse.com/1123555 https://bugzilla.suse.com/1127340 From sle-updates at lists.suse.com Mon May 13 13:08:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 May 2019 21:08:35 +0200 (CEST) Subject: SUSE-RU-2019:1226-1: moderate: Recommended update for wicked Message-ID: <20190513190835.28BA3F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1226-1 Rating: moderate References: #1106809 #1118206 #1123555 #1127340 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for wicked fixes the following issues: Wicked was updated to version 0.6.54: - switch to use systemd notify and prevent event backlog at start by calling udevadm settle before starting wickedd (bsc#1118206) - dhcp6: don't discard confirm reply without status (bsc#1127340) - ethtool: set lro legacy flag and not txvlan (bsc#1123555) - init memory before use in ioctl - fsm: fix find pending worker loop segfault (bsc#1106809) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1226=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwicked-0-6-0.6.54-3.11.1 libwicked-0-6-debuginfo-0.6.54-3.11.1 wicked-0.6.54-3.11.1 wicked-debuginfo-0.6.54-3.11.1 wicked-debugsource-0.6.54-3.11.1 wicked-service-0.6.54-3.11.1 References: https://bugzilla.suse.com/1106809 https://bugzilla.suse.com/1118206 https://bugzilla.suse.com/1123555 https://bugzilla.suse.com/1127340 From sle-updates at lists.suse.com Mon May 13 13:09:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 May 2019 21:09:38 +0200 (CEST) Subject: SUSE-RU-2019:1225-1: moderate: Recommended update for release-notes-suse-openstack-cloud Message-ID: <20190513190938.6DC27F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1225-1 Rating: moderate References: Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for release-notes-suse-openstack-cloud fixes the following issues: - Update to version 9.20190507: * Enable ADOC_POST stylesheet for simpara->para conversion (jsc#SCRD-9007) - Update to version 9.20190502: * Clarify availability of upgrade instructions in deployment guide * Update install-upgrade.adoc * reword upgrade instructions, request from T.R. email * Remove reference to RHEL support since that is HPE exclusive * Document OVS network limitation (SCRD-8402) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-1225=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-1225=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): release-notes-suse-openstack-cloud-9.20190507-3.3.1 - SUSE OpenStack Cloud 9 (noarch): release-notes-suse-openstack-cloud-9.20190507-3.3.1 References: From sle-updates at lists.suse.com Mon May 13 13:10:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 May 2019 21:10:04 +0200 (CEST) Subject: SUSE-RU-2019:1227-1: moderate: Recommended update for wicked Message-ID: <20190513191004.EEC8CF528@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1227-1 Rating: moderate References: #1106809 #1118206 #1118378 #1123555 #1127340 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for wicked fixes the following issues: wicked was updated to version 0.6.54: - switch to use systemd notify and prevent event backlog at start by calling udevadm settle before starting wickedd (bsc#1118206) - dhcp6: don't discard confirm reply without status (bsc#1127340) - ethtool: set lro legacy flag and not txvlan (bsc#1123555) - init memory before use in ioctl - fsm: fix find pending worker loop segfault (bsc#1106809) - dhcp: request hostname/fqdn option in the tester (bsc#1118378) - build: link with relro by default for binary hardening Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1227=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1227=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libwicked-0-6-0.6.54-2.8.1 libwicked-0-6-debuginfo-0.6.54-2.8.1 wicked-0.6.54-2.8.1 wicked-debuginfo-0.6.54-2.8.1 wicked-debugsource-0.6.54-2.8.1 wicked-service-0.6.54-2.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libwicked-0-6-0.6.54-2.8.1 libwicked-0-6-debuginfo-0.6.54-2.8.1 wicked-0.6.54-2.8.1 wicked-debuginfo-0.6.54-2.8.1 wicked-debugsource-0.6.54-2.8.1 wicked-service-0.6.54-2.8.1 References: https://bugzilla.suse.com/1106809 https://bugzilla.suse.com/1118206 https://bugzilla.suse.com/1118378 https://bugzilla.suse.com/1123555 https://bugzilla.suse.com/1127340 From sle-updates at lists.suse.com Tue May 14 07:08:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 May 2019 15:08:58 +0200 (CEST) Subject: SUSE-RU-2019:1228-1: moderate: Recommended update for golang-github-prometheus-prometheus Message-ID: <20190514130859.03005F528@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1228-1 Rating: moderate References: #1126139 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-github-prometheus-prometheus fixes the following issues: - Fixes an issue where prometheus leaves too many temporary files (bsc#1126139) - The version bump to version 2.3.2 includes many bug fixes and enhancements as well as some features. Please have a look at the changelog, in order to obtain a full list of changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1228=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): golang-github-prometheus-prometheus-2.3.2-2.8.1 References: https://bugzilla.suse.com/1126139 From sle-updates at lists.suse.com Tue May 14 07:09:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 May 2019 15:09:34 +0200 (CEST) Subject: SUSE-RU-2019:1229-1: moderate: Recommended update for sensors Message-ID: <20190514130934.5B8DAF528@maintenance.suse.de> SUSE Recommended Update: Recommended update for sensors ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1229-1 Rating: moderate References: #1108468 #1116021 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sensors fixes the following issues: sensors was updated to version 3.5.0: The following changes were done: + soname was bumped due to commit dcf2367 which introduced an ABI change. (This was reverted for the SUSE packages, as it was not necessary) + Fixed disappearance of certain hwmon chips with 4.19+ kernels (bsc#1116021). + Add the find-driver script for debugging. + Various documentation and man page improvements. + Fix various issues found by Coverity Scan. + Updated links in documentation to reflect the new home of lm_sensors. + sensors.1: Add reference to sensors-detect and document -j option (json output). + sensors: Add support for json output, add support for power min, lcrit, min_alarm, lcrit_alarm. + sensors-detect changes: * Fix systemd paths. * Add detection of Fintek F81768. * Only probe I/O ports on x86. * Add detection of Nuvoton NCT6793D. * Add detection of Microchip MCP9808. * Mark F71868A as supported by the f71882fg driver. * Mark F81768D as supported by the f71882fg driver. * Mark F81866D as supported by the f71882fg driver. * Add detection of various ITE chips. * Add detection of Nuvoton NCT6795D. * Add detection of DDR4 SPD. * Add detection of ITE IT8987D. * Add detection of AMD Family 17h temperature sensors. * Add detection of AMD KERNCZ SMBus controller. * Add detection of various Intel SMBus controllers. * Add detection of Giantec GT30TS00. * Add detection of ONS CAT34TS02C and CAT34TS04. * Add detection of AMD Family 15h Model 60+ temperature sensors. * Add detection of Nuvoton NCT6796D. * Add detection of AMD Family 15h Model 70+ temperature sensors. + configs: Add sample configuration files. + sensors.conf.default: * Add hardwired inputs of NCT6795D * Add hardwired inputs of F71868A * Add hardwired NCT6796D inputs + vt1211_pwm: replaced deprecated sub shell syntax, run with bash instead of sh. + pwmconfig: replaced deprecated sub shell syntax. + fancontrol: replaced deprecated sub shell syntax, save original pwm values. + fancontrol.8: replaced deprecated sub shell syntax. + libsensors: * Add support for SENSORS_BUS_TYPE_SCSI, add support for power min, lcrit, min_alarm, lcrit_alarm. * Handle hwmon device with thermal device parent (bsc#1108468). - Undo unnecessary libsensors version bump. - Undo the SENSORS_API_VERSION change, to stay source-compatible with upstream. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1229=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le x86_64): libsensors4-3.5.0-4.3.1 libsensors4-debuginfo-3.5.0-4.3.1 libsensors4-devel-3.5.0-4.3.1 sensors-3.5.0-4.3.1 sensors-debuginfo-3.5.0-4.3.1 sensors-debugsource-3.5.0-4.3.1 References: https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1116021 From sle-updates at lists.suse.com Tue May 14 10:10:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 May 2019 18:10:24 +0200 (CEST) Subject: SUSE-RU-2019:1230-1: moderate: Recommended update for postfix Message-ID: <20190514161024.408EAF528@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1230-1 Rating: moderate References: #1104543 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postfix fixes the following issues: - config.postfix didn't start tlsmgr in master.cf when using POSTFIX_SMTP_TLS_CLIENT="must" (bsc#1104543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1230=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1230=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1230=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1230=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1230=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1230=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.2.0-3.18.1 postfix-debugsource-3.2.0-3.18.1 postfix-devel-3.2.0-3.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.2.0-3.18.1 postfix-debugsource-3.2.0-3.18.1 postfix-devel-3.2.0-3.18.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): postfix-3.2.0-3.18.1 postfix-debuginfo-3.2.0-3.18.1 postfix-debugsource-3.2.0-3.18.1 postfix-mysql-3.2.0-3.18.1 postfix-mysql-debuginfo-3.2.0-3.18.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): postfix-doc-3.2.0-3.18.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): postfix-3.2.0-3.18.1 postfix-debuginfo-3.2.0-3.18.1 postfix-debugsource-3.2.0-3.18.1 postfix-mysql-3.2.0-3.18.1 postfix-mysql-debuginfo-3.2.0-3.18.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): postfix-doc-3.2.0-3.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): postfix-3.2.0-3.18.1 postfix-debuginfo-3.2.0-3.18.1 postfix-debugsource-3.2.0-3.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): postfix-3.2.0-3.18.1 postfix-debuginfo-3.2.0-3.18.1 postfix-debugsource-3.2.0-3.18.1 References: https://bugzilla.suse.com/1104543 From sle-updates at lists.suse.com Tue May 14 10:11:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 May 2019 18:11:09 +0200 (CEST) Subject: SUSE-RU-2019:1231-1: moderate: Recommended update for SUSEConnect Message-ID: <20190514161109.A42BCF528@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1231-1 Rating: moderate References: #1128969 #959561 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Does no longer try to remove a service during migration, if a zypper service plugin already exists (bsc#1128969) - Shows non-enabled extensions with a remark about availability - Adds output information about registration and unregistration progress - Output proper message when SUSEConnect is called without parameters (bsc#959561) - Default to https URI when no protocol prefix is provided for --url - Support transactional-update systems (fate#326482) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1231=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1231=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): SUSEConnect-0.3.17-17.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.17-17.23.1 References: https://bugzilla.suse.com/1128969 https://bugzilla.suse.com/959561 From sle-updates at lists.suse.com Tue May 14 13:09:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 May 2019 21:09:13 +0200 (CEST) Subject: SUSE-SU-2019:1232-1: moderate: Security update for libxslt Message-ID: <20190514190913.9FD77FF27@maintenance.suse.de> SUSE Security Update: Security update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1232-1 Rating: moderate References: #1132160 Cross-References: CVE-2019-11068 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxslt fixes the following issues: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1232=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1232=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1232=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1232=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1232=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1232=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.28-17.3.1 libxslt-devel-1.1.28-17.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.28-17.3.1 libxslt-devel-1.1.28-17.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.28-17.3.1 libxslt-tools-1.1.28-17.3.1 libxslt-tools-debuginfo-1.1.28-17.3.1 libxslt1-1.1.28-17.3.1 libxslt1-debuginfo-1.1.28-17.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libxslt1-32bit-1.1.28-17.3.1 libxslt1-debuginfo-32bit-1.1.28-17.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.28-17.3.1 libxslt-tools-1.1.28-17.3.1 libxslt-tools-debuginfo-1.1.28-17.3.1 libxslt1-1.1.28-17.3.1 libxslt1-debuginfo-1.1.28-17.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libxslt1-32bit-1.1.28-17.3.1 libxslt1-debuginfo-32bit-1.1.28-17.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libxslt-debugsource-1.1.28-17.3.1 libxslt-tools-1.1.28-17.3.1 libxslt-tools-debuginfo-1.1.28-17.3.1 libxslt1-1.1.28-17.3.1 libxslt1-32bit-1.1.28-17.3.1 libxslt1-debuginfo-1.1.28-17.3.1 libxslt1-debuginfo-32bit-1.1.28-17.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libxslt-debugsource-1.1.28-17.3.1 libxslt-tools-1.1.28-17.3.1 libxslt-tools-debuginfo-1.1.28-17.3.1 libxslt1-1.1.28-17.3.1 libxslt1-32bit-1.1.28-17.3.1 libxslt1-debuginfo-1.1.28-17.3.1 libxslt1-debuginfo-32bit-1.1.28-17.3.1 References: https://www.suse.com/security/cve/CVE-2019-11068.html https://bugzilla.suse.com/1132160 From sle-updates at lists.suse.com Tue May 14 16:09:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 00:09:14 +0200 (CEST) Subject: SUSE-SU-2019:1236-1: important: Security update for ucode-intel Message-ID: <20190514220914.551D2FF27@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1236-1 Rating: important References: #1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 - CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1236=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): ucode-intel-20190507-3.15.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 From sle-updates at lists.suse.com Tue May 14 16:09:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 00:09:50 +0200 (CEST) Subject: SUSE-SU-2019:1248-1: important: Security update for xen Message-ID: <20190514220950.37D3BFF27@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1248-1 Rating: important References: #1027519 #1079730 #1098403 #1111025 #1111331 #1120067 #1120095 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionaly also use CPU Microcode updates. The mitigation can be controlled via the "mds" commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other fixes: - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime. The included README has details about the impact of this change (bsc#1120095) - Fixes in Live migrating PV domUs An earlier change broke live migration of PV domUs without a device model. The migration would stall for 10 seconds while the domU was paused, which caused network connections to drop. Fix this by tracking the need for a device model within libxl. (bsc#1079730, bsc#1098403, bsc#1111025) - Libvirt segfault when crash triggered on top of HVM guest (bsc#1120067) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1248=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1248=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): xen-4.10.3_04-3.19.1 xen-debugsource-4.10.3_04-3.19.1 xen-devel-4.10.3_04-3.19.1 xen-tools-4.10.3_04-3.19.1 xen-tools-debuginfo-4.10.3_04-3.19.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): xen-debugsource-4.10.3_04-3.19.1 xen-libs-4.10.3_04-3.19.1 xen-libs-debuginfo-4.10.3_04-3.19.1 xen-tools-domU-4.10.3_04-3.19.1 xen-tools-domU-debuginfo-4.10.3_04-3.19.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1079730 https://bugzilla.suse.com/1098403 https://bugzilla.suse.com/1111025 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1120067 https://bugzilla.suse.com/1120095 From sle-updates at lists.suse.com Tue May 14 16:11:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 00:11:41 +0200 (CEST) Subject: SUSE-SU-2019:1242-1: important: Security update for the Linux Kernel Message-ID: <20190514221141.56C87FF27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1242-1 Rating: important References: #1050549 #1051510 #1052904 #1053043 #1055117 #1055121 #1055186 #1061840 #1065600 #1065729 #1070872 #1078216 #1082555 #1083647 #1085535 #1085536 #1088804 #1093777 #1094120 #1094244 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1100132 #1103186 #1103259 #1107937 #1108193 #1108937 #1111331 #1112128 #1112178 #1113399 #1113722 #1114279 #1114542 #1114638 #1119086 #1119680 #1120318 #1120902 #1122767 #1123105 #1125342 #1126221 #1126356 #1126704 #1126740 #1127175 #1127371 #1127372 #1127374 #1127378 #1127445 #1128415 #1128544 #1129273 #1129276 #1129770 #1130130 #1130154 #1130195 #1130335 #1130336 #1130337 #1130338 #1130425 #1130427 #1130518 #1130527 #1130567 #1130579 #1131062 #1131107 #1131167 #1131168 #1131169 #1131170 #1131171 #1131172 #1131173 #1131174 #1131175 #1131176 #1131177 #1131178 #1131179 #1131180 #1131290 #1131326 #1131335 #1131336 #1131416 #1131427 #1131442 #1131467 #1131574 #1131587 #1131659 #1131673 #1131847 #1131848 #1131851 #1131900 #1131934 #1131935 #1132083 #1132219 #1132226 #1132227 #1132365 #1132368 #1132369 #1132370 #1132372 #1132373 #1132384 #1132397 #1132402 #1132403 #1132404 #1132405 #1132407 #1132411 #1132412 #1132413 #1132414 #1132426 #1132527 #1132531 #1132555 #1132558 #1132561 #1132562 #1132563 #1132564 #1132570 #1132571 #1132572 #1132589 #1132618 #1132681 #1132726 #1132828 #1132943 #1133005 #1133094 #1133095 #1133115 #1133149 #1133486 #1133529 #1133584 #1133667 #1133668 #1133672 #1133674 #1133675 #1133698 #1133702 #1133731 #1133769 #1133772 #1133774 #1133778 #1133779 #1133780 #1133825 #1133850 #1133851 #1133852 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 165 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 Azure kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop (bnc#1126704). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#112128) (bsc#1132426). - acpi / sbs: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835 MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after "md: batch flush requests." (bsc#1119680). - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from to a new file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pm / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - ras/CEC: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - Revert drm/i915 patches that caused regressions (bsc#1131062) - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - rpm/config.sh: Fix build project and bugzilla product. - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1242=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-azure-4.12.14-6.12.1 kernel-azure-base-4.12.14-6.12.1 kernel-azure-base-debuginfo-4.12.14-6.12.1 kernel-azure-debuginfo-4.12.14-6.12.1 kernel-azure-debugsource-4.12.14-6.12.1 kernel-azure-devel-4.12.14-6.12.1 kernel-syms-azure-4.12.14-6.12.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-azure-4.12.14-6.12.1 kernel-source-azure-4.12.14-6.12.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-16880.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-3882.html https://www.suse.com/security/cve/CVE-2019-9003.html https://www.suse.com/security/cve/CVE-2019-9500.html https://www.suse.com/security/cve/CVE-2019-9503.html https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1052904 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1070872 https://bugzilla.suse.com/1078216 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1088804 https://bugzilla.suse.com/1093777 https://bugzilla.suse.com/1094120 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1103186 https://bugzilla.suse.com/1103259 https://bugzilla.suse.com/1107937 https://bugzilla.suse.com/1108193 https://bugzilla.suse.com/1108937 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113399 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1114638 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1120318 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122767 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1125342 https://bugzilla.suse.com/1126221 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1126704 https://bugzilla.suse.com/1126740 https://bugzilla.suse.com/1127175 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1127372 https://bugzilla.suse.com/1127374 https://bugzilla.suse.com/1127378 https://bugzilla.suse.com/1127445 https://bugzilla.suse.com/1128415 https://bugzilla.suse.com/1128544 https://bugzilla.suse.com/1129273 https://bugzilla.suse.com/1129276 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130130 https://bugzilla.suse.com/1130154 https://bugzilla.suse.com/1130195 https://bugzilla.suse.com/1130335 https://bugzilla.suse.com/1130336 https://bugzilla.suse.com/1130337 https://bugzilla.suse.com/1130338 https://bugzilla.suse.com/1130425 https://bugzilla.suse.com/1130427 https://bugzilla.suse.com/1130518 https://bugzilla.suse.com/1130527 https://bugzilla.suse.com/1130567 https://bugzilla.suse.com/1130579 https://bugzilla.suse.com/1131062 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131167 https://bugzilla.suse.com/1131168 https://bugzilla.suse.com/1131169 https://bugzilla.suse.com/1131170 https://bugzilla.suse.com/1131171 https://bugzilla.suse.com/1131172 https://bugzilla.suse.com/1131173 https://bugzilla.suse.com/1131174 https://bugzilla.suse.com/1131175 https://bugzilla.suse.com/1131176 https://bugzilla.suse.com/1131177 https://bugzilla.suse.com/1131178 https://bugzilla.suse.com/1131179 https://bugzilla.suse.com/1131180 https://bugzilla.suse.com/1131290 https://bugzilla.suse.com/1131326 https://bugzilla.suse.com/1131335 https://bugzilla.suse.com/1131336 https://bugzilla.suse.com/1131416 https://bugzilla.suse.com/1131427 https://bugzilla.suse.com/1131442 https://bugzilla.suse.com/1131467 https://bugzilla.suse.com/1131574 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1131659 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1131847 https://bugzilla.suse.com/1131848 https://bugzilla.suse.com/1131851 https://bugzilla.suse.com/1131900 https://bugzilla.suse.com/1131934 https://bugzilla.suse.com/1131935 https://bugzilla.suse.com/1132083 https://bugzilla.suse.com/1132219 https://bugzilla.suse.com/1132226 https://bugzilla.suse.com/1132227 https://bugzilla.suse.com/1132365 https://bugzilla.suse.com/1132368 https://bugzilla.suse.com/1132369 https://bugzilla.suse.com/1132370 https://bugzilla.suse.com/1132372 https://bugzilla.suse.com/1132373 https://bugzilla.suse.com/1132384 https://bugzilla.suse.com/1132397 https://bugzilla.suse.com/1132402 https://bugzilla.suse.com/1132403 https://bugzilla.suse.com/1132404 https://bugzilla.suse.com/1132405 https://bugzilla.suse.com/1132407 https://bugzilla.suse.com/1132411 https://bugzilla.suse.com/1132412 https://bugzilla.suse.com/1132413 https://bugzilla.suse.com/1132414 https://bugzilla.suse.com/1132426 https://bugzilla.suse.com/1132527 https://bugzilla.suse.com/1132531 https://bugzilla.suse.com/1132555 https://bugzilla.suse.com/1132558 https://bugzilla.suse.com/1132561 https://bugzilla.suse.com/1132562 https://bugzilla.suse.com/1132563 https://bugzilla.suse.com/1132564 https://bugzilla.suse.com/1132570 https://bugzilla.suse.com/1132571 https://bugzilla.suse.com/1132572 https://bugzilla.suse.com/1132589 https://bugzilla.suse.com/1132618 https://bugzilla.suse.com/1132681 https://bugzilla.suse.com/1132726 https://bugzilla.suse.com/1132828 https://bugzilla.suse.com/1132943 https://bugzilla.suse.com/1133005 https://bugzilla.suse.com/1133094 https://bugzilla.suse.com/1133095 https://bugzilla.suse.com/1133115 https://bugzilla.suse.com/1133149 https://bugzilla.suse.com/1133486 https://bugzilla.suse.com/1133529 https://bugzilla.suse.com/1133584 https://bugzilla.suse.com/1133667 https://bugzilla.suse.com/1133668 https://bugzilla.suse.com/1133672 https://bugzilla.suse.com/1133674 https://bugzilla.suse.com/1133675 https://bugzilla.suse.com/1133698 https://bugzilla.suse.com/1133702 https://bugzilla.suse.com/1133731 https://bugzilla.suse.com/1133769 https://bugzilla.suse.com/1133772 https://bugzilla.suse.com/1133774 https://bugzilla.suse.com/1133778 https://bugzilla.suse.com/1133779 https://bugzilla.suse.com/1133780 https://bugzilla.suse.com/1133825 https://bugzilla.suse.com/1133850 https://bugzilla.suse.com/1133851 https://bugzilla.suse.com/1133852 From sle-updates at lists.suse.com Tue May 14 16:39:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 00:39:01 +0200 (CEST) Subject: SUSE-SU-2019:1234-1: important: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork Message-ID: <20190514223901.B32F3FF29@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1234-1 Rating: important References: #1114209 #1114832 #1118897 #1118898 #1118899 #1121397 #1121967 #1123013 #1128376 #1128746 #1134068 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-5736 CVE-2019-6486 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 6 fixes is now available. Description: This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1234=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-1234=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): containerd-ctr-1.2.5-5.13.1 docker-debuginfo-18.09.6_ce-6.17.1 docker-debugsource-18.09.6_ce-6.17.1 docker-test-18.09.6_ce-6.17.1 docker-test-debuginfo-18.09.6_ce-6.17.1 go-1.12-3.10.1 go-doc-1.12-3.10.1 go1.11-1.11.9-1.12.1 go1.11-doc-1.11.9-1.12.1 go1.12-1.12.4-1.9.1 go1.12-doc-1.12.4-1.9.1 golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): containerd-test-1.2.5-5.13.1 docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1 docker-zsh-completion-18.09.6_ce-6.17.1 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): containerd-1.2.5-5.13.1 docker-18.09.6_ce-6.17.1 docker-debuginfo-18.09.6_ce-6.17.1 docker-debugsource-18.09.6_ce-6.17.1 docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2726_872f0a83c98a-4.12.1 docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1 docker-runc-debuginfo-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1 - SUSE Linux Enterprise Module for Containers 15 (noarch): docker-bash-completion-18.09.6_ce-6.17.1 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://www.suse.com/security/cve/CVE-2019-5736.html https://www.suse.com/security/cve/CVE-2019-6486.html https://bugzilla.suse.com/1114209 https://bugzilla.suse.com/1114832 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 https://bugzilla.suse.com/1121397 https://bugzilla.suse.com/1121967 https://bugzilla.suse.com/1123013 https://bugzilla.suse.com/1128376 https://bugzilla.suse.com/1128746 https://bugzilla.suse.com/1134068 From sle-updates at lists.suse.com Tue May 14 16:40:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 00:40:54 +0200 (CEST) Subject: SUSE-SU-2019:1238-1: important: Security update for qemu Message-ID: <20190514224054.D57ECFF29@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1238-1 Rating: important References: #1111331 #1125721 #1126455 #1129622 #1129962 #1130675 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-3812 CVE-2019-8934 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for qemu fixes the following issues: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue (bsc#1126455) - CVE-2019-3812: Fixed OOB memory access and information leak in virtual monitor interface (bsc#1125721) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest upstream adjustments for the same. Basically now the security fix is to provide a dummy host-model and host-serial value, which overrides getting that value from the host - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature "md-clear" (bsc#1111331) Other bugs fixed: - Use a new approach to handling the file input to -smbios option, which accepts either legacy or per-spec formats regardless of the machine type. - Drop the 'ampersand 0x25 shift altgr' line in pt-br keymap file (bsc#1129962) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1238=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1238=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): qemu-2.11.2-5.13.1 qemu-block-curl-2.11.2-5.13.1 qemu-block-curl-debuginfo-2.11.2-5.13.1 qemu-block-iscsi-2.11.2-5.13.1 qemu-block-iscsi-debuginfo-2.11.2-5.13.1 qemu-block-ssh-2.11.2-5.13.1 qemu-block-ssh-debuginfo-2.11.2-5.13.1 qemu-debugsource-2.11.2-5.13.1 qemu-guest-agent-2.11.2-5.13.1 qemu-guest-agent-debuginfo-2.11.2-5.13.1 qemu-lang-2.11.2-5.13.1 qemu-tools-2.11.2-5.13.1 qemu-tools-debuginfo-2.11.2-5.13.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): qemu-block-rbd-2.11.2-5.13.1 qemu-block-rbd-debuginfo-2.11.2-5.13.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): qemu-kvm-2.11.2-5.13.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le): qemu-ppc-2.11.2-5.13.1 qemu-ppc-debuginfo-2.11.2-5.13.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64): qemu-arm-2.11.2-5.13.1 qemu-arm-debuginfo-2.11.2-5.13.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): qemu-x86-2.11.2-5.13.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): qemu-ipxe-1.0.0+-5.13.1 qemu-seabios-1.11.0-5.13.1 qemu-sgabios-8-5.13.1 qemu-vgabios-1.11.0-5.13.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): qemu-s390-2.11.2-5.13.1 qemu-s390-debuginfo-2.11.2-5.13.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): qemu-2.11.2-5.13.1 qemu-block-curl-2.11.2-5.13.1 qemu-block-curl-debuginfo-2.11.2-5.13.1 qemu-debugsource-2.11.2-5.13.1 qemu-kvm-2.11.2-5.13.1 qemu-tools-2.11.2-5.13.1 qemu-tools-debuginfo-2.11.2-5.13.1 qemu-x86-2.11.2-5.13.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): qemu-ipxe-1.0.0+-5.13.1 qemu-seabios-1.11.0-5.13.1 qemu-sgabios-8-5.13.1 qemu-vgabios-1.11.0-5.13.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-20815.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-3812.html https://www.suse.com/security/cve/CVE-2019-8934.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1125721 https://bugzilla.suse.com/1126455 https://bugzilla.suse.com/1129622 https://bugzilla.suse.com/1129962 https://bugzilla.suse.com/1130675 From sle-updates at lists.suse.com Tue May 14 16:42:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 00:42:01 +0200 (CEST) Subject: SUSE-SU-2019:1244-1: important: Security update for the Linux Kernel Message-ID: <20190514224201.3B6BFFF29@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1244-1 Rating: important References: #1050549 #1051510 #1052904 #1053043 #1055117 #1055121 #1061840 #1065600 #1065729 #1070872 #1082555 #1083647 #1085535 #1085536 #1088804 #1094244 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1100132 #1103259 #1111331 #1112128 #1112178 #1113399 #1113722 #1114279 #1114542 #1114638 #1119086 #1119680 #1120318 #1120902 #1122767 #1123105 #1125342 #1126221 #1126356 #1126704 #1126740 #1127175 #1127371 #1127372 #1127374 #1127378 #1127445 #1128415 #1128544 #1129276 #1129770 #1130130 #1130154 #1130195 #1130335 #1130336 #1130337 #1130338 #1130425 #1130427 #1130518 #1130527 #1130567 #1131062 #1131107 #1131167 #1131168 #1131169 #1131170 #1131171 #1131172 #1131173 #1131174 #1131175 #1131176 #1131177 #1131178 #1131179 #1131180 #1131290 #1131335 #1131336 #1131416 #1131427 #1131442 #1131467 #1131574 #1131587 #1131659 #1131673 #1131847 #1131848 #1131851 #1131900 #1131934 #1131935 #1132083 #1132219 #1132226 #1132227 #1132365 #1132368 #1132369 #1132370 #1132372 #1132373 #1132384 #1132397 #1132402 #1132403 #1132404 #1132405 #1132407 #1132411 #1132412 #1132413 #1132414 #1132426 #1132527 #1132531 #1132555 #1132558 #1132561 #1132562 #1132563 #1132564 #1132570 #1132571 #1132572 #1132589 #1132618 #1132681 #1132726 #1132828 #1132943 #1133005 #1133094 #1133095 #1133115 #1133149 #1133486 #1133529 #1133584 #1133667 #1133668 #1133672 #1133674 #1133675 #1133698 #1133702 #1133731 #1133769 #1133772 #1133774 #1133778 #1133779 #1133780 #1133825 #1133850 #1133851 #1133852 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 154 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security issues were fixed: - CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop (bnc#1126704). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1132426). - acpi / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835 MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - Drop "PCI: designware-ep: Read-only registers need DBI_RO_WR_EN to" - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after "md: batch flush requests." (bsc#1119680). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from to a new file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - NFC: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pm / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - RAS/CEC: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - Revert drm/i915 patches that caused regressions (bsc#1131062) - Revert "ipv4: keep skb->dst around in presence of IP options" (git-fixes). - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (networking-stable-19_03_15). - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - soc: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318) - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1244=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.17.1 kernel-default-debugsource-4.12.14-150.17.1 kernel-default-livepatch-4.12.14-150.17.1 kernel-livepatch-4_12_14-150_17-default-1-1.3.1 kernel-livepatch-4_12_14-150_17-default-debuginfo-1-1.3.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-16880.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-3882.html https://www.suse.com/security/cve/CVE-2019-9003.html https://www.suse.com/security/cve/CVE-2019-9500.html https://www.suse.com/security/cve/CVE-2019-9503.html https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1052904 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1070872 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1088804 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1103259 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113399 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1114638 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1120318 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122767 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1125342 https://bugzilla.suse.com/1126221 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1126704 https://bugzilla.suse.com/1126740 https://bugzilla.suse.com/1127175 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1127372 https://bugzilla.suse.com/1127374 https://bugzilla.suse.com/1127378 https://bugzilla.suse.com/1127445 https://bugzilla.suse.com/1128415 https://bugzilla.suse.com/1128544 https://bugzilla.suse.com/1129276 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130130 https://bugzilla.suse.com/1130154 https://bugzilla.suse.com/1130195 https://bugzilla.suse.com/1130335 https://bugzilla.suse.com/1130336 https://bugzilla.suse.com/1130337 https://bugzilla.suse.com/1130338 https://bugzilla.suse.com/1130425 https://bugzilla.suse.com/1130427 https://bugzilla.suse.com/1130518 https://bugzilla.suse.com/1130527 https://bugzilla.suse.com/1130567 https://bugzilla.suse.com/1131062 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131167 https://bugzilla.suse.com/1131168 https://bugzilla.suse.com/1131169 https://bugzilla.suse.com/1131170 https://bugzilla.suse.com/1131171 https://bugzilla.suse.com/1131172 https://bugzilla.suse.com/1131173 https://bugzilla.suse.com/1131174 https://bugzilla.suse.com/1131175 https://bugzilla.suse.com/1131176 https://bugzilla.suse.com/1131177 https://bugzilla.suse.com/1131178 https://bugzilla.suse.com/1131179 https://bugzilla.suse.com/1131180 https://bugzilla.suse.com/1131290 https://bugzilla.suse.com/1131335 https://bugzilla.suse.com/1131336 https://bugzilla.suse.com/1131416 https://bugzilla.suse.com/1131427 https://bugzilla.suse.com/1131442 https://bugzilla.suse.com/1131467 https://bugzilla.suse.com/1131574 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1131659 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1131847 https://bugzilla.suse.com/1131848 https://bugzilla.suse.com/1131851 https://bugzilla.suse.com/1131900 https://bugzilla.suse.com/1131934 https://bugzilla.suse.com/1131935 https://bugzilla.suse.com/1132083 https://bugzilla.suse.com/1132219 https://bugzilla.suse.com/1132226 https://bugzilla.suse.com/1132227 https://bugzilla.suse.com/1132365 https://bugzilla.suse.com/1132368 https://bugzilla.suse.com/1132369 https://bugzilla.suse.com/1132370 https://bugzilla.suse.com/1132372 https://bugzilla.suse.com/1132373 https://bugzilla.suse.com/1132384 https://bugzilla.suse.com/1132397 https://bugzilla.suse.com/1132402 https://bugzilla.suse.com/1132403 https://bugzilla.suse.com/1132404 https://bugzilla.suse.com/1132405 https://bugzilla.suse.com/1132407 https://bugzilla.suse.com/1132411 https://bugzilla.suse.com/1132412 https://bugzilla.suse.com/1132413 https://bugzilla.suse.com/1132414 https://bugzilla.suse.com/1132426 https://bugzilla.suse.com/1132527 https://bugzilla.suse.com/1132531 https://bugzilla.suse.com/1132555 https://bugzilla.suse.com/1132558 https://bugzilla.suse.com/1132561 https://bugzilla.suse.com/1132562 https://bugzilla.suse.com/1132563 https://bugzilla.suse.com/1132564 https://bugzilla.suse.com/1132570 https://bugzilla.suse.com/1132571 https://bugzilla.suse.com/1132572 https://bugzilla.suse.com/1132589 https://bugzilla.suse.com/1132618 https://bugzilla.suse.com/1132681 https://bugzilla.suse.com/1132726 https://bugzilla.suse.com/1132828 https://bugzilla.suse.com/1132943 https://bugzilla.suse.com/1133005 https://bugzilla.suse.com/1133094 https://bugzilla.suse.com/1133095 https://bugzilla.suse.com/1133115 https://bugzilla.suse.com/1133149 https://bugzilla.suse.com/1133486 https://bugzilla.suse.com/1133529 https://bugzilla.suse.com/1133584 https://bugzilla.suse.com/1133667 https://bugzilla.suse.com/1133668 https://bugzilla.suse.com/1133672 https://bugzilla.suse.com/1133674 https://bugzilla.suse.com/1133675 https://bugzilla.suse.com/1133698 https://bugzilla.suse.com/1133702 https://bugzilla.suse.com/1133731 https://bugzilla.suse.com/1133769 https://bugzilla.suse.com/1133772 https://bugzilla.suse.com/1133774 https://bugzilla.suse.com/1133778 https://bugzilla.suse.com/1133779 https://bugzilla.suse.com/1133780 https://bugzilla.suse.com/1133825 https://bugzilla.suse.com/1133850 https://bugzilla.suse.com/1133851 https://bugzilla.suse.com/1133852 From sle-updates at lists.suse.com Tue May 14 16:51:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 00:51:59 +0200 (CEST) Subject: SUSE-SU-2019:14048-1: important: Security update for microcode_ctl Message-ID: <20190514225159.47FAFFF29@maintenance.suse.de> SUSE Security Update: Security update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14048-1 Rating: important References: #1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for microcode_ctl fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 - CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-microcode_ctl-14048=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-microcode_ctl-14048=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): microcode_ctl-1.17-102.83.36.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): microcode_ctl-1.17-102.83.36.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 From sle-updates at lists.suse.com Tue May 14 16:52:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 00:52:33 +0200 (CEST) Subject: SUSE-SU-2019:1245-1: important: Security update for the Linux Kernel Message-ID: <20190514225233.08F6AFF29@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1245-1 Rating: important References: #1012382 #1020645 #1020989 #1031492 #1047487 #1051510 #1053043 #1062056 #1063638 #1066223 #1070872 #1085539 #1087092 #1094244 #1096480 #1096728 #1097104 #1100132 #1105348 #1106110 #1106913 #1106929 #1111331 #1112178 #1113399 #1114542 #1114638 #1114648 #1114893 #1118338 #1118506 #1119086 #1120902 #1122822 #1125580 #1126356 #1127445 #1129278 #1129326 #1129770 #1130130 #1130343 #1130344 #1130345 #1130346 #1130347 #1130356 #1130425 #1130567 #1130737 #1131107 #1131416 #1131427 #1131587 #1131659 #1131857 #1131900 #1131934 #1131935 #1131980 #1132227 #1132534 #1132589 #1132618 #1132619 #1132634 #1132635 #1132636 #1132637 #1132638 #1132727 #1132828 #1133308 #1133584 #994770 Cross-References: CVE-2018-1000204 CVE-2018-10853 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-15594 CVE-2018-5814 CVE-2019-11091 CVE-2019-3882 CVE-2019-9503 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 65 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.178 to receive various security and bugfixes. Four new speculative execution issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations, utilizing CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security issues fixed: - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728) - CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). - CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed (bnc#1132828). - CVE-2019-3882: A flaw was fixed in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable (bnc#1131416 bnc#1131427). The following non-security bugs were fixed: - 9p/net: fix memory leak in p9_client_create (bnc#1012382). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bnc#1012382). - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi / bus: Only call dmi_check_system() on X86 (git-fixes). - acpi / button: make module loadable when booted in non-ACPI mode (bsc#1051510). - acpi / device_sysfs: Avoid OF modalias creation for removed device (bnc#1012382). - acpi: include ACPI button driver in base kernel (bsc#1062056). - Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net) (bnc#1012382). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bnc#1012382). - alsa: compress: add support for 32bit calls in a 64bit kernel (bnc#1012382). - alsa: compress: prevent potential divide by zero bugs (bnc#1012382). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bnc#1012382). - alsa: hda - Record the current power state before suspend/resume calls (bnc#1012382). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bnc#1012382). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bnc#1012382). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bnc#1012382). - alsa: seq: oss: Fix Spectre v1 vulnerability (bnc#1012382). - applicom: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - arc: fix __ffs return value to avoid build warnings (bnc#1012382). - arc: uacces: remove lp_start, lp_end from clobber list (bnc#1012382). - arcv2: Enable unaligned access in early ASM code (bnc#1012382). - arm64: fix COMPAT_SHMLBA definition for large pages (bnc#1012382). - arm64: Fix NUMA build error when !CONFIG_ACPI (fate#319981, git-fixes). - arm64: Fix NUMA build error when !CONFIG_ACPI (git-fixes). - arm64: hide __efistub_ aliases from kallsyms (bnc#1012382). - arm64: kconfig: drop CONFIG_RTC_LIB dependency (bnc#1012382). - arm64/kernel: fix incorrect EL0 check in inv_entry macro (bnc#1012382). - arm64: mm: Add trace_irqflags annotations to do_debug_exception() (bnc#1012382). - arm64: Relax GIC version check during early boot (bnc#1012382). - arm64: support keyctl() system call in 32-bit mode (bnc#1012382). - arm64: traps: disable irq in die() (bnc#1012382). - arm: 8458/1: bL_switcher: add GIC dependency (bnc#1012382). - arm: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor (bnc#1012382). - arm: 8510/1: rework ARM_CPU_SUSPEND dependencies (bnc#1012382). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bnc#1012382). - arm: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU (bnc#1012382). - arm: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420 (bnc#1012382). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bnc#1012382). - arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bnc#1012382). - arm: pxa: ssp: unneeded to free devm_ allocated data (bnc#1012382). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bnc#1012382). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bnc#1012382). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bnc#1012382). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bnc#1012382). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bnc#1012382). - ASoC: topology: free created components in tplg load error (bnc#1012382). - assoc_array: Fix shortcut creation (bnc#1012382). - ath10k: avoid possible string overflow (bnc#1012382). - ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() (bsc#1087092). - atm: he: fix sign-extension overflow on large shift (bnc#1012382). - autofs: drop dentry reference only when it is never used (bnc#1012382). - autofs: fix error return in autofs_fill_super() (bnc#1012382). - batman-adv: Avoid endless loop in bat-on-bat netdevice check (git-fixes). - batman-adv: Fix lockdep annotation of batadv_tlv_container_remove (git-fixes). - batman-adv: fix uninit-value in batadv_interface_tx() (bnc#1012382). - batman-adv: Only put gw_node list reference when removed (git-fixes). - batman-adv: Only put orig_node_vlan list reference when removed (git-fixes). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bnc#1012382). - bnxt_en: Drop oversize TX packets to prevent errors (bnc#1012382). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (pending fix for bsc#1063638). - btrfs: fix corruption reading shared and compressed extents after hole punching (bnc#1012382). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: raid56: properly unmap parity page in finish_parity_scrub() (bnc#1012382). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: remove WARN_ON in log_dir_items (bnc#1012382). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1129770). - cfg80211: extend range deviation for DMG (bnc#1012382). - cfg80211: size various nl80211 messages correctly (bnc#1012382). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bnc#1012382). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix read after write for files with read caching (bnc#1012382). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bnc#1012382). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bnc#1012382). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bnc#1012382). - cls_bpf: reset class and reuse major in da (git-fixes). - coresight: coresight_unregister() function cleanup (bnc#1012382). - coresight: "DEVICE_ATTR_RO" should defined as static (bnc#1012382). - coresight: etm4x: Check every parameter used by dma_xx_coherent (bnc#1012382). - coresight: fixing lockdep error (bnc#1012382). - coresight: release reference taken by 'bus_find_device()' (bnc#1012382). - coresight: remove csdev's link from topology (bnc#1012382). - coresight: removing bind/unbind options from sysfs (bnc#1012382). - cpufreq: pxa2xx: remove incorrect __init annotation (bnc#1012382). - cpufreq: tegra124: add missing of_node_put() (bnc#1012382). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bnc#1012382). - cpu/hotplug: Handle unbalanced hotplug enable/disable (bnc#1012382). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: ahash - fix another early termination in hash walk (bnc#1012382). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bnc#1012382). - crypto: caam - fixed handling of sg list (bnc#1012382). - crypto: pcbc - remove bogus memcpy()s with src == dest (bnc#1012382). - crypto: qat - remove unused and redundant pointer vf_info (bsc#1085539). - crypto: tgr192 - fix unaligned memory access (bsc#1129770). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1129770). - dccp: do not use ipv6 header for ipv4 flow (bnc#1012382). - disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bnc#1012382). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bnc#1012382). - dmaengine: dmatest: Abort test in case of mapping error (bnc#1012382). - dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit (bnc#1012382). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - dm: fix to_sector() for 32bit (bnc#1012382). - drivers: hv: vmbus: Fix bugs in rescind handling (bsc#1130567). - drivers: hv: vmbus: Fix ring buffer signaling (bsc#1118506). - drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() (bsc#1130567). - drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm/msm: Unblock writer if reader closes file (bnc#1012382). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1106929) - efi: stub: define DISABLE_BRANCH_PROFILING for all architectures (bnc#1012382). - ext2: Fix underflow in ext2_max_size() (bnc#1012382). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bnc#1012382). - ext4: fix data corruption caused by unaligned direct AIO (bnc#1012382). - ext4: fix NULL pointer dereference while journal is aborted (bnc#1012382). - extcon: usb-gpio: Do not miss event during suspend/resume (bnc#1012382). - firmware: dmi: Optimize dmi_matches (git-fixes). - floppy: check_events callback should not return a negative number (git-fixes). - flow_dissector: Check for IP fragmentation even if not using IPv4 address (git-fixes). - fs/9p: use fscache mutex rather than spinlock (bnc#1012382). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bnc#1012382). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - futex: Ensure that futex address is aligned in handle_futex_death() (bnc#1012382). - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (git-fixes). - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bnc#1012382). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bnc#1012382). - gpio: vf610: Mask all GPIO interrupts (bnc#1012382). - gro_cells: make sure device is up in gro_cells_receive() (bnc#1012382). - hid-sensor-hub.c: fix wrong do_div() usage (bnc#1012382). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (bsc#1129770). - hugetlbfs: fix races and page leaks during migration (bnc#1012382). - hv_netvsc: Fix napi reschedule while receive completion is busy (bsc#1118506). - hv_netvsc: fix race in napi poll when rescheduling (bsc#1118506). - hv_netvsc: Fix the return status in RX path (bsc#1118506). - hv_netvsc: use napi_schedule_irqoff (bsc#1118506). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hv: v4.12 API for hyperv-iommu (fate#327171, bsc#1122822). - i2c: cadence: Fix the hold bit setting (bnc#1012382). - i2c: tegra: fix maximum transfer size (bnc#1012382). - ib/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bnc#1012382). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bnc#1012382). - input: matrix_keypad - use flush_delayed_work() (bnc#1012382). - input: st-keyscan - fix potential zalloc NULL dereference (bnc#1012382). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bnc#1012382). - intel_th: Do not reference unassigned outputs (bnc#1012382). - intel_th: gth: Fix an off-by-one in output unassigning (git-fixes). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130345). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130346). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (bsc#1122822). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (fate#327171, bsc#1122822). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130347). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (bnc#1012382). - ip_tunnel: fix ip tunnel lookup in collect_md mode (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (bnc#1012382). - ipvs: Fix signed integer overflow when setsockopt timeout (bnc#1012382). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bnc#1012382). - iscsi_ibft: Fix missing break in switch statement (bnc#1012382). - isdn: avm: Fix string plus integer warning from Clang (bnc#1012382). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bnc#1012382). - isdn: isdn_tty: fix build warning of strncpy (bnc#1012382). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1119086). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bnc#1012382). - jbd2: fix compile warning when using JBUFFER_TRACE (bnc#1012382). - kabi fixup gendisk disk_devt revert (bsc#1020989). - kbuild: setlocalversion: print error to STDERR (bnc#1012382). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bnc#1012382). - keys: allow reaching the keys quotas exactly (bnc#1012382). - keys: always initialize keyring_index_key::desc_len (bnc#1012382). - keys: restrict /proc/keys by credentials at open time (bnc#1012382). - keys: user: Align the payload buffer (bnc#1012382). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132634). - kvm: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 (bnc#1012382). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132635). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bnc#1012382). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bnc#1012382). - kvm: Reject device ioctls from processes other than the VM's creator (bnc#1012382). - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run (bsc#1132636). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1132637). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1132534). - kvm: X86: Fix residual mmio emulation request to userspace (bnc#1012382). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132638). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - leds: lp5523: fix a missing check of return value of lp55xx_read (bnc#1012382). - libertas: call into generic suspend code before turning off power (bsc#1106110). - libertas: fix suspend and resume for SDIO connected cards (bsc#1106110). - lib/int_sqrt: optimize small argument (bnc#1012382). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1131857). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bnc#1012382). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - m68k: Add -ffreestanding to CFLAGS (bnc#1012382). - mac80211: do not initiate TDLS connection if station is not associated to AP (bnc#1012382). - mac80211: fix miscounting of ttl-dropped frames (bnc#1012382). - mac80211: fix "warning: target metric may be used uninitialized" (bnc#1012382). - mac80211_hwsim: propagate genlmsg_reply return code (bnc#1012382). - mac8390: Fix mmio access size probe (bnc#1012382). - md: Fix failed allocation of md_register_thread (bnc#1012382). - mdio_bus: Fix use-after-free on device_register fails (bnc#1012382 git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - media: cx88: Get rid of spurious call to cx8800_start_vbi_dma() (bsc#1100132). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bnc#1012382). - media: uvcvideo: Fix 'type' check leading to overflow (bnc#1012382). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1119086). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bnc#1012382). - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() (bnc#1012382). - media: vivid: potential integer overflow in vidioc_g_edid() (bsc#11001132). - mfd: ab8500-core: Return zero in get_register_interruptible() (bnc#1012382). - mfd: db8500-prcmu: Fix some section annotations (bnc#1012382). - mfd: mc13xxx: Fix a missing check of a register-read failure (bnc#1012382). - mfd: qcom_rpm: write fw_version to CTRL_REG (bnc#1012382). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bnc#1012382). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bnc#1012382). - mfd: wm5110: Add missing ASRC rate register (bnc#1012382). - mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction (bnc#1012382). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bnc#1012382). - missing barriers in some of unix_sock ->addr and ->path accesses (bnc#1012382). - mmc: bcm2835: reset host on timeout (bsc#1070872). - mmc: block: Allow more than 8 partitions per card (bnc#1012382). - mmc: core: fix using wrong io voltage if mmc_select_hs200 fails (bnc#1012382). - mmc: core: shut up "voltage-ranges unspecified" pr_info() (bnc#1012382). - mmc: debugfs: Add a restriction to mmc debugfs clock setting (bnc#1012382). - mmc: make MAN_BKOPS_EN message a debug (bnc#1012382). - mmc: mmc: fix switch timeout issue caused by jiffies precision (bnc#1012382). - mmc: pwrseq_simple: Make reset-gpios optional to match doc (bnc#1012382). - mmc: pxamci: fix enum type confusion (bnc#1012382). - mmc: sanitize 'bus width' in debug output (bnc#1012382). - mmc: spi: Fix card detection during probe (bnc#1012382). - mmc: tmio_mmc_core: do not claim spurious interrupts (bnc#1012382). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm, memory_hotplug: fix off-by-one in is_pageblock_removable (git-fixes). - mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone (bnc#1012382). - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone (bnc#1012382). - mm: move is_pageblock_removable_nolock() to mm/memory_hotplug.c (git-fixes prerequisity). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935) - mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON (bnc#1012382). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bnc#1012382). - move power_up_on_resume flag to end of structure for kABI (bsc#1106110). - mwifiex: pcie: tighten a check in mwifiex_pcie_process_event_ready() (bsc#1100132). - ncpfs: fix build warning of strncpy (bnc#1012382). - net: add description for len argument of dev_get_phys_port_name (git-fixes). - net: Add __icmp_send helper (bnc#1012382). - net: altera_tse: fix connect_local_phy error path (bnc#1012382). - net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case (bnc#1012382). - net: avoid use IPCB in cipso_v4_error (bnc#1012382). - net: diag: support v4mapped sockets in inet_diag_find_one_icsk() (bnc#1012382). - net: do not decrement kobj reference count on init failure (git-fixes). - net: dsa: mv88e6xxx: Fix u64 statistics (bnc#1012382). - net: ena: fix race between link up and device initalization (bsc#1129278). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129278). - netfilter: ipt_CLUSTERIP: fix use-after-free of proc entry (git-fixes). - netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options (bnc#1012382). - netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters (bnc#1012382). - netfilter: nfnetlink_log: just returns error for unknown command (bnc#1012382). - netfilter: nfnetlink: use original skbuff when acking batches (git-fixes). - netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (bnc#1012382). - net: hns: Fix use after free identified by SLUB debug (bnc#1012382). - net: hns: Fix wrong read accesses via Clause 45 MDIO protocol (bnc#1012382). - net: hsr: fix memory leak in hsr_dev_finalize() (bnc#1012382). - net/hsr: fix possible crash in add_timer() (bnc#1012382). - netlabel: fix out-of-bounds memory accesses (bnc#1012382). - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames (bnc#1012382). - net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() (bnc#1012382). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (bnc#1012382). - net/packet: fix 4gb buffer limit due to overflow check (bnc#1012382). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (bnc#1012382). - net: phy: Micrel KSZ8061: link failure after cable connect (bnc#1012382). - net: rose: fix a possible stack overflow (bnc#1012382). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (bnc#1012382). - net: set static variable an initial value in atl2_probe() (bnc#1012382). - net: sit: fix UBSAN Undefined behaviour in check_6rd (bnc#1012382). - net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() (bnc#1012382). - net-sysfs: call dev_hold if kobject_init_and_add success (git-fixes). - net-sysfs: Fix mem leak in netdev_register_kobject (bnc#1012382). - net: systemport: Fix reception of BPDUs (bnc#1012382). - net: tcp_memcontrol: properly detect ancestor socket pressure (git-fixes). - net/x25: fix a race in x25_bind() (bnc#1012382). - net/x25: fix use-after-free in x25_device_event() (bnc#1012382). - net/x25: reset state in x25_connect() (bnc#1012382). - nfc: nci: memory leak in nci_core_conn_create() (git-fixes). - nfs41: pop some layoutget errors to application (bnc#1012382). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix wrong check in write_v4_end_grace() (git-fixes). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs: Fix NULL pointer dereference of dev_name (bnc#1012382). - nfsv4.x: always serialize open/close operations (bsc#1114893). - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES (bnc#1012382). - packets: Always register packet sk in the same order (bnc#1012382). - parport_pc: fix find_superio io compare code, should use equal test (bnc#1012382). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (fate#327171, bsc#1122822). - perf auxtrace: Define auxtrace record alignment (bnc#1012382). - perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks (bnc#1012382). - perf intel-pt: Fix CYC timestamp calculation after OVF (bnc#1012382). - perf intel-pt: Fix overlap calculation for padding (bnc#1012382). - perf intel-pt: Fix TSC slip (bnc#1012382). - perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops (bnc#1012382). - perf symbols: Filter out hidden symbols from labels (bnc#1012382). - perf: Synchronously free aux pages in case of allocation failure (bnc#1012382). - perf tools: Handle TOPOLOGY headers with no CPU (bnc#1012382). - perf/x86/amd: Add event map for AMD Family 17h (bsc#1114648). - phonet: fix building with clang (bnc#1012382). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bnc#1012382). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bnc#1012382). - pm / Hibernate: Call flush_icache_range() on pages restored in-place (bnc#1012382). - pm / wakeup: Rework wakeup source timer cancellation (bnc#1012382). - powerpc/32: Clear on-stack exception marker upon exception return (bnc#1012382). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/83xx: Also save/restore SPRG4-7 during suspend (bnc#1012382). - powerpc: Always initialize input array when calling epapr_hypercall() (bnc#1012382). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1053043, git-fixes). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1066223). - powerpc/powernv: Make opal log only readable by root (bnc#1012382). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/tm: Add commandline option to disable hardware transactional memory (bsc#1118338). - powerpc/tm: Add TM Unavailable Exception (bsc#1118338). - powerpc/tm: Flip the HTM switch default to disabled (bsc#1125580). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - powerpc/wii: properly disable use of BATs when requested (bnc#1012382). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (bnc#1012382). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (bnc#1012382). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (bnc#1012382). - rdma/core: Do not expose unsupported counters (bsc#994770). - rdma/srp: Rework SCSI device reset handling (bnc#1012382). - Refresh patches.fixes/0001-net-mlx4-Fix-endianness-issue-in-qp-context-params.patch . (bsc#1132619) - regulator: s2mpa01: Fix step values for some LDOs (bnc#1012382). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bnc#1012382). - Revert "bridge: do not add port to router list when receives query with source 0.0.0.0" (bnc#1012382). - Revert "mmc: block: do not use parameter prefix if built as module" (bnc#1012382). - Revert "scsi, block: fix duplicate bdi name registration crashes" (bsc#1020989). - Revert "USB: core: only clean up what we allocated" (bnc#1012382). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (bnc#1012382). - rsi: fix a dereference on adapter before it has been null checked (bsc#1085539). - rtc: Fix overflow when converting time64_t to rtc_time (bnc#1012382). - rtl8xxxu: Fix missing break in switch (bsc#1120902). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/dasd: fix using offset into zero size array error (bnc#1012382). - s390: Prevent hotplug rwsem recursion (bsc#1131980). - s390/qeth: fix use-after-free in error path (bnc#1012382). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - s390/virtio: handle find on invalid queue gracefully (bnc#1012382). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (bnc#1012382). - scsi: isci: initialize shost fully before calling scsi_add_host() (bnc#1012382). - scsi: libfc: free skb when receiving invalid flogi resp (bnc#1012382). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bnc#1012382). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (bnc#1012382). - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param (bnc#1012382). - scsi: sd: Fix a race between closing an sd device and sd I/O (bnc#1012382). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (fate#323887). - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes (). - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes (fate#323887). - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock (bnc#1012382). - scsi: virtio_scsi: do not send sc payload with tmfs (bnc#1012382). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bnc#1012382). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bnc#1012382). - sctp: fix the transports round robin issue when init is retransmitted (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (bnc#1012382). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bnc#1012382). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bnc#1012382). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bnc#1012382). - serial: max310x: Fix to avoid potential NULL pointer dereference (bnc#1012382). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bnc#1012382). - serial: sprd: adjust TIMEOUT to a big value (bnc#1012382). - serial: sprd: clear timeout interrupt only rather than all interrupts (bnc#1012382). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (bnc#1012382). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bnc#1012382). - sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names (bnc#1012382). - staging: ashmem: Add missing include (bnc#1012382). - staging: ashmem: Avoid deadlock with mmap/shrink (bnc#1012382). - staging: goldfish: audio: fix compiliation on arm (bnc#1012382). - staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT (bnc#1012382). - staging: lustre: fix buffer overflow of string buffer (bnc#1012382). - staging: rtl8188eu: avoid a null dereference on pmlmepriv (bsc#1085539). - staging: vt6655: Fix interrupt race condition on device start up (bnc#1012382). - staging: vt6655: Remove vif check from vnt_interrupt (bnc#1012382). - stm class: Do not leak the chrdev in error path (bnc#1012382). - stm class: Fix an endless loop in channel allocation (bnc#1012382). - stm class: Fix a race in unlinking (bnc#1012382). - stm class: Fix link list locking (bnc#1012382). - stm class: Fix locking in unbinding policy path (bnc#1012382). - stm class: Fix stm device initialization order (bnc#1012382). - stm class: Fix unbalanced module/device refcounting (bnc#1012382). - stm class: Fix unlocking braino in the error path (bnc#1012382). - stm class: Guard output assignment against concurrency (bnc#1012382). - stm class: Hide STM-specific options if STM is disabled (bnc#1012382). - stm class: Prevent division by zero (bnc#1012382). - stm class: Prevent user-controllable allocations (bnc#1012382). - stm class: Support devices with multiple instances (bnc#1012382). - stmmac: copy unicast mac address to MAC registers (bnc#1012382). - stop_machine: Provide stop_machine_cpuslocked() (bsc#1131980). - sunrpc: do not mark uninitialised items as VALID (bsc#1130737). - sunrpc: init xdr_stream for zero iov_len, page_len (bsc#11303356). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132727). - svm: Fix AVIC DFR and LDR handling (bsc#1130343). - svm: Fix improper check when deactivate AVIC (bsc#1130344). - tcp/dccp: drop SYN packets if accept queue is full (bnc#1012382). - tcp/dccp: remove reqsk_put() from inet_child_forget() (git-fixes). - tcp: do not use ipv6 header for ipv4 flow (bnc#1012382). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bnc#1012382). - time: Introduce jiffies64_to_nsecs() (bsc#1113399). - tmpfs: fix link accounting when a tmpfile is linked in (bnc#1012382). - tmpfs: fix uninitialized return value in shmem_link (bnc#1012382). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1020645). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1020645, git-fixes). - tpm: tpm-interface.c drop unused macros (bsc#1020645). - tty: atmel_serial: fix a potential NULL pointer dereference (bnc#1012382). - udf: Fix crash on IO error during truncate (bnc#1012382). - Update patches.fixes/SUNRPC-init-xdr_stream-for-zero-iov_len-page_len.patch (bsc#1130356). - usb: core: only clean up what we allocated (bnc#1012382). - usb: dwc2: Fix DMA alignment to start at allocated boundary (bsc#1100132). - usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub (bsc#1100132). - usb: dwc3: gadget: Fix suspend/resume during device mode (bnc#1012382). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bnc#1012382). - usb: gadget: Add the gserial port checking in gs_start_tx() (bnc#1012382). - usb: gadget: composite: fix dereference after null check coverify warning (bnc#1012382). - usb: gadget: configfs: add mutex lock before unregister gadget (bnc#1012382). - usb: gadget: Potential NULL dereference on allocation error (bnc#1012382). - usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG (bnc#1012382). - usb: renesas_usbhs: gadget: fix unused-but-set-variable warning (bnc#1012382). - usb: serial: cp210x: add ID for Ingenico 3070 (bnc#1012382). - usb: serial: cp210x: add new device id (bnc#1012382). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1119086). - usb: serial: ftdi_sio: add additional NovaTech products (bnc#1012382). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bnc#1012382). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bnc#1012382). - usb: serial: option: add Telit ME910 ECM composition (bnc#1012382). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - video: fbdev: Set pixclock = 0 in goldfishfb (bnc#1012382). - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel (bnc#1012382). - vxlan: Do not call gro_cells_destroy() before device is unregistered (bnc#1012382). - vxlan: Fix GRO cells race condition between receive and link delete (bnc#1012382). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (bnc#1012382). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1120902). - x86_64: increase stack size for KASAN_EXTRA (bnc#1012382). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/apic: Provide apic_ack_irq() (fate#327171, bsc#1122822). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bnc#1012382). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (fate#327171, bsc#1122822). - x86/kexec: Do not setup EFI info if EFI runtime is not enabled (bnc#1012382). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114648). - x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y (bnc#1012382). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114648). - x86/vdso: Add VCLOCK_HVCLOCK vDSO clock read method (bsc#1133308). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (bnc#1012382). - xfrm_user: fix info leak in build_aevent() (git-fixes). - xfrm_user: fix info leak in xfrm_notify_sa() (git-fixes). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1047487). - xhci: Fix port resume done detection for SS ports with LPM enabled (bnc#1012382). - xtensa: SMP: fix ccount_timer_shutdown (bnc#1012382). - xtensa: SMP: fix secondary CPU initialization (bnc#1012382). - xtensa: SMP: limit number of possible CPUs by NR_CPUS (bnc#1012382). - xtensa: smp_lx200_defconfig: fix vectors clash (bnc#1012382). - xtensa: SMP: mark each possible CPU as present (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1245=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1245=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1245=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1245=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1245=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.178-94.91.2 kernel-default-debugsource-4.4.178-94.91.2 kernel-default-extra-4.4.178-94.91.2 kernel-default-extra-debuginfo-4.4.178-94.91.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.178-94.91.1 kernel-obs-build-debugsource-4.4.178-94.91.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.178-94.91.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.178-94.91.2 kernel-default-base-4.4.178-94.91.2 kernel-default-base-debuginfo-4.4.178-94.91.2 kernel-default-debuginfo-4.4.178-94.91.2 kernel-default-debugsource-4.4.178-94.91.2 kernel-default-devel-4.4.178-94.91.2 kernel-syms-4.4.178-94.91.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.178-94.91.1 kernel-macros-4.4.178-94.91.1 kernel-source-4.4.178-94.91.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.178-94.91.2 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.178-94.91.2 cluster-md-kmp-default-debuginfo-4.4.178-94.91.2 dlm-kmp-default-4.4.178-94.91.2 dlm-kmp-default-debuginfo-4.4.178-94.91.2 gfs2-kmp-default-4.4.178-94.91.2 gfs2-kmp-default-debuginfo-4.4.178-94.91.2 kernel-default-debuginfo-4.4.178-94.91.2 kernel-default-debugsource-4.4.178-94.91.2 ocfs2-kmp-default-4.4.178-94.91.2 ocfs2-kmp-default-debuginfo-4.4.178-94.91.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.178-94.91.1 kernel-macros-4.4.178-94.91.1 kernel-source-4.4.178-94.91.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.178-94.91.2 kernel-default-debuginfo-4.4.178-94.91.2 kernel-default-debugsource-4.4.178-94.91.2 kernel-default-devel-4.4.178-94.91.2 kernel-default-extra-4.4.178-94.91.2 kernel-default-extra-debuginfo-4.4.178-94.91.2 kernel-syms-4.4.178-94.91.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.178-94.91.2 kernel-default-debuginfo-4.4.178-94.91.2 kernel-default-debugsource-4.4.178-94.91.2 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.178-94.91.2 kernel-default-debuginfo-4.4.178-94.91.2 kernel-default-debugsource-4.4.178-94.91.2 References: https://www.suse.com/security/cve/CVE-2018-1000204.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-15594.html https://www.suse.com/security/cve/CVE-2018-5814.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-3882.html https://www.suse.com/security/cve/CVE-2019-9503.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1020989 https://bugzilla.suse.com/1031492 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1062056 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1070872 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1096480 https://bugzilla.suse.com/1096728 https://bugzilla.suse.com/1097104 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1105348 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113399 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1114638 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1118338 https://bugzilla.suse.com/1118506 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122822 https://bugzilla.suse.com/1125580 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1127445 https://bugzilla.suse.com/1129278 https://bugzilla.suse.com/1129326 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130130 https://bugzilla.suse.com/1130343 https://bugzilla.suse.com/1130344 https://bugzilla.suse.com/1130345 https://bugzilla.suse.com/1130346 https://bugzilla.suse.com/1130347 https://bugzilla.suse.com/1130356 https://bugzilla.suse.com/1130425 https://bugzilla.suse.com/1130567 https://bugzilla.suse.com/1130737 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131416 https://bugzilla.suse.com/1131427 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1131659 https://bugzilla.suse.com/1131857 https://bugzilla.suse.com/1131900 https://bugzilla.suse.com/1131934 https://bugzilla.suse.com/1131935 https://bugzilla.suse.com/1131980 https://bugzilla.suse.com/1132227 https://bugzilla.suse.com/1132534 https://bugzilla.suse.com/1132589 https://bugzilla.suse.com/1132618 https://bugzilla.suse.com/1132619 https://bugzilla.suse.com/1132634 https://bugzilla.suse.com/1132635 https://bugzilla.suse.com/1132636 https://bugzilla.suse.com/1132637 https://bugzilla.suse.com/1132638 https://bugzilla.suse.com/1132727 https://bugzilla.suse.com/1132828 https://bugzilla.suse.com/1133308 https://bugzilla.suse.com/1133584 https://bugzilla.suse.com/994770 From sle-updates at lists.suse.com Tue May 14 19:08:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 03:08:47 +0200 (CEST) Subject: SUSE-SU-2019:1241-1: important: Security update for the Linux Kernel Message-ID: <20190515010847.DADE5FF27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1241-1 Rating: important References: #1050549 #1051510 #1052904 #1053043 #1055117 #1055121 #1055186 #1061840 #1065600 #1065729 #1070872 #1082555 #1083647 #1085535 #1085536 #1088804 #1094244 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1100132 #1103186 #1103259 #1108193 #1108937 #1111331 #1112128 #1112178 #1113399 #1113722 #1114279 #1114542 #1114638 #1119086 #1119680 #1120318 #1120902 #1122767 #1123105 #1125342 #1126221 #1126356 #1126704 #1126740 #1127175 #1127371 #1127372 #1127374 #1127378 #1127445 #1128415 #1128544 #1129273 #1129276 #1129770 #1130130 #1130154 #1130195 #1130335 #1130336 #1130337 #1130338 #1130425 #1130427 #1130518 #1130527 #1130567 #1130579 #1131062 #1131107 #1131167 #1131168 #1131169 #1131170 #1131171 #1131172 #1131173 #1131174 #1131175 #1131176 #1131177 #1131178 #1131179 #1131180 #1131290 #1131326 #1131335 #1131336 #1131416 #1131427 #1131442 #1131467 #1131574 #1131587 #1131659 #1131673 #1131847 #1131848 #1131851 #1131900 #1131934 #1131935 #1132083 #1132219 #1132226 #1132227 #1132365 #1132368 #1132369 #1132370 #1132372 #1132373 #1132384 #1132397 #1132402 #1132403 #1132404 #1132405 #1132407 #1132411 #1132412 #1132413 #1132414 #1132426 #1132527 #1132531 #1132555 #1132558 #1132561 #1132562 #1132563 #1132564 #1132570 #1132571 #1132572 #1132589 #1132618 #1132681 #1132726 #1132828 #1132943 #1133005 #1133094 #1133095 #1133115 #1133149 #1133486 #1133529 #1133584 #1133667 #1133668 #1133672 #1133674 #1133675 #1133698 #1133702 #1133731 #1133769 #1133772 #1133774 #1133778 #1133779 #1133780 #1133825 #1133850 #1133851 #1133852 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 161 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop (bnc#1126704). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426). - ACPI / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835 MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after "md: batch flush requests." (bsc#1119680). - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kABI: restore icmp_send (kabi). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kabi/severities: add libcxgb to cxgb intra module symbols as well - kabi/severities: exclude cxgb4 inter-module symbols - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from to a new file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pM / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - ras/cec: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - Revert drm/i915 patches that caused regressions (bsc#1131062) - Revert "ipv4: keep skb->dst around in presence of IP options" (git-fixes). - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - rpm/config.sh: Fix build project and bugzilla product. - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1241=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_16-default-1-6.3.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-16880.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-3882.html https://www.suse.com/security/cve/CVE-2019-9003.html https://www.suse.com/security/cve/CVE-2019-9500.html https://www.suse.com/security/cve/CVE-2019-9503.html https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1052904 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1070872 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1088804 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1103186 https://bugzilla.suse.com/1103259 https://bugzilla.suse.com/1108193 https://bugzilla.suse.com/1108937 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113399 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1114638 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1120318 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122767 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1125342 https://bugzilla.suse.com/1126221 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1126704 https://bugzilla.suse.com/1126740 https://bugzilla.suse.com/1127175 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1127372 https://bugzilla.suse.com/1127374 https://bugzilla.suse.com/1127378 https://bugzilla.suse.com/1127445 https://bugzilla.suse.com/1128415 https://bugzilla.suse.com/1128544 https://bugzilla.suse.com/1129273 https://bugzilla.suse.com/1129276 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130130 https://bugzilla.suse.com/1130154 https://bugzilla.suse.com/1130195 https://bugzilla.suse.com/1130335 https://bugzilla.suse.com/1130336 https://bugzilla.suse.com/1130337 https://bugzilla.suse.com/1130338 https://bugzilla.suse.com/1130425 https://bugzilla.suse.com/1130427 https://bugzilla.suse.com/1130518 https://bugzilla.suse.com/1130527 https://bugzilla.suse.com/1130567 https://bugzilla.suse.com/1130579 https://bugzilla.suse.com/1131062 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131167 https://bugzilla.suse.com/1131168 https://bugzilla.suse.com/1131169 https://bugzilla.suse.com/1131170 https://bugzilla.suse.com/1131171 https://bugzilla.suse.com/1131172 https://bugzilla.suse.com/1131173 https://bugzilla.suse.com/1131174 https://bugzilla.suse.com/1131175 https://bugzilla.suse.com/1131176 https://bugzilla.suse.com/1131177 https://bugzilla.suse.com/1131178 https://bugzilla.suse.com/1131179 https://bugzilla.suse.com/1131180 https://bugzilla.suse.com/1131290 https://bugzilla.suse.com/1131326 https://bugzilla.suse.com/1131335 https://bugzilla.suse.com/1131336 https://bugzilla.suse.com/1131416 https://bugzilla.suse.com/1131427 https://bugzilla.suse.com/1131442 https://bugzilla.suse.com/1131467 https://bugzilla.suse.com/1131574 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1131659 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1131847 https://bugzilla.suse.com/1131848 https://bugzilla.suse.com/1131851 https://bugzilla.suse.com/1131900 https://bugzilla.suse.com/1131934 https://bugzilla.suse.com/1131935 https://bugzilla.suse.com/1132083 https://bugzilla.suse.com/1132219 https://bugzilla.suse.com/1132226 https://bugzilla.suse.com/1132227 https://bugzilla.suse.com/1132365 https://bugzilla.suse.com/1132368 https://bugzilla.suse.com/1132369 https://bugzilla.suse.com/1132370 https://bugzilla.suse.com/1132372 https://bugzilla.suse.com/1132373 https://bugzilla.suse.com/1132384 https://bugzilla.suse.com/1132397 https://bugzilla.suse.com/1132402 https://bugzilla.suse.com/1132403 https://bugzilla.suse.com/1132404 https://bugzilla.suse.com/1132405 https://bugzilla.suse.com/1132407 https://bugzilla.suse.com/1132411 https://bugzilla.suse.com/1132412 https://bugzilla.suse.com/1132413 https://bugzilla.suse.com/1132414 https://bugzilla.suse.com/1132426 https://bugzilla.suse.com/1132527 https://bugzilla.suse.com/1132531 https://bugzilla.suse.com/1132555 https://bugzilla.suse.com/1132558 https://bugzilla.suse.com/1132561 https://bugzilla.suse.com/1132562 https://bugzilla.suse.com/1132563 https://bugzilla.suse.com/1132564 https://bugzilla.suse.com/1132570 https://bugzilla.suse.com/1132571 https://bugzilla.suse.com/1132572 https://bugzilla.suse.com/1132589 https://bugzilla.suse.com/1132618 https://bugzilla.suse.com/1132681 https://bugzilla.suse.com/1132726 https://bugzilla.suse.com/1132828 https://bugzilla.suse.com/1132943 https://bugzilla.suse.com/1133005 https://bugzilla.suse.com/1133094 https://bugzilla.suse.com/1133095 https://bugzilla.suse.com/1133115 https://bugzilla.suse.com/1133149 https://bugzilla.suse.com/1133486 https://bugzilla.suse.com/1133529 https://bugzilla.suse.com/1133584 https://bugzilla.suse.com/1133667 https://bugzilla.suse.com/1133668 https://bugzilla.suse.com/1133672 https://bugzilla.suse.com/1133674 https://bugzilla.suse.com/1133675 https://bugzilla.suse.com/1133698 https://bugzilla.suse.com/1133702 https://bugzilla.suse.com/1133731 https://bugzilla.suse.com/1133769 https://bugzilla.suse.com/1133772 https://bugzilla.suse.com/1133774 https://bugzilla.suse.com/1133778 https://bugzilla.suse.com/1133779 https://bugzilla.suse.com/1133780 https://bugzilla.suse.com/1133825 https://bugzilla.suse.com/1133850 https://bugzilla.suse.com/1133851 https://bugzilla.suse.com/1133852 From sle-updates at lists.suse.com Tue May 14 19:11:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 03:11:51 +0200 (CEST) Subject: SUSE-SU-2019:1244-1: important: Security update for the Linux Kernel Message-ID: <20190515011151.4D4A2FF29@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1244-1 Rating: important References: #1050549 #1051510 #1052904 #1053043 #1055117 #1055121 #1061840 #1065600 #1065729 #1070872 #1082555 #1083647 #1085535 #1085536 #1088804 #1094244 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1100132 #1103259 #1111331 #1112128 #1112178 #1113399 #1113722 #1114279 #1114542 #1114638 #1119086 #1119680 #1120318 #1120902 #1122767 #1123105 #1125342 #1126221 #1126356 #1126704 #1126740 #1127175 #1127371 #1127372 #1127374 #1127378 #1127445 #1128415 #1128544 #1129276 #1129770 #1130130 #1130154 #1130195 #1130335 #1130336 #1130337 #1130338 #1130425 #1130427 #1130518 #1130527 #1130567 #1131062 #1131107 #1131167 #1131168 #1131169 #1131170 #1131171 #1131172 #1131173 #1131174 #1131175 #1131176 #1131177 #1131178 #1131179 #1131180 #1131290 #1131335 #1131336 #1131416 #1131427 #1131442 #1131467 #1131574 #1131587 #1131659 #1131673 #1131847 #1131848 #1131851 #1131900 #1131934 #1131935 #1132083 #1132219 #1132226 #1132227 #1132365 #1132368 #1132369 #1132370 #1132372 #1132373 #1132384 #1132397 #1132402 #1132403 #1132404 #1132405 #1132407 #1132411 #1132412 #1132413 #1132414 #1132426 #1132527 #1132531 #1132555 #1132558 #1132561 #1132562 #1132563 #1132564 #1132570 #1132571 #1132572 #1132589 #1132618 #1132681 #1132726 #1132828 #1132943 #1133005 #1133094 #1133095 #1133115 #1133149 #1133486 #1133529 #1133584 #1133667 #1133668 #1133672 #1133674 #1133675 #1133698 #1133702 #1133731 #1133769 #1133772 #1133774 #1133778 #1133779 #1133780 #1133825 #1133850 #1133851 #1133852 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 154 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security issues were fixed: - CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop (bnc#1126704). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1132426). - acpi / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835 MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - Drop "PCI: designware-ep: Read-only registers need DBI_RO_WR_EN to" - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after "md: batch flush requests." (bsc#1119680). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from to a new file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - NFC: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pm / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - RAS/CEC: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - Revert drm/i915 patches that caused regressions (bsc#1131062) - Revert "ipv4: keep skb->dst around in presence of IP options" (git-fixes). - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (networking-stable-19_03_15). - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - soc: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318) - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1244=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1244=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1244=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-1244=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1244=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1244=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1244=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-150.17.1 kernel-default-debugsource-4.12.14-150.17.1 kernel-default-extra-4.12.14-150.17.1 kernel-default-extra-debuginfo-4.12.14-150.17.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-150.17.1 kernel-default-base-debuginfo-4.12.14-150.17.1 kernel-default-debuginfo-4.12.14-150.17.1 kernel-default-debugsource-4.12.14-150.17.1 kernel-obs-qa-4.12.14-150.17.1 kselftests-kmp-default-4.12.14-150.17.1 kselftests-kmp-default-debuginfo-4.12.14-150.17.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-150.17.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.17.1 kernel-default-debugsource-4.12.14-150.17.1 kernel-default-livepatch-4.12.14-150.17.1 kernel-livepatch-4_12_14-150_17-default-1-1.3.1 kernel-livepatch-4_12_14-150_17-default-debuginfo-1-1.3.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-150.17.1 kernel-default-debugsource-4.12.14-150.17.1 reiserfs-kmp-default-4.12.14-150.17.1 reiserfs-kmp-default-debuginfo-4.12.14-150.17.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-150.17.1 kernel-obs-build-debugsource-4.12.14-150.17.1 kernel-syms-4.12.14-150.17.1 kernel-vanilla-base-4.12.14-150.17.1 kernel-vanilla-base-debuginfo-4.12.14-150.17.1 kernel-vanilla-debuginfo-4.12.14-150.17.1 kernel-vanilla-debugsource-4.12.14-150.17.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-150.17.1 kernel-source-4.12.14-150.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150.17.1 kernel-default-base-4.12.14-150.17.1 kernel-default-debuginfo-4.12.14-150.17.1 kernel-default-debugsource-4.12.14-150.17.1 kernel-default-devel-4.12.14-150.17.1 kernel-default-devel-debuginfo-4.12.14-150.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-150.17.1 kernel-macros-4.12.14-150.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-150.17.1 kernel-zfcpdump-4.12.14-150.17.1 kernel-zfcpdump-debuginfo-4.12.14-150.17.1 kernel-zfcpdump-debugsource-4.12.14-150.17.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.17.1 cluster-md-kmp-default-debuginfo-4.12.14-150.17.1 dlm-kmp-default-4.12.14-150.17.1 dlm-kmp-default-debuginfo-4.12.14-150.17.1 gfs2-kmp-default-4.12.14-150.17.1 gfs2-kmp-default-debuginfo-4.12.14-150.17.1 kernel-default-debuginfo-4.12.14-150.17.1 kernel-default-debugsource-4.12.14-150.17.1 ocfs2-kmp-default-4.12.14-150.17.1 ocfs2-kmp-default-debuginfo-4.12.14-150.17.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-16880.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-3882.html https://www.suse.com/security/cve/CVE-2019-9003.html https://www.suse.com/security/cve/CVE-2019-9500.html https://www.suse.com/security/cve/CVE-2019-9503.html https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1052904 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1070872 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1088804 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1103259 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113399 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1114638 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1120318 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122767 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1125342 https://bugzilla.suse.com/1126221 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1126704 https://bugzilla.suse.com/1126740 https://bugzilla.suse.com/1127175 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1127372 https://bugzilla.suse.com/1127374 https://bugzilla.suse.com/1127378 https://bugzilla.suse.com/1127445 https://bugzilla.suse.com/1128415 https://bugzilla.suse.com/1128544 https://bugzilla.suse.com/1129276 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130130 https://bugzilla.suse.com/1130154 https://bugzilla.suse.com/1130195 https://bugzilla.suse.com/1130335 https://bugzilla.suse.com/1130336 https://bugzilla.suse.com/1130337 https://bugzilla.suse.com/1130338 https://bugzilla.suse.com/1130425 https://bugzilla.suse.com/1130427 https://bugzilla.suse.com/1130518 https://bugzilla.suse.com/1130527 https://bugzilla.suse.com/1130567 https://bugzilla.suse.com/1131062 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131167 https://bugzilla.suse.com/1131168 https://bugzilla.suse.com/1131169 https://bugzilla.suse.com/1131170 https://bugzilla.suse.com/1131171 https://bugzilla.suse.com/1131172 https://bugzilla.suse.com/1131173 https://bugzilla.suse.com/1131174 https://bugzilla.suse.com/1131175 https://bugzilla.suse.com/1131176 https://bugzilla.suse.com/1131177 https://bugzilla.suse.com/1131178 https://bugzilla.suse.com/1131179 https://bugzilla.suse.com/1131180 https://bugzilla.suse.com/1131290 https://bugzilla.suse.com/1131335 https://bugzilla.suse.com/1131336 https://bugzilla.suse.com/1131416 https://bugzilla.suse.com/1131427 https://bugzilla.suse.com/1131442 https://bugzilla.suse.com/1131467 https://bugzilla.suse.com/1131574 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1131659 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1131847 https://bugzilla.suse.com/1131848 https://bugzilla.suse.com/1131851 https://bugzilla.suse.com/1131900 https://bugzilla.suse.com/1131934 https://bugzilla.suse.com/1131935 https://bugzilla.suse.com/1132083 https://bugzilla.suse.com/1132219 https://bugzilla.suse.com/1132226 https://bugzilla.suse.com/1132227 https://bugzilla.suse.com/1132365 https://bugzilla.suse.com/1132368 https://bugzilla.suse.com/1132369 https://bugzilla.suse.com/1132370 https://bugzilla.suse.com/1132372 https://bugzilla.suse.com/1132373 https://bugzilla.suse.com/1132384 https://bugzilla.suse.com/1132397 https://bugzilla.suse.com/1132402 https://bugzilla.suse.com/1132403 https://bugzilla.suse.com/1132404 https://bugzilla.suse.com/1132405 https://bugzilla.suse.com/1132407 https://bugzilla.suse.com/1132411 https://bugzilla.suse.com/1132412 https://bugzilla.suse.com/1132413 https://bugzilla.suse.com/1132414 https://bugzilla.suse.com/1132426 https://bugzilla.suse.com/1132527 https://bugzilla.suse.com/1132531 https://bugzilla.suse.com/1132555 https://bugzilla.suse.com/1132558 https://bugzilla.suse.com/1132561 https://bugzilla.suse.com/1132562 https://bugzilla.suse.com/1132563 https://bugzilla.suse.com/1132564 https://bugzilla.suse.com/1132570 https://bugzilla.suse.com/1132571 https://bugzilla.suse.com/1132572 https://bugzilla.suse.com/1132589 https://bugzilla.suse.com/1132618 https://bugzilla.suse.com/1132681 https://bugzilla.suse.com/1132726 https://bugzilla.suse.com/1132828 https://bugzilla.suse.com/1132943 https://bugzilla.suse.com/1133005 https://bugzilla.suse.com/1133094 https://bugzilla.suse.com/1133095 https://bugzilla.suse.com/1133115 https://bugzilla.suse.com/1133149 https://bugzilla.suse.com/1133486 https://bugzilla.suse.com/1133529 https://bugzilla.suse.com/1133584 https://bugzilla.suse.com/1133667 https://bugzilla.suse.com/1133668 https://bugzilla.suse.com/1133672 https://bugzilla.suse.com/1133674 https://bugzilla.suse.com/1133675 https://bugzilla.suse.com/1133698 https://bugzilla.suse.com/1133702 https://bugzilla.suse.com/1133731 https://bugzilla.suse.com/1133769 https://bugzilla.suse.com/1133772 https://bugzilla.suse.com/1133774 https://bugzilla.suse.com/1133778 https://bugzilla.suse.com/1133779 https://bugzilla.suse.com/1133780 https://bugzilla.suse.com/1133825 https://bugzilla.suse.com/1133850 https://bugzilla.suse.com/1133851 https://bugzilla.suse.com/1133852 From sle-updates at lists.suse.com Tue May 14 19:22:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 03:22:00 +0200 (CEST) Subject: SUSE-SU-2019:1235-1: important: Security update for ucode-intel Message-ID: <20190515012200.AAC75FF29@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1235-1 Rating: important References: #1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1235=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1235=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1235=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1235=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1235=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1235=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1235=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1235=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1235=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1235=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1235=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1235=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (x86_64): ucode-intel-20190507-13.41.1 ucode-intel-debuginfo-20190507-13.41.1 ucode-intel-debugsource-20190507-13.41.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): ucode-intel-20190507-13.41.1 ucode-intel-debuginfo-20190507-13.41.1 ucode-intel-debugsource-20190507-13.41.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20190507-13.41.1 ucode-intel-debuginfo-20190507-13.41.1 ucode-intel-debugsource-20190507-13.41.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): ucode-intel-20190507-13.41.1 ucode-intel-debuginfo-20190507-13.41.1 ucode-intel-debugsource-20190507-13.41.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): ucode-intel-20190507-13.41.1 ucode-intel-debuginfo-20190507-13.41.1 ucode-intel-debugsource-20190507-13.41.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): ucode-intel-20190507-13.41.1 ucode-intel-debuginfo-20190507-13.41.1 ucode-intel-debugsource-20190507-13.41.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20190507-13.41.1 ucode-intel-debuginfo-20190507-13.41.1 ucode-intel-debugsource-20190507-13.41.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20190507-13.41.1 ucode-intel-debuginfo-20190507-13.41.1 ucode-intel-debugsource-20190507-13.41.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): ucode-intel-20190507-13.41.1 ucode-intel-debuginfo-20190507-13.41.1 ucode-intel-debugsource-20190507-13.41.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ucode-intel-20190507-13.41.1 ucode-intel-debuginfo-20190507-13.41.1 ucode-intel-debugsource-20190507-13.41.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ucode-intel-20190507-13.41.1 ucode-intel-debuginfo-20190507-13.41.1 ucode-intel-debugsource-20190507-13.41.1 - SUSE Enterprise Storage 4 (x86_64): ucode-intel-20190507-13.41.1 ucode-intel-debuginfo-20190507-13.41.1 ucode-intel-debugsource-20190507-13.41.1 - SUSE CaaS Platform 3.0 (x86_64): ucode-intel-20190507-13.41.1 ucode-intel-debuginfo-20190507-13.41.1 ucode-intel-debugsource-20190507-13.41.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 From sle-updates at lists.suse.com Tue May 14 19:22:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 03:22:38 +0200 (CEST) Subject: SUSE-SU-2019:1241-1: important: Security update for the Linux Kernel Message-ID: <20190515012238.60C3FFF29@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1241-1 Rating: important References: #1050549 #1051510 #1052904 #1053043 #1055117 #1055121 #1055186 #1061840 #1065600 #1065729 #1070872 #1082555 #1083647 #1085535 #1085536 #1088804 #1094244 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1100132 #1103186 #1103259 #1108193 #1108937 #1111331 #1112128 #1112178 #1113399 #1113722 #1114279 #1114542 #1114638 #1119086 #1119680 #1120318 #1120902 #1122767 #1123105 #1125342 #1126221 #1126356 #1126704 #1126740 #1127175 #1127371 #1127372 #1127374 #1127378 #1127445 #1128415 #1128544 #1129273 #1129276 #1129770 #1130130 #1130154 #1130195 #1130335 #1130336 #1130337 #1130338 #1130425 #1130427 #1130518 #1130527 #1130567 #1130579 #1131062 #1131107 #1131167 #1131168 #1131169 #1131170 #1131171 #1131172 #1131173 #1131174 #1131175 #1131176 #1131177 #1131178 #1131179 #1131180 #1131290 #1131326 #1131335 #1131336 #1131416 #1131427 #1131442 #1131467 #1131574 #1131587 #1131659 #1131673 #1131847 #1131848 #1131851 #1131900 #1131934 #1131935 #1132083 #1132219 #1132226 #1132227 #1132365 #1132368 #1132369 #1132370 #1132372 #1132373 #1132384 #1132397 #1132402 #1132403 #1132404 #1132405 #1132407 #1132411 #1132412 #1132413 #1132414 #1132426 #1132527 #1132531 #1132555 #1132558 #1132561 #1132562 #1132563 #1132564 #1132570 #1132571 #1132572 #1132589 #1132618 #1132681 #1132726 #1132828 #1132943 #1133005 #1133094 #1133095 #1133115 #1133149 #1133486 #1133529 #1133584 #1133667 #1133668 #1133672 #1133674 #1133675 #1133698 #1133702 #1133731 #1133769 #1133772 #1133774 #1133778 #1133779 #1133780 #1133825 #1133850 #1133851 #1133852 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 161 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop (bnc#1126704). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426). - ACPI / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835 MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after "md: batch flush requests." (bsc#1119680). - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kABI: restore icmp_send (kabi). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kabi/severities: add libcxgb to cxgb intra module symbols as well - kabi/severities: exclude cxgb4 inter-module symbols - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from to a new file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pM / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - ras/cec: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - Revert drm/i915 patches that caused regressions (bsc#1131062) - Revert "ipv4: keep skb->dst around in presence of IP options" (git-fixes). - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - rpm/config.sh: Fix build project and bugzilla product. - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1241=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1241=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1241=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1241=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1241=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1241=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.16.1 kernel-default-debugsource-4.12.14-95.16.1 kernel-default-extra-4.12.14-95.16.1 kernel-default-extra-debuginfo-4.12.14-95.16.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.16.1 kernel-obs-build-debugsource-4.12.14-95.16.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.16.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.16.1 kernel-default-base-4.12.14-95.16.1 kernel-default-base-debuginfo-4.12.14-95.16.1 kernel-default-debuginfo-4.12.14-95.16.1 kernel-default-debugsource-4.12.14-95.16.1 kernel-default-devel-4.12.14-95.16.1 kernel-syms-4.12.14-95.16.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.16.1 kernel-macros-4.12.14-95.16.1 kernel-source-4.12.14-95.16.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.16.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.16.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_16-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.16.1 cluster-md-kmp-default-debuginfo-4.12.14-95.16.1 dlm-kmp-default-4.12.14-95.16.1 dlm-kmp-default-debuginfo-4.12.14-95.16.1 gfs2-kmp-default-4.12.14-95.16.1 gfs2-kmp-default-debuginfo-4.12.14-95.16.1 kernel-default-debuginfo-4.12.14-95.16.1 kernel-default-debugsource-4.12.14-95.16.1 ocfs2-kmp-default-4.12.14-95.16.1 ocfs2-kmp-default-debuginfo-4.12.14-95.16.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.16.1 kernel-macros-4.12.14-95.16.1 kernel-source-4.12.14-95.16.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.16.1 kernel-default-debuginfo-4.12.14-95.16.1 kernel-default-debugsource-4.12.14-95.16.1 kernel-default-devel-4.12.14-95.16.1 kernel-default-devel-debuginfo-4.12.14-95.16.1 kernel-default-extra-4.12.14-95.16.1 kernel-default-extra-debuginfo-4.12.14-95.16.1 kernel-syms-4.12.14-95.16.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-16880.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-3882.html https://www.suse.com/security/cve/CVE-2019-9003.html https://www.suse.com/security/cve/CVE-2019-9500.html https://www.suse.com/security/cve/CVE-2019-9503.html https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1052904 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1070872 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1088804 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1103186 https://bugzilla.suse.com/1103259 https://bugzilla.suse.com/1108193 https://bugzilla.suse.com/1108937 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113399 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1114638 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1120318 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122767 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1125342 https://bugzilla.suse.com/1126221 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1126704 https://bugzilla.suse.com/1126740 https://bugzilla.suse.com/1127175 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1127372 https://bugzilla.suse.com/1127374 https://bugzilla.suse.com/1127378 https://bugzilla.suse.com/1127445 https://bugzilla.suse.com/1128415 https://bugzilla.suse.com/1128544 https://bugzilla.suse.com/1129273 https://bugzilla.suse.com/1129276 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130130 https://bugzilla.suse.com/1130154 https://bugzilla.suse.com/1130195 https://bugzilla.suse.com/1130335 https://bugzilla.suse.com/1130336 https://bugzilla.suse.com/1130337 https://bugzilla.suse.com/1130338 https://bugzilla.suse.com/1130425 https://bugzilla.suse.com/1130427 https://bugzilla.suse.com/1130518 https://bugzilla.suse.com/1130527 https://bugzilla.suse.com/1130567 https://bugzilla.suse.com/1130579 https://bugzilla.suse.com/1131062 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131167 https://bugzilla.suse.com/1131168 https://bugzilla.suse.com/1131169 https://bugzilla.suse.com/1131170 https://bugzilla.suse.com/1131171 https://bugzilla.suse.com/1131172 https://bugzilla.suse.com/1131173 https://bugzilla.suse.com/1131174 https://bugzilla.suse.com/1131175 https://bugzilla.suse.com/1131176 https://bugzilla.suse.com/1131177 https://bugzilla.suse.com/1131178 https://bugzilla.suse.com/1131179 https://bugzilla.suse.com/1131180 https://bugzilla.suse.com/1131290 https://bugzilla.suse.com/1131326 https://bugzilla.suse.com/1131335 https://bugzilla.suse.com/1131336 https://bugzilla.suse.com/1131416 https://bugzilla.suse.com/1131427 https://bugzilla.suse.com/1131442 https://bugzilla.suse.com/1131467 https://bugzilla.suse.com/1131574 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1131659 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1131847 https://bugzilla.suse.com/1131848 https://bugzilla.suse.com/1131851 https://bugzilla.suse.com/1131900 https://bugzilla.suse.com/1131934 https://bugzilla.suse.com/1131935 https://bugzilla.suse.com/1132083 https://bugzilla.suse.com/1132219 https://bugzilla.suse.com/1132226 https://bugzilla.suse.com/1132227 https://bugzilla.suse.com/1132365 https://bugzilla.suse.com/1132368 https://bugzilla.suse.com/1132369 https://bugzilla.suse.com/1132370 https://bugzilla.suse.com/1132372 https://bugzilla.suse.com/1132373 https://bugzilla.suse.com/1132384 https://bugzilla.suse.com/1132397 https://bugzilla.suse.com/1132402 https://bugzilla.suse.com/1132403 https://bugzilla.suse.com/1132404 https://bugzilla.suse.com/1132405 https://bugzilla.suse.com/1132407 https://bugzilla.suse.com/1132411 https://bugzilla.suse.com/1132412 https://bugzilla.suse.com/1132413 https://bugzilla.suse.com/1132414 https://bugzilla.suse.com/1132426 https://bugzilla.suse.com/1132527 https://bugzilla.suse.com/1132531 https://bugzilla.suse.com/1132555 https://bugzilla.suse.com/1132558 https://bugzilla.suse.com/1132561 https://bugzilla.suse.com/1132562 https://bugzilla.suse.com/1132563 https://bugzilla.suse.com/1132564 https://bugzilla.suse.com/1132570 https://bugzilla.suse.com/1132571 https://bugzilla.suse.com/1132572 https://bugzilla.suse.com/1132589 https://bugzilla.suse.com/1132618 https://bugzilla.suse.com/1132681 https://bugzilla.suse.com/1132726 https://bugzilla.suse.com/1132828 https://bugzilla.suse.com/1132943 https://bugzilla.suse.com/1133005 https://bugzilla.suse.com/1133094 https://bugzilla.suse.com/1133095 https://bugzilla.suse.com/1133115 https://bugzilla.suse.com/1133149 https://bugzilla.suse.com/1133486 https://bugzilla.suse.com/1133529 https://bugzilla.suse.com/1133584 https://bugzilla.suse.com/1133667 https://bugzilla.suse.com/1133668 https://bugzilla.suse.com/1133672 https://bugzilla.suse.com/1133674 https://bugzilla.suse.com/1133675 https://bugzilla.suse.com/1133698 https://bugzilla.suse.com/1133702 https://bugzilla.suse.com/1133731 https://bugzilla.suse.com/1133769 https://bugzilla.suse.com/1133772 https://bugzilla.suse.com/1133774 https://bugzilla.suse.com/1133778 https://bugzilla.suse.com/1133779 https://bugzilla.suse.com/1133780 https://bugzilla.suse.com/1133825 https://bugzilla.suse.com/1133850 https://bugzilla.suse.com/1133851 https://bugzilla.suse.com/1133852 From sle-updates at lists.suse.com Tue May 14 22:08:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 06:08:52 +0200 (CEST) Subject: SUSE-SU-2019:1243-1: important: Security update for qemu Message-ID: <20190515040852.A241CFF27@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1243-1 Rating: important References: #1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for qemu fixes the following issues: - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature "md-clear" (bsc#1111331) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1243=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1243=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): qemu-2.9.1-6.34.1 qemu-block-curl-2.9.1-6.34.1 qemu-block-curl-debuginfo-2.9.1-6.34.1 qemu-block-iscsi-2.9.1-6.34.1 qemu-block-iscsi-debuginfo-2.9.1-6.34.1 qemu-block-ssh-2.9.1-6.34.1 qemu-block-ssh-debuginfo-2.9.1-6.34.1 qemu-debugsource-2.9.1-6.34.1 qemu-guest-agent-2.9.1-6.34.1 qemu-guest-agent-debuginfo-2.9.1-6.34.1 qemu-lang-2.9.1-6.34.1 qemu-tools-2.9.1-6.34.1 qemu-tools-debuginfo-2.9.1-6.34.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): qemu-block-rbd-2.9.1-6.34.1 qemu-block-rbd-debuginfo-2.9.1-6.34.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): qemu-kvm-2.9.1-6.34.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): qemu-ppc-2.9.1-6.34.1 qemu-ppc-debuginfo-2.9.1-6.34.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64): qemu-arm-2.9.1-6.34.1 qemu-arm-debuginfo-2.9.1-6.34.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): qemu-ipxe-1.0.0+-6.34.1 qemu-seabios-1.10.2-6.34.1 qemu-sgabios-8-6.34.1 qemu-vgabios-1.10.2-6.34.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): qemu-x86-2.9.1-6.34.1 qemu-x86-debuginfo-2.9.1-6.34.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): qemu-s390-2.9.1-6.34.1 qemu-s390-debuginfo-2.9.1-6.34.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): qemu-2.9.1-6.34.1 qemu-block-curl-2.9.1-6.34.1 qemu-block-curl-debuginfo-2.9.1-6.34.1 qemu-debugsource-2.9.1-6.34.1 qemu-kvm-2.9.1-6.34.1 qemu-tools-2.9.1-6.34.1 qemu-tools-debuginfo-2.9.1-6.34.1 qemu-x86-2.9.1-6.34.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): qemu-ipxe-1.0.0+-6.34.1 qemu-seabios-1.10.2-6.34.1 qemu-sgabios-8-6.34.1 qemu-vgabios-1.10.2-6.34.1 - SUSE CaaS Platform ALL (x86_64): qemu-debugsource-2.9.1-6.34.1 qemu-guest-agent-2.9.1-6.34.1 qemu-guest-agent-debuginfo-2.9.1-6.34.1 - SUSE CaaS Platform 3.0 (x86_64): qemu-debugsource-2.9.1-6.34.1 qemu-guest-agent-2.9.1-6.34.1 qemu-guest-agent-debuginfo-2.9.1-6.34.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 From sle-updates at lists.suse.com Tue May 14 22:09:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 06:09:25 +0200 (CEST) Subject: SUSE-SU-2019:1245-1: important: Security update for the Linux Kernel Message-ID: <20190515040925.8867BFF27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1245-1 Rating: important References: #1012382 #1020645 #1020989 #1031492 #1047487 #1051510 #1053043 #1062056 #1063638 #1066223 #1070872 #1085539 #1087092 #1094244 #1096480 #1096728 #1097104 #1100132 #1105348 #1106110 #1106913 #1106929 #1111331 #1112178 #1113399 #1114542 #1114638 #1114648 #1114893 #1118338 #1118506 #1119086 #1120902 #1122822 #1125580 #1126356 #1127445 #1129278 #1129326 #1129770 #1130130 #1130343 #1130344 #1130345 #1130346 #1130347 #1130356 #1130425 #1130567 #1130737 #1131107 #1131416 #1131427 #1131587 #1131659 #1131857 #1131900 #1131934 #1131935 #1131980 #1132227 #1132534 #1132589 #1132618 #1132619 #1132634 #1132635 #1132636 #1132637 #1132638 #1132727 #1132828 #1133308 #1133584 #994770 Cross-References: CVE-2018-1000204 CVE-2018-10853 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-15594 CVE-2018-5814 CVE-2019-11091 CVE-2019-3882 CVE-2019-9503 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 65 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.178 to receive various security and bugfixes. Four new speculative execution issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations, utilizing CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security issues fixed: - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728) - CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). - CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed (bnc#1132828). - CVE-2019-3882: A flaw was fixed in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable (bnc#1131416 bnc#1131427). The following non-security bugs were fixed: - 9p/net: fix memory leak in p9_client_create (bnc#1012382). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bnc#1012382). - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi / bus: Only call dmi_check_system() on X86 (git-fixes). - acpi / button: make module loadable when booted in non-ACPI mode (bsc#1051510). - acpi / device_sysfs: Avoid OF modalias creation for removed device (bnc#1012382). - acpi: include ACPI button driver in base kernel (bsc#1062056). - Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net) (bnc#1012382). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bnc#1012382). - alsa: compress: add support for 32bit calls in a 64bit kernel (bnc#1012382). - alsa: compress: prevent potential divide by zero bugs (bnc#1012382). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bnc#1012382). - alsa: hda - Record the current power state before suspend/resume calls (bnc#1012382). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bnc#1012382). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bnc#1012382). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bnc#1012382). - alsa: seq: oss: Fix Spectre v1 vulnerability (bnc#1012382). - applicom: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - arc: fix __ffs return value to avoid build warnings (bnc#1012382). - arc: uacces: remove lp_start, lp_end from clobber list (bnc#1012382). - arcv2: Enable unaligned access in early ASM code (bnc#1012382). - arm64: fix COMPAT_SHMLBA definition for large pages (bnc#1012382). - arm64: Fix NUMA build error when !CONFIG_ACPI (fate#319981, git-fixes). - arm64: Fix NUMA build error when !CONFIG_ACPI (git-fixes). - arm64: hide __efistub_ aliases from kallsyms (bnc#1012382). - arm64: kconfig: drop CONFIG_RTC_LIB dependency (bnc#1012382). - arm64/kernel: fix incorrect EL0 check in inv_entry macro (bnc#1012382). - arm64: mm: Add trace_irqflags annotations to do_debug_exception() (bnc#1012382). - arm64: Relax GIC version check during early boot (bnc#1012382). - arm64: support keyctl() system call in 32-bit mode (bnc#1012382). - arm64: traps: disable irq in die() (bnc#1012382). - arm: 8458/1: bL_switcher: add GIC dependency (bnc#1012382). - arm: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor (bnc#1012382). - arm: 8510/1: rework ARM_CPU_SUSPEND dependencies (bnc#1012382). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bnc#1012382). - arm: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU (bnc#1012382). - arm: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420 (bnc#1012382). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bnc#1012382). - arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bnc#1012382). - arm: pxa: ssp: unneeded to free devm_ allocated data (bnc#1012382). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bnc#1012382). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bnc#1012382). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bnc#1012382). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bnc#1012382). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bnc#1012382). - ASoC: topology: free created components in tplg load error (bnc#1012382). - assoc_array: Fix shortcut creation (bnc#1012382). - ath10k: avoid possible string overflow (bnc#1012382). - ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() (bsc#1087092). - atm: he: fix sign-extension overflow on large shift (bnc#1012382). - autofs: drop dentry reference only when it is never used (bnc#1012382). - autofs: fix error return in autofs_fill_super() (bnc#1012382). - batman-adv: Avoid endless loop in bat-on-bat netdevice check (git-fixes). - batman-adv: Fix lockdep annotation of batadv_tlv_container_remove (git-fixes). - batman-adv: fix uninit-value in batadv_interface_tx() (bnc#1012382). - batman-adv: Only put gw_node list reference when removed (git-fixes). - batman-adv: Only put orig_node_vlan list reference when removed (git-fixes). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bnc#1012382). - bnxt_en: Drop oversize TX packets to prevent errors (bnc#1012382). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (pending fix for bsc#1063638). - btrfs: fix corruption reading shared and compressed extents after hole punching (bnc#1012382). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: raid56: properly unmap parity page in finish_parity_scrub() (bnc#1012382). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: remove WARN_ON in log_dir_items (bnc#1012382). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1129770). - cfg80211: extend range deviation for DMG (bnc#1012382). - cfg80211: size various nl80211 messages correctly (bnc#1012382). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bnc#1012382). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix read after write for files with read caching (bnc#1012382). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bnc#1012382). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bnc#1012382). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bnc#1012382). - cls_bpf: reset class and reuse major in da (git-fixes). - coresight: coresight_unregister() function cleanup (bnc#1012382). - coresight: "DEVICE_ATTR_RO" should defined as static (bnc#1012382). - coresight: etm4x: Check every parameter used by dma_xx_coherent (bnc#1012382). - coresight: fixing lockdep error (bnc#1012382). - coresight: release reference taken by 'bus_find_device()' (bnc#1012382). - coresight: remove csdev's link from topology (bnc#1012382). - coresight: removing bind/unbind options from sysfs (bnc#1012382). - cpufreq: pxa2xx: remove incorrect __init annotation (bnc#1012382). - cpufreq: tegra124: add missing of_node_put() (bnc#1012382). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bnc#1012382). - cpu/hotplug: Handle unbalanced hotplug enable/disable (bnc#1012382). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: ahash - fix another early termination in hash walk (bnc#1012382). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bnc#1012382). - crypto: caam - fixed handling of sg list (bnc#1012382). - crypto: pcbc - remove bogus memcpy()s with src == dest (bnc#1012382). - crypto: qat - remove unused and redundant pointer vf_info (bsc#1085539). - crypto: tgr192 - fix unaligned memory access (bsc#1129770). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1129770). - dccp: do not use ipv6 header for ipv4 flow (bnc#1012382). - disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bnc#1012382). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bnc#1012382). - dmaengine: dmatest: Abort test in case of mapping error (bnc#1012382). - dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit (bnc#1012382). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - dm: fix to_sector() for 32bit (bnc#1012382). - drivers: hv: vmbus: Fix bugs in rescind handling (bsc#1130567). - drivers: hv: vmbus: Fix ring buffer signaling (bsc#1118506). - drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() (bsc#1130567). - drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm/msm: Unblock writer if reader closes file (bnc#1012382). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1106929) - efi: stub: define DISABLE_BRANCH_PROFILING for all architectures (bnc#1012382). - ext2: Fix underflow in ext2_max_size() (bnc#1012382). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bnc#1012382). - ext4: fix data corruption caused by unaligned direct AIO (bnc#1012382). - ext4: fix NULL pointer dereference while journal is aborted (bnc#1012382). - extcon: usb-gpio: Do not miss event during suspend/resume (bnc#1012382). - firmware: dmi: Optimize dmi_matches (git-fixes). - floppy: check_events callback should not return a negative number (git-fixes). - flow_dissector: Check for IP fragmentation even if not using IPv4 address (git-fixes). - fs/9p: use fscache mutex rather than spinlock (bnc#1012382). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bnc#1012382). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - futex: Ensure that futex address is aligned in handle_futex_death() (bnc#1012382). - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (git-fixes). - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bnc#1012382). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bnc#1012382). - gpio: vf610: Mask all GPIO interrupts (bnc#1012382). - gro_cells: make sure device is up in gro_cells_receive() (bnc#1012382). - hid-sensor-hub.c: fix wrong do_div() usage (bnc#1012382). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (bsc#1129770). - hugetlbfs: fix races and page leaks during migration (bnc#1012382). - hv_netvsc: Fix napi reschedule while receive completion is busy (bsc#1118506). - hv_netvsc: fix race in napi poll when rescheduling (bsc#1118506). - hv_netvsc: Fix the return status in RX path (bsc#1118506). - hv_netvsc: use napi_schedule_irqoff (bsc#1118506). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hv: v4.12 API for hyperv-iommu (fate#327171, bsc#1122822). - i2c: cadence: Fix the hold bit setting (bnc#1012382). - i2c: tegra: fix maximum transfer size (bnc#1012382). - ib/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bnc#1012382). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bnc#1012382). - input: matrix_keypad - use flush_delayed_work() (bnc#1012382). - input: st-keyscan - fix potential zalloc NULL dereference (bnc#1012382). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bnc#1012382). - intel_th: Do not reference unassigned outputs (bnc#1012382). - intel_th: gth: Fix an off-by-one in output unassigning (git-fixes). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130345). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130346). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (bsc#1122822). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (fate#327171, bsc#1122822). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130347). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (bnc#1012382). - ip_tunnel: fix ip tunnel lookup in collect_md mode (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (bnc#1012382). - ipvs: Fix signed integer overflow when setsockopt timeout (bnc#1012382). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bnc#1012382). - iscsi_ibft: Fix missing break in switch statement (bnc#1012382). - isdn: avm: Fix string plus integer warning from Clang (bnc#1012382). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bnc#1012382). - isdn: isdn_tty: fix build warning of strncpy (bnc#1012382). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1119086). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bnc#1012382). - jbd2: fix compile warning when using JBUFFER_TRACE (bnc#1012382). - kabi fixup gendisk disk_devt revert (bsc#1020989). - kbuild: setlocalversion: print error to STDERR (bnc#1012382). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bnc#1012382). - keys: allow reaching the keys quotas exactly (bnc#1012382). - keys: always initialize keyring_index_key::desc_len (bnc#1012382). - keys: restrict /proc/keys by credentials at open time (bnc#1012382). - keys: user: Align the payload buffer (bnc#1012382). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132634). - kvm: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 (bnc#1012382). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132635). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bnc#1012382). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bnc#1012382). - kvm: Reject device ioctls from processes other than the VM's creator (bnc#1012382). - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run (bsc#1132636). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1132637). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1132534). - kvm: X86: Fix residual mmio emulation request to userspace (bnc#1012382). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132638). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - leds: lp5523: fix a missing check of return value of lp55xx_read (bnc#1012382). - libertas: call into generic suspend code before turning off power (bsc#1106110). - libertas: fix suspend and resume for SDIO connected cards (bsc#1106110). - lib/int_sqrt: optimize small argument (bnc#1012382). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1131857). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bnc#1012382). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - m68k: Add -ffreestanding to CFLAGS (bnc#1012382). - mac80211: do not initiate TDLS connection if station is not associated to AP (bnc#1012382). - mac80211: fix miscounting of ttl-dropped frames (bnc#1012382). - mac80211: fix "warning: target metric may be used uninitialized" (bnc#1012382). - mac80211_hwsim: propagate genlmsg_reply return code (bnc#1012382). - mac8390: Fix mmio access size probe (bnc#1012382). - md: Fix failed allocation of md_register_thread (bnc#1012382). - mdio_bus: Fix use-after-free on device_register fails (bnc#1012382 git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - media: cx88: Get rid of spurious call to cx8800_start_vbi_dma() (bsc#1100132). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bnc#1012382). - media: uvcvideo: Fix 'type' check leading to overflow (bnc#1012382). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1119086). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bnc#1012382). - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() (bnc#1012382). - media: vivid: potential integer overflow in vidioc_g_edid() (bsc#11001132). - mfd: ab8500-core: Return zero in get_register_interruptible() (bnc#1012382). - mfd: db8500-prcmu: Fix some section annotations (bnc#1012382). - mfd: mc13xxx: Fix a missing check of a register-read failure (bnc#1012382). - mfd: qcom_rpm: write fw_version to CTRL_REG (bnc#1012382). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bnc#1012382). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bnc#1012382). - mfd: wm5110: Add missing ASRC rate register (bnc#1012382). - mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction (bnc#1012382). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bnc#1012382). - missing barriers in some of unix_sock ->addr and ->path accesses (bnc#1012382). - mmc: bcm2835: reset host on timeout (bsc#1070872). - mmc: block: Allow more than 8 partitions per card (bnc#1012382). - mmc: core: fix using wrong io voltage if mmc_select_hs200 fails (bnc#1012382). - mmc: core: shut up "voltage-ranges unspecified" pr_info() (bnc#1012382). - mmc: debugfs: Add a restriction to mmc debugfs clock setting (bnc#1012382). - mmc: make MAN_BKOPS_EN message a debug (bnc#1012382). - mmc: mmc: fix switch timeout issue caused by jiffies precision (bnc#1012382). - mmc: pwrseq_simple: Make reset-gpios optional to match doc (bnc#1012382). - mmc: pxamci: fix enum type confusion (bnc#1012382). - mmc: sanitize 'bus width' in debug output (bnc#1012382). - mmc: spi: Fix card detection during probe (bnc#1012382). - mmc: tmio_mmc_core: do not claim spurious interrupts (bnc#1012382). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm, memory_hotplug: fix off-by-one in is_pageblock_removable (git-fixes). - mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone (bnc#1012382). - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone (bnc#1012382). - mm: move is_pageblock_removable_nolock() to mm/memory_hotplug.c (git-fixes prerequisity). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935) - mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON (bnc#1012382). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bnc#1012382). - move power_up_on_resume flag to end of structure for kABI (bsc#1106110). - mwifiex: pcie: tighten a check in mwifiex_pcie_process_event_ready() (bsc#1100132). - ncpfs: fix build warning of strncpy (bnc#1012382). - net: add description for len argument of dev_get_phys_port_name (git-fixes). - net: Add __icmp_send helper (bnc#1012382). - net: altera_tse: fix connect_local_phy error path (bnc#1012382). - net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case (bnc#1012382). - net: avoid use IPCB in cipso_v4_error (bnc#1012382). - net: diag: support v4mapped sockets in inet_diag_find_one_icsk() (bnc#1012382). - net: do not decrement kobj reference count on init failure (git-fixes). - net: dsa: mv88e6xxx: Fix u64 statistics (bnc#1012382). - net: ena: fix race between link up and device initalization (bsc#1129278). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129278). - netfilter: ipt_CLUSTERIP: fix use-after-free of proc entry (git-fixes). - netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options (bnc#1012382). - netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters (bnc#1012382). - netfilter: nfnetlink_log: just returns error for unknown command (bnc#1012382). - netfilter: nfnetlink: use original skbuff when acking batches (git-fixes). - netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (bnc#1012382). - net: hns: Fix use after free identified by SLUB debug (bnc#1012382). - net: hns: Fix wrong read accesses via Clause 45 MDIO protocol (bnc#1012382). - net: hsr: fix memory leak in hsr_dev_finalize() (bnc#1012382). - net/hsr: fix possible crash in add_timer() (bnc#1012382). - netlabel: fix out-of-bounds memory accesses (bnc#1012382). - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames (bnc#1012382). - net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() (bnc#1012382). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (bnc#1012382). - net/packet: fix 4gb buffer limit due to overflow check (bnc#1012382). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (bnc#1012382). - net: phy: Micrel KSZ8061: link failure after cable connect (bnc#1012382). - net: rose: fix a possible stack overflow (bnc#1012382). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (bnc#1012382). - net: set static variable an initial value in atl2_probe() (bnc#1012382). - net: sit: fix UBSAN Undefined behaviour in check_6rd (bnc#1012382). - net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() (bnc#1012382). - net-sysfs: call dev_hold if kobject_init_and_add success (git-fixes). - net-sysfs: Fix mem leak in netdev_register_kobject (bnc#1012382). - net: systemport: Fix reception of BPDUs (bnc#1012382). - net: tcp_memcontrol: properly detect ancestor socket pressure (git-fixes). - net/x25: fix a race in x25_bind() (bnc#1012382). - net/x25: fix use-after-free in x25_device_event() (bnc#1012382). - net/x25: reset state in x25_connect() (bnc#1012382). - nfc: nci: memory leak in nci_core_conn_create() (git-fixes). - nfs41: pop some layoutget errors to application (bnc#1012382). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix wrong check in write_v4_end_grace() (git-fixes). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs: Fix NULL pointer dereference of dev_name (bnc#1012382). - nfsv4.x: always serialize open/close operations (bsc#1114893). - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES (bnc#1012382). - packets: Always register packet sk in the same order (bnc#1012382). - parport_pc: fix find_superio io compare code, should use equal test (bnc#1012382). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (fate#327171, bsc#1122822). - perf auxtrace: Define auxtrace record alignment (bnc#1012382). - perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks (bnc#1012382). - perf intel-pt: Fix CYC timestamp calculation after OVF (bnc#1012382). - perf intel-pt: Fix overlap calculation for padding (bnc#1012382). - perf intel-pt: Fix TSC slip (bnc#1012382). - perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops (bnc#1012382). - perf symbols: Filter out hidden symbols from labels (bnc#1012382). - perf: Synchronously free aux pages in case of allocation failure (bnc#1012382). - perf tools: Handle TOPOLOGY headers with no CPU (bnc#1012382). - perf/x86/amd: Add event map for AMD Family 17h (bsc#1114648). - phonet: fix building with clang (bnc#1012382). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bnc#1012382). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bnc#1012382). - pm / Hibernate: Call flush_icache_range() on pages restored in-place (bnc#1012382). - pm / wakeup: Rework wakeup source timer cancellation (bnc#1012382). - powerpc/32: Clear on-stack exception marker upon exception return (bnc#1012382). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/83xx: Also save/restore SPRG4-7 during suspend (bnc#1012382). - powerpc: Always initialize input array when calling epapr_hypercall() (bnc#1012382). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1053043, git-fixes). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1066223). - powerpc/powernv: Make opal log only readable by root (bnc#1012382). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/tm: Add commandline option to disable hardware transactional memory (bsc#1118338). - powerpc/tm: Add TM Unavailable Exception (bsc#1118338). - powerpc/tm: Flip the HTM switch default to disabled (bsc#1125580). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - powerpc/wii: properly disable use of BATs when requested (bnc#1012382). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (bnc#1012382). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (bnc#1012382). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (bnc#1012382). - rdma/core: Do not expose unsupported counters (bsc#994770). - rdma/srp: Rework SCSI device reset handling (bnc#1012382). - Refresh patches.fixes/0001-net-mlx4-Fix-endianness-issue-in-qp-context-params.patch . (bsc#1132619) - regulator: s2mpa01: Fix step values for some LDOs (bnc#1012382). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bnc#1012382). - Revert "bridge: do not add port to router list when receives query with source 0.0.0.0" (bnc#1012382). - Revert "mmc: block: do not use parameter prefix if built as module" (bnc#1012382). - Revert "scsi, block: fix duplicate bdi name registration crashes" (bsc#1020989). - Revert "USB: core: only clean up what we allocated" (bnc#1012382). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (bnc#1012382). - rsi: fix a dereference on adapter before it has been null checked (bsc#1085539). - rtc: Fix overflow when converting time64_t to rtc_time (bnc#1012382). - rtl8xxxu: Fix missing break in switch (bsc#1120902). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/dasd: fix using offset into zero size array error (bnc#1012382). - s390: Prevent hotplug rwsem recursion (bsc#1131980). - s390/qeth: fix use-after-free in error path (bnc#1012382). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - s390/virtio: handle find on invalid queue gracefully (bnc#1012382). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (bnc#1012382). - scsi: isci: initialize shost fully before calling scsi_add_host() (bnc#1012382). - scsi: libfc: free skb when receiving invalid flogi resp (bnc#1012382). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bnc#1012382). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (bnc#1012382). - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param (bnc#1012382). - scsi: sd: Fix a race between closing an sd device and sd I/O (bnc#1012382). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (fate#323887). - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes (). - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes (fate#323887). - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock (bnc#1012382). - scsi: virtio_scsi: do not send sc payload with tmfs (bnc#1012382). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bnc#1012382). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bnc#1012382). - sctp: fix the transports round robin issue when init is retransmitted (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (bnc#1012382). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bnc#1012382). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bnc#1012382). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bnc#1012382). - serial: max310x: Fix to avoid potential NULL pointer dereference (bnc#1012382). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bnc#1012382). - serial: sprd: adjust TIMEOUT to a big value (bnc#1012382). - serial: sprd: clear timeout interrupt only rather than all interrupts (bnc#1012382). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (bnc#1012382). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bnc#1012382). - sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names (bnc#1012382). - staging: ashmem: Add missing include (bnc#1012382). - staging: ashmem: Avoid deadlock with mmap/shrink (bnc#1012382). - staging: goldfish: audio: fix compiliation on arm (bnc#1012382). - staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT (bnc#1012382). - staging: lustre: fix buffer overflow of string buffer (bnc#1012382). - staging: rtl8188eu: avoid a null dereference on pmlmepriv (bsc#1085539). - staging: vt6655: Fix interrupt race condition on device start up (bnc#1012382). - staging: vt6655: Remove vif check from vnt_interrupt (bnc#1012382). - stm class: Do not leak the chrdev in error path (bnc#1012382). - stm class: Fix an endless loop in channel allocation (bnc#1012382). - stm class: Fix a race in unlinking (bnc#1012382). - stm class: Fix link list locking (bnc#1012382). - stm class: Fix locking in unbinding policy path (bnc#1012382). - stm class: Fix stm device initialization order (bnc#1012382). - stm class: Fix unbalanced module/device refcounting (bnc#1012382). - stm class: Fix unlocking braino in the error path (bnc#1012382). - stm class: Guard output assignment against concurrency (bnc#1012382). - stm class: Hide STM-specific options if STM is disabled (bnc#1012382). - stm class: Prevent division by zero (bnc#1012382). - stm class: Prevent user-controllable allocations (bnc#1012382). - stm class: Support devices with multiple instances (bnc#1012382). - stmmac: copy unicast mac address to MAC registers (bnc#1012382). - stop_machine: Provide stop_machine_cpuslocked() (bsc#1131980). - sunrpc: do not mark uninitialised items as VALID (bsc#1130737). - sunrpc: init xdr_stream for zero iov_len, page_len (bsc#11303356). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132727). - svm: Fix AVIC DFR and LDR handling (bsc#1130343). - svm: Fix improper check when deactivate AVIC (bsc#1130344). - tcp/dccp: drop SYN packets if accept queue is full (bnc#1012382). - tcp/dccp: remove reqsk_put() from inet_child_forget() (git-fixes). - tcp: do not use ipv6 header for ipv4 flow (bnc#1012382). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bnc#1012382). - time: Introduce jiffies64_to_nsecs() (bsc#1113399). - tmpfs: fix link accounting when a tmpfile is linked in (bnc#1012382). - tmpfs: fix uninitialized return value in shmem_link (bnc#1012382). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1020645). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1020645, git-fixes). - tpm: tpm-interface.c drop unused macros (bsc#1020645). - tty: atmel_serial: fix a potential NULL pointer dereference (bnc#1012382). - udf: Fix crash on IO error during truncate (bnc#1012382). - Update patches.fixes/SUNRPC-init-xdr_stream-for-zero-iov_len-page_len.patch (bsc#1130356). - usb: core: only clean up what we allocated (bnc#1012382). - usb: dwc2: Fix DMA alignment to start at allocated boundary (bsc#1100132). - usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub (bsc#1100132). - usb: dwc3: gadget: Fix suspend/resume during device mode (bnc#1012382). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bnc#1012382). - usb: gadget: Add the gserial port checking in gs_start_tx() (bnc#1012382). - usb: gadget: composite: fix dereference after null check coverify warning (bnc#1012382). - usb: gadget: configfs: add mutex lock before unregister gadget (bnc#1012382). - usb: gadget: Potential NULL dereference on allocation error (bnc#1012382). - usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG (bnc#1012382). - usb: renesas_usbhs: gadget: fix unused-but-set-variable warning (bnc#1012382). - usb: serial: cp210x: add ID for Ingenico 3070 (bnc#1012382). - usb: serial: cp210x: add new device id (bnc#1012382). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1119086). - usb: serial: ftdi_sio: add additional NovaTech products (bnc#1012382). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bnc#1012382). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bnc#1012382). - usb: serial: option: add Telit ME910 ECM composition (bnc#1012382). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - video: fbdev: Set pixclock = 0 in goldfishfb (bnc#1012382). - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel (bnc#1012382). - vxlan: Do not call gro_cells_destroy() before device is unregistered (bnc#1012382). - vxlan: Fix GRO cells race condition between receive and link delete (bnc#1012382). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (bnc#1012382). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1120902). - x86_64: increase stack size for KASAN_EXTRA (bnc#1012382). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/apic: Provide apic_ack_irq() (fate#327171, bsc#1122822). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bnc#1012382). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (fate#327171, bsc#1122822). - x86/kexec: Do not setup EFI info if EFI runtime is not enabled (bnc#1012382). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114648). - x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y (bnc#1012382). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114648). - x86/vdso: Add VCLOCK_HVCLOCK vDSO clock read method (bsc#1133308). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (bnc#1012382). - xfrm_user: fix info leak in build_aevent() (git-fixes). - xfrm_user: fix info leak in xfrm_notify_sa() (git-fixes). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1047487). - xhci: Fix port resume done detection for SS ports with LPM enabled (bnc#1012382). - xtensa: SMP: fix ccount_timer_shutdown (bnc#1012382). - xtensa: SMP: fix secondary CPU initialization (bnc#1012382). - xtensa: SMP: limit number of possible CPUs by NR_CPUS (bnc#1012382). - xtensa: smp_lx200_defconfig: fix vectors clash (bnc#1012382). - xtensa: SMP: mark each possible CPU as present (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1245=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1245=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1245=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-1245=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1245=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1245=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.178-94.91.2 kernel-default-debugsource-4.4.178-94.91.2 kernel-default-extra-4.4.178-94.91.2 kernel-default-extra-debuginfo-4.4.178-94.91.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.178-94.91.1 kernel-obs-build-debugsource-4.4.178-94.91.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.178-94.91.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.178-94.91.2 kernel-default-base-4.4.178-94.91.2 kernel-default-base-debuginfo-4.4.178-94.91.2 kernel-default-debuginfo-4.4.178-94.91.2 kernel-default-debugsource-4.4.178-94.91.2 kernel-default-devel-4.4.178-94.91.2 kernel-syms-4.4.178-94.91.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.178-94.91.1 kernel-macros-4.4.178-94.91.1 kernel-source-4.4.178-94.91.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.178-94.91.2 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_178-94_91-default-1-4.3.1 kgraft-patch-4_4_178-94_91-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.178-94.91.2 cluster-md-kmp-default-debuginfo-4.4.178-94.91.2 dlm-kmp-default-4.4.178-94.91.2 dlm-kmp-default-debuginfo-4.4.178-94.91.2 gfs2-kmp-default-4.4.178-94.91.2 gfs2-kmp-default-debuginfo-4.4.178-94.91.2 kernel-default-debuginfo-4.4.178-94.91.2 kernel-default-debugsource-4.4.178-94.91.2 ocfs2-kmp-default-4.4.178-94.91.2 ocfs2-kmp-default-debuginfo-4.4.178-94.91.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.178-94.91.1 kernel-macros-4.4.178-94.91.1 kernel-source-4.4.178-94.91.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.178-94.91.2 kernel-default-debuginfo-4.4.178-94.91.2 kernel-default-debugsource-4.4.178-94.91.2 kernel-default-devel-4.4.178-94.91.2 kernel-default-extra-4.4.178-94.91.2 kernel-default-extra-debuginfo-4.4.178-94.91.2 kernel-syms-4.4.178-94.91.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.178-94.91.2 kernel-default-debuginfo-4.4.178-94.91.2 kernel-default-debugsource-4.4.178-94.91.2 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.178-94.91.2 kernel-default-debuginfo-4.4.178-94.91.2 kernel-default-debugsource-4.4.178-94.91.2 References: https://www.suse.com/security/cve/CVE-2018-1000204.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-15594.html https://www.suse.com/security/cve/CVE-2018-5814.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-3882.html https://www.suse.com/security/cve/CVE-2019-9503.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1020989 https://bugzilla.suse.com/1031492 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1062056 https://bugzilla.suse.com/1063638 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1070872 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1096480 https://bugzilla.suse.com/1096728 https://bugzilla.suse.com/1097104 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1105348 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113399 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1114638 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1118338 https://bugzilla.suse.com/1118506 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122822 https://bugzilla.suse.com/1125580 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1127445 https://bugzilla.suse.com/1129278 https://bugzilla.suse.com/1129326 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130130 https://bugzilla.suse.com/1130343 https://bugzilla.suse.com/1130344 https://bugzilla.suse.com/1130345 https://bugzilla.suse.com/1130346 https://bugzilla.suse.com/1130347 https://bugzilla.suse.com/1130356 https://bugzilla.suse.com/1130425 https://bugzilla.suse.com/1130567 https://bugzilla.suse.com/1130737 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131416 https://bugzilla.suse.com/1131427 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1131659 https://bugzilla.suse.com/1131857 https://bugzilla.suse.com/1131900 https://bugzilla.suse.com/1131934 https://bugzilla.suse.com/1131935 https://bugzilla.suse.com/1131980 https://bugzilla.suse.com/1132227 https://bugzilla.suse.com/1132534 https://bugzilla.suse.com/1132589 https://bugzilla.suse.com/1132618 https://bugzilla.suse.com/1132619 https://bugzilla.suse.com/1132634 https://bugzilla.suse.com/1132635 https://bugzilla.suse.com/1132636 https://bugzilla.suse.com/1132637 https://bugzilla.suse.com/1132638 https://bugzilla.suse.com/1132727 https://bugzilla.suse.com/1132828 https://bugzilla.suse.com/1133308 https://bugzilla.suse.com/1133584 https://bugzilla.suse.com/994770 From sle-updates at lists.suse.com Wed May 15 01:08:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 09:08:50 +0200 (CEST) Subject: SUSE-SU-2019:1239-1: important: Security update for qemu Message-ID: <20190515070850.BCDBEFF27@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1239-1 Rating: important References: #1111331 #1125721 #1126455 #1129622 #1130675 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-3812 CVE-2019-8934 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue (bsc#1126455) - CVE-2019-3812: Fixed OOB memory access and information leak in virtual monitor interface (bsc#1125721) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest upstream adjustments for the same. Basically now the security fix is to provide a dummy host-model and host-serial value, which overrides getting that value from the host - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature "md-clear" (bsc#1111331) Other bugs fixed: - Use a new approach to handling the file input to -smbios option, which accepts either legacy or per-spec formats regardless of the machine type. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1239=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1239=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1239=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): qemu-2.11.2-9.25.1 qemu-block-curl-2.11.2-9.25.1 qemu-block-curl-debuginfo-2.11.2-9.25.1 qemu-block-iscsi-2.11.2-9.25.1 qemu-block-iscsi-debuginfo-2.11.2-9.25.1 qemu-block-rbd-2.11.2-9.25.1 qemu-block-rbd-debuginfo-2.11.2-9.25.1 qemu-block-ssh-2.11.2-9.25.1 qemu-block-ssh-debuginfo-2.11.2-9.25.1 qemu-debuginfo-2.11.2-9.25.1 qemu-debugsource-2.11.2-9.25.1 qemu-guest-agent-2.11.2-9.25.1 qemu-guest-agent-debuginfo-2.11.2-9.25.1 qemu-lang-2.11.2-9.25.1 - SUSE Linux Enterprise Module for Server Applications 15 (s390x x86_64): qemu-kvm-2.11.2-9.25.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64): qemu-arm-2.11.2-9.25.1 qemu-arm-debuginfo-2.11.2-9.25.1 - SUSE Linux Enterprise Module for Server Applications 15 (ppc64le): qemu-ppc-2.11.2-9.25.1 qemu-ppc-debuginfo-2.11.2-9.25.1 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): qemu-x86-2.11.2-9.25.1 qemu-x86-debuginfo-2.11.2-9.25.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): qemu-ipxe-1.0.0+-9.25.1 qemu-seabios-1.11.0-9.25.1 qemu-sgabios-8-9.25.1 qemu-vgabios-1.11.0-9.25.1 - SUSE Linux Enterprise Module for Server Applications 15 (s390x): qemu-s390-2.11.2-9.25.1 qemu-s390-debuginfo-2.11.2-9.25.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): qemu-block-dmg-2.11.2-9.25.1 qemu-block-dmg-debuginfo-2.11.2-9.25.1 qemu-debuginfo-2.11.2-9.25.1 qemu-debugsource-2.11.2-9.25.1 qemu-extra-2.11.2-9.25.1 qemu-extra-debuginfo-2.11.2-9.25.1 qemu-linux-user-2.11.2-9.25.1 qemu-linux-user-debuginfo-2.11.2-9.25.1 qemu-linux-user-debugsource-2.11.2-9.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-2.11.2-9.25.1 qemu-debugsource-2.11.2-9.25.1 qemu-tools-2.11.2-9.25.1 qemu-tools-debuginfo-2.11.2-9.25.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-20815.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-3812.html https://www.suse.com/security/cve/CVE-2019-8934.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1125721 https://bugzilla.suse.com/1126455 https://bugzilla.suse.com/1129622 https://bugzilla.suse.com/1130675 From sle-updates at lists.suse.com Wed May 15 01:09:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 09:09:48 +0200 (CEST) Subject: SUSE-SU-2019:1240-1: important: Security update for the Linux Kernel Message-ID: <20190515070948.55385FF27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1240-1 Rating: important References: #1050549 #1051510 #1052904 #1053043 #1055117 #1055121 #1061840 #1065600 #1065729 #1070872 #1078216 #1082555 #1083647 #1085535 #1085536 #1088804 #1093777 #1094120 #1094244 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1100132 #1103186 #1103259 #1107937 #1111331 #1112128 #1112178 #1113399 #1113722 #1114279 #1114542 #1114638 #1119086 #1119680 #1120318 #1120902 #1122767 #1123105 #1125342 #1126221 #1126356 #1126704 #1126740 #1127175 #1127371 #1127372 #1127374 #1127378 #1127445 #1128415 #1128544 #1129276 #1129770 #1130130 #1130154 #1130195 #1130335 #1130336 #1130337 #1130338 #1130425 #1130427 #1130518 #1130527 #1130567 #1131062 #1131107 #1131167 #1131168 #1131169 #1131170 #1131171 #1131172 #1131173 #1131174 #1131175 #1131176 #1131177 #1131178 #1131179 #1131180 #1131290 #1131335 #1131336 #1131416 #1131427 #1131442 #1131467 #1131574 #1131587 #1131659 #1131673 #1131847 #1131848 #1131851 #1131900 #1131934 #1131935 #1132083 #1132219 #1132226 #1132227 #1132365 #1132368 #1132369 #1132370 #1132372 #1132373 #1132384 #1132397 #1132402 #1132403 #1132404 #1132405 #1132407 #1132411 #1132412 #1132413 #1132414 #1132426 #1132527 #1132531 #1132555 #1132558 #1132561 #1132562 #1132563 #1132564 #1132570 #1132571 #1132572 #1132589 #1132618 #1132681 #1132726 #1132828 #1132943 #1133005 #1133094 #1133095 #1133115 #1133149 #1133486 #1133529 #1133584 #1133667 #1133668 #1133672 #1133674 #1133675 #1133698 #1133702 #1133731 #1133769 #1133772 #1133774 #1133778 #1133779 #1133780 #1133825 #1133850 #1133851 #1133852 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 159 fixes is now available. Description: The SUSE Linux Enterprise 15 for Azure kernel was updated to receive various security and bugfixes. Four new speculative execution issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations, utilizing CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2019-9003: Attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop (bnc#1126704). - CVE-2018-16880: A flaw was found in the handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1132426). - acpi / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835: MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - Bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - Bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - Bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - Btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - Btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - Btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after "md: batch flush requests." (bsc#1119680). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kABI: restore icmp_send (kabi). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from to a new file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pm / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - ras/CEC: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (networking-stable-19_03_15). - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-1240=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): kernel-azure-4.12.14-5.27.1 kernel-azure-base-4.12.14-5.27.1 kernel-azure-base-debuginfo-4.12.14-5.27.1 kernel-azure-debuginfo-4.12.14-5.27.1 kernel-azure-devel-4.12.14-5.27.1 kernel-syms-azure-4.12.14-5.27.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): kernel-devel-azure-4.12.14-5.27.1 kernel-source-azure-4.12.14-5.27.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-16880.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-3882.html https://www.suse.com/security/cve/CVE-2019-9003.html https://www.suse.com/security/cve/CVE-2019-9500.html https://www.suse.com/security/cve/CVE-2019-9503.html https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1052904 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1070872 https://bugzilla.suse.com/1078216 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1088804 https://bugzilla.suse.com/1093777 https://bugzilla.suse.com/1094120 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1103186 https://bugzilla.suse.com/1103259 https://bugzilla.suse.com/1107937 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113399 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1114638 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1120318 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122767 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1125342 https://bugzilla.suse.com/1126221 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1126704 https://bugzilla.suse.com/1126740 https://bugzilla.suse.com/1127175 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1127372 https://bugzilla.suse.com/1127374 https://bugzilla.suse.com/1127378 https://bugzilla.suse.com/1127445 https://bugzilla.suse.com/1128415 https://bugzilla.suse.com/1128544 https://bugzilla.suse.com/1129276 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130130 https://bugzilla.suse.com/1130154 https://bugzilla.suse.com/1130195 https://bugzilla.suse.com/1130335 https://bugzilla.suse.com/1130336 https://bugzilla.suse.com/1130337 https://bugzilla.suse.com/1130338 https://bugzilla.suse.com/1130425 https://bugzilla.suse.com/1130427 https://bugzilla.suse.com/1130518 https://bugzilla.suse.com/1130527 https://bugzilla.suse.com/1130567 https://bugzilla.suse.com/1131062 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131167 https://bugzilla.suse.com/1131168 https://bugzilla.suse.com/1131169 https://bugzilla.suse.com/1131170 https://bugzilla.suse.com/1131171 https://bugzilla.suse.com/1131172 https://bugzilla.suse.com/1131173 https://bugzilla.suse.com/1131174 https://bugzilla.suse.com/1131175 https://bugzilla.suse.com/1131176 https://bugzilla.suse.com/1131177 https://bugzilla.suse.com/1131178 https://bugzilla.suse.com/1131179 https://bugzilla.suse.com/1131180 https://bugzilla.suse.com/1131290 https://bugzilla.suse.com/1131335 https://bugzilla.suse.com/1131336 https://bugzilla.suse.com/1131416 https://bugzilla.suse.com/1131427 https://bugzilla.suse.com/1131442 https://bugzilla.suse.com/1131467 https://bugzilla.suse.com/1131574 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1131659 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1131847 https://bugzilla.suse.com/1131848 https://bugzilla.suse.com/1131851 https://bugzilla.suse.com/1131900 https://bugzilla.suse.com/1131934 https://bugzilla.suse.com/1131935 https://bugzilla.suse.com/1132083 https://bugzilla.suse.com/1132219 https://bugzilla.suse.com/1132226 https://bugzilla.suse.com/1132227 https://bugzilla.suse.com/1132365 https://bugzilla.suse.com/1132368 https://bugzilla.suse.com/1132369 https://bugzilla.suse.com/1132370 https://bugzilla.suse.com/1132372 https://bugzilla.suse.com/1132373 https://bugzilla.suse.com/1132384 https://bugzilla.suse.com/1132397 https://bugzilla.suse.com/1132402 https://bugzilla.suse.com/1132403 https://bugzilla.suse.com/1132404 https://bugzilla.suse.com/1132405 https://bugzilla.suse.com/1132407 https://bugzilla.suse.com/1132411 https://bugzilla.suse.com/1132412 https://bugzilla.suse.com/1132413 https://bugzilla.suse.com/1132414 https://bugzilla.suse.com/1132426 https://bugzilla.suse.com/1132527 https://bugzilla.suse.com/1132531 https://bugzilla.suse.com/1132555 https://bugzilla.suse.com/1132558 https://bugzilla.suse.com/1132561 https://bugzilla.suse.com/1132562 https://bugzilla.suse.com/1132563 https://bugzilla.suse.com/1132564 https://bugzilla.suse.com/1132570 https://bugzilla.suse.com/1132571 https://bugzilla.suse.com/1132572 https://bugzilla.suse.com/1132589 https://bugzilla.suse.com/1132618 https://bugzilla.suse.com/1132681 https://bugzilla.suse.com/1132726 https://bugzilla.suse.com/1132828 https://bugzilla.suse.com/1132943 https://bugzilla.suse.com/1133005 https://bugzilla.suse.com/1133094 https://bugzilla.suse.com/1133095 https://bugzilla.suse.com/1133115 https://bugzilla.suse.com/1133149 https://bugzilla.suse.com/1133486 https://bugzilla.suse.com/1133529 https://bugzilla.suse.com/1133584 https://bugzilla.suse.com/1133667 https://bugzilla.suse.com/1133668 https://bugzilla.suse.com/1133672 https://bugzilla.suse.com/1133674 https://bugzilla.suse.com/1133675 https://bugzilla.suse.com/1133698 https://bugzilla.suse.com/1133702 https://bugzilla.suse.com/1133731 https://bugzilla.suse.com/1133769 https://bugzilla.suse.com/1133772 https://bugzilla.suse.com/1133774 https://bugzilla.suse.com/1133778 https://bugzilla.suse.com/1133779 https://bugzilla.suse.com/1133780 https://bugzilla.suse.com/1133825 https://bugzilla.suse.com/1133850 https://bugzilla.suse.com/1133851 https://bugzilla.suse.com/1133852 From sle-updates at lists.suse.com Wed May 15 10:09:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 18:09:31 +0200 (CEST) Subject: SUSE-RU-2019:1259-1: moderate: Recommended update for sysvinit Message-ID: <20190515160931.B8594FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysvinit ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1259-1 Rating: moderate References: #1131982 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysvinit fixes the following issues: - Handle various optional fields of /proc//mountinfo on the entry/ies before the hyphen (bsc#1131982) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1259=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1259=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1259=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1259=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): sysvinit-debugsource-2.88+-101.3.1 sysvinit-tools-2.88+-101.3.1 sysvinit-tools-debuginfo-2.88+-101.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): sysvinit-debugsource-2.88+-101.3.1 sysvinit-tools-2.88+-101.3.1 sysvinit-tools-debuginfo-2.88+-101.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): sysvinit-debugsource-2.88+-101.3.1 sysvinit-tools-2.88+-101.3.1 sysvinit-tools-debuginfo-2.88+-101.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): sysvinit-debugsource-2.88+-101.3.1 sysvinit-tools-2.88+-101.3.1 sysvinit-tools-debuginfo-2.88+-101.3.1 - SUSE CaaS Platform ALL (x86_64): sysvinit-debugsource-2.88+-101.3.1 sysvinit-tools-2.88+-101.3.1 sysvinit-tools-debuginfo-2.88+-101.3.1 - SUSE CaaS Platform 3.0 (x86_64): sysvinit-debugsource-2.88+-101.3.1 sysvinit-tools-2.88+-101.3.1 sysvinit-tools-debuginfo-2.88+-101.3.1 References: https://bugzilla.suse.com/1131982 From sle-updates at lists.suse.com Wed May 15 10:10:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 18:10:09 +0200 (CEST) Subject: SUSE-RU-2019:1258-1: moderate: Recommended update for postfix Message-ID: <20190515161009.F0EDBFF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1258-1 Rating: moderate References: #1120110 #1120757 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postfix fixes the following issues: - Setting the security file permissions to "paranoid" could have caused postfix to hang (bsc#1120757) - postfix-files contained an incorrect path to postfix-ldap.so which resulted in an error when running postfix set-permissions (bsc#bsc#1120110) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1258=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1258=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1258=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.3.1-5.7.1 postfix-debugsource-3.3.1-5.7.1 postfix-mysql-3.3.1-5.7.1 postfix-mysql-debuginfo-3.3.1-5.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): postfix-debuginfo-3.3.1-5.7.1 postfix-debugsource-3.3.1-5.7.1 postfix-lmdb-3.3.1-5.7.1 postfix-lmdb-debuginfo-3.3.1-5.7.1 postfix-postgresql-3.3.1-5.7.1 postfix-postgresql-debuginfo-3.3.1-5.7.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): postfix-3.3.1-5.7.1 postfix-debuginfo-3.3.1-5.7.1 postfix-debugsource-3.3.1-5.7.1 postfix-devel-3.3.1-5.7.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): postfix-doc-3.3.1-5.7.1 References: https://bugzilla.suse.com/1120110 https://bugzilla.suse.com/1120757 From sle-updates at lists.suse.com Wed May 15 10:11:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 18:11:02 +0200 (CEST) Subject: SUSE-RU-2019:1260-1: moderate: Recommended update for SUSEConnect Message-ID: <20190515161102.342F4FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1260-1 Rating: moderate References: #1128969 #959561 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Does no longer try to remove a service during migration, if a zypper service plugin already exists (bsc#1128969) - Shows non-enabled extensions with a remark about availability - Adds output information about registration and unregistration progress - Output proper message when SUSEConnect is called without parameters (bsc#959561) - Default to https URI when no protocol prefix is provided for --url - Support transactional-update systems (fate#326482) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1260=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.17-3.16.1 References: https://bugzilla.suse.com/1128969 https://bugzilla.suse.com/959561 From sle-updates at lists.suse.com Wed May 15 10:11:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 May 2019 18:11:50 +0200 (CEST) Subject: SUSE-RU-2019:1261-1: moderate: Recommended update for systemd-presets-branding-SLE Message-ID: <20190515161150.15787FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-presets-branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1261-1 Rating: moderate References: #1128428 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd-presets-branding-SLE fixes the following issues: - Enables nvmefc-boot-connections.service to discover network-provided nvme drives on boot (bsc#1128428) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1261=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): systemd-presets-branding-SLE-15.1-13.6.1 References: https://bugzilla.suse.com/1128428 From sle-updates at lists.suse.com Thu May 16 07:34:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 May 2019 15:34:36 +0200 (CEST) Subject: SUSE-SU-2019:1267-1: moderate: Security update for graphviz Message-ID: <20190516133436.7870AFF29@maintenance.suse.de> SUSE Security Update: Security update for graphviz ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1267-1 Rating: moderate References: #1132091 Cross-References: CVE-2019-11023 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphviz fixes the following issues: Security issue fixed: - CVE-2019-11023: Fixed a denial of service vulnerability, which was caused by a NULL pointer dereference in agroot() (bsc#1132091). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1267=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1267=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1267=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1267=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1267=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1267=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-tcl-2.40.1-6.3.2 graphviz-tcl-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-gnome-2.40.1-6.3.2 graphviz-gnome-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-doc-2.40.1-6.3.2 graphviz-gnome-2.40.1-6.3.2 graphviz-gnome-debuginfo-2.40.1-6.3.2 graphviz-guile-2.40.1-6.3.2 graphviz-guile-debuginfo-2.40.1-6.3.2 graphviz-gvedit-2.40.1-6.3.2 graphviz-gvedit-debuginfo-2.40.1-6.3.2 graphviz-java-2.40.1-6.3.2 graphviz-java-debuginfo-2.40.1-6.3.2 graphviz-lua-2.40.1-6.3.2 graphviz-lua-debuginfo-2.40.1-6.3.2 graphviz-php-2.40.1-6.3.2 graphviz-php-debuginfo-2.40.1-6.3.2 graphviz-ruby-2.40.1-6.3.2 graphviz-ruby-debuginfo-2.40.1-6.3.2 graphviz-smyrna-2.40.1-6.3.2 graphviz-smyrna-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-perl-2.40.1-6.3.2 graphviz-perl-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): graphviz-2.40.1-6.3.2 graphviz-debuginfo-2.40.1-6.3.2 graphviz-debugsource-2.40.1-6.3.2 graphviz-devel-2.40.1-6.3.2 graphviz-plugins-core-2.40.1-6.3.2 graphviz-plugins-core-debuginfo-2.40.1-6.3.2 libgraphviz6-2.40.1-6.3.2 libgraphviz6-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-gd-2.40.1-6.3.2 graphviz-gd-debuginfo-2.40.1-6.3.2 graphviz-python-2.40.1-6.3.2 graphviz-python-debuginfo-2.40.1-6.3.2 References: https://www.suse.com/security/cve/CVE-2019-11023.html https://bugzilla.suse.com/1132091 From sle-updates at lists.suse.com Thu May 16 07:35:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 May 2019 15:35:16 +0200 (CEST) Subject: SUSE-SU-2019:1268-1: important: Security update for qemu Message-ID: <20190516133516.264B7FF29@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1268-1 Rating: important References: #1111331 #1129622 #1130675 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-9824 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for qemu fixes the following issues: Following security issues were fixed: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature "md-clear" (bsc#1111331) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1268=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1268=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1268=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1268=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1268=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): qemu-2.6.2-41.52.1 qemu-block-curl-2.6.2-41.52.1 qemu-block-curl-debuginfo-2.6.2-41.52.1 qemu-block-ssh-2.6.2-41.52.1 qemu-block-ssh-debuginfo-2.6.2-41.52.1 qemu-debugsource-2.6.2-41.52.1 qemu-guest-agent-2.6.2-41.52.1 qemu-guest-agent-debuginfo-2.6.2-41.52.1 qemu-kvm-2.6.2-41.52.1 qemu-lang-2.6.2-41.52.1 qemu-tools-2.6.2-41.52.1 qemu-tools-debuginfo-2.6.2-41.52.1 - SUSE OpenStack Cloud 7 (x86_64): qemu-block-rbd-2.6.2-41.52.1 qemu-block-rbd-debuginfo-2.6.2-41.52.1 qemu-x86-2.6.2-41.52.1 qemu-x86-debuginfo-2.6.2-41.52.1 - SUSE OpenStack Cloud 7 (noarch): qemu-ipxe-1.0.0-41.52.1 qemu-seabios-1.9.1-41.52.1 qemu-sgabios-8-41.52.1 qemu-vgabios-1.9.1-41.52.1 - SUSE OpenStack Cloud 7 (s390x): qemu-s390-2.6.2-41.52.1 qemu-s390-debuginfo-2.6.2-41.52.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): qemu-2.6.2-41.52.1 qemu-block-curl-2.6.2-41.52.1 qemu-block-curl-debuginfo-2.6.2-41.52.1 qemu-block-ssh-2.6.2-41.52.1 qemu-block-ssh-debuginfo-2.6.2-41.52.1 qemu-debugsource-2.6.2-41.52.1 qemu-guest-agent-2.6.2-41.52.1 qemu-guest-agent-debuginfo-2.6.2-41.52.1 qemu-lang-2.6.2-41.52.1 qemu-tools-2.6.2-41.52.1 qemu-tools-debuginfo-2.6.2-41.52.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): qemu-ppc-2.6.2-41.52.1 qemu-ppc-debuginfo-2.6.2-41.52.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): qemu-block-rbd-2.6.2-41.52.1 qemu-block-rbd-debuginfo-2.6.2-41.52.1 qemu-kvm-2.6.2-41.52.1 qemu-x86-2.6.2-41.52.1 qemu-x86-debuginfo-2.6.2-41.52.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): qemu-ipxe-1.0.0-41.52.1 qemu-seabios-1.9.1-41.52.1 qemu-sgabios-8-41.52.1 qemu-vgabios-1.9.1-41.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): qemu-2.6.2-41.52.1 qemu-block-curl-2.6.2-41.52.1 qemu-block-curl-debuginfo-2.6.2-41.52.1 qemu-block-ssh-2.6.2-41.52.1 qemu-block-ssh-debuginfo-2.6.2-41.52.1 qemu-debugsource-2.6.2-41.52.1 qemu-guest-agent-2.6.2-41.52.1 qemu-guest-agent-debuginfo-2.6.2-41.52.1 qemu-lang-2.6.2-41.52.1 qemu-tools-2.6.2-41.52.1 qemu-tools-debuginfo-2.6.2-41.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): qemu-kvm-2.6.2-41.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le): qemu-ppc-2.6.2-41.52.1 qemu-ppc-debuginfo-2.6.2-41.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): qemu-ipxe-1.0.0-41.52.1 qemu-seabios-1.9.1-41.52.1 qemu-sgabios-8-41.52.1 qemu-vgabios-1.9.1-41.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): qemu-block-rbd-2.6.2-41.52.1 qemu-block-rbd-debuginfo-2.6.2-41.52.1 qemu-x86-2.6.2-41.52.1 qemu-x86-debuginfo-2.6.2-41.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): qemu-s390-2.6.2-41.52.1 qemu-s390-debuginfo-2.6.2-41.52.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): qemu-ipxe-1.0.0-41.52.1 qemu-seabios-1.9.1-41.52.1 qemu-sgabios-8-41.52.1 qemu-vgabios-1.9.1-41.52.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): qemu-2.6.2-41.52.1 qemu-block-curl-2.6.2-41.52.1 qemu-block-curl-debuginfo-2.6.2-41.52.1 qemu-block-rbd-2.6.2-41.52.1 qemu-block-rbd-debuginfo-2.6.2-41.52.1 qemu-block-ssh-2.6.2-41.52.1 qemu-block-ssh-debuginfo-2.6.2-41.52.1 qemu-debugsource-2.6.2-41.52.1 qemu-guest-agent-2.6.2-41.52.1 qemu-guest-agent-debuginfo-2.6.2-41.52.1 qemu-kvm-2.6.2-41.52.1 qemu-lang-2.6.2-41.52.1 qemu-tools-2.6.2-41.52.1 qemu-tools-debuginfo-2.6.2-41.52.1 qemu-x86-2.6.2-41.52.1 qemu-x86-debuginfo-2.6.2-41.52.1 - SUSE Enterprise Storage 4 (x86_64): qemu-2.6.2-41.52.1 qemu-block-curl-2.6.2-41.52.1 qemu-block-curl-debuginfo-2.6.2-41.52.1 qemu-block-rbd-2.6.2-41.52.1 qemu-block-rbd-debuginfo-2.6.2-41.52.1 qemu-block-ssh-2.6.2-41.52.1 qemu-block-ssh-debuginfo-2.6.2-41.52.1 qemu-debugsource-2.6.2-41.52.1 qemu-guest-agent-2.6.2-41.52.1 qemu-guest-agent-debuginfo-2.6.2-41.52.1 qemu-kvm-2.6.2-41.52.1 qemu-lang-2.6.2-41.52.1 qemu-tools-2.6.2-41.52.1 qemu-tools-debuginfo-2.6.2-41.52.1 qemu-x86-2.6.2-41.52.1 qemu-x86-debuginfo-2.6.2-41.52.1 - SUSE Enterprise Storage 4 (noarch): qemu-ipxe-1.0.0-41.52.1 qemu-seabios-1.9.1-41.52.1 qemu-sgabios-8-41.52.1 qemu-vgabios-1.9.1-41.52.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-20815.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1129622 https://bugzilla.suse.com/1130675 From sle-updates at lists.suse.com Thu May 16 07:37:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 May 2019 15:37:42 +0200 (CEST) Subject: SUSE-SU-2019:1265-1: important: Security update for systemd Message-ID: <20190516133742.CB59EFF29@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1265-1 Rating: important References: #1080919 #1121563 #1125352 #1126056 #1127557 #1128657 #1130230 #1132348 #1132400 #1132721 #955942 Cross-References: CVE-2018-6954 CVE-2019-3842 CVE-2019-6454 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has 8 fixes is now available. Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657) - rules: load drivers only on "add" events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - Do not automatically online memory on s390x (bsc#1127557) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1265=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1265=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1265=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1265=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1265=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1265=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1265=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1265=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1265=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1265=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1265=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1265=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libsystemd0-228-150.66.4 libsystemd0-32bit-228-150.66.4 libsystemd0-debuginfo-228-150.66.4 libsystemd0-debuginfo-32bit-228-150.66.4 libudev-devel-228-150.66.4 libudev1-228-150.66.4 libudev1-32bit-228-150.66.4 libudev1-debuginfo-228-150.66.4 libudev1-debuginfo-32bit-228-150.66.4 systemd-228-150.66.4 systemd-32bit-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debuginfo-32bit-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-sysvinit-228-150.66.4 udev-228-150.66.4 udev-debuginfo-228-150.66.4 - SUSE OpenStack Cloud 7 (noarch): systemd-bash-completion-228-150.66.4 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-devel-228-150.66.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-devel-228-150.66.4 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsystemd0-228-150.66.4 libsystemd0-debuginfo-228-150.66.4 libudev-devel-228-150.66.4 libudev1-228-150.66.4 libudev1-debuginfo-228-150.66.4 systemd-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-sysvinit-228-150.66.4 udev-228-150.66.4 udev-debuginfo-228-150.66.4 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): systemd-bash-completion-228-150.66.4 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsystemd0-32bit-228-150.66.4 libsystemd0-debuginfo-32bit-228-150.66.4 libudev1-32bit-228-150.66.4 libudev1-debuginfo-32bit-228-150.66.4 systemd-32bit-228-150.66.4 systemd-debuginfo-32bit-228-150.66.4 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.66.4 libsystemd0-debuginfo-228-150.66.4 libudev1-228-150.66.4 libudev1-debuginfo-228-150.66.4 systemd-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-sysvinit-228-150.66.4 udev-228-150.66.4 udev-debuginfo-228-150.66.4 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsystemd0-32bit-228-150.66.4 libsystemd0-debuginfo-32bit-228-150.66.4 libudev1-32bit-228-150.66.4 libudev1-debuginfo-32bit-228-150.66.4 systemd-32bit-228-150.66.4 systemd-debuginfo-32bit-228-150.66.4 - SUSE Linux Enterprise Server 12-SP4 (noarch): systemd-bash-completion-228-150.66.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.66.4 libsystemd0-debuginfo-228-150.66.4 libudev1-228-150.66.4 libudev1-debuginfo-228-150.66.4 systemd-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-sysvinit-228-150.66.4 udev-228-150.66.4 udev-debuginfo-228-150.66.4 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsystemd0-32bit-228-150.66.4 libsystemd0-debuginfo-32bit-228-150.66.4 libudev1-32bit-228-150.66.4 libudev1-debuginfo-32bit-228-150.66.4 systemd-32bit-228-150.66.4 systemd-debuginfo-32bit-228-150.66.4 - SUSE Linux Enterprise Server 12-SP3 (noarch): systemd-bash-completion-228-150.66.4 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsystemd0-228-150.66.4 libsystemd0-debuginfo-228-150.66.4 libudev-devel-228-150.66.4 libudev1-228-150.66.4 libudev1-debuginfo-228-150.66.4 systemd-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-sysvinit-228-150.66.4 udev-228-150.66.4 udev-debuginfo-228-150.66.4 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsystemd0-32bit-228-150.66.4 libsystemd0-debuginfo-32bit-228-150.66.4 libudev1-32bit-228-150.66.4 libudev1-debuginfo-32bit-228-150.66.4 systemd-32bit-228-150.66.4 systemd-debuginfo-32bit-228-150.66.4 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): systemd-bash-completion-228-150.66.4 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): systemd-bash-completion-228-150.66.4 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsystemd0-228-150.66.4 libsystemd0-32bit-228-150.66.4 libsystemd0-debuginfo-228-150.66.4 libsystemd0-debuginfo-32bit-228-150.66.4 libudev1-228-150.66.4 libudev1-32bit-228-150.66.4 libudev1-debuginfo-228-150.66.4 libudev1-debuginfo-32bit-228-150.66.4 systemd-228-150.66.4 systemd-32bit-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debuginfo-32bit-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-sysvinit-228-150.66.4 udev-228-150.66.4 udev-debuginfo-228-150.66.4 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsystemd0-228-150.66.4 libsystemd0-32bit-228-150.66.4 libsystemd0-debuginfo-228-150.66.4 libsystemd0-debuginfo-32bit-228-150.66.4 libudev1-228-150.66.4 libudev1-32bit-228-150.66.4 libudev1-debuginfo-228-150.66.4 libudev1-debuginfo-32bit-228-150.66.4 systemd-228-150.66.4 systemd-32bit-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debuginfo-32bit-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-sysvinit-228-150.66.4 udev-228-150.66.4 udev-debuginfo-228-150.66.4 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): systemd-bash-completion-228-150.66.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsystemd0-228-150.66.4 libsystemd0-32bit-228-150.66.4 libsystemd0-debuginfo-228-150.66.4 libsystemd0-debuginfo-32bit-228-150.66.4 libudev1-228-150.66.4 libudev1-32bit-228-150.66.4 libudev1-debuginfo-228-150.66.4 libudev1-debuginfo-32bit-228-150.66.4 systemd-228-150.66.4 systemd-32bit-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debuginfo-32bit-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-sysvinit-228-150.66.4 udev-228-150.66.4 udev-debuginfo-228-150.66.4 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): systemd-bash-completion-228-150.66.4 - SUSE Enterprise Storage 4 (noarch): systemd-bash-completion-228-150.66.4 - SUSE Enterprise Storage 4 (x86_64): libsystemd0-228-150.66.4 libsystemd0-32bit-228-150.66.4 libsystemd0-debuginfo-228-150.66.4 libsystemd0-debuginfo-32bit-228-150.66.4 libudev-devel-228-150.66.4 libudev1-228-150.66.4 libudev1-32bit-228-150.66.4 libudev1-debuginfo-228-150.66.4 libudev1-debuginfo-32bit-228-150.66.4 systemd-228-150.66.4 systemd-32bit-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debuginfo-32bit-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-sysvinit-228-150.66.4 udev-228-150.66.4 udev-debuginfo-228-150.66.4 - SUSE CaaS Platform ALL (x86_64): libsystemd0-228-150.66.4 libsystemd0-debuginfo-228-150.66.4 libudev1-228-150.66.4 libudev1-debuginfo-228-150.66.4 systemd-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-sysvinit-228-150.66.4 udev-228-150.66.4 udev-debuginfo-228-150.66.4 - SUSE CaaS Platform 3.0 (x86_64): libsystemd0-228-150.66.4 libsystemd0-debuginfo-228-150.66.4 libudev1-228-150.66.4 libudev1-debuginfo-228-150.66.4 systemd-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-sysvinit-228-150.66.4 udev-228-150.66.4 udev-debuginfo-228-150.66.4 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsystemd0-228-150.66.4 libsystemd0-debuginfo-228-150.66.4 libudev1-228-150.66.4 libudev1-debuginfo-228-150.66.4 systemd-228-150.66.4 systemd-debuginfo-228-150.66.4 systemd-debugsource-228-150.66.4 systemd-sysvinit-228-150.66.4 udev-228-150.66.4 udev-debuginfo-228-150.66.4 References: https://www.suse.com/security/cve/CVE-2018-6954.html https://www.suse.com/security/cve/CVE-2019-3842.html https://www.suse.com/security/cve/CVE-2019-6454.html https://bugzilla.suse.com/1080919 https://bugzilla.suse.com/1121563 https://bugzilla.suse.com/1125352 https://bugzilla.suse.com/1126056 https://bugzilla.suse.com/1127557 https://bugzilla.suse.com/1128657 https://bugzilla.suse.com/1130230 https://bugzilla.suse.com/1132348 https://bugzilla.suse.com/1132400 https://bugzilla.suse.com/1132721 https://bugzilla.suse.com/955942 From sle-updates at lists.suse.com Thu May 16 07:40:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 May 2019 15:40:31 +0200 (CEST) Subject: SUSE-SU-2019:1264-1: important: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork Message-ID: <20190516134031.4750FFF29@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1264-1 Rating: important References: #1114209 #1114832 #1118897 #1118898 #1118899 #1121397 #1123013 #1128376 #1128746 #1134068 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-6486 Affected Products: SUSE Linux Enterprise Module for Containers 12 SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves four vulnerabilities and has 6 fixes is now available. Description: This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go security release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, boo#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, boo#1134068). - Update to Docker 18.09.6-ce see upstream changelog in the packaged - Move daemon.json file to /etc/docker directory (bsc#1114832). - docker-test: Improvements to test packaging (bsc#1128746). - Update to go1.11.9 (released 2019/04/11) - Fix go build failures (bsc#1121397). - Update to golang-github-docker-libnetwork version git.872f0a83c98add6cae255c8859e29532febc0039 which is required for Docker v18.09.6-ce. - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-1264=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1264=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-1.2.5-16.17.2 docker-18.09.6_ce-98.37.1 docker-debuginfo-18.09.6_ce-98.37.1 docker-debugsource-18.09.6_ce-98.37.1 docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2726_872f0a83c98a-19.1 docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1 - SUSE CaaS Platform 3.0 (x86_64): containerd-kubic-1.2.5-16.17.2 docker-kubic-18.09.6_ce-98.37.1 docker-kubic-debuginfo-18.09.6_ce-98.37.1 docker-kubic-debugsource-18.09.6_ce-98.37.1 docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1 docker-libnetwork-kubic-debuginfo-0.7.0.1+gitr2726_872f0a83c98a-19.1 docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1 docker-runc-kubic-debuginfo-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1 docker-runc-kubic-debugsource-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): containerd-1.2.5-16.17.2 docker-18.09.6_ce-98.37.1 docker-debuginfo-18.09.6_ce-98.37.1 docker-debugsource-18.09.6_ce-98.37.1 docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2726_872f0a83c98a-19.1 docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://www.suse.com/security/cve/CVE-2019-6486.html https://bugzilla.suse.com/1114209 https://bugzilla.suse.com/1114832 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 https://bugzilla.suse.com/1121397 https://bugzilla.suse.com/1123013 https://bugzilla.suse.com/1128376 https://bugzilla.suse.com/1128746 https://bugzilla.suse.com/1134068 From sle-updates at lists.suse.com Thu May 16 07:42:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 May 2019 15:42:24 +0200 (CEST) Subject: SUSE-SU-2019:1266-1: moderate: Security update for evolution Message-ID: <20190516134224.85FDBFF29@maintenance.suse.de> SUSE Security Update: Security update for evolution ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1266-1 Rating: moderate References: #1125230 Cross-References: CVE-2018-15587 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for evolution fixes the following issues: Security issue fixed: - CVE-2018-15587: Fixed an issue with spoofed pgp signatures by using specially crafted emails (bsc#1125230). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1266=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1266=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): evolution-3.26.6-4.3.1 evolution-debuginfo-3.26.6-4.3.1 evolution-debugsource-3.26.6-4.3.1 evolution-devel-3.26.6-4.3.1 evolution-plugin-bogofilter-3.26.6-4.3.1 evolution-plugin-bogofilter-debuginfo-3.26.6-4.3.1 evolution-plugin-pst-import-3.26.6-4.3.1 evolution-plugin-pst-import-debuginfo-3.26.6-4.3.1 evolution-plugin-spamassassin-3.26.6-4.3.1 evolution-plugin-spamassassin-debuginfo-3.26.6-4.3.1 - SUSE Linux Enterprise Workstation Extension 15 (noarch): evolution-lang-3.26.6-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): evolution-debuginfo-3.26.6-4.3.1 evolution-debugsource-3.26.6-4.3.1 glade-catalog-evolution-3.26.6-4.3.1 glade-catalog-evolution-debuginfo-3.26.6-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-15587.html https://bugzilla.suse.com/1125230 From sle-updates at lists.suse.com Thu May 16 10:09:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 May 2019 18:09:58 +0200 (CEST) Subject: SUSE-SU-2019:14051-1: important: Security update for the Linux Kernel Message-ID: <20190516160958.B398CFF27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14051-1 Rating: important References: #1082943 #1094244 #1103186 #1106886 #1110436 #1111331 #1112178 #1117515 #1119019 #1127082 #1127376 #1127445 #1127534 #1127738 #1128166 #1128383 #1129248 #1129437 #1129439 #1129770 #1130353 #1130384 #1131107 #1131587 #1132589 #773383 #774523 #797175 #800280 #801178 #816708 Cross-References: CVE-2012-3412 CVE-2012-3430 CVE-2013-0160 CVE-2013-0216 CVE-2013-0231 CVE-2013-1979 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 20 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2019-9213: The expand_downwards function in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2013-0216: The Xen netback functionality allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption (bnc#800280). - CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. (bnc#801178). - CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c did not initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via a recvfrom or recvmsg system call on an RDS socket (bnc#773383). - CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value (bnc#774523). - CVE-2013-0160: The kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device (bnc#797175). - CVE-2013-1979: The scm_set_cred function in include/net/scm.h uses incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application (bnc#816708). The following non-security bugs were fixed: - Add opcodes from net: filter: BPF 'JIT' compiler for PPC64 (bsc#1131107). - EHCI: improved logic for isochronous scheduling (bsc#1117515). - KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129439). - USB: Add new USB LPM helpers (bsc#1129770). - USB: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770). - USB: EHCI: add new root-hub state: STOPPING (bsc#1117515). - USB: EHCI: add pointer to end of async-unlink list (bsc#1117515). - USB: EHCI: add symbolic constants for QHs (bsc#1117515). - USB: EHCI: always scan each interrupt QH (bsc#1117515). - USB: EHCI: do not lose events during a scan (bsc#1117515). - USB: EHCI: do not refcount QHs (bsc#1117515). - USB: EHCI: do not refcount iso_stream structures (bsc#1117515). - USB: EHCI: fix initialization bug in iso_stream_schedule() (bsc#1117515). - USB: EHCI: fix up locking (bsc#1117515). - USB: EHCI: initialize data before resetting hardware (bsc#1117515). - USB: EHCI: introduce high-res timer (bsc#1117515). - USB: EHCI: remove PS3 status polling (bsc#1117515). - USB: EHCI: remove unneeded suspend/resume code (bsc#1117515). - USB: EHCI: rename "reclaim" (bsc#1117515). - USB: EHCI: resolve some unlikely races (bsc#1117515). - USB: EHCI: return void instead of 0 (bsc#1117515). - USB: EHCI: simplify isochronous scanning (bsc#1117515). - USB: EHCI: unlink multiple async QHs together (bsc#1117515). - USB: EHCI: use hrtimer for (s)iTD deallocation (bsc#1117515). - USB: EHCI: use hrtimer for async schedule (bsc#1117515). - USB: EHCI: use hrtimer for controller death (bsc#1117515). - USB: EHCI: use hrtimer for interrupt QH unlink (bsc#1117515). - USB: EHCI: use hrtimer for the I/O watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the IAA watchdog (bsc#1117515). - USB: EHCI: use hrtimer for the periodic schedule (bsc#1117515). - USB: EHCI: use hrtimer for unlinking empty async QHs (bsc#1117515). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - drm: Fix error handling in drm_legacy_addctx (bsc#1106886) - ext3: Set bitmap tails when growing filesystem (bsc#1128383). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106886) - iommu/vt-d: Check capability before disabling protected memory (bsc#1130353). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129248). - kernel/watchdog.c: control hard lockup detection default (bsc#1110436). - kvm: ensure hard lockup detection is disabled by default (bsc#1110436). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129437). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/mmap)). - mpt2sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (bsc#1130384). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/qeth: cancel close_dev work before removing a card (LTC#175048, bsc#1127376). - s390/qeth: fix use-after-free in error path (LTC#175048, bsc#1127376, bsc#1127534). - s390/qeth: handle failure on workqueue creation (LTC#175048, bsc#1127376). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - sched/core: Optimize SCHED_SMT (bsc#1111331). - sched/smt: Expose sched_smt_present static key (bsc#1111331). - sched/smt: Make sched_smt_present track topology (bsc#1111331). - sched/smt: Update sched_smt_present at runtime (bsc#1111331). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: qla2xxx: do not disable a not previously enabled PCI device (bsc#1127738). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Rework SMT state change (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kernel-20190508-14051=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20190508-14051=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-20190508-14051=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): kernel-default-3.0.101-108.90.1 kernel-default-base-3.0.101-108.90.1 kernel-default-devel-3.0.101-108.90.1 kernel-source-3.0.101-108.90.1 kernel-syms-3.0.101-108.90.1 kernel-trace-3.0.101-108.90.1 kernel-trace-base-3.0.101-108.90.1 kernel-trace-devel-3.0.101-108.90.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): kernel-ec2-3.0.101-108.90.1 kernel-ec2-base-3.0.101-108.90.1 kernel-ec2-devel-3.0.101-108.90.1 kernel-xen-3.0.101-108.90.1 kernel-xen-base-3.0.101-108.90.1 kernel-xen-devel-3.0.101-108.90.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): kernel-bigmem-3.0.101-108.90.1 kernel-bigmem-base-3.0.101-108.90.1 kernel-bigmem-devel-3.0.101-108.90.1 kernel-ppc64-3.0.101-108.90.1 kernel-ppc64-base-3.0.101-108.90.1 kernel-ppc64-devel-3.0.101-108.90.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x): kernel-default-man-3.0.101-108.90.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): kernel-pae-3.0.101-108.90.1 kernel-pae-base-3.0.101-108.90.1 kernel-pae-devel-3.0.101-108.90.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.90.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.90.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.90.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.90.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.90.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.90.1 kernel-default-debugsource-3.0.101-108.90.1 kernel-trace-debuginfo-3.0.101-108.90.1 kernel-trace-debugsource-3.0.101-108.90.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.90.1 kernel-trace-devel-debuginfo-3.0.101-108.90.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.90.1 kernel-ec2-debugsource-3.0.101-108.90.1 kernel-xen-debuginfo-3.0.101-108.90.1 kernel-xen-debugsource-3.0.101-108.90.1 kernel-xen-devel-debuginfo-3.0.101-108.90.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.90.1 kernel-bigmem-debugsource-3.0.101-108.90.1 kernel-ppc64-debuginfo-3.0.101-108.90.1 kernel-ppc64-debugsource-3.0.101-108.90.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.90.1 kernel-pae-debugsource-3.0.101-108.90.1 kernel-pae-devel-debuginfo-3.0.101-108.90.1 References: https://www.suse.com/security/cve/CVE-2012-3412.html https://www.suse.com/security/cve/CVE-2012-3430.html https://www.suse.com/security/cve/CVE-2013-0160.html https://www.suse.com/security/cve/CVE-2013-0216.html https://www.suse.com/security/cve/CVE-2013-0231.html https://www.suse.com/security/cve/CVE-2013-1979.html https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1082943 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1103186 https://bugzilla.suse.com/1106886 https://bugzilla.suse.com/1110436 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1117515 https://bugzilla.suse.com/1119019 https://bugzilla.suse.com/1127082 https://bugzilla.suse.com/1127376 https://bugzilla.suse.com/1127445 https://bugzilla.suse.com/1127534 https://bugzilla.suse.com/1127738 https://bugzilla.suse.com/1128166 https://bugzilla.suse.com/1128383 https://bugzilla.suse.com/1129248 https://bugzilla.suse.com/1129437 https://bugzilla.suse.com/1129439 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130353 https://bugzilla.suse.com/1130384 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1132589 https://bugzilla.suse.com/773383 https://bugzilla.suse.com/774523 https://bugzilla.suse.com/797175 https://bugzilla.suse.com/800280 https://bugzilla.suse.com/801178 https://bugzilla.suse.com/816708 From sle-updates at lists.suse.com Thu May 16 10:12:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 May 2019 18:12:27 +0200 (CEST) Subject: SUSE-SU-2019:1269-1: important: Security update for qemu Message-ID: <20190516161227.AA0D0FF29@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1269-1 Rating: important References: #1111331 #1129622 #1130675 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for qemu fixes the following issues: Following security issues were fixed: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature "md-clear" (bsc#1111331) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1269=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1269=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): qemu-2.3.1-33.23.1 qemu-block-curl-2.3.1-33.23.1 qemu-block-curl-debuginfo-2.3.1-33.23.1 qemu-block-rbd-2.3.1-33.23.1 qemu-block-rbd-debuginfo-2.3.1-33.23.1 qemu-debugsource-2.3.1-33.23.1 qemu-guest-agent-2.3.1-33.23.1 qemu-guest-agent-debuginfo-2.3.1-33.23.1 qemu-kvm-2.3.1-33.23.1 qemu-lang-2.3.1-33.23.1 qemu-tools-2.3.1-33.23.1 qemu-tools-debuginfo-2.3.1-33.23.1 qemu-x86-2.3.1-33.23.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): qemu-ipxe-1.0.0-33.23.1 qemu-seabios-1.8.1-33.23.1 qemu-sgabios-8-33.23.1 qemu-vgabios-1.8.1-33.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): qemu-2.3.1-33.23.1 qemu-block-curl-2.3.1-33.23.1 qemu-block-curl-debuginfo-2.3.1-33.23.1 qemu-debugsource-2.3.1-33.23.1 qemu-guest-agent-2.3.1-33.23.1 qemu-guest-agent-debuginfo-2.3.1-33.23.1 qemu-lang-2.3.1-33.23.1 qemu-tools-2.3.1-33.23.1 qemu-tools-debuginfo-2.3.1-33.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): qemu-kvm-2.3.1-33.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le): qemu-ppc-2.3.1-33.23.1 qemu-ppc-debuginfo-2.3.1-33.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): qemu-block-rbd-2.3.1-33.23.1 qemu-block-rbd-debuginfo-2.3.1-33.23.1 qemu-x86-2.3.1-33.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): qemu-ipxe-1.0.0-33.23.1 qemu-seabios-1.8.1-33.23.1 qemu-sgabios-8-33.23.1 qemu-vgabios-1.8.1-33.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): qemu-s390-2.3.1-33.23.1 qemu-s390-debuginfo-2.3.1-33.23.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-20815.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1129622 https://bugzilla.suse.com/1130675 From sle-updates at lists.suse.com Thu May 16 13:08:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 May 2019 21:08:48 +0200 (CEST) Subject: SUSE-RU-2019:1273-1: moderate: Recommended update for patterns-sap Message-ID: <20190516190848.B34D5FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1273-1 Rating: moderate References: #1132119 Affected Products: SUSE Linux Enterprise Server for SAP 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-sap fixes the following issues: - The newest HANA 2 SPS04 Installer requires additional libraries for the installation. (bnc#1132119) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2019-1273=1 Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): patterns-sap-b1-12-9.3.1 patterns-sap-hana-12-9.3.1 patterns-sap-nw-12-9.3.1 References: https://bugzilla.suse.com/1132119 From sle-updates at lists.suse.com Thu May 16 13:09:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 May 2019 21:09:23 +0200 (CEST) Subject: SUSE-SU-2019:1272-1: important: Security update for qemu Message-ID: <20190516190923.9E6C2FF27@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1272-1 Rating: important References: #1111331 #1129622 #1130675 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature "md-clear" (bsc#1111331) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1272=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): qemu-2.0.2-48.52.1 qemu-block-curl-2.0.2-48.52.1 qemu-block-curl-debuginfo-2.0.2-48.52.1 qemu-debugsource-2.0.2-48.52.1 qemu-guest-agent-2.0.2-48.52.1 qemu-guest-agent-debuginfo-2.0.2-48.52.1 qemu-lang-2.0.2-48.52.1 qemu-tools-2.0.2-48.52.1 qemu-tools-debuginfo-2.0.2-48.52.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): qemu-kvm-2.0.2-48.52.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le): qemu-ppc-2.0.2-48.52.1 qemu-ppc-debuginfo-2.0.2-48.52.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): qemu-block-rbd-2.0.2-48.52.1 qemu-block-rbd-debuginfo-2.0.2-48.52.1 qemu-x86-2.0.2-48.52.1 qemu-x86-debuginfo-2.0.2-48.52.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): qemu-ipxe-1.0.0-48.52.1 qemu-seabios-1.7.4-48.52.1 qemu-sgabios-8-48.52.1 qemu-vgabios-1.7.4-48.52.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): qemu-s390-2.0.2-48.52.1 qemu-s390-debuginfo-2.0.2-48.52.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-20815.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1129622 https://bugzilla.suse.com/1130675 From sle-updates at lists.suse.com Fri May 17 04:09:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 May 2019 12:09:13 +0200 (CEST) Subject: SUSE-RU-2019:1275-1: moderate: Recommended update for gtk3 Message-ID: <20190517100913.B6CA5FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for gtk3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1275-1 Rating: moderate References: #1134062 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gtk3 provides the following fixes: - Set a transparent background for windows to prevent them to blink black when opened. (bsc#1134062) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1275=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1275=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): gtk3-debugsource-3.22.30-4.11.1 gtk3-immodule-amharic-3.22.30-4.11.1 gtk3-immodule-amharic-debuginfo-3.22.30-4.11.1 gtk3-immodule-broadway-3.22.30-4.11.1 gtk3-immodule-broadway-debuginfo-3.22.30-4.11.1 gtk3-immodule-inuktitut-3.22.30-4.11.1 gtk3-immodule-inuktitut-debuginfo-3.22.30-4.11.1 gtk3-immodule-multipress-3.22.30-4.11.1 gtk3-immodule-multipress-debuginfo-3.22.30-4.11.1 gtk3-immodule-thai-3.22.30-4.11.1 gtk3-immodule-thai-debuginfo-3.22.30-4.11.1 gtk3-immodule-vietnamese-3.22.30-4.11.1 gtk3-immodule-vietnamese-debuginfo-3.22.30-4.11.1 gtk3-immodule-xim-3.22.30-4.11.1 gtk3-immodule-xim-debuginfo-3.22.30-4.11.1 gtk3-immodules-tigrigna-3.22.30-4.11.1 gtk3-immodules-tigrigna-debuginfo-3.22.30-4.11.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): gtk3-branding-upstream-3.22.30-4.11.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gettext-its-gtk3-3.22.30-4.11.1 gtk3-debugsource-3.22.30-4.11.1 gtk3-devel-3.22.30-4.11.1 gtk3-devel-debuginfo-3.22.30-4.11.1 gtk3-tools-3.22.30-4.11.1 gtk3-tools-debuginfo-3.22.30-4.11.1 libgtk-3-0-3.22.30-4.11.1 libgtk-3-0-debuginfo-3.22.30-4.11.1 typelib-1_0-Gtk-3_0-3.22.30-4.11.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): gtk3-data-3.22.30-4.11.1 gtk3-lang-3.22.30-4.11.1 gtk3-schema-3.22.30-4.11.1 References: https://bugzilla.suse.com/1134062 From sle-updates at lists.suse.com Fri May 17 04:09:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 May 2019 12:09:51 +0200 (CEST) Subject: SUSE-RU-2019:1274-1: moderate: Recommended update for systemtap Message-ID: <20190517100951.5DF4BFF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemtap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1274-1 Rating: moderate References: #1132538 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemtap fixes the following issues: - Fixes an issue where systemtap-server and systemtap client didn't work (bsc#1132538) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1274=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): systemtap-3.2-7.9.1 systemtap-debuginfo-3.2-7.9.1 systemtap-debugsource-3.2-7.9.1 systemtap-headers-3.2-7.9.1 systemtap-runtime-3.2-7.9.1 systemtap-runtime-debuginfo-3.2-7.9.1 systemtap-sdt-devel-3.2-7.9.1 systemtap-server-3.2-7.9.1 systemtap-server-debuginfo-3.2-7.9.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): systemtap-docs-3.2-7.9.1 References: https://bugzilla.suse.com/1132538 From sle-updates at lists.suse.com Fri May 17 07:09:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 May 2019 15:09:09 +0200 (CEST) Subject: SUSE-RU-2019:1279-1: moderate: Recommended update for targetcli-fb Message-ID: <20190517130909.44731FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for targetcli-fb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1279-1 Rating: moderate References: #1127574 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for targetcli-fb fixes the following issues: - Add missing dependency for python-urwid which caused runtime error (bsc#1127574) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1279=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1279=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): targetcli-fb-2.1.43-7.6.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): targetcli-fb-2.1.43-7.6.1 References: https://bugzilla.suse.com/1127574 From sle-updates at lists.suse.com Fri May 17 07:09:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 May 2019 15:09:46 +0200 (CEST) Subject: SUSE-RU-2019:1278-1: moderate: Recommended update for logrotate Message-ID: <20190517130946.3D6C9FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1278-1 Rating: moderate References: #1131477 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for logrotate fixes the following issue: - Trigger the rotation of weekly events more predictably [bsc#1131477] Introduce an optional argument for the 'weekly' directive to trigger the rotation on a selected day of the week. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1278=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1278=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1278=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1278=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): logrotate-3.11.0-2.14.1 logrotate-debuginfo-3.11.0-2.14.1 logrotate-debugsource-3.11.0-2.14.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): logrotate-3.11.0-2.14.1 logrotate-debuginfo-3.11.0-2.14.1 logrotate-debugsource-3.11.0-2.14.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): logrotate-3.11.0-2.14.1 logrotate-debuginfo-3.11.0-2.14.1 logrotate-debugsource-3.11.0-2.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): logrotate-3.11.0-2.14.1 logrotate-debuginfo-3.11.0-2.14.1 logrotate-debugsource-3.11.0-2.14.1 - SUSE CaaS Platform ALL (x86_64): logrotate-3.11.0-2.14.1 logrotate-debuginfo-3.11.0-2.14.1 logrotate-debugsource-3.11.0-2.14.1 - SUSE CaaS Platform 3.0 (x86_64): logrotate-3.11.0-2.14.1 logrotate-debuginfo-3.11.0-2.14.1 logrotate-debugsource-3.11.0-2.14.1 References: https://bugzilla.suse.com/1131477 From sle-updates at lists.suse.com Fri May 17 07:10:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 May 2019 15:10:21 +0200 (CEST) Subject: SUSE-RU-2019:1277-1: moderate: Recommended update for kernel-firmware Message-ID: <20190517131021.BFC63FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1277-1 Rating: moderate References: #1128292 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kernel-firmware fixes the following issues: - Update cxgb4 firmware to 1.22.9.0 (bsc#1128292) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1277=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1277=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-firmware-20180525-5.3.1 ucode-amd-20180525-5.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-firmware-20180525-5.3.1 ucode-amd-20180525-5.3.1 References: https://bugzilla.suse.com/1128292 From sle-updates at lists.suse.com Fri May 17 10:10:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 May 2019 18:10:27 +0200 (CEST) Subject: SUSE-RU-2019:1280-1: moderate: Recommended update for MozillaFirefox Message-ID: <20190517161027.EB8B3FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1280-1 Rating: moderate References: #1134126 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 60.6.3 (bmo#1549249): * Further improvements to re-enable web extensions which had been disabled for users with a master password set. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1280=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1280=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1280=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1280=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1280=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1280=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1280=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1280=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1280=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1280=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1280=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1280=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1280=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1280=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.6.3esr-109.69.1 MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-devel-60.6.3esr-109.69.1 MozillaFirefox-translations-common-60.6.3esr-109.69.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-devel-60.6.3esr-109.69.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-devel-60.6.3esr-109.69.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.6.3esr-109.69.1 MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-devel-60.6.3esr-109.69.1 MozillaFirefox-translations-common-60.6.3esr-109.69.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.6.3esr-109.69.1 MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-devel-60.6.3esr-109.69.1 MozillaFirefox-translations-common-60.6.3esr-109.69.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.6.3esr-109.69.1 MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-translations-common-60.6.3esr-109.69.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.6.3esr-109.69.1 MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-translations-common-60.6.3esr-109.69.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.6.3esr-109.69.1 MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-devel-60.6.3esr-109.69.1 MozillaFirefox-translations-common-60.6.3esr-109.69.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-60.6.3esr-109.69.1 MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-devel-60.6.3esr-109.69.1 MozillaFirefox-translations-common-60.6.3esr-109.69.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.6.3esr-109.69.1 MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-devel-60.6.3esr-109.69.1 MozillaFirefox-translations-common-60.6.3esr-109.69.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.6.3esr-109.69.1 MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-devel-60.6.3esr-109.69.1 MozillaFirefox-translations-common-60.6.3esr-109.69.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.6.3esr-109.69.1 MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-translations-common-60.6.3esr-109.69.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-60.6.3esr-109.69.1 MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-translations-common-60.6.3esr-109.69.1 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.6.3esr-109.69.1 MozillaFirefox-debuginfo-60.6.3esr-109.69.1 MozillaFirefox-debugsource-60.6.3esr-109.69.1 MozillaFirefox-devel-60.6.3esr-109.69.1 MozillaFirefox-translations-common-60.6.3esr-109.69.1 References: https://bugzilla.suse.com/1134126 From sle-updates at lists.suse.com Fri May 17 10:11:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 May 2019 18:11:21 +0200 (CEST) Subject: SUSE-RU-2019:1281-1: moderate: Recommended update for azure-li-services Message-ID: <20190517161121.595B1FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-li-services ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1281-1 Rating: moderate References: #1133162 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for azure-li-services to 1.1.31 fixes the following issues: - Umount LUN only on cleanup If one service(A) needs the LUN and another service(B) that needs the LUN too runs in parallel a potential race condition exists in a way the service A could have umounted the LUN exactly at a time service B accesses it. Thus this patch changes the services such that only the last service, the cleanup service umounts the LUN. - Load softdog module when STONITH is set up It loads the module and make the load boot persistant - Fixup system-setup service dependencies The setup of the stonith SBD device requires the network to be up beforehand because the target is an iSCSI endpoint. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1281=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): azure-li-services-1.1.31-1.20.1 References: https://bugzilla.suse.com/1133162 From sle-updates at lists.suse.com Fri May 17 10:12:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 May 2019 18:12:09 +0200 (CEST) Subject: SUSE-RU-2019:1282-1: moderate: Recommended update for azure-li-services Message-ID: <20190517161209.401F8FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for azure-li-services ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1282-1 Rating: moderate References: #1133162 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for azure-li-services to 1.1.31 fixes the following issues: - Umount LUN only on cleanup If one service(A) needs the LUN and another service(B) that needs the LUN too runs in parallel a potential race condition exists in a way the service A could have umounted the LUN exactly at a time service B accesses it. Thus this patch changes the services such that only the last service, the cleanup service umounts the LUN. - Load softdog module when STONITH is set up It loads the module and make the load boot persistant - Fixup system-setup service dependencies The setup of the stonith SBD device requires the network to be up beforehand because the target is an iSCSI endpoint. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-1282=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): azure-li-services-1.1.31-1.14.1 References: https://bugzilla.suse.com/1133162 From sle-updates at lists.suse.com Fri May 17 10:13:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 May 2019 18:13:00 +0200 (CEST) Subject: SUSE-SU-2019:14052-1: important: Security update for kvm Message-ID: <20190517161300.AB484FF27@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14052-1 Rating: important References: #1111331 #1129622 #1130675 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for kvm fixes the following issues: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature "md-clear" (bsc#1111331) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kvm-14052=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 s390x x86_64): kvm-1.4.2-60.24.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-20815.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1129622 https://bugzilla.suse.com/1130675 From sle-updates at lists.suse.com Fri May 17 13:08:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 May 2019 21:08:57 +0200 (CEST) Subject: SUSE-SU-2019:1287-1: important: Security update for the Linux Kernel Message-ID: <20190517190857.79430FF27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1287-1 Rating: important References: #1012382 #1024908 #1034113 #1043485 #1068032 #1073311 #1080157 #1080533 #1082632 #1087231 #1087659 #1087906 #1093158 #1094268 #1096748 #1100152 #1103186 #1106913 #1109772 #1111331 #1112178 #1113399 #1116841 #1118338 #1119019 #1122822 #1124832 #1125580 #1129279 #1131416 #1131427 #1131587 #1132673 #1132828 #1133188 Cross-References: CVE-2016-8636 CVE-2017-17741 CVE-2017-18174 CVE-2018-1091 CVE-2018-1120 CVE-2018-1128 CVE-2018-1129 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-19407 CVE-2019-11091 CVE-2019-11486 CVE-2019-3882 CVE-2019-8564 CVE-2019-9503 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 19 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network could use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. (bnc#1096748). - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. (bnc#1096748). - CVE-2016-8636: Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c allowed local users to cause a denial of service (memory corruption), obtain sensitive information or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology (bnc#1024908). - CVE-2017-18174: In the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free (bnc#1080533). - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231). - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c has multiple race conditions (bnc#1133188). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS) (bsc#1131427). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2017-17741: The KVM implementation allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2019-9503, CVE-2019-8564: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828, bnc#1132673). The following non-security bugs were fixed: - ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - add mainline tags to four hyperv patches - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - Drivers: hv: vmbus: Define an API to retrieve virtual processor index (bsc#1122822). - Drivers: hv: vmbus: Define APIs to manipulate the event page (bsc#1122822). - Drivers: hv: vmbus: Define APIs to manipulate the message page (bsc#1122822).++ kernel-source.spec (revision 4)Release: <RELEASE>.gbd4498d - Drivers: hv: vmbus: Define APIs to manipulate the synthetic interrupt controller (bsc#1122822). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (bsc#1122822). - jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#1111331). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - locking/atomics, asm-generic: Move some macros from to a new file (bsc#1111331). - MDS: Add CVE refs - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1129279). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1129279). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1129279). - net: ena: complete host info to match latest ENA spec (bsc#1129279). - net: ena: enable Low Latency Queues (bsc#1129279). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1129279). - net: ena: fix auto casting to boolean (bsc#1129279). - net: ena: fix compilation error in xtensa architecture (bsc#1129279). - net: ena: fix crash during ena_remove() (bsc#1129279). - net: ena: fix crash during failed resume from hibernation (bsc#1129279). - net: ena: fix indentations in ena_defs for better readability (bsc#1129279). - net: ena: Fix Kconfig dependency on X86 (bsc#1129279). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1129279). - net: ena: fix race between link up and device initalization (bsc#1129279). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1129279). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1129279). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1129279). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1129279). - net: ena: minor performance improvement (bsc#1129279). - net: ena: remove ndo_poll_controller (bsc#1129279). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1129279). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1129279). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129279). - net: ena: update driver version to 2.0.1 (bsc#1129279). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1129279). - PCI: hv: Add vPCI version protocol negotiation (bnc#1043485, bsc#1122822). - PCI: hv: Allocate interrupt descriptors with GFP_ATOMIC (bnc#1034113, bsc#1122822). - PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg() (bnc#1094268, bsc#1122822). - PCI: hv: Do not sleep in compose_msi_msg() (bsc#1082632, bsc#1122822). - PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() (bsc#1087659, bsc#1087906, bsc#1122822). - PCI: hv: Fix a comment typo in _hv_pcifront_read_config() (bsc#1087659, bsc#1122822). - PCI: hv: Fix comment formatting and use proper integer fields (bnc#1043485, bsc#1122822). - PCI: hv: Only queue new work items in hv_pci_devices_present() if necessary (bsc#1087659, bsc#1122822). - PCI: hv: Remove the bogus test in hv_eject_device_work() (bsc#1087659, bsc#1122822). - PCI: hv: Serialize the present and eject work items (bsc#1087659, bsc#1122822). - PCI: hv: Specify CPU_AFFINITY_ALL for MSI affinity when >= 32 CPUs (bnc#1043485, bsc#1122822). - PCI: hv: Temporary own CPU-number-to-vCPU-number infra (bnc#1043485, bsc#1122822). - PCI: hv: Use effective affinity mask (bsc#1109772, bsc#1122822). - PCI: hv: Use page allocation for hbus structure (bnc#1043485, bsc#1122822). - PCI: hv: Use vPCI protocol version 1.2 (bnc#1043485, bsc#1122822). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - powerpc/64: Disable the speculation barrier from the command line (bsc#1068032). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/tm: Add commandline option to disable hardware transactional memory (bsc#1118338). - powerpc/tm: Add TM Unavailable Exception (bsc#1118338). - powerpc/tm: Flip the HTM switch default to disabled (bsc#1125580). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - s390: add explicit for jump label (bsc#1111331). - sched/core: Optimize SCHED_SMT (bsc#1111331). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched/smt: Update sched_smt_present at runtime (bsc#1111331). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes (). - time: Introduce jiffies64_to_nsecs() (bsc#1113399). - Use upstream variant of two pci-hyperv patches - vti6: flush x-netns xfrm cache when vti interface is removed (bnc#1012382 bsc#1100152). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1111331). - x86/bugs: Rename SSBD_NO to SSB_NO (bsc#1111331). - x86/cpu: Rename Merrifield2 to Moorefield (bsc#1111331). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772, bsc#1122822). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1111331). - x86/speculation: Rework SMT state change (bsc#1111331). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86: stop exporting msr-index.h to userland (bsc#1111331). - xfrm6: call kfree_skb when skb is toobig (bnc#1012382 bsc#1100152). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (bnc#1012382 bsc#1100152). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1287=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1287=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1287=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1287=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-1287=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1287=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1287=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.109.2 kernel-default-base-4.4.121-92.109.2 kernel-default-base-debuginfo-4.4.121-92.109.2 kernel-default-debuginfo-4.4.121-92.109.2 kernel-default-debugsource-4.4.121-92.109.2 kernel-default-devel-4.4.121-92.109.2 kernel-syms-4.4.121-92.109.2 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.109.2 kernel-macros-4.4.121-92.109.2 kernel-source-4.4.121-92.109.2 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_109-default-1-3.5.2 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.109.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.109.2 kernel-default-base-4.4.121-92.109.2 kernel-default-base-debuginfo-4.4.121-92.109.2 kernel-default-debuginfo-4.4.121-92.109.2 kernel-default-debugsource-4.4.121-92.109.2 kernel-default-devel-4.4.121-92.109.2 kernel-syms-4.4.121-92.109.2 kgraft-patch-4_4_121-92_109-default-1-3.5.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.109.2 kernel-macros-4.4.121-92.109.2 kernel-source-4.4.121-92.109.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.109.2 kernel-default-base-4.4.121-92.109.2 kernel-default-base-debuginfo-4.4.121-92.109.2 kernel-default-debuginfo-4.4.121-92.109.2 kernel-default-debugsource-4.4.121-92.109.2 kernel-default-devel-4.4.121-92.109.2 kernel-syms-4.4.121-92.109.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_109-default-1-3.5.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.109.2 kernel-macros-4.4.121-92.109.2 kernel-source-4.4.121-92.109.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.109.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.109.2 kernel-macros-4.4.121-92.109.2 kernel-source-4.4.121-92.109.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.109.2 kernel-default-base-4.4.121-92.109.2 kernel-default-base-debuginfo-4.4.121-92.109.2 kernel-default-debuginfo-4.4.121-92.109.2 kernel-default-debugsource-4.4.121-92.109.2 kernel-default-devel-4.4.121-92.109.2 kernel-syms-4.4.121-92.109.2 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.109.2 cluster-md-kmp-default-debuginfo-4.4.121-92.109.2 cluster-network-kmp-default-4.4.121-92.109.2 cluster-network-kmp-default-debuginfo-4.4.121-92.109.2 dlm-kmp-default-4.4.121-92.109.2 dlm-kmp-default-debuginfo-4.4.121-92.109.2 gfs2-kmp-default-4.4.121-92.109.2 gfs2-kmp-default-debuginfo-4.4.121-92.109.2 kernel-default-debuginfo-4.4.121-92.109.2 kernel-default-debugsource-4.4.121-92.109.2 ocfs2-kmp-default-4.4.121-92.109.2 ocfs2-kmp-default-debuginfo-4.4.121-92.109.2 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.109.2 kernel-macros-4.4.121-92.109.2 kernel-source-4.4.121-92.109.2 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.109.2 kernel-default-base-4.4.121-92.109.2 kernel-default-base-debuginfo-4.4.121-92.109.2 kernel-default-debuginfo-4.4.121-92.109.2 kernel-default-debugsource-4.4.121-92.109.2 kernel-default-devel-4.4.121-92.109.2 kernel-syms-4.4.121-92.109.2 kgraft-patch-4_4_121-92_109-default-1-3.5.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.121-92.109.2 kernel-default-debuginfo-4.4.121-92.109.2 kernel-default-debugsource-4.4.121-92.109.2 References: https://www.suse.com/security/cve/CVE-2016-8636.html https://www.suse.com/security/cve/CVE-2017-17741.html https://www.suse.com/security/cve/CVE-2017-18174.html https://www.suse.com/security/cve/CVE-2018-1091.html https://www.suse.com/security/cve/CVE-2018-1120.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-3882.html https://www.suse.com/security/cve/CVE-2019-8564.html https://www.suse.com/security/cve/CVE-2019-9503.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1024908 https://bugzilla.suse.com/1034113 https://bugzilla.suse.com/1043485 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1073311 https://bugzilla.suse.com/1080157 https://bugzilla.suse.com/1080533 https://bugzilla.suse.com/1082632 https://bugzilla.suse.com/1087231 https://bugzilla.suse.com/1087659 https://bugzilla.suse.com/1087906 https://bugzilla.suse.com/1093158 https://bugzilla.suse.com/1094268 https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1100152 https://bugzilla.suse.com/1103186 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1109772 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113399 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1118338 https://bugzilla.suse.com/1119019 https://bugzilla.suse.com/1122822 https://bugzilla.suse.com/1124832 https://bugzilla.suse.com/1125580 https://bugzilla.suse.com/1129279 https://bugzilla.suse.com/1131416 https://bugzilla.suse.com/1131427 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1132673 https://bugzilla.suse.com/1132828 https://bugzilla.suse.com/1133188 From sle-updates at lists.suse.com Fri May 17 13:16:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 May 2019 21:16:18 +0200 (CEST) Subject: SUSE-SU-2019:1286-1: moderate: Security update for nmap Message-ID: <20190517191618.25E0BFF27@maintenance.suse.de> SUSE Security Update: Security update for nmap ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1286-1 Rating: moderate References: #1104139 Cross-References: CVE-2018-15173 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nmap fixes the following issues: Security issue fixed: - CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service (bsc#1104139). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1286=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1286=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): nmap-6.46-3.3.1 nmap-debuginfo-6.46-3.3.1 nmap-debugsource-6.46-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): nmap-6.46-3.3.1 nmap-debuginfo-6.46-3.3.1 nmap-debugsource-6.46-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-15173.html https://bugzilla.suse.com/1104139 From sle-updates at lists.suse.com Fri May 17 13:16:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 May 2019 21:16:54 +0200 (CEST) Subject: SUSE-SU-2019:1289-1: important: Security update for the Linux Kernel Message-ID: <20190517191654.13EA9FF27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1289-1 Rating: important References: #1031240 #1034862 #1066674 #1071021 #1086535 #1091171 #1094825 #1100001 #1102517 #1103097 #1104475 #1105025 #1105296 #1106913 #1107829 #1108498 #1110768 #1111331 #1111516 #1113751 #1113769 #1114648 #1114920 #1115007 #1115038 #1116345 #1116841 #1118152 #1118319 #1119714 #1119946 #1120743 #1120758 #1121621 #1122015 #1123161 #1124010 #1124728 #1124732 #1124735 #1126890 #1128166 #1131416 #1131427 #1132828 #1133188 Cross-References: CVE-2016-10741 CVE-2017-1000407 CVE-2017-16533 CVE-2017-7273 CVE-2017-7472 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-14633 CVE-2018-15572 CVE-2018-16884 CVE-2018-18281 CVE-2018-18386 CVE-2018-18690 CVE-2018-18710 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-5391 CVE-2018-9516 CVE-2018-9568 CVE-2019-11091 CVE-2019-11486 CVE-2019-3459 CVE-2019-3460 CVE-2019-3882 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-8564 CVE-2019-9213 CVE-2019-9503 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 33 vulnerabilities and has 13 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010). - CVE-2017-1000407: By flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (bnc#1071021). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). - CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240). - CVE-2017-7472: The KEYS subsystem allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. (bnc#1107829). - CVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18281: The mremap() syscall performed TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19985: The function hso_get_config_data in drivers/net/usb/hso.c read if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allowed arbitrary read in the kernel address space (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-5391: The Linux kernel was vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bnc#1103097). - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bnc#1108498). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). The line discipline was disabled. - CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered (bnc#1120758). - CVE-2019-3460: A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found (bnc#1120758). - CVE-2019-3882: A flaw was found vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728). - CVE-2019-7221: The KVM implementation had a Use-after-Free (bnc#1124732). - CVE-2019-7222: The KVM implementation had an Information Leak (bnc#1124735). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-9503: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828). The following non-security bugs were fixed: - cifs: Check for timeout on Negotiate stage (bsc#1091171 bsc#1126890). - fix pgd underflow (bnc#1104475) (bsc#1104475, bsc#1110768). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - locking/atomics, asm-generic: Move some macros from to a new file (bsc#1111331). - net: ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - sched/core: Optimize SCHED_SMT (bsc#1111331) - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched/smt: Update sched_smt_present at runtime (bsc#1111331) - tcp: prevent bogus FRTO undos with non-SACK flows (bsc#1086535). - x86/bugs: Rename SSBD_NO to SSB_NO (bsc#1111331) - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114648). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/spec_ctrl: Fix spec_ctrl reporting (bsc#1106913, bsc#1111516). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1111331). - x86/speculation: Rework SMT state change (bsc#1111331). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114648). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1114920). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: stop searching for free slots in an inode chunk when there are none (bsc#1115007). - xfs: xfs_iget_check_free_state: Use correct sign for errors (bsc#1122015, bsc#1100001). - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1289=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1289=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1289=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.110.1 kernel-macros-3.12.74-60.64.110.1 kernel-source-3.12.74-60.64.110.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-default-3.12.74-60.64.110.1 kernel-default-base-3.12.74-60.64.110.1 kernel-default-base-debuginfo-3.12.74-60.64.110.1 kernel-default-debuginfo-3.12.74-60.64.110.1 kernel-default-debugsource-3.12.74-60.64.110.1 kernel-default-devel-3.12.74-60.64.110.1 kernel-syms-3.12.74-60.64.110.1 kernel-xen-3.12.74-60.64.110.1 kernel-xen-base-3.12.74-60.64.110.1 kernel-xen-base-debuginfo-3.12.74-60.64.110.1 kernel-xen-debuginfo-3.12.74-60.64.110.1 kernel-xen-debugsource-3.12.74-60.64.110.1 kernel-xen-devel-3.12.74-60.64.110.1 lttng-modules-2.7.0-4.4.1 lttng-modules-debugsource-2.7.0-4.4.1 lttng-modules-kmp-default-2.7.0_k3.12.74_60.64.110-4.4.1 lttng-modules-kmp-default-debuginfo-2.7.0_k3.12.74_60.64.110-4.4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.110.1 kernel-default-base-3.12.74-60.64.110.1 kernel-default-base-debuginfo-3.12.74-60.64.110.1 kernel-default-debuginfo-3.12.74-60.64.110.1 kernel-default-debugsource-3.12.74-60.64.110.1 kernel-default-devel-3.12.74-60.64.110.1 kernel-syms-3.12.74-60.64.110.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.110.1 kernel-xen-base-3.12.74-60.64.110.1 kernel-xen-base-debuginfo-3.12.74-60.64.110.1 kernel-xen-debuginfo-3.12.74-60.64.110.1 kernel-xen-debugsource-3.12.74-60.64.110.1 kernel-xen-devel-3.12.74-60.64.110.1 lttng-modules-2.7.0-4.4.1 lttng-modules-debugsource-2.7.0-4.4.1 lttng-modules-kmp-default-2.7.0_k3.12.74_60.64.110-4.4.1 lttng-modules-kmp-default-debuginfo-2.7.0_k3.12.74_60.64.110-4.4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.110.1 kernel-macros-3.12.74-60.64.110.1 kernel-source-3.12.74-60.64.110.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.110.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.110.1 kernel-ec2-debuginfo-3.12.74-60.64.110.1 kernel-ec2-debugsource-3.12.74-60.64.110.1 kernel-ec2-devel-3.12.74-60.64.110.1 kernel-ec2-extra-3.12.74-60.64.110.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.110.1 References: https://www.suse.com/security/cve/CVE-2016-10741.html https://www.suse.com/security/cve/CVE-2017-1000407.html https://www.suse.com/security/cve/CVE-2017-16533.html https://www.suse.com/security/cve/CVE-2017-7273.html https://www.suse.com/security/cve/CVE-2017-7472.html https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18386.html https://www.suse.com/security/cve/CVE-2018-18690.html https://www.suse.com/security/cve/CVE-2018-18710.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-5391.html https://www.suse.com/security/cve/CVE-2018-9516.html https://www.suse.com/security/cve/CVE-2018-9568.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://www.suse.com/security/cve/CVE-2019-3882.html https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-7222.html https://www.suse.com/security/cve/CVE-2019-8564.html https://www.suse.com/security/cve/CVE-2019-9213.html https://www.suse.com/security/cve/CVE-2019-9503.html https://bugzilla.suse.com/1031240 https://bugzilla.suse.com/1034862 https://bugzilla.suse.com/1066674 https://bugzilla.suse.com/1071021 https://bugzilla.suse.com/1086535 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1094825 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1103097 https://bugzilla.suse.com/1104475 https://bugzilla.suse.com/1105025 https://bugzilla.suse.com/1105296 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1107829 https://bugzilla.suse.com/1108498 https://bugzilla.suse.com/1110768 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1111516 https://bugzilla.suse.com/1113751 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114920 https://bugzilla.suse.com/1115007 https://bugzilla.suse.com/1115038 https://bugzilla.suse.com/1116345 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1122015 https://bugzilla.suse.com/1123161 https://bugzilla.suse.com/1124010 https://bugzilla.suse.com/1124728 https://bugzilla.suse.com/1124732 https://bugzilla.suse.com/1124735 https://bugzilla.suse.com/1126890 https://bugzilla.suse.com/1128166 https://bugzilla.suse.com/1131416 https://bugzilla.suse.com/1131427 https://bugzilla.suse.com/1132828 https://bugzilla.suse.com/1133188 From sle-updates at lists.suse.com Fri May 17 16:09:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 May 2019 00:09:06 +0200 (CEST) Subject: SUSE-SU-2019:1285-1: moderate: Security update for libvirt Message-ID: <20190517220906.9E70DFF27@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1285-1 Rating: moderate References: #1131595 Cross-References: CVE-2019-3886 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1285=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1285=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1285=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libvirt-4.0.0-9.19.4 libvirt-admin-4.0.0-9.19.4 libvirt-admin-debuginfo-4.0.0-9.19.4 libvirt-client-4.0.0-9.19.4 libvirt-client-debuginfo-4.0.0-9.19.4 libvirt-daemon-4.0.0-9.19.4 libvirt-daemon-config-network-4.0.0-9.19.4 libvirt-daemon-config-nwfilter-4.0.0-9.19.4 libvirt-daemon-debuginfo-4.0.0-9.19.4 libvirt-daemon-driver-interface-4.0.0-9.19.4 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.19.4 libvirt-daemon-driver-lxc-4.0.0-9.19.4 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.19.4 libvirt-daemon-driver-network-4.0.0-9.19.4 libvirt-daemon-driver-network-debuginfo-4.0.0-9.19.4 libvirt-daemon-driver-nodedev-4.0.0-9.19.4 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.19.4 libvirt-daemon-driver-nwfilter-4.0.0-9.19.4 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.19.4 libvirt-daemon-driver-qemu-4.0.0-9.19.4 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.19.4 libvirt-daemon-driver-secret-4.0.0-9.19.4 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.19.4 libvirt-daemon-driver-storage-4.0.0-9.19.4 libvirt-daemon-driver-storage-core-4.0.0-9.19.4 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.19.4 libvirt-daemon-driver-storage-disk-4.0.0-9.19.4 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.19.4 libvirt-daemon-driver-storage-iscsi-4.0.0-9.19.4 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.19.4 libvirt-daemon-driver-storage-logical-4.0.0-9.19.4 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.19.4 libvirt-daemon-driver-storage-mpath-4.0.0-9.19.4 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.19.4 libvirt-daemon-driver-storage-scsi-4.0.0-9.19.4 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.19.4 libvirt-daemon-hooks-4.0.0-9.19.4 libvirt-daemon-lxc-4.0.0-9.19.4 libvirt-daemon-qemu-4.0.0-9.19.4 libvirt-debugsource-4.0.0-9.19.4 libvirt-devel-4.0.0-9.19.4 libvirt-doc-4.0.0-9.19.4 libvirt-lock-sanlock-4.0.0-9.19.4 libvirt-lock-sanlock-debuginfo-4.0.0-9.19.4 libvirt-nss-4.0.0-9.19.4 libvirt-nss-debuginfo-4.0.0-9.19.4 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-4.0.0-9.19.4 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.19.4 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): libvirt-daemon-driver-libxl-4.0.0-9.19.4 libvirt-daemon-driver-libxl-debuginfo-4.0.0-9.19.4 libvirt-daemon-xen-4.0.0-9.19.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-9.19.4 wireshark-plugin-libvirt-4.0.0-9.19.4 wireshark-plugin-libvirt-debuginfo-4.0.0-9.19.4 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-9.19.4 libvirt-libs-4.0.0-9.19.4 libvirt-libs-debuginfo-4.0.0-9.19.4 References: https://www.suse.com/security/cve/CVE-2019-3886.html https://bugzilla.suse.com/1131595 From sle-updates at lists.suse.com Mon May 20 07:09:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 May 2019 15:09:19 +0200 (CEST) Subject: SUSE-SU-2019:1290-1: moderate: Security update for nmap Message-ID: <20190520130919.8F8DDF797@maintenance.suse.de> SUSE Security Update: Security update for nmap ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1290-1 Rating: moderate References: #1104139 #1133512 Cross-References: CVE-2018-15173 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for nmap fixes the following issues: Security issue fixed: - CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service (bsc#1104139). Non-security issue fixed: - Add missing runtime dependency python-xml which prevented zenmap from starting (bsc#1133512). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1290=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1290=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1290=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): nmap-debuginfo-7.70-3.5.1 nmap-debugsource-7.70-3.5.1 nping-7.70-3.5.1 nping-debuginfo-7.70-3.5.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ncat-7.70-3.5.1 ncat-debuginfo-7.70-3.5.1 ndiff-7.70-3.5.1 nmap-debuginfo-7.70-3.5.1 nmap-debugsource-7.70-3.5.1 nping-7.70-3.5.1 nping-debuginfo-7.70-3.5.1 zenmap-7.70-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): nmap-7.70-3.5.1 nmap-debuginfo-7.70-3.5.1 nmap-debugsource-7.70-3.5.1 References: https://www.suse.com/security/cve/CVE-2018-15173.html https://bugzilla.suse.com/1104139 https://bugzilla.suse.com/1133512 From sle-updates at lists.suse.com Mon May 20 07:12:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 May 2019 15:12:08 +0200 (CEST) Subject: SUSE-SU-2019:1291-1: Security update for transfig Message-ID: <20190520131208.42B71F797@maintenance.suse.de> SUSE Security Update: Security update for transfig ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1291-1 Rating: low References: #1106531 Cross-References: CVE-2018-16140 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for transfig fixes the following issues: Security issue fixed: - CVE-2018-16140: Fixed a buffer underwrite vulnerability in get_line() in read.c, which allowed an attacker to write prior to the beginning of the buffer via specially crafted .fig file (bsc#1106531) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1291=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): transfig-3.2.6a-4.3.51 transfig-debuginfo-3.2.6a-4.3.51 transfig-debugsource-3.2.6a-4.3.51 References: https://www.suse.com/security/cve/CVE-2018-16140.html https://bugzilla.suse.com/1106531 From sle-updates at lists.suse.com Mon May 20 13:08:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 May 2019 21:08:48 +0200 (CEST) Subject: SUSE-RU-2019:1293-1: important: Recommended update for MozillaFirefox Message-ID: <20190520190848.05597F797@maintenance.suse.de> SUSE Recommended Update: Recommended update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1293-1 Rating: important References: #1130694 #1134126 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 60.6.3 (bsc#1134126) * Further improvements to re-enable web extensions which had been disabled for users with a master password set. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1293=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1293=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.6.3-3.37.1 MozillaFirefox-debuginfo-60.6.3-3.37.1 MozillaFirefox-debugsource-60.6.3-3.37.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.6.3-3.37.1 MozillaFirefox-debuginfo-60.6.3-3.37.1 MozillaFirefox-debugsource-60.6.3-3.37.1 MozillaFirefox-devel-60.6.3-3.37.1 MozillaFirefox-translations-common-60.6.3-3.37.1 MozillaFirefox-translations-other-60.6.3-3.37.1 References: https://bugzilla.suse.com/1130694 https://bugzilla.suse.com/1134126 From sle-updates at lists.suse.com Mon May 20 13:09:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 May 2019 21:09:32 +0200 (CEST) Subject: SUSE-RU-2019:1292-1: moderate: Recommended update for SLES12-SP4-SLES15-Migration, suse-migration-sle15-activation Message-ID: <20190520190932.4F48BF797@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLES12-SP4-SLES15-Migration, suse-migration-sle15-activation ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1292-1 Rating: moderate References: #1133919 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ships SLES12-SP4-SLES15-Migration and suse-migration-sle15-activation packages. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1292=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): suse-migration-sle15-activation-1.2.0-6.5.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): SLES15-Migration-1.15.0-6 References: https://bugzilla.suse.com/1133919 From sle-updates at lists.suse.com Tue May 21 04:13:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 May 2019 12:13:36 +0200 (CEST) Subject: SUSE-SU-2019:14053-1: important: Security update for kvm Message-ID: <20190521101336.D8BAAF797@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14053-1 Rating: important References: #1111331 #1129622 #1130675 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for kvm fixes the following issues: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature "md-clear" (bsc#1111331) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kvm-14053=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kvm-1.4.2-53.32.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-20815.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1129622 https://bugzilla.suse.com/1130675 From sle-updates at lists.suse.com Tue May 21 04:14:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 May 2019 12:14:47 +0200 (CEST) Subject: SUSE-SU-2019:1296-1: important: Security update for ucode-intel Message-ID: <20190521101447.EF993F797@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1296-1 Rating: important References: #1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: ucode-intel was updated to official QSR 2019.1 microcode release (bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091) ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded Broadwell CPU ucode that was missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1296=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1296=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1296=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1296=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1296=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1296=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1296=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1296=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1296=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1296=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1296=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1296=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (x86_64): ucode-intel-20190514-13.44.1 ucode-intel-debuginfo-20190514-13.44.1 ucode-intel-debugsource-20190514-13.44.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): ucode-intel-20190514-13.44.1 ucode-intel-debuginfo-20190514-13.44.1 ucode-intel-debugsource-20190514-13.44.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20190514-13.44.1 ucode-intel-debuginfo-20190514-13.44.1 ucode-intel-debugsource-20190514-13.44.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): ucode-intel-20190514-13.44.1 ucode-intel-debuginfo-20190514-13.44.1 ucode-intel-debugsource-20190514-13.44.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): ucode-intel-20190514-13.44.1 ucode-intel-debuginfo-20190514-13.44.1 ucode-intel-debugsource-20190514-13.44.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): ucode-intel-20190514-13.44.1 ucode-intel-debuginfo-20190514-13.44.1 ucode-intel-debugsource-20190514-13.44.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20190514-13.44.1 ucode-intel-debuginfo-20190514-13.44.1 ucode-intel-debugsource-20190514-13.44.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20190514-13.44.1 ucode-intel-debuginfo-20190514-13.44.1 ucode-intel-debugsource-20190514-13.44.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): ucode-intel-20190514-13.44.1 ucode-intel-debuginfo-20190514-13.44.1 ucode-intel-debugsource-20190514-13.44.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ucode-intel-20190514-13.44.1 ucode-intel-debuginfo-20190514-13.44.1 ucode-intel-debugsource-20190514-13.44.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ucode-intel-20190514-13.44.1 ucode-intel-debuginfo-20190514-13.44.1 ucode-intel-debugsource-20190514-13.44.1 - SUSE Enterprise Storage 4 (x86_64): ucode-intel-20190514-13.44.1 ucode-intel-debuginfo-20190514-13.44.1 ucode-intel-debugsource-20190514-13.44.1 - SUSE CaaS Platform 3.0 (x86_64): ucode-intel-20190514-13.44.1 ucode-intel-debuginfo-20190514-13.44.1 ucode-intel-debugsource-20190514-13.44.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 From sle-updates at lists.suse.com Tue May 21 04:15:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 May 2019 12:15:31 +0200 (CEST) Subject: SUSE-RU-2019:1294-1: important: Recommended update for glib-networking Message-ID: <20190521101531.06BF6F797@maintenance.suse.de> SUSE Recommended Update: Recommended update for glib-networking ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1294-1 Rating: important References: #1134795 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glib-networking fixes the following issues: - Fix invalid TLS sessions when TLS 1.3 is used (bsc#1134795) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1294=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): glib-networking-2.54.1-3.3.1 glib-networking-debuginfo-2.54.1-3.3.1 glib-networking-debugsource-2.54.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): glib-networking-lang-2.54.1-3.3.1 References: https://bugzilla.suse.com/1134795 From sle-updates at lists.suse.com Tue May 21 04:16:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 May 2019 12:16:08 +0200 (CEST) Subject: SUSE-RU-2019:1295-1: important: Recommended update for kubernetes-salt, patchinfo Message-ID: <20190521101608.468E2F797@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes-salt, patchinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1295-1 Rating: important References: #1133796 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kubernetes-salt, patchinfo fixes the following issues: - Fixed where update orchestration fails to complete (bsc#1133796) - Moved early-services-setup back to original location in orch/update.sls - Added explicit service start for kubelet and kube-apiserver prior to early-services-setup - Update orchestration fails to complete (bsc#1133796) - Re-order addons to prevent kubelet from starting too soon on super-master. - Check for target list before reenable-transactional-update-timer. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r976_5e6eb27-3.67.1 References: https://bugzilla.suse.com/1133796 From sle-updates at lists.suse.com Tue May 21 07:09:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 May 2019 15:09:01 +0200 (CEST) Subject: SUSE-SU-2019:1299-1: Security update for ffmpeg Message-ID: <20190521130901.3F2C0F797@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1299-1 Rating: low References: #1101888 #1101889 Cross-References: CVE-2018-14394 CVE-2018-14395 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ffmpeg fixes the following issues: Security issue fixed: - CVE-2018-14395: Fixed a divide-by-zero error in libavformat/movenc.c that allowed attackers to cause a DoS (bsc#1101889) - CVE-2018-14394: Fixed a divide-by-zero error in libavformat/movenc.c that allowed attackers to cause a DoS (bsc#1101888). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1299=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1299=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1299=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1299=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): ffmpeg-debuginfo-3.4.2-4.17.26 ffmpeg-debugsource-3.4.2-4.17.26 libavcodec-devel-3.4.2-4.17.26 libavformat-devel-3.4.2-4.17.26 libavformat57-3.4.2-4.17.26 libavformat57-debuginfo-3.4.2-4.17.26 libavresample-devel-3.4.2-4.17.26 libavresample3-3.4.2-4.17.26 libavresample3-debuginfo-3.4.2-4.17.26 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-4.17.26 ffmpeg-debuginfo-3.4.2-4.17.26 ffmpeg-debugsource-3.4.2-4.17.26 libavdevice57-3.4.2-4.17.26 libavdevice57-debuginfo-3.4.2-4.17.26 libavfilter6-3.4.2-4.17.26 libavfilter6-debuginfo-3.4.2-4.17.26 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-4.17.26 ffmpeg-debuginfo-3.4.2-4.17.26 ffmpeg-debugsource-3.4.2-4.17.26 ffmpeg-private-devel-3.4.2-4.17.26 libavdevice-devel-3.4.2-4.17.26 libavdevice57-3.4.2-4.17.26 libavdevice57-debuginfo-3.4.2-4.17.26 libavfilter-devel-3.4.2-4.17.26 libavfilter6-3.4.2-4.17.26 libavfilter6-debuginfo-3.4.2-4.17.26 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ffmpeg-debuginfo-3.4.2-4.17.26 ffmpeg-debugsource-3.4.2-4.17.26 libavcodec57-3.4.2-4.17.26 libavcodec57-debuginfo-3.4.2-4.17.26 libavutil-devel-3.4.2-4.17.26 libavutil55-3.4.2-4.17.26 libavutil55-debuginfo-3.4.2-4.17.26 libpostproc-devel-3.4.2-4.17.26 libpostproc54-3.4.2-4.17.26 libpostproc54-debuginfo-3.4.2-4.17.26 libswresample-devel-3.4.2-4.17.26 libswresample2-3.4.2-4.17.26 libswresample2-debuginfo-3.4.2-4.17.26 libswscale-devel-3.4.2-4.17.26 libswscale4-3.4.2-4.17.26 libswscale4-debuginfo-3.4.2-4.17.26 References: https://www.suse.com/security/cve/CVE-2018-14394.html https://www.suse.com/security/cve/CVE-2018-14395.html https://bugzilla.suse.com/1101888 https://bugzilla.suse.com/1101889 From sle-updates at lists.suse.com Tue May 21 10:11:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 May 2019 18:11:57 +0200 (CEST) Subject: SUSE-RU-2019:1302-1: moderate: Recommended update for monitoring-plugins Message-ID: <20190521161157.8FE49F797@maintenance.suse.de> SUSE Recommended Update: Recommended update for monitoring-plugins ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1302-1 Rating: moderate References: #1132350 #1132903 #1133107 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for monitoring-plugins fixes the following issues: - update AppArmor profiles for usrMerge (related to bsc#1132350) - grep in check_cups - ps in check_procs and check_procs.sle15 - update usr.lib.nagios.plugins.check_procs to bash in /usr - support IPv4 ping for dual stacked host again (bsc#1132903) - update usr.lib.nagios.plugins.check_procs again for sle15 and above so that ptrace is allowed (bsc#1133107) - add /etc/nrpe.d/*.cfg snipplets - copy usr.lib.nagios.plugins.check_procs as usr.lib.nagios.plugins.check_procs.sle15 and use that for sle15 and above. "ptrace" to enable ptrace globally is needed here. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1302=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1302=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1302=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): monitoring-plugins-common-2.2-3.3.1 monitoring-plugins-common-debuginfo-2.2-3.3.1 monitoring-plugins-debuginfo-2.2-3.3.1 monitoring-plugins-debugsource-2.2-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): monitoring-plugins-2.2-3.3.1 monitoring-plugins-all-2.2-3.3.1 monitoring-plugins-breeze-2.2-3.3.1 monitoring-plugins-by_ssh-2.2-3.3.1 monitoring-plugins-by_ssh-debuginfo-2.2-3.3.1 monitoring-plugins-cluster-2.2-3.3.1 monitoring-plugins-cluster-debuginfo-2.2-3.3.1 monitoring-plugins-common-2.2-3.3.1 monitoring-plugins-common-debuginfo-2.2-3.3.1 monitoring-plugins-cups-2.2-3.3.1 monitoring-plugins-dbi-2.2-3.3.1 monitoring-plugins-dbi-debuginfo-2.2-3.3.1 monitoring-plugins-dbi-mysql-2.2-3.3.1 monitoring-plugins-dbi-pgsql-2.2-3.3.1 monitoring-plugins-dbi-sqlite3-2.2-3.3.1 monitoring-plugins-debuginfo-2.2-3.3.1 monitoring-plugins-debugsource-2.2-3.3.1 monitoring-plugins-dhcp-2.2-3.3.1 monitoring-plugins-dhcp-debuginfo-2.2-3.3.1 monitoring-plugins-dig-2.2-3.3.1 monitoring-plugins-dig-debuginfo-2.2-3.3.1 monitoring-plugins-disk-2.2-3.3.1 monitoring-plugins-disk-debuginfo-2.2-3.3.1 monitoring-plugins-disk_smb-2.2-3.3.1 monitoring-plugins-dns-2.2-3.3.1 monitoring-plugins-dns-debuginfo-2.2-3.3.1 monitoring-plugins-dummy-2.2-3.3.1 monitoring-plugins-dummy-debuginfo-2.2-3.3.1 monitoring-plugins-extras-2.2-3.3.1 monitoring-plugins-file_age-2.2-3.3.1 monitoring-plugins-flexlm-2.2-3.3.1 monitoring-plugins-hpjd-2.2-3.3.1 monitoring-plugins-hpjd-debuginfo-2.2-3.3.1 monitoring-plugins-icmp-2.2-3.3.1 monitoring-plugins-icmp-debuginfo-2.2-3.3.1 monitoring-plugins-ide_smart-2.2-3.3.1 monitoring-plugins-ide_smart-debuginfo-2.2-3.3.1 monitoring-plugins-ifoperstatus-2.2-3.3.1 monitoring-plugins-ifstatus-2.2-3.3.1 monitoring-plugins-ircd-2.2-3.3.1 monitoring-plugins-load-2.2-3.3.1 monitoring-plugins-load-debuginfo-2.2-3.3.1 monitoring-plugins-log-2.2-3.3.1 monitoring-plugins-mailq-2.2-3.3.1 monitoring-plugins-mrtg-2.2-3.3.1 monitoring-plugins-mrtg-debuginfo-2.2-3.3.1 monitoring-plugins-mrtgtraf-2.2-3.3.1 monitoring-plugins-mrtgtraf-debuginfo-2.2-3.3.1 monitoring-plugins-nagios-2.2-3.3.1 monitoring-plugins-nagios-debuginfo-2.2-3.3.1 monitoring-plugins-nt-2.2-3.3.1 monitoring-plugins-nt-debuginfo-2.2-3.3.1 monitoring-plugins-ntp_peer-2.2-3.3.1 monitoring-plugins-ntp_peer-debuginfo-2.2-3.3.1 monitoring-plugins-ntp_time-2.2-3.3.1 monitoring-plugins-ntp_time-debuginfo-2.2-3.3.1 monitoring-plugins-nwstat-2.2-3.3.1 monitoring-plugins-nwstat-debuginfo-2.2-3.3.1 monitoring-plugins-oracle-2.2-3.3.1 monitoring-plugins-overcr-2.2-3.3.1 monitoring-plugins-overcr-debuginfo-2.2-3.3.1 monitoring-plugins-ping-2.2-3.3.1 monitoring-plugins-ping-debuginfo-2.2-3.3.1 monitoring-plugins-procs-2.2-3.3.1 monitoring-plugins-procs-debuginfo-2.2-3.3.1 monitoring-plugins-radius-2.2-3.3.1 monitoring-plugins-radius-debuginfo-2.2-3.3.1 monitoring-plugins-real-2.2-3.3.1 monitoring-plugins-real-debuginfo-2.2-3.3.1 monitoring-plugins-rpc-2.2-3.3.1 monitoring-plugins-smtp-2.2-3.3.1 monitoring-plugins-smtp-debuginfo-2.2-3.3.1 monitoring-plugins-snmp-2.2-3.3.1 monitoring-plugins-snmp-debuginfo-2.2-3.3.1 monitoring-plugins-ssh-2.2-3.3.1 monitoring-plugins-ssh-debuginfo-2.2-3.3.1 monitoring-plugins-swap-2.2-3.3.1 monitoring-plugins-swap-debuginfo-2.2-3.3.1 monitoring-plugins-time-2.2-3.3.1 monitoring-plugins-time-debuginfo-2.2-3.3.1 monitoring-plugins-ups-2.2-3.3.1 monitoring-plugins-ups-debuginfo-2.2-3.3.1 monitoring-plugins-users-2.2-3.3.1 monitoring-plugins-users-debuginfo-2.2-3.3.1 monitoring-plugins-wave-2.2-3.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): monitoring-plugins-debuginfo-2.2-3.3.1 monitoring-plugins-debugsource-2.2-3.3.1 monitoring-plugins-fping-2.2-3.3.1 monitoring-plugins-fping-debuginfo-2.2-3.3.1 monitoring-plugins-http-2.2-3.3.1 monitoring-plugins-http-debuginfo-2.2-3.3.1 monitoring-plugins-ldap-2.2-3.3.1 monitoring-plugins-ldap-debuginfo-2.2-3.3.1 monitoring-plugins-mysql-2.2-3.3.1 monitoring-plugins-mysql-debuginfo-2.2-3.3.1 monitoring-plugins-pgsql-2.2-3.3.1 monitoring-plugins-pgsql-debuginfo-2.2-3.3.1 monitoring-plugins-tcp-2.2-3.3.1 monitoring-plugins-tcp-debuginfo-2.2-3.3.1 References: https://bugzilla.suse.com/1132350 https://bugzilla.suse.com/1132903 https://bugzilla.suse.com/1133107 From sle-updates at lists.suse.com Tue May 21 10:12:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 May 2019 18:12:54 +0200 (CEST) Subject: SUSE-RU-2019:1301-1: moderate: Recommended update for libguestfs Message-ID: <20190521161254.DEB5DF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for libguestfs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1301-1 Rating: moderate References: #1131342 #1132790 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libguestfs fixes the following issues: - Fixes an issue where the --uninstall option of virt-customize didn't work as expected (bsc#1131342) - Fixes an issue with virt-customize in SLES and openSUSE guests (bsc#1132790) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1301=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1301=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1301=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): guestfs-data-1.38.0-5.5.8 guestfs-tools-1.38.0-5.5.8 guestfs-tools-debuginfo-1.38.0-5.5.8 guestfs-winsupport-1.38.0-5.5.8 guestfsd-1.38.0-5.5.8 guestfsd-debuginfo-1.38.0-5.5.8 libguestfs-debugsource-1.38.0-5.5.8 libguestfs-devel-1.38.0-5.5.8 libguestfs0-1.38.0-5.5.8 libguestfs0-debuginfo-1.38.0-5.5.8 perl-Sys-Guestfs-1.38.0-5.5.8 perl-Sys-Guestfs-debuginfo-1.38.0-5.5.8 python3-libguestfs-1.38.0-5.5.8 python3-libguestfs-debuginfo-1.38.0-5.5.8 virt-v2v-1.38.0-5.5.8 virt-v2v-debuginfo-1.38.0-5.5.8 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libguestfs-debugsource-1.38.0-5.5.8 libguestfs-test-1.38.0-5.5.8 lua-libguestfs-1.38.0-5.5.8 lua-libguestfs-debuginfo-1.38.0-5.5.8 ocaml-libguestfs-1.38.0-5.5.8 ocaml-libguestfs-debuginfo-1.38.0-5.5.8 python2-libguestfs-1.38.0-5.5.8 python2-libguestfs-debuginfo-1.38.0-5.5.8 rubygem-libguestfs-1.38.0-5.5.8 rubygem-libguestfs-debuginfo-1.38.0-5.5.8 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): libguestfs-debugsource-1.38.0-5.5.8 ocaml-libguestfs-devel-1.38.0-5.5.8 References: https://bugzilla.suse.com/1131342 https://bugzilla.suse.com/1132790 From sle-updates at lists.suse.com Tue May 21 16:09:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 May 2019 00:09:23 +0200 (CEST) Subject: SUSE-SU-2019:14058-1: moderate: Security update for gnutls Message-ID: <20190521220923.B7721F797@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14058-1 Rating: moderate References: #1047002 #1105460 Cross-References: CVE-2017-10790 CVE-2018-10846 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gnutls fixes the following issues: Security issues fixed: - CVE-2018-10846: Improve mitigations against Lucky 13 class of attacks (PRIME + PROBE) (bsc#1105460). - CVE-2017-10790: Fixed a denial of service in the _asn1_check_identifier() function (bsc#1047002). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-gnutls-14058=1 Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ppc64 s390x x86_64): libgnutls-extra26-2.4.1-24.39.76.1 References: https://www.suse.com/security/cve/CVE-2017-10790.html https://www.suse.com/security/cve/CVE-2018-10846.html https://bugzilla.suse.com/1047002 https://bugzilla.suse.com/1105460 From sle-updates at lists.suse.com Tue May 21 19:11:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 May 2019 03:11:31 +0200 (CEST) Subject: SUSE-SU-2019:14059-1: important: Security update for java-1_7_1-ibm Message-ID: <20190522011131.45AA5F797@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14059-1 Rating: important References: #1132728 #1132729 #1132732 #1132734 #1134718 Cross-References: CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-java-1_7_1-ibm-14059=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.45-26.40.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.45-26.40.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.45-26.40.1 java-1_7_1-ibm-plugin-1.7.1_sr4.45-26.40.1 References: https://www.suse.com/security/cve/CVE-2019-10245.html https://www.suse.com/security/cve/CVE-2019-2602.html https://www.suse.com/security/cve/CVE-2019-2684.html https://www.suse.com/security/cve/CVE-2019-2697.html https://www.suse.com/security/cve/CVE-2019-2698.html https://bugzilla.suse.com/1132728 https://bugzilla.suse.com/1132729 https://bugzilla.suse.com/1132732 https://bugzilla.suse.com/1132734 https://bugzilla.suse.com/1134718 From sle-updates at lists.suse.com Tue May 21 19:12:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 May 2019 03:12:35 +0200 (CEST) Subject: SUSE-SU-2019:1308-1: important: Security update for java-1_8_0-ibm Message-ID: <20190522011236.00F31F797@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1308-1 Rating: important References: #1132728 #1132729 #1132732 #1132734 #1134718 Cross-References: CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-1308=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.35-3.20.1 java-1_8_0-ibm-devel-1.8.0_sr5.35-3.20.1 - SUSE Linux Enterprise Module for Legacy Software 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.35-3.20.1 java-1_8_0-ibm-plugin-1.8.0_sr5.35-3.20.1 References: https://www.suse.com/security/cve/CVE-2019-10245.html https://www.suse.com/security/cve/CVE-2019-2602.html https://www.suse.com/security/cve/CVE-2019-2684.html https://www.suse.com/security/cve/CVE-2019-2697.html https://www.suse.com/security/cve/CVE-2019-2698.html https://bugzilla.suse.com/1132728 https://bugzilla.suse.com/1132729 https://bugzilla.suse.com/1132732 https://bugzilla.suse.com/1132734 https://bugzilla.suse.com/1134718 From sle-updates at lists.suse.com Wed May 22 07:09:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 May 2019 15:09:36 +0200 (CEST) Subject: SUSE-RU-2019:1310-1: moderate: Recommended update for freerdp Message-ID: <20190522130936.D0FD3F797@maintenance.suse.de> SUSE Recommended Update: Recommended update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1310-1 Rating: moderate References: #1129193 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for freerdp fixes the following issues: - freerdp failed to start because of a missing symbol (bsc#1129193) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1310=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1310=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): freerdp-2.0.0~rc4-3.6.3 freerdp-debuginfo-2.0.0~rc4-3.6.3 freerdp-debugsource-2.0.0~rc4-3.6.3 freerdp-devel-2.0.0~rc4-3.6.3 libfreerdp2-2.0.0~rc4-3.6.3 libfreerdp2-debuginfo-2.0.0~rc4-3.6.3 libwinpr2-2.0.0~rc4-3.6.3 libwinpr2-debuginfo-2.0.0~rc4-3.6.3 winpr2-devel-2.0.0~rc4-3.6.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): freerdp-debuginfo-2.0.0~rc4-3.6.3 freerdp-debugsource-2.0.0~rc4-3.6.3 freerdp-server-2.0.0~rc4-3.6.3 freerdp-server-debuginfo-2.0.0~rc4-3.6.3 freerdp-wayland-2.0.0~rc4-3.6.3 freerdp-wayland-debuginfo-2.0.0~rc4-3.6.3 libuwac0-0-2.0.0~rc4-3.6.3 libuwac0-0-debuginfo-2.0.0~rc4-3.6.3 uwac0-0-devel-2.0.0~rc4-3.6.3 References: https://bugzilla.suse.com/1129193 From sle-updates at lists.suse.com Wed May 22 07:10:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 May 2019 15:10:17 +0200 (CEST) Subject: SUSE-RU-2019:1311-1: moderate: Recommended update for vhostmd Message-ID: <20190522131017.BD919F797@maintenance.suse.de> SUSE Recommended Update: Recommended update for vhostmd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1311-1 Rating: moderate References: #1129772 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vhostmd fixes the following issues: - Update to vhostmd 1.1 (bsc#1129772) - Merge libserialclient with libmetrics - Add virtio as transport mechanism - Update to work with modern Xen - Add SIGPIPE handler and reconnect - Add systemd service file - Modernize build files - Misc bug fixes and improvements Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1311=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1311=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): vhostmd-1.1-3.7.1 vhostmd-debuginfo-1.1-3.7.1 vhostmd-debugsource-1.1-3.7.1 vm-dump-metrics-1.1-3.7.1 vm-dump-metrics-debuginfo-1.1-3.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libmetrics-devel-1.1-3.7.1 libmetrics0-1.1-3.7.1 libmetrics0-debuginfo-1.1-3.7.1 vhostmd-debuginfo-1.1-3.7.1 vhostmd-debugsource-1.1-3.7.1 References: https://bugzilla.suse.com/1129772 From sle-updates at lists.suse.com Wed May 22 07:11:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 May 2019 15:11:27 +0200 (CEST) Subject: SUSE-RU-2019:1309-1: moderate: Recommended update for yast2-proxy Message-ID: <20190522131127.3C520F797@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-proxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1309-1 Rating: moderate References: #1089796 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-proxy fixes the following issues: - Clean up of 'No Proxy Domains' field when whitespaces are detected (bsc#1089796) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1309=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1309=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-proxy-3.1.7-1.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-proxy-3.1.7-1.1 References: https://bugzilla.suse.com/1089796 From sle-updates at lists.suse.com Wed May 22 10:10:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 May 2019 18:10:32 +0200 (CEST) Subject: SUSE-RU-2019:1314-1: moderate: Recommended update for java-10-openjdk Message-ID: <20190522161032.AF088F797@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-10-openjdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1314-1 Rating: moderate References: #1131378 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for java-10-openjdk fixes the following issues: - Require update-ca-certificates by the headless subpackage (bsc#1131378) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1314=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1314=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1314=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (noarch): java-10-openjdk-javadoc-10.0.2.0-3.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): java-10-openjdk-accessibility-10.0.2.0-3.6.2 java-10-openjdk-accessibility-debuginfo-10.0.2.0-3.6.2 java-10-openjdk-debuginfo-10.0.2.0-3.6.2 java-10-openjdk-debugsource-10.0.2.0-3.6.2 java-10-openjdk-jmods-10.0.2.0-3.6.2 java-10-openjdk-src-10.0.2.0-3.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): java-10-openjdk-javadoc-10.0.2.0-3.6.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): java-10-openjdk-10.0.2.0-3.6.2 java-10-openjdk-debuginfo-10.0.2.0-3.6.2 java-10-openjdk-debugsource-10.0.2.0-3.6.2 java-10-openjdk-demo-10.0.2.0-3.6.2 java-10-openjdk-devel-10.0.2.0-3.6.2 java-10-openjdk-headless-10.0.2.0-3.6.2 References: https://bugzilla.suse.com/1131378 From sle-updates at lists.suse.com Wed May 22 10:11:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 May 2019 18:11:16 +0200 (CEST) Subject: SUSE-RU-2019:1312-1: moderate: Recommended update for aaa_base Message-ID: <20190522161116.BE1F2F797@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1312-1 Rating: moderate References: #1096191 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1312=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1312=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1312=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.9.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.9.1 aaa_base-wsl-84.87+git20180409.04c9dae-3.9.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.9.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.9.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.9.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.9.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.9.1 aaa_base-extras-84.87+git20180409.04c9dae-3.9.1 References: https://bugzilla.suse.com/1096191 From sle-updates at lists.suse.com Wed May 22 10:12:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 May 2019 18:12:04 +0200 (CEST) Subject: SUSE-SU-2019:1313-1: important: Security update for ucode-intel Message-ID: <20190522161205.00E33F797@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1313-1 Rating: important References: #1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: The Intel CPU Microcode was updated to the official QSR 2019.1 Microcode release (bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091) ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1313=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): ucode-intel-20190514-3.19.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 From sle-updates at lists.suse.com Wed May 22 10:12:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 May 2019 18:12:55 +0200 (CEST) Subject: SUSE-RU-2019:1315-1: moderate: Recommended update for nut Message-ID: <20190522161255.6F422F797@maintenance.suse.de> SUSE Recommended Update: Recommended update for nut ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1315-1 Rating: moderate References: #1063897 #1069988 #1070373 #801542 #907387 #963505 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for nut fixes the following issues: - Update to version 2.7.4 (fate#325455) The full changelog can be found in /usr/share/doc/packages/nut * Adds support for OpenSSL 1.1.0 library, allow TLSv1 and higher (not just TLSv1) and report TLS version used in debug mode level 3 and higher (bsc#1069988) * Does no longer conflict with apcupsd (bsc#1070373). * Removed smartups references * Dropped dependency to aspell (fate#323578) * It will no longer suppress errors from useradd * Added support for new devices (see changelog in /usr/share/doc/packages/nut) * New snmp-ups improvements * Eaton: improvements and fixes of 3ph SNMP, ePDU (G2 and G3) and XML/PDC. * Further fixes and improvements of bcmxcp_usb, dummy-ups, libnutclient, nutdrv_atcl_usb, nutdrv_qx, nut-ipmipsu, solis, tripplitesu, usbhid-ups. * Improved SSL support through Mozilla NSS, Augeas support. * Fixed UPower device matching in recent kernels. * Does no longer install init and systemd files at once Please find the changes of 2.7.2 and 2.7.3 in the changelog file. - Fixes an issue where the nut-driver service file had a wrong reference to the executable file of upsdrvctl (bsc#907387) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1315=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1315=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): nut-cgi-2.7.4-3.3.1 nut-cgi-debuginfo-2.7.4-3.3.1 nut-debuginfo-2.7.4-3.3.1 nut-debugsource-2.7.4-3.3.1 nut-devel-2.7.4-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libupsclient1-2.7.4-3.3.1 libupsclient1-debuginfo-2.7.4-3.3.1 nut-2.7.4-3.3.1 nut-debuginfo-2.7.4-3.3.1 nut-debugsource-2.7.4-3.3.1 nut-drivers-net-2.7.4-3.3.1 nut-drivers-net-debuginfo-2.7.4-3.3.1 References: https://bugzilla.suse.com/1063897 https://bugzilla.suse.com/1069988 https://bugzilla.suse.com/1070373 https://bugzilla.suse.com/801542 https://bugzilla.suse.com/907387 https://bugzilla.suse.com/963505 From sle-updates at lists.suse.com Thu May 23 07:10:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 May 2019 15:10:44 +0200 (CEST) Subject: SUSE-RU-2019:1317-1: important: Recommended update for kiwi Message-ID: <20190523131044.47A7CF797@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1317-1 Rating: important References: #1126217 #1133537 #1135762 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for kiwi fixes the following issues: - Update to v7.04.50 - Fixed udev startup Due to a change in the udev rules an error in kiwi was triggered that outlines an incomplete udev startup sequence. This patch fixes the creation of the dev tree by udev and is related to bsc#1135762 - Set SERVER variable as expected by netboot code (#674) This commit sets $host from $SERVER variable if present and no $kiwiserver is given from the command line. The same criteria applies for $type and $SERVERTYPE variables. Fixes bsc#1133537 - Fixed GCE image bundler and tarball name The GCE bundler still looks for the old name format and failed to find the image result. In addition the present name format for the tarball is missing the architecture information and did not follow pattern we use in kiwi-ng. This Fixes bsc#1126217 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1317=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1317=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kiwi-instsource-7.04.50-2.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kiwi-7.04.50-2.6.1 kiwi-desc-oemboot-7.04.50-2.6.1 kiwi-desc-vmxboot-7.04.50-2.6.1 kiwi-templates-7.04.50-2.6.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): kiwi-desc-netboot-7.04.50-2.6.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kiwi-desc-isoboot-7.04.50-2.6.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kiwi-doc-7.04.50-2.6.1 References: https://bugzilla.suse.com/1126217 https://bugzilla.suse.com/1133537 https://bugzilla.suse.com/1135762 From sle-updates at lists.suse.com Thu May 23 10:09:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 May 2019 18:09:30 +0200 (CEST) Subject: SUSE-SU-2019:1321-1: important: Security update for python-Pillow Message-ID: <20190523160930.E6711F3D5@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1321-1 Rating: important References: #1008845 #1008846 #973786 Cross-References: CVE-2016-3076 CVE-2016-9189 CVE-2016-9190 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-Pillow fixes the following issues: Security issues fixed: - CVE-2016-9189: Fixed a integer overflows leading to memory disclosure in PyImaging_MapBuffer() (bsc#1008845). - CVE-2016-9190: Fixed a code execution vulnerability using a crafted image file in ImagingNew() (bsc#1008846). - CVE-2016-3076: Fixed a integer overflow in j2k_encode_entry() (bsc#973786) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1321=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): python-Pillow-2.8.1-3.3.1 python-Pillow-debuginfo-2.8.1-3.3.1 python-Pillow-debugsource-2.8.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2016-3076.html https://www.suse.com/security/cve/CVE-2016-9189.html https://www.suse.com/security/cve/CVE-2016-9190.html https://bugzilla.suse.com/1008845 https://bugzilla.suse.com/1008846 https://bugzilla.suse.com/973786 From sle-updates at lists.suse.com Thu May 23 10:10:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 May 2019 18:10:32 +0200 (CEST) Subject: SUSE-RU-2019:1320-1: important: Recommended update for kiwi Message-ID: <20190523161032.9E025F3D5@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1320-1 Rating: important References: #1133537 #1135762 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kiwi fixes the following issues: - Update to v7.04.50 - Fixed udev startup Due to a change in the udev rules an error in kiwi was triggered that outlines an incomplete udev startup sequence. This patch fixes the creation of the dev tree by udev and is related to bsc#1135762 - Set SERVER variable as expected by netboot code (#674) This commit sets $host from $SERVER variable if present and no $kiwiserver is given from the command line. The same criteria applies for $type and $SERVERTYPE variables. Fixes bsc#1133537 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1320=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1320=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kiwi-instsource-7.04.50-72.37.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kiwi-7.04.50-72.37.1 kiwi-desc-oemboot-7.04.50-72.37.1 kiwi-desc-vmxboot-7.04.50-72.37.1 kiwi-templates-7.04.50-72.37.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): kiwi-desc-netboot-7.04.50-72.37.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): kiwi-desc-isoboot-7.04.50-72.37.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kiwi-doc-7.04.50-72.37.1 References: https://bugzilla.suse.com/1133537 https://bugzilla.suse.com/1135762 From sle-updates at lists.suse.com Thu May 23 10:11:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 May 2019 18:11:25 +0200 (CEST) Subject: SUSE-RU-2019:1319-1: Recommended update for rsyslog Message-ID: <20190523161125.B75E6F3D6@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1319-1 Rating: low References: #1126233 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - Set default permission for all log files (bsc#1126233) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1319=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1319=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1319=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1319=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.23.2 rsyslog-debuginfo-8.24.0-3.23.2 rsyslog-debugsource-8.24.0-3.23.2 rsyslog-diag-tools-8.24.0-3.23.2 rsyslog-diag-tools-debuginfo-8.24.0-3.23.2 rsyslog-doc-8.24.0-3.23.2 rsyslog-module-gssapi-8.24.0-3.23.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.23.2 rsyslog-module-gtls-8.24.0-3.23.2 rsyslog-module-gtls-debuginfo-8.24.0-3.23.2 rsyslog-module-mysql-8.24.0-3.23.2 rsyslog-module-mysql-debuginfo-8.24.0-3.23.2 rsyslog-module-pgsql-8.24.0-3.23.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.23.2 rsyslog-module-relp-8.24.0-3.23.2 rsyslog-module-relp-debuginfo-8.24.0-3.23.2 rsyslog-module-snmp-8.24.0-3.23.2 rsyslog-module-snmp-debuginfo-8.24.0-3.23.2 rsyslog-module-udpspoof-8.24.0-3.23.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.23.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.23.2 rsyslog-debuginfo-8.24.0-3.23.2 rsyslog-debugsource-8.24.0-3.23.2 rsyslog-diag-tools-8.24.0-3.23.2 rsyslog-diag-tools-debuginfo-8.24.0-3.23.2 rsyslog-doc-8.24.0-3.23.2 rsyslog-module-gssapi-8.24.0-3.23.2 rsyslog-module-gssapi-debuginfo-8.24.0-3.23.2 rsyslog-module-gtls-8.24.0-3.23.2 rsyslog-module-gtls-debuginfo-8.24.0-3.23.2 rsyslog-module-mysql-8.24.0-3.23.2 rsyslog-module-mysql-debuginfo-8.24.0-3.23.2 rsyslog-module-pgsql-8.24.0-3.23.2 rsyslog-module-pgsql-debuginfo-8.24.0-3.23.2 rsyslog-module-relp-8.24.0-3.23.2 rsyslog-module-relp-debuginfo-8.24.0-3.23.2 rsyslog-module-snmp-8.24.0-3.23.2 rsyslog-module-snmp-debuginfo-8.24.0-3.23.2 rsyslog-module-udpspoof-8.24.0-3.23.2 rsyslog-module-udpspoof-debuginfo-8.24.0-3.23.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): rsyslog-8.24.0-3.23.2 rsyslog-debuginfo-8.24.0-3.23.2 rsyslog-debugsource-8.24.0-3.23.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rsyslog-8.24.0-3.23.2 rsyslog-debuginfo-8.24.0-3.23.2 rsyslog-debugsource-8.24.0-3.23.2 - SUSE CaaS Platform ALL (x86_64): rsyslog-8.24.0-3.23.2 rsyslog-debuginfo-8.24.0-3.23.2 rsyslog-debugsource-8.24.0-3.23.2 - SUSE CaaS Platform 3.0 (x86_64): rsyslog-8.24.0-3.23.2 rsyslog-debuginfo-8.24.0-3.23.2 rsyslog-debugsource-8.24.0-3.23.2 References: https://bugzilla.suse.com/1126233 From sle-updates at lists.suse.com Thu May 23 10:12:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 May 2019 18:12:12 +0200 (CEST) Subject: SUSE-RU-2019:1318-1: moderate: Recommended update for orc Message-ID: <20190523161212.42072F3D6@maintenance.suse.de> SUSE Recommended Update: Recommended update for orc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1318-1 Rating: moderate References: #1130085 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for orc does not fix any customer visible issues and does only address an issue with its test suite (bsc#1130085) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1318=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1318=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1318=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): orc-debuginfo-0.4.28-3.3.1 orc-debugsource-0.4.28-3.3.1 orc-doc-0.4.28-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): orc-0.4.28-3.3.1 orc-debuginfo-0.4.28-3.3.1 orc-debugsource-0.4.28-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): liborc-0_4-0-0.4.28-3.3.1 liborc-0_4-0-debuginfo-0.4.28-3.3.1 orc-debuginfo-0.4.28-3.3.1 orc-debugsource-0.4.28-3.3.1 References: https://bugzilla.suse.com/1130085 From sle-updates at lists.suse.com Thu May 23 13:09:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 May 2019 21:09:54 +0200 (CEST) Subject: SUSE-SU-2019:1323-1: important: Security update for python-Jinja2 Message-ID: <20190523190955.02E4DF7CE@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1323-1 Rating: important References: #1132174 Cross-References: CVE-2016-10745 Affected Products: SUSE Manager Tools 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Jinja2 fixes the following issues: Security issue fixed: - CVE-2016-10745: Fixed a sandbox escape caused by an information disclosure via str.format Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-1323=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1323=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2019-1323=1 Package List: - SUSE Manager Tools 12 (noarch): python-Jinja2-2.8-19.17.1 python3-Jinja2-2.8-19.17.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-Jinja2-2.8-19.17.1 python3-Jinja2-2.8-19.17.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): python-Jinja2-2.8-19.17.1 python3-Jinja2-2.8-19.17.1 References: https://www.suse.com/security/cve/CVE-2016-10745.html https://bugzilla.suse.com/1132174 From sle-updates at lists.suse.com Thu May 23 13:10:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 May 2019 21:10:42 +0200 (CEST) Subject: SUSE-SU-2019:1325-1: moderate: Security update for php5 Message-ID: <20190523191042.9EBAFF7CE@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1325-1 Rating: moderate References: #1128883 #1128886 #1128887 #1128889 #1128892 #1132837 #1132838 #1134322 Cross-References: CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9675 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-9637: Fixed a potential information disclosure in rename() (bsc#1128892). - CVE-2019-9675: Fixed a potential buffer overflow in phar_tar_writeheaders_int() (bsc#1128886). - CVE-2019-9638: Fixed an uninitialized read in exif_process_IFD_in_MAKERNOTE() related to value_len (bsc#1128889). - CVE-2019-9639: Fixed an uninitialized read in exif_process_IFD_in_MAKERNOTE() related to data_len (bsc#1128887). - CVE-2019-9640: Fixed an invalid Read in exif_process_SOFn() (bsc#1128883). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1325=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1325=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-1325=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.58.1 php5-debugsource-5.5.14-109.58.1 php5-devel-5.5.14-109.58.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.58.1 php5-debugsource-5.5.14-109.58.1 php5-devel-5.5.14-109.58.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.58.1 apache2-mod_php5-debuginfo-5.5.14-109.58.1 php5-5.5.14-109.58.1 php5-bcmath-5.5.14-109.58.1 php5-bcmath-debuginfo-5.5.14-109.58.1 php5-bz2-5.5.14-109.58.1 php5-bz2-debuginfo-5.5.14-109.58.1 php5-calendar-5.5.14-109.58.1 php5-calendar-debuginfo-5.5.14-109.58.1 php5-ctype-5.5.14-109.58.1 php5-ctype-debuginfo-5.5.14-109.58.1 php5-curl-5.5.14-109.58.1 php5-curl-debuginfo-5.5.14-109.58.1 php5-dba-5.5.14-109.58.1 php5-dba-debuginfo-5.5.14-109.58.1 php5-debuginfo-5.5.14-109.58.1 php5-debugsource-5.5.14-109.58.1 php5-dom-5.5.14-109.58.1 php5-dom-debuginfo-5.5.14-109.58.1 php5-enchant-5.5.14-109.58.1 php5-enchant-debuginfo-5.5.14-109.58.1 php5-exif-5.5.14-109.58.1 php5-exif-debuginfo-5.5.14-109.58.1 php5-fastcgi-5.5.14-109.58.1 php5-fastcgi-debuginfo-5.5.14-109.58.1 php5-fileinfo-5.5.14-109.58.1 php5-fileinfo-debuginfo-5.5.14-109.58.1 php5-fpm-5.5.14-109.58.1 php5-fpm-debuginfo-5.5.14-109.58.1 php5-ftp-5.5.14-109.58.1 php5-ftp-debuginfo-5.5.14-109.58.1 php5-gd-5.5.14-109.58.1 php5-gd-debuginfo-5.5.14-109.58.1 php5-gettext-5.5.14-109.58.1 php5-gettext-debuginfo-5.5.14-109.58.1 php5-gmp-5.5.14-109.58.1 php5-gmp-debuginfo-5.5.14-109.58.1 php5-iconv-5.5.14-109.58.1 php5-iconv-debuginfo-5.5.14-109.58.1 php5-imap-5.5.14-109.58.1 php5-imap-debuginfo-5.5.14-109.58.1 php5-intl-5.5.14-109.58.1 php5-intl-debuginfo-5.5.14-109.58.1 php5-json-5.5.14-109.58.1 php5-json-debuginfo-5.5.14-109.58.1 php5-ldap-5.5.14-109.58.1 php5-ldap-debuginfo-5.5.14-109.58.1 php5-mbstring-5.5.14-109.58.1 php5-mbstring-debuginfo-5.5.14-109.58.1 php5-mcrypt-5.5.14-109.58.1 php5-mcrypt-debuginfo-5.5.14-109.58.1 php5-mysql-5.5.14-109.58.1 php5-mysql-debuginfo-5.5.14-109.58.1 php5-odbc-5.5.14-109.58.1 php5-odbc-debuginfo-5.5.14-109.58.1 php5-opcache-5.5.14-109.58.1 php5-opcache-debuginfo-5.5.14-109.58.1 php5-openssl-5.5.14-109.58.1 php5-openssl-debuginfo-5.5.14-109.58.1 php5-pcntl-5.5.14-109.58.1 php5-pcntl-debuginfo-5.5.14-109.58.1 php5-pdo-5.5.14-109.58.1 php5-pdo-debuginfo-5.5.14-109.58.1 php5-pgsql-5.5.14-109.58.1 php5-pgsql-debuginfo-5.5.14-109.58.1 php5-phar-5.5.14-109.58.1 php5-phar-debuginfo-5.5.14-109.58.1 php5-posix-5.5.14-109.58.1 php5-posix-debuginfo-5.5.14-109.58.1 php5-pspell-5.5.14-109.58.1 php5-pspell-debuginfo-5.5.14-109.58.1 php5-shmop-5.5.14-109.58.1 php5-shmop-debuginfo-5.5.14-109.58.1 php5-snmp-5.5.14-109.58.1 php5-snmp-debuginfo-5.5.14-109.58.1 php5-soap-5.5.14-109.58.1 php5-soap-debuginfo-5.5.14-109.58.1 php5-sockets-5.5.14-109.58.1 php5-sockets-debuginfo-5.5.14-109.58.1 php5-sqlite-5.5.14-109.58.1 php5-sqlite-debuginfo-5.5.14-109.58.1 php5-suhosin-5.5.14-109.58.1 php5-suhosin-debuginfo-5.5.14-109.58.1 php5-sysvmsg-5.5.14-109.58.1 php5-sysvmsg-debuginfo-5.5.14-109.58.1 php5-sysvsem-5.5.14-109.58.1 php5-sysvsem-debuginfo-5.5.14-109.58.1 php5-sysvshm-5.5.14-109.58.1 php5-sysvshm-debuginfo-5.5.14-109.58.1 php5-tokenizer-5.5.14-109.58.1 php5-tokenizer-debuginfo-5.5.14-109.58.1 php5-wddx-5.5.14-109.58.1 php5-wddx-debuginfo-5.5.14-109.58.1 php5-xmlreader-5.5.14-109.58.1 php5-xmlreader-debuginfo-5.5.14-109.58.1 php5-xmlrpc-5.5.14-109.58.1 php5-xmlrpc-debuginfo-5.5.14-109.58.1 php5-xmlwriter-5.5.14-109.58.1 php5-xmlwriter-debuginfo-5.5.14-109.58.1 php5-xsl-5.5.14-109.58.1 php5-xsl-debuginfo-5.5.14-109.58.1 php5-zip-5.5.14-109.58.1 php5-zip-debuginfo-5.5.14-109.58.1 php5-zlib-5.5.14-109.58.1 php5-zlib-debuginfo-5.5.14-109.58.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.58.1 References: https://www.suse.com/security/cve/CVE-2019-11034.html https://www.suse.com/security/cve/CVE-2019-11035.html https://www.suse.com/security/cve/CVE-2019-11036.html https://www.suse.com/security/cve/CVE-2019-9637.html https://www.suse.com/security/cve/CVE-2019-9638.html https://www.suse.com/security/cve/CVE-2019-9639.html https://www.suse.com/security/cve/CVE-2019-9640.html https://www.suse.com/security/cve/CVE-2019-9675.html https://bugzilla.suse.com/1128883 https://bugzilla.suse.com/1128886 https://bugzilla.suse.com/1128887 https://bugzilla.suse.com/1128889 https://bugzilla.suse.com/1128892 https://bugzilla.suse.com/1132837 https://bugzilla.suse.com/1132838 https://bugzilla.suse.com/1134322 From sle-updates at lists.suse.com Thu May 23 16:10:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 00:10:53 +0200 (CEST) Subject: SUSE-SU-2019:1326-1: Security update for sysstat Message-ID: <20190523221053.971E1F7CE@maintenance.suse.de> SUSE Security Update: Security update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1326-1 Rating: low References: #1117001 #1117260 Cross-References: CVE-2018-19416 CVE-2018-19517 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for sysstat fixes the following issues: Security issues fixed: - CVE-2018-19416: Fixed out-of-bounds read during a memmove call inside the remap_struct function (bsc#1117001). - CVE-2018-19517: Fixed out-of-bounds read during a memset call inside the remap_struct function (bsc#1117260). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1326=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1326=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1326=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1326=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-10.18.1 sysstat-debuginfo-12.0.2-10.18.1 sysstat-debugsource-12.0.2-10.18.1 sysstat-isag-12.0.2-10.18.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-10.18.1 sysstat-debuginfo-12.0.2-10.18.1 sysstat-debugsource-12.0.2-10.18.1 sysstat-isag-12.0.2-10.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): sysstat-12.0.2-10.18.1 sysstat-debuginfo-12.0.2-10.18.1 sysstat-debugsource-12.0.2-10.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): sysstat-12.0.2-10.18.1 sysstat-debuginfo-12.0.2-10.18.1 sysstat-debugsource-12.0.2-10.18.1 References: https://www.suse.com/security/cve/CVE-2018-19416.html https://www.suse.com/security/cve/CVE-2018-19517.html https://bugzilla.suse.com/1117001 https://bugzilla.suse.com/1117260 From sle-updates at lists.suse.com Thu May 23 19:09:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 03:09:18 +0200 (CEST) Subject: SUSE-RU-2019:1327-1: moderate: Recommended update for speech-dispatcher Message-ID: <20190524010918.E1544F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for speech-dispatcher ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1327-1 Rating: moderate References: #1129586 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for speech-dispatcher fixes the following issues: - Remove a work-around that was necessary in previous versions but since speech-dispatcher 0.8.4 no longer is. (bsc#1129586) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1327=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1327=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): speech-dispatcher-configure-0.8.8-3.6.3 speech-dispatcher-debuginfo-0.8.8-3.6.3 speech-dispatcher-debugsource-0.8.8-3.6.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libspeechd-devel-0.8.8-3.6.3 libspeechd2-0.8.8-3.6.3 libspeechd2-debuginfo-0.8.8-3.6.3 python3-speechd-0.8.8-3.6.3 speech-dispatcher-0.8.8-3.6.3 speech-dispatcher-debuginfo-0.8.8-3.6.3 speech-dispatcher-debugsource-0.8.8-3.6.3 speech-dispatcher-module-espeak-0.8.8-3.6.3 speech-dispatcher-module-espeak-debuginfo-0.8.8-3.6.3 References: https://bugzilla.suse.com/1129586 From sle-updates at lists.suse.com Fri May 24 07:09:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 15:09:55 +0200 (CEST) Subject: SUSE-RU-2019:1334-1: moderate: Recommended update for orarun Message-ID: <20190524130955.2149DFDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for orarun ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1334-1 Rating: moderate References: #1124986 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for orarun fixes the following issues: - Replaces su command by setrpriv in /etc/init.d/orcale (bsc#1124986) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1334=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1334=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): orarun-2.0-14.8.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): orarun-2.0-14.8.1 References: https://bugzilla.suse.com/1124986 From sle-updates at lists.suse.com Fri May 24 07:10:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 15:10:31 +0200 (CEST) Subject: SUSE-SU-2019:14064-1: important: Security update for curl Message-ID: <20190524131031.D5EF7FDA1@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14064-1 Rating: important References: #1135170 Cross-References: CVE-2019-5436 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-curl-14064=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-14064=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-curl-14064=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-curl-14064=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-curl-14064=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): curl-7.37.0-70.41.2 libcurl4-7.37.0-70.41.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libcurl4-32bit-7.37.0-70.41.2 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.37.0-70.41.2 libcurl4-openssl1-7.37.0-70.41.2 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.37.0-70.41.2 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.37.0-70.41.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): curl-7.37.0-70.41.2 libcurl-devel-7.37.0-70.41.2 libcurl4-7.37.0-70.41.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): curl-debuginfo-7.37.0-70.41.2 curl-debugsource-7.37.0-70.41.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): curl-debuginfo-7.37.0-70.41.2 curl-debugsource-7.37.0-70.41.2 References: https://www.suse.com/security/cve/CVE-2019-5436.html https://bugzilla.suse.com/1135170 From sle-updates at lists.suse.com Fri May 24 07:12:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 15:12:08 +0200 (CEST) Subject: SUSE-RU-2019:1335-1: moderate: Recommended update for yast2-hana-update Message-ID: <20190524131208.6D4B7FDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-hana-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1335-1 Rating: moderate References: #1064732 #1066935 #1066946 #1066975 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: The new yast2-hana-update module for YaST, which allows easy update of SAP HANA software when operated within a SUSE HA cluster, has been added to SUSE Linux Enterprise Server 15 for SAP Applications. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2019-1335=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15 (ppc64le x86_64): yast2-hana-update-1.2.0-1.3.81 References: https://bugzilla.suse.com/1064732 https://bugzilla.suse.com/1066935 https://bugzilla.suse.com/1066946 https://bugzilla.suse.com/1066975 From sle-updates at lists.suse.com Fri May 24 07:13:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 15:13:51 +0200 (CEST) Subject: SUSE-RU-2019:1331-1: moderate: Recommended update for deepsea Message-ID: <20190524131351.B27E5FDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1331-1 Rating: moderate References: #1122326 #1122461 #1122941 #1123344 #1130223 #1130511 #1133846 #1134216 #123226 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for deepsea fixes the following issues: - iscsi: restart iSCSI gateways sequentially. (bsc#1130223) - Monitoring: update smartmon.sh, fix label dimension inconsistency - Align unittests with implementation. bonus: whitespaces - Correctly parse multiple networks. (bsc#1130511) - ceph.mon.default: test if MONs are really up - ceph.stage.deploy.default: restart MONs and MGRs before OSDs - ceph.mon.default: use service.running - ceph.mgr.default: test if MGRs are really up - Kill iperf3 processes when complete. (bsc#1122941) - Handle broken symlinks. (bsc#1123344) - Address removal of dmcrypt partitions. (bsc#1122326) - Add rebuild orchestration, obliterate state. (bsc#1122461) - Fix deepsea version parsing. (bsc#1134216) - push.py: correct variable names. (bsc#1133846) - Check for digit before 'p' (split_partition). (bsc#1123226) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1331=1 Package List: - SUSE Enterprise Storage 5 (noarch): deepsea-0.8.10+git.0.5c2290e77-2.34.1 References: https://bugzilla.suse.com/1122326 https://bugzilla.suse.com/1122461 https://bugzilla.suse.com/1122941 https://bugzilla.suse.com/1123344 https://bugzilla.suse.com/1130223 https://bugzilla.suse.com/1130511 https://bugzilla.suse.com/1133846 https://bugzilla.suse.com/1134216 https://bugzilla.suse.com/123226 From sle-updates at lists.suse.com Fri May 24 07:16:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 15:16:48 +0200 (CEST) Subject: SUSE-RU-2019:1333-1: moderate: Recommended update for systemd-presets-branding-SLE Message-ID: <20190524131648.12531FDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-presets-branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1333-1 Rating: moderate References: #1128428 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd-presets-branding-SLE fixes the following issues: - Enables nvmefc-boot-connections.service to discover network-provided nvme drives on boot (bsc#1128428) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1333=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1333=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): systemd-presets-branding-SLE-12.2-4.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): systemd-presets-branding-SLE-12.2-4.3.1 References: https://bugzilla.suse.com/1128428 From sle-updates at lists.suse.com Fri May 24 07:17:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 15:17:32 +0200 (CEST) Subject: SUSE-SU-2019:14063-1: important: Security update for xen Message-ID: <20190524131732.5710BFDA1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14063-1 Rating: important References: #1027519 #1111331 #1130680 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates. The mitigation can be controlled via the "mds" commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other fixes: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - Added upstream bug fix (bsc#1027519). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xen-14063=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-14063=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): xen-kmp-default-4.4.4_40_3.0.101_108.90-61.46.2 xen-libs-4.4.4_40-61.46.2 xen-tools-domU-4.4.4_40-61.46.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): xen-4.4.4_40-61.46.2 xen-doc-html-4.4.4_40-61.46.2 xen-libs-32bit-4.4.4_40-61.46.2 xen-tools-4.4.4_40-61.46.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): xen-kmp-pae-4.4.4_40_3.0.101_108.90-61.46.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_40-61.46.2 xen-debugsource-4.4.4_40-61.46.2 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-20815.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1130680 From sle-updates at lists.suse.com Fri May 24 07:18:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 15:18:12 +0200 (CEST) Subject: SUSE-RU-2019:1336-1: moderate: Recommended update for resource-agents Message-ID: <20190524131812.EC788FDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1336-1 Rating: moderate References: #1112334 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Supplement azure-events for the Azure Public Cloud (bsc#1112334) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1336=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ldirectord-4.1.1+git0.5a1edf2b-3.14.1 resource-agents-4.1.1+git0.5a1edf2b-3.14.1 resource-agents-debuginfo-4.1.1+git0.5a1edf2b-3.14.1 resource-agents-debugsource-4.1.1+git0.5a1edf2b-3.14.1 - SUSE Linux Enterprise High Availability 15 (noarch): monitoring-plugins-metadata-4.1.1+git0.5a1edf2b-3.14.1 References: https://bugzilla.suse.com/1112334 From sle-updates at lists.suse.com Fri May 24 07:19:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 15:19:05 +0200 (CEST) Subject: SUSE-RU-2019:1332-1: moderate: Recommended update for mvapich2 Message-ID: <20190524131905.B4DA2FDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for mvapich2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1332-1 Rating: moderate References: #1098653 #1102421 #1116458 #1129421 #1133797 #934090 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for HPC 15 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for mvapich2 provides the following fixes: - Use sched_yield instead of pthread_yield to fix a build failure. (bsc#1102421) - Disable HPC builds for SLE12. (fate#323655) - Provide missing functions for armv6hl. - Fix handling of mpi-selector during updates. (bsc#1098653) - macros.hpc-mvapich2: Replace %%compiler_family by %%hpc_compiler_family. - Fix a segfault when running on a machine with no RDMA hardware. (bsc#1133797) - Add patch to remove obsolete GCC check and also patch autogen.sh to get the autotools working in SLE12SP4. (bsc#1129421) - Force to re-run autotools to generate properly the files after patching files. - Add macro _hpc_mvapich2_modules for modules support (bsc#1116458). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1332=1 - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2019-1332=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): mvapich2-2.2-9.7.1 mvapich2-debuginfo-2.2-9.7.1 mvapich2-debugsource-2.2-9.7.1 mvapich2-devel-2.2-9.7.1 mvapich2-devel-static-2.2-9.7.1 mvapich2-doc-2.2-9.7.1 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): mvapich2-psm-2.2-9.7.1 mvapich2-psm-debuginfo-2.2-9.7.1 mvapich2-psm-debugsource-2.2-9.7.1 mvapich2-psm-devel-2.2-9.7.1 mvapich2-psm2-2.2-9.7.1 mvapich2-psm2-debuginfo-2.2-9.7.1 mvapich2-psm2-debugsource-2.2-9.7.1 mvapich2-psm2-devel-2.2-9.7.1 - SUSE Linux Enterprise Module for HPC 15 (aarch64 x86_64): mvapich2-gnu-hpc-2.2-9.7.1 mvapich2-gnu-hpc-devel-2.2-9.7.1 mvapich2_2_2-gnu-hpc-2.2-9.7.1 mvapich2_2_2-gnu-hpc-debuginfo-2.2-9.7.1 mvapich2_2_2-gnu-hpc-debugsource-2.2-9.7.1 mvapich2_2_2-gnu-hpc-devel-2.2-9.7.1 mvapich2_2_2-gnu-hpc-devel-static-2.2-9.7.1 mvapich2_2_2-gnu-hpc-doc-2.2-9.7.1 mvapich2_2_2-gnu-hpc-macros-devel-2.2-9.7.1 - SUSE Linux Enterprise Module for HPC 15 (noarch): mvapich2-gnu-hpc-doc-2.2-9.7.1 mvapich2-gnu-hpc-macros-devel-2.2-9.7.1 mvapich2-psm-gnu-hpc-doc-2.2-9.7.1 mvapich2-psm-gnu-hpc-macros-devel-2.2-9.7.1 mvapich2-psm2-gnu-hpc-doc-2.2-9.7.1 mvapich2-psm2-gnu-hpc-macros-devel-2.2-9.7.1 - SUSE Linux Enterprise Module for HPC 15 (x86_64): mvapich2-psm-gnu-hpc-2.2-9.7.1 mvapich2-psm-gnu-hpc-devel-2.2-9.7.1 mvapich2-psm2-gnu-hpc-2.2-9.7.1 mvapich2-psm2-gnu-hpc-devel-2.2-9.7.1 mvapich2-psm2_2_2-gnu-hpc-2.2-9.7.1 mvapich2-psm2_2_2-gnu-hpc-debuginfo-2.2-9.7.1 mvapich2-psm2_2_2-gnu-hpc-debugsource-2.2-9.7.1 mvapich2-psm2_2_2-gnu-hpc-devel-2.2-9.7.1 mvapich2-psm2_2_2-gnu-hpc-devel-static-2.2-9.7.1 mvapich2-psm2_2_2-gnu-hpc-doc-2.2-9.7.1 mvapich2-psm2_2_2-gnu-hpc-macros-devel-2.2-9.7.1 mvapich2-psm_2_2-gnu-hpc-2.2-9.7.1 mvapich2-psm_2_2-gnu-hpc-debuginfo-2.2-9.7.1 mvapich2-psm_2_2-gnu-hpc-debugsource-2.2-9.7.1 mvapich2-psm_2_2-gnu-hpc-devel-2.2-9.7.1 mvapich2-psm_2_2-gnu-hpc-devel-static-2.2-9.7.1 mvapich2-psm_2_2-gnu-hpc-doc-2.2-9.7.1 mvapich2-psm_2_2-gnu-hpc-macros-devel-2.2-9.7.1 References: https://bugzilla.suse.com/1098653 https://bugzilla.suse.com/1102421 https://bugzilla.suse.com/1116458 https://bugzilla.suse.com/1129421 https://bugzilla.suse.com/1133797 https://bugzilla.suse.com/934090 From sle-updates at lists.suse.com Fri May 24 07:20:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 15:20:58 +0200 (CEST) Subject: SUSE-RU-2019:1337-1: moderate: Recommended update for yast2, yast2-firewall, and yast2-services-manager Message-ID: <20190524132058.2F2F9FDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2, yast2-firewall, and yast2-services-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1337-1 Rating: moderate References: #1087867 #1108199 #1108628 #1108942 #1109812 #1110549 #1111370 #1112547 #1113732 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for yast2, yast2-firewall, and yast2-services-manager fixes the following issues: # Package: yast2 Installation: - Show dialog if registration is skipped. (fate#318196) - Add tags to describe the location for the "all-packages" medium. This information will be shown if the registration has been skipped by the user. No hint will be shown if these tags have not been defined. (fate#325834) Logging: - Log viewer: replace invalid UTF-8 characters from the displayed log to avoid a crash. (bsc#1110549) Firewall: - firewalld configuration failed when setting public zone as default second time. (bsc#1109812) - firewalld: fixed the API cmd call for removing services from zones, when the firewall is in offline mode. (bsc#1108628) - Added new methods to firewalld_wrapper in order to switch yast2-dhcp-server to new firewall module. (bsc#1108942) - Network (Firewall): Added modify_masquerade method to zones API unifying the way changes are applied to single value attributes. (bsc#1112547) - CWMFirewallInterfaces: Improved the UX replacing the api calls for checking supported services once the list supported ones are already known by the firewalld instance. (fate#324662) # Package: yast2-firewall AutoYast schema: - Allowed the new 'description', 'short' and 'target' elements in zone entries (bsc#1108199) Included Features: - New user interface for firewalld configuration (fate#324662, bsc#1111370): * Manage the firewalld service * Browse interfaces and assign them to firewall zones * List zones and design one of them as the default * Assign services to zones * Open ports - Enable and open the SSH port when only public key authentication is available for the root user. (fate#324690) # Package: yast2-services-manager - Do not crash in chroot environment (bsc#1113732) - Adapted to use the new Y2Firewall::Firewalld::Interface objects instead of a hash. (fate#324662) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1337=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2019-1337=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): yast2-4.0.103-3.15.3 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-firewall-4.0.34-3.6.3 yast2-services-manager-4.0.10-3.7.3 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): yast2-4.0.103-3.15.3 References: https://bugzilla.suse.com/1087867 https://bugzilla.suse.com/1108199 https://bugzilla.suse.com/1108628 https://bugzilla.suse.com/1108942 https://bugzilla.suse.com/1109812 https://bugzilla.suse.com/1110549 https://bugzilla.suse.com/1111370 https://bugzilla.suse.com/1112547 https://bugzilla.suse.com/1113732 From sle-updates at lists.suse.com Fri May 24 10:11:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 18:11:02 +0200 (CEST) Subject: SUSE-SU-2019:1345-1: important: Security update for java-1_7_1-ibm Message-ID: <20190524161102.4241AFDA1@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1345-1 Rating: important References: #1132728 #1132729 #1132732 #1132734 #1134718 Cross-References: CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1345=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1345=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1345=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1345=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1345=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1345=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1345=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1345=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1345=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1345=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1345=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1345=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_7_1-ibm-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1 - SUSE Enterprise Storage 4 (x86_64): java-1_7_1-ibm-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1 References: https://www.suse.com/security/cve/CVE-2019-10245.html https://www.suse.com/security/cve/CVE-2019-2602.html https://www.suse.com/security/cve/CVE-2019-2684.html https://www.suse.com/security/cve/CVE-2019-2697.html https://www.suse.com/security/cve/CVE-2019-2698.html https://bugzilla.suse.com/1132728 https://bugzilla.suse.com/1132729 https://bugzilla.suse.com/1132732 https://bugzilla.suse.com/1132734 https://bugzilla.suse.com/1134718 From sle-updates at lists.suse.com Fri May 24 13:09:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 21:09:41 +0200 (CEST) Subject: SUSE-SU-2019:1339-1: moderate: Security update for bluez Message-ID: <20190524190941.38B6EF7CE@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1339-1 Rating: moderate References: #1013708 #1013712 #1013893 #1015171 #1015173 Cross-References: CVE-2016-9797 CVE-2016-9798 CVE-2016-9802 CVE-2016-9917 CVE-2016-9918 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for bluez fixes the following issues: Security vulnerability addressed: - CVE-2016-9797: Fixed a buffer over-read in l2cap_dump() (bsc#1013708). - CVE-2016-9798: Fixed a use-after-free in conf_opt() (bsc#1013712). - CVE-2016-9917: Fixed a heap-based buffer overflow in read_n() (bsc#1015171). - CVE-2016-9802: Fixed a buffer over-read in l2cap_packet() (bsc#1013893). - CVE-2016-9918: Fixed an out-of-bounds stack read in packet_hexdump(), which could be triggered by processing a corrupted dump file and will result in a crash of the hcidump tool (bsc#1015173) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1339=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1339=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1339=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1339=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1339=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1339=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1339=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1339=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): bluez-cups-5.13-5.12.1 bluez-cups-debuginfo-5.13-5.12.1 bluez-debuginfo-5.13-5.12.1 bluez-debugsource-5.13-5.12.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): bluez-cups-5.13-5.12.1 bluez-cups-debuginfo-5.13-5.12.1 bluez-debuginfo-5.13-5.12.1 bluez-debugsource-5.13-5.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.13-5.12.1 bluez-debugsource-5.13-5.12.1 bluez-devel-5.13-5.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.13-5.12.1 bluez-debugsource-5.13-5.12.1 bluez-devel-5.13-5.12.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): bluez-5.13-5.12.1 bluez-debuginfo-5.13-5.12.1 bluez-debugsource-5.13-5.12.1 libbluetooth3-5.13-5.12.1 libbluetooth3-debuginfo-5.13-5.12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): bluez-5.13-5.12.1 bluez-debuginfo-5.13-5.12.1 bluez-debugsource-5.13-5.12.1 libbluetooth3-5.13-5.12.1 libbluetooth3-debuginfo-5.13-5.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): bluez-5.13-5.12.1 bluez-cups-5.13-5.12.1 bluez-cups-debuginfo-5.13-5.12.1 bluez-debuginfo-5.13-5.12.1 bluez-debugsource-5.13-5.12.1 libbluetooth3-5.13-5.12.1 libbluetooth3-debuginfo-5.13-5.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): bluez-5.13-5.12.1 bluez-cups-5.13-5.12.1 bluez-cups-debuginfo-5.13-5.12.1 bluez-debuginfo-5.13-5.12.1 bluez-debugsource-5.13-5.12.1 libbluetooth3-5.13-5.12.1 libbluetooth3-debuginfo-5.13-5.12.1 References: https://www.suse.com/security/cve/CVE-2016-9797.html https://www.suse.com/security/cve/CVE-2016-9798.html https://www.suse.com/security/cve/CVE-2016-9802.html https://www.suse.com/security/cve/CVE-2016-9917.html https://www.suse.com/security/cve/CVE-2016-9918.html https://bugzilla.suse.com/1013708 https://bugzilla.suse.com/1013712 https://bugzilla.suse.com/1013893 https://bugzilla.suse.com/1015171 https://bugzilla.suse.com/1015173 From sle-updates at lists.suse.com Fri May 24 13:15:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 21:15:45 +0200 (CEST) Subject: SUSE-RU-2019:1344-1: moderate: Recommended update for amazon-ecs-init Message-ID: <20190524191545.D880FF7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for amazon-ecs-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1344-1 Rating: moderate References: #1131459 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for amazon-ecs-init fixes the following issues: amazon-ecs-init was updated to version 1.18.0: + Cache Agent version 1.18.0 + Add support for regional buckets + Bundle ECS Agent tarball in package + Download agent based on the partition + Mount Docker plugin files dir - The aarch64 build architecture is now supported. [bsc#1131459] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-1344=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 x86_64): amazon-ecs-init-1.18.0-4.6.1 amazon-ecs-init-debuginfo-1.18.0-4.6.1 amazon-ecs-init-debugsource-1.18.0-4.6.1 References: https://bugzilla.suse.com/1131459 From sle-updates at lists.suse.com Fri May 24 13:16:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 21:16:25 +0200 (CEST) Subject: SUSE-SU-2019:1347-1: important: Security update for libvirt Message-ID: <20190524191625.E645CF7CE@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1347-1 Rating: important References: #1111331 #1135273 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1347=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1347=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1347=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-8.12.1 libvirt-devel-4.0.0-8.12.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libvirt-4.0.0-8.12.1 libvirt-admin-4.0.0-8.12.1 libvirt-admin-debuginfo-4.0.0-8.12.1 libvirt-client-4.0.0-8.12.1 libvirt-client-debuginfo-4.0.0-8.12.1 libvirt-daemon-4.0.0-8.12.1 libvirt-daemon-config-network-4.0.0-8.12.1 libvirt-daemon-config-nwfilter-4.0.0-8.12.1 libvirt-daemon-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-interface-4.0.0-8.12.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-lxc-4.0.0-8.12.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-network-4.0.0-8.12.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-nodedev-4.0.0-8.12.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-nwfilter-4.0.0-8.12.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-qemu-4.0.0-8.12.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-secret-4.0.0-8.12.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-storage-4.0.0-8.12.1 libvirt-daemon-driver-storage-core-4.0.0-8.12.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-storage-disk-4.0.0-8.12.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.12.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-storage-logical-4.0.0-8.12.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.12.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.12.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.12.1 libvirt-daemon-hooks-4.0.0-8.12.1 libvirt-daemon-lxc-4.0.0-8.12.1 libvirt-daemon-qemu-4.0.0-8.12.1 libvirt-debugsource-4.0.0-8.12.1 libvirt-doc-4.0.0-8.12.1 libvirt-libs-4.0.0-8.12.1 libvirt-libs-debuginfo-4.0.0-8.12.1 libvirt-lock-sanlock-4.0.0-8.12.1 libvirt-lock-sanlock-debuginfo-4.0.0-8.12.1 libvirt-nss-4.0.0-8.12.1 libvirt-nss-debuginfo-4.0.0-8.12.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-4.0.0-8.12.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.12.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): libvirt-daemon-driver-libxl-4.0.0-8.12.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.12.1 libvirt-daemon-xen-4.0.0-8.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libvirt-4.0.0-8.12.1 libvirt-admin-4.0.0-8.12.1 libvirt-admin-debuginfo-4.0.0-8.12.1 libvirt-client-4.0.0-8.12.1 libvirt-client-debuginfo-4.0.0-8.12.1 libvirt-daemon-4.0.0-8.12.1 libvirt-daemon-config-network-4.0.0-8.12.1 libvirt-daemon-config-nwfilter-4.0.0-8.12.1 libvirt-daemon-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-interface-4.0.0-8.12.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-libxl-4.0.0-8.12.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-lxc-4.0.0-8.12.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-network-4.0.0-8.12.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-nodedev-4.0.0-8.12.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-nwfilter-4.0.0-8.12.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-qemu-4.0.0-8.12.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-secret-4.0.0-8.12.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-storage-4.0.0-8.12.1 libvirt-daemon-driver-storage-core-4.0.0-8.12.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-storage-disk-4.0.0-8.12.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.12.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-storage-logical-4.0.0-8.12.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.12.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-storage-rbd-4.0.0-8.12.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.12.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.12.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.12.1 libvirt-daemon-lxc-4.0.0-8.12.1 libvirt-daemon-qemu-4.0.0-8.12.1 libvirt-daemon-xen-4.0.0-8.12.1 libvirt-debugsource-4.0.0-8.12.1 libvirt-doc-4.0.0-8.12.1 libvirt-libs-4.0.0-8.12.1 libvirt-libs-debuginfo-4.0.0-8.12.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1135273 From sle-updates at lists.suse.com Fri May 24 13:19:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 21:19:24 +0200 (CEST) Subject: SUSE-SU-2019:1353-1: moderate: Security update for bluez Message-ID: <20190524191924.EA202FDA1@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1353-1 Rating: moderate References: #1013708 #1013712 #1013893 #1015171 Cross-References: CVE-2016-9797 CVE-2016-9798 CVE-2016-9802 CVE-2016-9917 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for bluez fixes the following issues: Security issues fixed: - CVE-2016-9797: Fixed a buffer over-read in l2cap_dump() (bsc#1013708). - CVE-2016-9798: Fixed a use-after-free in conf_opt() (bsc#1013712). - CVE-2016-9917: Fixed a heap-based buffer overflow in read_n() (bsc#1015171). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1353=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1353=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1353=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1353=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): bluez-cups-5.48-5.16.1 bluez-cups-debuginfo-5.48-5.16.1 bluez-debuginfo-5.48-5.16.1 bluez-debugsource-5.48-5.16.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.48-5.16.1 bluez-debugsource-5.48-5.16.1 bluez-test-5.48-5.16.1 bluez-test-debuginfo-5.48-5.16.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): bluez-auto-enable-devices-5.48-5.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): bluez-5.48-5.16.1 bluez-debuginfo-5.48-5.16.1 bluez-debugsource-5.48-5.16.1 bluez-devel-5.48-5.16.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.48-5.16.1 bluez-debugsource-5.48-5.16.1 libbluetooth3-5.48-5.16.1 libbluetooth3-debuginfo-5.48-5.16.1 References: https://www.suse.com/security/cve/CVE-2016-9797.html https://www.suse.com/security/cve/CVE-2016-9798.html https://www.suse.com/security/cve/CVE-2016-9802.html https://www.suse.com/security/cve/CVE-2016-9917.html https://bugzilla.suse.com/1013708 https://bugzilla.suse.com/1013712 https://bugzilla.suse.com/1013893 https://bugzilla.suse.com/1015171 From sle-updates at lists.suse.com Fri May 24 13:23:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 21:23:57 +0200 (CEST) Subject: SUSE-RU-2019:1342-1: moderate: Recommended update for google-compute-engine Message-ID: <20190524192357.E78C4FDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1342-1 Rating: moderate References: #1128392 #1134179 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-compute-engine fixes the following issues: google-compute-engine was updated to version 20190416 (bsc#1128392, bsc#1134179) - Google Compute Engine OS Login * Fix pam_group ordering detection. * Restart cron from the OS Login control file. * Add PAM entry to su:account stack. Update from version 20190315: - Google Compute Engine OS Login * Fix alternate challenge section for two factor authentication. * Fix FreeBSD compatibility issues in the control file. Update from version 20190304: - Google Compute Engine * Set oom_score_adjust for google_accounts_daemon. - Google Compute Engine OS Login * Use pam_group to provide users with default groups. * Exit immediately after a two factor authentication failure. * Add support for Google phone prompt challenges. - Include systemd service file to run google_optimize_local_ssd command - Include systemd service file to run google_set_multiqueue command - Install journald configuration files into /usr/lib/systemd/journald.conf.d Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1342=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20190416-30.1 google-compute-engine-oslogin-debuginfo-20190416-30.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-compute-engine-init-20190416-30.1 References: https://bugzilla.suse.com/1128392 https://bugzilla.suse.com/1134179 From sle-updates at lists.suse.com Fri May 24 13:24:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 21:24:47 +0200 (CEST) Subject: SUSE-SU-2019:1352-1: moderate: Security update for python3 Message-ID: <20190524192447.6ACD3FDA1@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1352-1 Rating: moderate References: #1130840 #1133452 Cross-References: CVE-2019-9947 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1352=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1352=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1352=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.16.2 python3-base-debugsource-3.6.8-3.16.2 python3-testsuite-3.6.8-3.16.2 python3-testsuite-debuginfo-3.6.8-3.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python3-doc-3.6.8-3.16.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.16.2 python3-base-debugsource-3.6.8-3.16.2 python3-tools-3.6.8-3.16.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.8-3.16.2 libpython3_6m1_0-debuginfo-3.6.8-3.16.2 python3-3.6.8-3.16.2 python3-base-3.6.8-3.16.2 python3-base-debuginfo-3.6.8-3.16.2 python3-base-debugsource-3.6.8-3.16.2 python3-curses-3.6.8-3.16.2 python3-curses-debuginfo-3.6.8-3.16.2 python3-dbm-3.6.8-3.16.2 python3-dbm-debuginfo-3.6.8-3.16.2 python3-debuginfo-3.6.8-3.16.2 python3-debugsource-3.6.8-3.16.2 python3-devel-3.6.8-3.16.2 python3-devel-debuginfo-3.6.8-3.16.2 python3-idle-3.6.8-3.16.2 python3-tk-3.6.8-3.16.2 python3-tk-debuginfo-3.6.8-3.16.2 References: https://www.suse.com/security/cve/CVE-2019-9947.html https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1133452 From sle-updates at lists.suse.com Fri May 24 13:26:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 21:26:04 +0200 (CEST) Subject: SUSE-SU-2019:1348-1: important: Security update for xen Message-ID: <20190524192604.18FA4FDA1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1348-1 Rating: important References: #1027519 #1111331 #1130680 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates. The mitigation can be controlled via the "mds" commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other fixes: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - Added upstream bug fix (bsc#1027519). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1348=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_40-22.80.1 xen-debugsource-4.4.4_40-22.80.1 xen-doc-html-4.4.4_40-22.80.1 xen-kmp-default-4.4.4_40_k3.12.61_52.149-22.80.1 xen-kmp-default-debuginfo-4.4.4_40_k3.12.61_52.149-22.80.1 xen-libs-32bit-4.4.4_40-22.80.1 xen-libs-4.4.4_40-22.80.1 xen-libs-debuginfo-32bit-4.4.4_40-22.80.1 xen-libs-debuginfo-4.4.4_40-22.80.1 xen-tools-4.4.4_40-22.80.1 xen-tools-debuginfo-4.4.4_40-22.80.1 xen-tools-domU-4.4.4_40-22.80.1 xen-tools-domU-debuginfo-4.4.4_40-22.80.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-20815.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1130680 From sle-updates at lists.suse.com Fri May 24 13:29:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 21:29:04 +0200 (CEST) Subject: SUSE-RU-2019:1350-1: moderate: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy Message-ID: <20190524192904.8CFFFFDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1350-1 Rating: moderate References: #1102770 #1135703 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-susemanager, release-notes-susemanager-proxy provides the following fixes: - Fix invalid characters in ncurses mode and provide a style for the HTML page. (bsc#1102770) - Add Single Sign-On feature. (bsc#1135703) - Improve logging for Salt Remote Command page. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2019-1350=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2019-1350=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2019-1350=1 Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): release-notes-susemanager-4.0~rc1-3.3.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): release-notes-susemanager-proxy-4.0~rc1-0.16.3.1 - SUSE Manager Proxy 4.0 (x86_64): release-notes-susemanager-proxy-4.0~rc1-0.16.3.1 References: https://bugzilla.suse.com/1102770 https://bugzilla.suse.com/1135703 From sle-updates at lists.suse.com Fri May 24 13:33:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 21:33:55 +0200 (CEST) Subject: SUSE-SU-2019:1351-1: important: Security update for gnutls Message-ID: <20190524193355.C310FFDA1@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1351-1 Rating: important References: #1118087 #1134856 Cross-References: CVE-2018-16868 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gnutls fixes the following issues: Security issue fixed: - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: - Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1351=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1351=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1351=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): gnutls-debuginfo-3.6.7-6.11.1 gnutls-debugsource-3.6.7-6.11.1 gnutls-guile-3.6.7-6.11.1 gnutls-guile-debuginfo-3.6.7-6.11.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): gnutls-debugsource-3.6.7-6.11.1 libgnutls30-32bit-3.6.7-6.11.1 libgnutls30-32bit-debuginfo-3.6.7-6.11.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-6.11.1 gnutls-debuginfo-3.6.7-6.11.1 gnutls-debugsource-3.6.7-6.11.1 libgnutls-devel-3.6.7-6.11.1 libgnutls30-3.6.7-6.11.1 libgnutls30-debuginfo-3.6.7-6.11.1 libgnutlsxx-devel-3.6.7-6.11.1 libgnutlsxx28-3.6.7-6.11.1 libgnutlsxx28-debuginfo-3.6.7-6.11.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libgnutls30-32bit-3.6.7-6.11.1 libgnutls30-32bit-debuginfo-3.6.7-6.11.1 References: https://www.suse.com/security/cve/CVE-2018-16868.html https://bugzilla.suse.com/1118087 https://bugzilla.suse.com/1134856 From sle-updates at lists.suse.com Fri May 24 13:35:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 21:35:38 +0200 (CEST) Subject: SUSE-RU-2019:1341-1: moderate: Recommended update for ha-cluster-bootstrap Message-ID: <20190524193538.03A7CFDA1@maintenance.suse.de> SUSE Recommended Update: Recommended update for ha-cluster-bootstrap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1341-1 Rating: moderate References: #1104118 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ha-cluster-bootstrap fixes the following issues: - Fix: /usr/sbin/ha-cluster-init: line 403: dmidecode: command not found(bsc#1104118): Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-1341=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (noarch): ha-cluster-bootstrap-0.4+git.1475739556.1088521-11.3.1 References: https://bugzilla.suse.com/1104118 From sle-updates at lists.suse.com Fri May 24 13:36:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 21:36:42 +0200 (CEST) Subject: SUSE-SU-2019:1340-1: Security update for libu2f-host Message-ID: <20190524193642.DB0AAFDA1@maintenance.suse.de> SUSE Security Update: Security update for libu2f-host ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1340-1 Rating: low References: #1124781 Cross-References: CVE-2018-20340 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libu2f-host fixes the following issues: Security issue fixed: - CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow with a custom made malicious USB device (bsc#1124781). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1340=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1340=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libu2f-host-debuginfo-1.1.6-3.3.3 libu2f-host-debugsource-1.1.6-3.3.3 libu2f-host-doc-1.1.6-3.3.3 u2f-host-1.1.6-3.3.3 u2f-host-debuginfo-1.1.6-3.3.3 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libu2f-host-debuginfo-1.1.6-3.3.3 libu2f-host-debugsource-1.1.6-3.3.3 libu2f-host-devel-1.1.6-3.3.3 libu2f-host0-1.1.6-3.3.3 libu2f-host0-debuginfo-1.1.6-3.3.3 References: https://www.suse.com/security/cve/CVE-2018-20340.html https://bugzilla.suse.com/1124781 From sle-updates at lists.suse.com Fri May 24 13:37:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 May 2019 21:37:21 +0200 (CEST) Subject: SUSE-SU-2019:1349-1: important: Security update for xen Message-ID: <20190524193721.ED28FFDA1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1349-1 Rating: important References: #1027519 #1111331 #1130680 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates. The mitigation can be controlled via the "mds" commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other fixes: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - Added upstream bug fix (bsc#1027519). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1349=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1349=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): xen-4.5.5_28-22.61.1 xen-debugsource-4.5.5_28-22.61.1 xen-doc-html-4.5.5_28-22.61.1 xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1 xen-kmp-default-debuginfo-4.5.5_28_k3.12.74_60.64.110-22.61.1 xen-libs-32bit-4.5.5_28-22.61.1 xen-libs-4.5.5_28-22.61.1 xen-libs-debuginfo-32bit-4.5.5_28-22.61.1 xen-libs-debuginfo-4.5.5_28-22.61.1 xen-tools-4.5.5_28-22.61.1 xen-tools-debuginfo-4.5.5_28-22.61.1 xen-tools-domU-4.5.5_28-22.61.1 xen-tools-domU-debuginfo-4.5.5_28-22.61.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): xen-4.5.5_28-22.61.1 xen-debugsource-4.5.5_28-22.61.1 xen-doc-html-4.5.5_28-22.61.1 xen-kmp-default-4.5.5_28_k3.12.74_60.64.110-22.61.1 xen-kmp-default-debuginfo-4.5.5_28_k3.12.74_60.64.110-22.61.1 xen-libs-32bit-4.5.5_28-22.61.1 xen-libs-4.5.5_28-22.61.1 xen-libs-debuginfo-32bit-4.5.5_28-22.61.1 xen-libs-debuginfo-4.5.5_28-22.61.1 xen-tools-4.5.5_28-22.61.1 xen-tools-debuginfo-4.5.5_28-22.61.1 xen-tools-domU-4.5.5_28-22.61.1 xen-tools-domU-debuginfo-4.5.5_28-22.61.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-20815.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1130680 From sle-updates at lists.suse.com Fri May 24 16:10:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 May 2019 00:10:42 +0200 (CEST) Subject: SUSE-SU-2019:1354-1: moderate: Security update for screen Message-ID: <20190524221042.E6CEFF7CE@maintenance.suse.de> SUSE Security Update: Security update for screen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1354-1 Rating: moderate References: #1130831 #944458 Cross-References: CVE-2015-6806 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for screen fixes the following issues: Security issue fixed: - CVE-2015-6806: Fixed a stack overflow due to deep recursion (bsc#944458). Non-security issue fixed: - Fixed segmentation faults related to altscreen and resizing screen (bsc#1130831). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1354=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1354=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1354=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1354=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): screen-4.0.4-23.3.3 screen-debuginfo-4.0.4-23.3.3 screen-debugsource-4.0.4-23.3.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): screen-4.0.4-23.3.3 screen-debuginfo-4.0.4-23.3.3 screen-debugsource-4.0.4-23.3.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): screen-4.0.4-23.3.3 screen-debuginfo-4.0.4-23.3.3 screen-debugsource-4.0.4-23.3.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): screen-4.0.4-23.3.3 screen-debuginfo-4.0.4-23.3.3 screen-debugsource-4.0.4-23.3.3 - SUSE CaaS Platform ALL (x86_64): screen-4.0.4-23.3.3 screen-debuginfo-4.0.4-23.3.3 screen-debugsource-4.0.4-23.3.3 - SUSE CaaS Platform 3.0 (x86_64): screen-4.0.4-23.3.3 screen-debuginfo-4.0.4-23.3.3 screen-debugsource-4.0.4-23.3.3 References: https://www.suse.com/security/cve/CVE-2015-6806.html https://bugzilla.suse.com/1130831 https://bugzilla.suse.com/944458 From sle-updates at lists.suse.com Mon May 27 10:10:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 May 2019 18:10:21 +0200 (CEST) Subject: SUSE-RU-2019:1358-1: moderate: Recommended update for rsync Message-ID: <20190527161021.5EC9CF7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsync ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1358-1 Rating: moderate References: #1100786 #1108562 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rsync fixes the following issues: - rsync invoked with --sparse and --preallocate could have resulted in a failure (bsc#1108562) - Don't require systemd explicitly as it's not present in containers [bsc#1100786]. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1358=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): rsync-3.1.3-4.3.1 rsync-debuginfo-3.1.3-4.3.1 rsync-debugsource-3.1.3-4.3.1 References: https://bugzilla.suse.com/1100786 https://bugzilla.suse.com/1108562 From sle-updates at lists.suse.com Mon May 27 10:11:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 May 2019 18:11:15 +0200 (CEST) Subject: SUSE-SU-2019:1356-1: important: Security update for libvirt Message-ID: <20190527161115.76161F7CE@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1356-1 Rating: important References: #1111331 #1135273 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1356=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1356=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1356=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libvirt-4.0.0-9.22.1 libvirt-admin-4.0.0-9.22.1 libvirt-admin-debuginfo-4.0.0-9.22.1 libvirt-client-4.0.0-9.22.1 libvirt-client-debuginfo-4.0.0-9.22.1 libvirt-daemon-4.0.0-9.22.1 libvirt-daemon-config-network-4.0.0-9.22.1 libvirt-daemon-config-nwfilter-4.0.0-9.22.1 libvirt-daemon-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-interface-4.0.0-9.22.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-lxc-4.0.0-9.22.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-network-4.0.0-9.22.1 libvirt-daemon-driver-network-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-nodedev-4.0.0-9.22.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-nwfilter-4.0.0-9.22.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-qemu-4.0.0-9.22.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-secret-4.0.0-9.22.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-storage-4.0.0-9.22.1 libvirt-daemon-driver-storage-core-4.0.0-9.22.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-storage-disk-4.0.0-9.22.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-storage-iscsi-4.0.0-9.22.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-storage-logical-4.0.0-9.22.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-storage-mpath-4.0.0-9.22.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-storage-scsi-4.0.0-9.22.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.22.1 libvirt-daemon-hooks-4.0.0-9.22.1 libvirt-daemon-lxc-4.0.0-9.22.1 libvirt-daemon-qemu-4.0.0-9.22.1 libvirt-debugsource-4.0.0-9.22.1 libvirt-devel-4.0.0-9.22.1 libvirt-doc-4.0.0-9.22.1 libvirt-lock-sanlock-4.0.0-9.22.1 libvirt-lock-sanlock-debuginfo-4.0.0-9.22.1 libvirt-nss-4.0.0-9.22.1 libvirt-nss-debuginfo-4.0.0-9.22.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-4.0.0-9.22.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.22.1 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): libvirt-daemon-driver-libxl-4.0.0-9.22.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-9.22.1 libvirt-daemon-xen-4.0.0-9.22.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-9.22.1 wireshark-plugin-libvirt-4.0.0-9.22.1 wireshark-plugin-libvirt-debuginfo-4.0.0-9.22.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-9.22.1 libvirt-libs-4.0.0-9.22.1 libvirt-libs-debuginfo-4.0.0-9.22.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1135273 From sle-updates at lists.suse.com Mon May 27 10:12:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 May 2019 18:12:04 +0200 (CEST) Subject: SUSE-SU-2019:1357-1: important: Security update for curl Message-ID: <20190527161204.065CBFDA1@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1357-1 Rating: important References: #1135170 Cross-References: CVE-2019-5436 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1357=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1357=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): curl-mini-7.60.0-3.20.1 curl-mini-debuginfo-7.60.0-3.20.1 curl-mini-debugsource-7.60.0-3.20.1 libcurl-mini-devel-7.60.0-3.20.1 libcurl4-mini-7.60.0-3.20.1 libcurl4-mini-debuginfo-7.60.0-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.20.1 curl-debuginfo-7.60.0-3.20.1 curl-debugsource-7.60.0-3.20.1 libcurl-devel-7.60.0-3.20.1 libcurl4-7.60.0-3.20.1 libcurl4-debuginfo-7.60.0-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libcurl4-32bit-7.60.0-3.20.1 libcurl4-32bit-debuginfo-7.60.0-3.20.1 References: https://www.suse.com/security/cve/CVE-2019-5436.html https://bugzilla.suse.com/1135170 From sle-updates at lists.suse.com Mon May 27 16:14:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 May 2019 00:14:37 +0200 (CEST) Subject: SUSE-SU-2019:1360-1: moderate: Security update for php72 Message-ID: <20190527221437.A2993FDA1@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1360-1 Rating: moderate References: #1132837 #1132838 #1133714 #1134322 Cross-References: CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for php72 fixes the following issues: Security issues fixed: - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Non-security issue fixed: - Use system gd (bsc#1133714). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1360=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1360=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-1360=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.17.1 php72-debugsource-7.2.5-1.17.1 php72-devel-7.2.5-1.17.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.17.1 php72-debugsource-7.2.5-1.17.1 php72-devel-7.2.5-1.17.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.17.1 apache2-mod_php72-debuginfo-7.2.5-1.17.1 php72-7.2.5-1.17.1 php72-bcmath-7.2.5-1.17.1 php72-bcmath-debuginfo-7.2.5-1.17.1 php72-bz2-7.2.5-1.17.1 php72-bz2-debuginfo-7.2.5-1.17.1 php72-calendar-7.2.5-1.17.1 php72-calendar-debuginfo-7.2.5-1.17.1 php72-ctype-7.2.5-1.17.1 php72-ctype-debuginfo-7.2.5-1.17.1 php72-curl-7.2.5-1.17.1 php72-curl-debuginfo-7.2.5-1.17.1 php72-dba-7.2.5-1.17.1 php72-dba-debuginfo-7.2.5-1.17.1 php72-debuginfo-7.2.5-1.17.1 php72-debugsource-7.2.5-1.17.1 php72-dom-7.2.5-1.17.1 php72-dom-debuginfo-7.2.5-1.17.1 php72-enchant-7.2.5-1.17.1 php72-enchant-debuginfo-7.2.5-1.17.1 php72-exif-7.2.5-1.17.1 php72-exif-debuginfo-7.2.5-1.17.1 php72-fastcgi-7.2.5-1.17.1 php72-fastcgi-debuginfo-7.2.5-1.17.1 php72-fileinfo-7.2.5-1.17.1 php72-fileinfo-debuginfo-7.2.5-1.17.1 php72-fpm-7.2.5-1.17.1 php72-fpm-debuginfo-7.2.5-1.17.1 php72-ftp-7.2.5-1.17.1 php72-ftp-debuginfo-7.2.5-1.17.1 php72-gd-7.2.5-1.17.1 php72-gd-debuginfo-7.2.5-1.17.1 php72-gettext-7.2.5-1.17.1 php72-gettext-debuginfo-7.2.5-1.17.1 php72-gmp-7.2.5-1.17.1 php72-gmp-debuginfo-7.2.5-1.17.1 php72-iconv-7.2.5-1.17.1 php72-iconv-debuginfo-7.2.5-1.17.1 php72-imap-7.2.5-1.17.1 php72-imap-debuginfo-7.2.5-1.17.1 php72-intl-7.2.5-1.17.1 php72-intl-debuginfo-7.2.5-1.17.1 php72-json-7.2.5-1.17.1 php72-json-debuginfo-7.2.5-1.17.1 php72-ldap-7.2.5-1.17.1 php72-ldap-debuginfo-7.2.5-1.17.1 php72-mbstring-7.2.5-1.17.1 php72-mbstring-debuginfo-7.2.5-1.17.1 php72-mysql-7.2.5-1.17.1 php72-mysql-debuginfo-7.2.5-1.17.1 php72-odbc-7.2.5-1.17.1 php72-odbc-debuginfo-7.2.5-1.17.1 php72-opcache-7.2.5-1.17.1 php72-opcache-debuginfo-7.2.5-1.17.1 php72-openssl-7.2.5-1.17.1 php72-openssl-debuginfo-7.2.5-1.17.1 php72-pcntl-7.2.5-1.17.1 php72-pcntl-debuginfo-7.2.5-1.17.1 php72-pdo-7.2.5-1.17.1 php72-pdo-debuginfo-7.2.5-1.17.1 php72-pgsql-7.2.5-1.17.1 php72-pgsql-debuginfo-7.2.5-1.17.1 php72-phar-7.2.5-1.17.1 php72-phar-debuginfo-7.2.5-1.17.1 php72-posix-7.2.5-1.17.1 php72-posix-debuginfo-7.2.5-1.17.1 php72-pspell-7.2.5-1.17.1 php72-pspell-debuginfo-7.2.5-1.17.1 php72-readline-7.2.5-1.17.1 php72-readline-debuginfo-7.2.5-1.17.1 php72-shmop-7.2.5-1.17.1 php72-shmop-debuginfo-7.2.5-1.17.1 php72-snmp-7.2.5-1.17.1 php72-snmp-debuginfo-7.2.5-1.17.1 php72-soap-7.2.5-1.17.1 php72-soap-debuginfo-7.2.5-1.17.1 php72-sockets-7.2.5-1.17.1 php72-sockets-debuginfo-7.2.5-1.17.1 php72-sqlite-7.2.5-1.17.1 php72-sqlite-debuginfo-7.2.5-1.17.1 php72-sysvmsg-7.2.5-1.17.1 php72-sysvmsg-debuginfo-7.2.5-1.17.1 php72-sysvsem-7.2.5-1.17.1 php72-sysvsem-debuginfo-7.2.5-1.17.1 php72-sysvshm-7.2.5-1.17.1 php72-sysvshm-debuginfo-7.2.5-1.17.1 php72-tidy-7.2.5-1.17.1 php72-tidy-debuginfo-7.2.5-1.17.1 php72-tokenizer-7.2.5-1.17.1 php72-tokenizer-debuginfo-7.2.5-1.17.1 php72-wddx-7.2.5-1.17.1 php72-wddx-debuginfo-7.2.5-1.17.1 php72-xmlreader-7.2.5-1.17.1 php72-xmlreader-debuginfo-7.2.5-1.17.1 php72-xmlrpc-7.2.5-1.17.1 php72-xmlrpc-debuginfo-7.2.5-1.17.1 php72-xmlwriter-7.2.5-1.17.1 php72-xmlwriter-debuginfo-7.2.5-1.17.1 php72-xsl-7.2.5-1.17.1 php72-xsl-debuginfo-7.2.5-1.17.1 php72-zip-7.2.5-1.17.1 php72-zip-debuginfo-7.2.5-1.17.1 php72-zlib-7.2.5-1.17.1 php72-zlib-debuginfo-7.2.5-1.17.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.17.1 php72-pear-Archive_Tar-7.2.5-1.17.1 References: https://www.suse.com/security/cve/CVE-2019-11034.html https://www.suse.com/security/cve/CVE-2019-11035.html https://www.suse.com/security/cve/CVE-2019-11036.html https://bugzilla.suse.com/1132837 https://bugzilla.suse.com/1132838 https://bugzilla.suse.com/1133714 https://bugzilla.suse.com/1134322 From sle-updates at lists.suse.com Tue May 28 07:10:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 May 2019 15:10:19 +0200 (CEST) Subject: SUSE-RU-2019:1366-1: moderate: Recommended update for nvme-cli Message-ID: <20190528131019.4E235F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1366-1 Rating: moderate References: #1133594 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nvme-cli fixes the following issues: - Nvme flush now determines the namespace id, when not given via -n flag. This also fixes a failing test in the regress-script. - Fix failing service on devices without fc-hardware (bsc#1133594) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1366=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): nvme-cli-1.2-6.30.2 nvme-cli-debuginfo-1.2-6.30.2 nvme-cli-debugsource-1.2-6.30.2 References: https://bugzilla.suse.com/1133594 From sle-updates at lists.suse.com Tue May 28 07:11:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 May 2019 15:11:10 +0200 (CEST) Subject: SUSE-SU-2019:1363-1: important: Security update for curl Message-ID: <20190528131110.047A9F7CE@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1363-1 Rating: important References: #1135170 Cross-References: CVE-2019-5436 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1363=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1363=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1363=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1363=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1363=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1363=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1363=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1363=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1363=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1363=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1363=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1363=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): curl-7.37.0-37.40.1 curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl4-32bit-7.37.0-37.40.1 libcurl4-7.37.0-37.40.1 libcurl4-debuginfo-32bit-7.37.0-37.40.1 libcurl4-debuginfo-7.37.0-37.40.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl-devel-7.37.0-37.40.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): curl-7.37.0-37.40.1 curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl4-7.37.0-37.40.1 libcurl4-debuginfo-7.37.0-37.40.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libcurl4-32bit-7.37.0-37.40.1 libcurl4-debuginfo-32bit-7.37.0-37.40.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): curl-7.37.0-37.40.1 curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl4-32bit-7.37.0-37.40.1 libcurl4-7.37.0-37.40.1 libcurl4-debuginfo-32bit-7.37.0-37.40.1 libcurl4-debuginfo-7.37.0-37.40.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): curl-7.37.0-37.40.1 curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl4-7.37.0-37.40.1 libcurl4-debuginfo-7.37.0-37.40.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libcurl4-32bit-7.37.0-37.40.1 libcurl4-debuginfo-32bit-7.37.0-37.40.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.40.1 curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl4-7.37.0-37.40.1 libcurl4-debuginfo-7.37.0-37.40.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.40.1 libcurl4-debuginfo-32bit-7.37.0-37.40.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): curl-7.37.0-37.40.1 curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl4-32bit-7.37.0-37.40.1 libcurl4-7.37.0-37.40.1 libcurl4-debuginfo-32bit-7.37.0-37.40.1 libcurl4-debuginfo-7.37.0-37.40.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.40.1 curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl4-7.37.0-37.40.1 libcurl4-debuginfo-7.37.0-37.40.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.40.1 libcurl4-debuginfo-32bit-7.37.0-37.40.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.40.1 curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl4-7.37.0-37.40.1 libcurl4-debuginfo-7.37.0-37.40.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.40.1 libcurl4-debuginfo-32bit-7.37.0-37.40.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): curl-7.37.0-37.40.1 curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl4-32bit-7.37.0-37.40.1 libcurl4-7.37.0-37.40.1 libcurl4-debuginfo-32bit-7.37.0-37.40.1 libcurl4-debuginfo-7.37.0-37.40.1 - SUSE Enterprise Storage 4 (x86_64): curl-7.37.0-37.40.1 curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl4-32bit-7.37.0-37.40.1 libcurl4-7.37.0-37.40.1 libcurl4-debuginfo-32bit-7.37.0-37.40.1 libcurl4-debuginfo-7.37.0-37.40.1 - SUSE CaaS Platform ALL (x86_64): curl-7.37.0-37.40.1 curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl4-7.37.0-37.40.1 libcurl4-debuginfo-7.37.0-37.40.1 - SUSE CaaS Platform 3.0 (x86_64): curl-7.37.0-37.40.1 curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl4-7.37.0-37.40.1 libcurl4-debuginfo-7.37.0-37.40.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): curl-7.37.0-37.40.1 curl-debuginfo-7.37.0-37.40.1 curl-debugsource-7.37.0-37.40.1 libcurl4-7.37.0-37.40.1 libcurl4-debuginfo-7.37.0-37.40.1 References: https://www.suse.com/security/cve/CVE-2019-5436.html https://bugzilla.suse.com/1135170 From sle-updates at lists.suse.com Tue May 28 07:11:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 May 2019 15:11:58 +0200 (CEST) Subject: SUSE-SU-2019:1365-1: moderate: Security update for php7 Message-ID: <20190528131158.88751F7CE@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1365-1 Rating: moderate References: #1132837 #1132838 #1134322 Cross-References: CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1365=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1365=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-1365=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.75.1 php7-debugsource-7.0.7-50.75.1 php7-devel-7.0.7-50.75.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.75.1 php7-debugsource-7.0.7-50.75.1 php7-devel-7.0.7-50.75.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.75.1 apache2-mod_php7-debuginfo-7.0.7-50.75.1 php7-7.0.7-50.75.1 php7-bcmath-7.0.7-50.75.1 php7-bcmath-debuginfo-7.0.7-50.75.1 php7-bz2-7.0.7-50.75.1 php7-bz2-debuginfo-7.0.7-50.75.1 php7-calendar-7.0.7-50.75.1 php7-calendar-debuginfo-7.0.7-50.75.1 php7-ctype-7.0.7-50.75.1 php7-ctype-debuginfo-7.0.7-50.75.1 php7-curl-7.0.7-50.75.1 php7-curl-debuginfo-7.0.7-50.75.1 php7-dba-7.0.7-50.75.1 php7-dba-debuginfo-7.0.7-50.75.1 php7-debuginfo-7.0.7-50.75.1 php7-debugsource-7.0.7-50.75.1 php7-dom-7.0.7-50.75.1 php7-dom-debuginfo-7.0.7-50.75.1 php7-enchant-7.0.7-50.75.1 php7-enchant-debuginfo-7.0.7-50.75.1 php7-exif-7.0.7-50.75.1 php7-exif-debuginfo-7.0.7-50.75.1 php7-fastcgi-7.0.7-50.75.1 php7-fastcgi-debuginfo-7.0.7-50.75.1 php7-fileinfo-7.0.7-50.75.1 php7-fileinfo-debuginfo-7.0.7-50.75.1 php7-fpm-7.0.7-50.75.1 php7-fpm-debuginfo-7.0.7-50.75.1 php7-ftp-7.0.7-50.75.1 php7-ftp-debuginfo-7.0.7-50.75.1 php7-gd-7.0.7-50.75.1 php7-gd-debuginfo-7.0.7-50.75.1 php7-gettext-7.0.7-50.75.1 php7-gettext-debuginfo-7.0.7-50.75.1 php7-gmp-7.0.7-50.75.1 php7-gmp-debuginfo-7.0.7-50.75.1 php7-iconv-7.0.7-50.75.1 php7-iconv-debuginfo-7.0.7-50.75.1 php7-imap-7.0.7-50.75.1 php7-imap-debuginfo-7.0.7-50.75.1 php7-intl-7.0.7-50.75.1 php7-intl-debuginfo-7.0.7-50.75.1 php7-json-7.0.7-50.75.1 php7-json-debuginfo-7.0.7-50.75.1 php7-ldap-7.0.7-50.75.1 php7-ldap-debuginfo-7.0.7-50.75.1 php7-mbstring-7.0.7-50.75.1 php7-mbstring-debuginfo-7.0.7-50.75.1 php7-mcrypt-7.0.7-50.75.1 php7-mcrypt-debuginfo-7.0.7-50.75.1 php7-mysql-7.0.7-50.75.1 php7-mysql-debuginfo-7.0.7-50.75.1 php7-odbc-7.0.7-50.75.1 php7-odbc-debuginfo-7.0.7-50.75.1 php7-opcache-7.0.7-50.75.1 php7-opcache-debuginfo-7.0.7-50.75.1 php7-openssl-7.0.7-50.75.1 php7-openssl-debuginfo-7.0.7-50.75.1 php7-pcntl-7.0.7-50.75.1 php7-pcntl-debuginfo-7.0.7-50.75.1 php7-pdo-7.0.7-50.75.1 php7-pdo-debuginfo-7.0.7-50.75.1 php7-pgsql-7.0.7-50.75.1 php7-pgsql-debuginfo-7.0.7-50.75.1 php7-phar-7.0.7-50.75.1 php7-phar-debuginfo-7.0.7-50.75.1 php7-posix-7.0.7-50.75.1 php7-posix-debuginfo-7.0.7-50.75.1 php7-pspell-7.0.7-50.75.1 php7-pspell-debuginfo-7.0.7-50.75.1 php7-shmop-7.0.7-50.75.1 php7-shmop-debuginfo-7.0.7-50.75.1 php7-snmp-7.0.7-50.75.1 php7-snmp-debuginfo-7.0.7-50.75.1 php7-soap-7.0.7-50.75.1 php7-soap-debuginfo-7.0.7-50.75.1 php7-sockets-7.0.7-50.75.1 php7-sockets-debuginfo-7.0.7-50.75.1 php7-sqlite-7.0.7-50.75.1 php7-sqlite-debuginfo-7.0.7-50.75.1 php7-sysvmsg-7.0.7-50.75.1 php7-sysvmsg-debuginfo-7.0.7-50.75.1 php7-sysvsem-7.0.7-50.75.1 php7-sysvsem-debuginfo-7.0.7-50.75.1 php7-sysvshm-7.0.7-50.75.1 php7-sysvshm-debuginfo-7.0.7-50.75.1 php7-tokenizer-7.0.7-50.75.1 php7-tokenizer-debuginfo-7.0.7-50.75.1 php7-wddx-7.0.7-50.75.1 php7-wddx-debuginfo-7.0.7-50.75.1 php7-xmlreader-7.0.7-50.75.1 php7-xmlreader-debuginfo-7.0.7-50.75.1 php7-xmlrpc-7.0.7-50.75.1 php7-xmlrpc-debuginfo-7.0.7-50.75.1 php7-xmlwriter-7.0.7-50.75.1 php7-xmlwriter-debuginfo-7.0.7-50.75.1 php7-xsl-7.0.7-50.75.1 php7-xsl-debuginfo-7.0.7-50.75.1 php7-zip-7.0.7-50.75.1 php7-zip-debuginfo-7.0.7-50.75.1 php7-zlib-7.0.7-50.75.1 php7-zlib-debuginfo-7.0.7-50.75.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.75.1 php7-pear-Archive_Tar-7.0.7-50.75.1 References: https://www.suse.com/security/cve/CVE-2019-11034.html https://www.suse.com/security/cve/CVE-2019-11035.html https://www.suse.com/security/cve/CVE-2019-11036.html https://bugzilla.suse.com/1132837 https://bugzilla.suse.com/1132838 https://bugzilla.suse.com/1134322 From sle-updates at lists.suse.com Tue May 28 07:13:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 May 2019 15:13:03 +0200 (CEST) Subject: SUSE-SU-2019:1362-1: moderate: Security update for openssl Message-ID: <20190528131303.C410EF7CE@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1362-1 Rating: moderate References: #1127080 Cross-References: CVE-2019-1559 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: Security issue fixed: - CVE-2019-1559: Fixed a 0-byte record padding oracle via SSL_shutdown (bsc#1127080). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1362=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1362=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): openssl-doc-1.0.1i-54.26.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libopenssl1_0_0-1.0.1i-54.26.1 libopenssl1_0_0-32bit-1.0.1i-54.26.1 libopenssl1_0_0-debuginfo-1.0.1i-54.26.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.26.1 libopenssl1_0_0-hmac-1.0.1i-54.26.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1 openssl-1.0.1i-54.26.1 openssl-debuginfo-1.0.1i-54.26.1 openssl-debugsource-1.0.1i-54.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-54.26.1 libopenssl1_0_0-debuginfo-1.0.1i-54.26.1 libopenssl1_0_0-hmac-1.0.1i-54.26.1 openssl-1.0.1i-54.26.1 openssl-debuginfo-1.0.1i-54.26.1 openssl-debugsource-1.0.1i-54.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-54.26.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.26.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): openssl-doc-1.0.1i-54.26.1 References: https://www.suse.com/security/cve/CVE-2019-1559.html https://bugzilla.suse.com/1127080 From sle-updates at lists.suse.com Tue May 28 07:13:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 May 2019 15:13:45 +0200 (CEST) Subject: SUSE-SU-2019:1364-1: moderate: Security update for systemd Message-ID: <20190528131345.AF597F7CE@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1364-1 Rating: moderate References: #1036463 #1121563 #1124122 #1125352 #1125604 #1126056 #1127557 #1130230 #1132348 #1132400 #1132721 #1133506 #1133509 Cross-References: CVE-2019-3842 CVE-2019-3843 CVE-2019-3844 CVE-2019-6454 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 9 fixes is now available. Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). - CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). - CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: - logind: fix killing of scopes (bsc#1125604) - namespace: make MountFlags=shared work again (bsc#1124122) - rules: load drivers only on "add" events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - Do not automatically online memory on s390x (bsc#1127557) - Removed sg.conf (bsc#1036463) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1364=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1364=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libsystemd0-mini-234-24.30.1 libsystemd0-mini-debuginfo-234-24.30.1 libudev-mini-devel-234-24.30.1 libudev-mini1-234-24.30.1 libudev-mini1-debuginfo-234-24.30.1 nss-myhostname-234-24.30.1 nss-myhostname-debuginfo-234-24.30.1 nss-mymachines-234-24.30.1 nss-mymachines-debuginfo-234-24.30.1 nss-systemd-234-24.30.1 nss-systemd-debuginfo-234-24.30.1 systemd-debuginfo-234-24.30.1 systemd-debugsource-234-24.30.1 systemd-logger-234-24.30.1 systemd-mini-234-24.30.1 systemd-mini-container-mini-234-24.30.1 systemd-mini-container-mini-debuginfo-234-24.30.1 systemd-mini-coredump-mini-234-24.30.1 systemd-mini-coredump-mini-debuginfo-234-24.30.1 systemd-mini-debuginfo-234-24.30.1 systemd-mini-debugsource-234-24.30.1 systemd-mini-devel-234-24.30.1 systemd-mini-sysvinit-234-24.30.1 udev-mini-234-24.30.1 udev-mini-debuginfo-234-24.30.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): systemd-mini-bash-completion-234-24.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.30.1 libsystemd0-debuginfo-234-24.30.1 libudev-devel-234-24.30.1 libudev1-234-24.30.1 libudev1-debuginfo-234-24.30.1 systemd-234-24.30.1 systemd-container-234-24.30.1 systemd-container-debuginfo-234-24.30.1 systemd-coredump-234-24.30.1 systemd-coredump-debuginfo-234-24.30.1 systemd-debuginfo-234-24.30.1 systemd-debugsource-234-24.30.1 systemd-devel-234-24.30.1 systemd-sysvinit-234-24.30.1 udev-234-24.30.1 udev-debuginfo-234-24.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libsystemd0-32bit-234-24.30.1 libsystemd0-32bit-debuginfo-234-24.30.1 libudev1-32bit-234-24.30.1 libudev1-32bit-debuginfo-234-24.30.1 systemd-32bit-234-24.30.1 systemd-32bit-debuginfo-234-24.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): systemd-bash-completion-234-24.30.1 References: https://www.suse.com/security/cve/CVE-2019-3842.html https://www.suse.com/security/cve/CVE-2019-3843.html https://www.suse.com/security/cve/CVE-2019-3844.html https://www.suse.com/security/cve/CVE-2019-6454.html https://bugzilla.suse.com/1036463 https://bugzilla.suse.com/1121563 https://bugzilla.suse.com/1124122 https://bugzilla.suse.com/1125352 https://bugzilla.suse.com/1125604 https://bugzilla.suse.com/1126056 https://bugzilla.suse.com/1127557 https://bugzilla.suse.com/1130230 https://bugzilla.suse.com/1132348 https://bugzilla.suse.com/1132400 https://bugzilla.suse.com/1132721 https://bugzilla.suse.com/1133506 https://bugzilla.suse.com/1133509 From sle-updates at lists.suse.com Tue May 28 10:11:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 May 2019 18:11:08 +0200 (CEST) Subject: SUSE-RU-2019:1370-1: important: Recommended update for resource-agents Message-ID: <20190528161108.63D0CF7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1370-1 Rating: important References: #1131793 #1132853 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - galera: Fix monitoring with ~/.my.cnf available (bsc#1132853) - galera: ignores safe_to_bootstrap in grastate.dat when a uuid is 00000000-0000-0000-0000-000000000000 (bsc#1131793) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1370=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ldirectord-4.0.1+git.1495055229.643177f1-2.27.1 resource-agents-4.0.1+git.1495055229.643177f1-2.27.1 resource-agents-debuginfo-4.0.1+git.1495055229.643177f1-2.27.1 resource-agents-debugsource-4.0.1+git.1495055229.643177f1-2.27.1 - SUSE Linux Enterprise High Availability 12-SP3 (noarch): monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-2.27.1 References: https://bugzilla.suse.com/1131793 https://bugzilla.suse.com/1132853 From sle-updates at lists.suse.com Tue May 28 13:09:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 May 2019 21:09:38 +0200 (CEST) Subject: SUSE-SU-2019:1371-1: important: Security update for xen Message-ID: <20190528190938.A6B1CF7CE@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1371-1 Rating: important References: #1027519 #1111331 #1116380 #1130680 #1133818 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates. The mitigation can be controlled via the "mds" commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other fixes: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - Fixed an issue with live migration when spectre is enabled on xen boot cmdline (bsc#1116380). - Fixed an issue with live migration (bsc#1133818). - Added upstream bug fix (bsc#1027519). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1371=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1371=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1371=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1371=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1371=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_06-43.51.1 xen-debugsource-4.7.6_06-43.51.1 xen-doc-html-4.7.6_06-43.51.1 xen-libs-32bit-4.7.6_06-43.51.1 xen-libs-4.7.6_06-43.51.1 xen-libs-debuginfo-32bit-4.7.6_06-43.51.1 xen-libs-debuginfo-4.7.6_06-43.51.1 xen-tools-4.7.6_06-43.51.1 xen-tools-debuginfo-4.7.6_06-43.51.1 xen-tools-domU-4.7.6_06-43.51.1 xen-tools-domU-debuginfo-4.7.6_06-43.51.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.6_06-43.51.1 xen-debugsource-4.7.6_06-43.51.1 xen-doc-html-4.7.6_06-43.51.1 xen-libs-32bit-4.7.6_06-43.51.1 xen-libs-4.7.6_06-43.51.1 xen-libs-debuginfo-32bit-4.7.6_06-43.51.1 xen-libs-debuginfo-4.7.6_06-43.51.1 xen-tools-4.7.6_06-43.51.1 xen-tools-debuginfo-4.7.6_06-43.51.1 xen-tools-domU-4.7.6_06-43.51.1 xen-tools-domU-debuginfo-4.7.6_06-43.51.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.6_06-43.51.1 xen-debugsource-4.7.6_06-43.51.1 xen-doc-html-4.7.6_06-43.51.1 xen-libs-32bit-4.7.6_06-43.51.1 xen-libs-4.7.6_06-43.51.1 xen-libs-debuginfo-32bit-4.7.6_06-43.51.1 xen-libs-debuginfo-4.7.6_06-43.51.1 xen-tools-4.7.6_06-43.51.1 xen-tools-debuginfo-4.7.6_06-43.51.1 xen-tools-domU-4.7.6_06-43.51.1 xen-tools-domU-debuginfo-4.7.6_06-43.51.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_06-43.51.1 xen-debugsource-4.7.6_06-43.51.1 xen-doc-html-4.7.6_06-43.51.1 xen-libs-32bit-4.7.6_06-43.51.1 xen-libs-4.7.6_06-43.51.1 xen-libs-debuginfo-32bit-4.7.6_06-43.51.1 xen-libs-debuginfo-4.7.6_06-43.51.1 xen-tools-4.7.6_06-43.51.1 xen-tools-debuginfo-4.7.6_06-43.51.1 xen-tools-domU-4.7.6_06-43.51.1 xen-tools-domU-debuginfo-4.7.6_06-43.51.1 - SUSE Enterprise Storage 4 (x86_64): xen-4.7.6_06-43.51.1 xen-debugsource-4.7.6_06-43.51.1 xen-doc-html-4.7.6_06-43.51.1 xen-libs-32bit-4.7.6_06-43.51.1 xen-libs-4.7.6_06-43.51.1 xen-libs-debuginfo-32bit-4.7.6_06-43.51.1 xen-libs-debuginfo-4.7.6_06-43.51.1 xen-tools-4.7.6_06-43.51.1 xen-tools-debuginfo-4.7.6_06-43.51.1 xen-tools-domU-4.7.6_06-43.51.1 xen-tools-domU-debuginfo-4.7.6_06-43.51.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-20815.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1116380 https://bugzilla.suse.com/1130680 https://bugzilla.suse.com/1133818 From sle-updates at lists.suse.com Tue May 28 13:11:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 May 2019 21:11:08 +0200 (CEST) Subject: SUSE-SU-2019:1369-1: moderate: Security update for NetworkManager Message-ID: <20190528191108.03AAAF7CE@maintenance.suse.de> SUSE Security Update: Security update for NetworkManager ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1369-1 Rating: moderate References: #1086263 Cross-References: CVE-2018-1000135 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for NetworkManager fixes the following issues: Following security issue was fixed: - CVE-2018-1000135: A potential leak of private DNS queries to other DNS servers could happen while on VPN (bsc#1086263, bgo#746422). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1369=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1369=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1369=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1369=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (noarch): NetworkManager-lang-1.10.6-5.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): NetworkManager-branding-upstream-1.10.6-5.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): NetworkManager-1.10.6-5.6.1 NetworkManager-debuginfo-1.10.6-5.6.1 NetworkManager-debugsource-1.10.6-5.6.1 NetworkManager-devel-1.10.6-5.6.1 libnm-glib-vpn1-1.10.6-5.6.1 libnm-glib-vpn1-debuginfo-1.10.6-5.6.1 libnm-glib4-1.10.6-5.6.1 libnm-glib4-debuginfo-1.10.6-5.6.1 libnm-util2-1.10.6-5.6.1 libnm-util2-debuginfo-1.10.6-5.6.1 typelib-1_0-NMClient-1_0-1.10.6-5.6.1 typelib-1_0-NetworkManager-1_0-1.10.6-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.10.6-5.6.1 NetworkManager-debugsource-1.10.6-5.6.1 libnm0-1.10.6-5.6.1 libnm0-debuginfo-1.10.6-5.6.1 typelib-1_0-NM-1_0-1.10.6-5.6.1 References: https://www.suse.com/security/cve/CVE-2018-1000135.html https://bugzilla.suse.com/1086263 From sle-updates at lists.suse.com Tue May 28 13:11:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 May 2019 21:11:51 +0200 (CEST) Subject: SUSE-SU-2019:1368-1: important: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Message-ID: <20190528191151.48FA4F7CE@maintenance.suse.de> SUSE Security Update: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1368-1 Rating: important References: #1134524 Cross-References: CVE-2019-5021 Affected Products: SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-1368=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1368=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): suse-sles12sp3-image-2.0.2-22.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): system-user-root-20190513-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-5021.html https://bugzilla.suse.com/1134524 From sle-updates at lists.suse.com Tue May 28 13:12:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 May 2019 21:12:34 +0200 (CEST) Subject: SUSE-SU-2019:1372-1: moderate: Security update for libtasn1 Message-ID: <20190528191234.46D65F7CE@maintenance.suse.de> SUSE Security Update: Security update for libtasn1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1372-1 Rating: moderate References: #1105435 Cross-References: CVE-2018-1000654 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1372=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1372=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): libtasn1-6-32bit-4.13-4.5.1 libtasn1-6-32bit-debuginfo-4.13-4.5.1 libtasn1-debugsource-4.13-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libtasn1-4.13-4.5.1 libtasn1-6-4.13-4.5.1 libtasn1-6-debuginfo-4.13-4.5.1 libtasn1-debuginfo-4.13-4.5.1 libtasn1-debugsource-4.13-4.5.1 libtasn1-devel-4.13-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libtasn1-6-32bit-4.13-4.5.1 libtasn1-6-32bit-debuginfo-4.13-4.5.1 References: https://www.suse.com/security/cve/CVE-2018-1000654.html https://bugzilla.suse.com/1105435 From sle-updates at lists.suse.com Tue May 28 13:13:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 May 2019 21:13:14 +0200 (CEST) Subject: SUSE-SU-2019:1373-1: moderate: Security update for axis Message-ID: <20190528191314.51078F7CE@maintenance.suse.de> SUSE Security Update: Security update for axis ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1373-1 Rating: moderate References: #1134598 Cross-References: CVE-2012-5784 CVE-2014-3596 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for axis fixes the following issues: Security issue fixed: - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1373=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1373=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): axis-manual-1.4-5.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): axis-1.4-5.8.1 References: https://www.suse.com/security/cve/CVE-2012-5784.html https://www.suse.com/security/cve/CVE-2014-3596.html https://bugzilla.suse.com/1134598 From sle-updates at lists.suse.com Wed May 29 10:10:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 May 2019 18:10:01 +0200 (CEST) Subject: SUSE-SU-2019:1379-1: moderate: Security update for libtasn1 Message-ID: <20190529161001.0F3A5F7CE@maintenance.suse.de> SUSE Security Update: Security update for libtasn1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1379-1 Rating: moderate References: #1040621 #1105435 Cross-References: CVE-2017-6891 CVE-2018-1000654 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libtasn1 fixes the following issues: Security issues fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). - CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1379=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1379=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1379=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1379=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1379=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1379=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libtasn1-debuginfo-4.9-3.10.1 libtasn1-debugsource-4.9-3.10.1 libtasn1-devel-4.9-3.10.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtasn1-debuginfo-4.9-3.10.1 libtasn1-debugsource-4.9-3.10.1 libtasn1-devel-4.9-3.10.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libtasn1-4.9-3.10.1 libtasn1-6-4.9-3.10.1 libtasn1-6-debuginfo-4.9-3.10.1 libtasn1-debuginfo-4.9-3.10.1 libtasn1-debugsource-4.9-3.10.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libtasn1-6-32bit-4.9-3.10.1 libtasn1-6-debuginfo-32bit-4.9-3.10.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtasn1-4.9-3.10.1 libtasn1-6-4.9-3.10.1 libtasn1-6-debuginfo-4.9-3.10.1 libtasn1-debuginfo-4.9-3.10.1 libtasn1-debugsource-4.9-3.10.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libtasn1-6-32bit-4.9-3.10.1 libtasn1-6-debuginfo-32bit-4.9-3.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libtasn1-4.9-3.10.1 libtasn1-6-32bit-4.9-3.10.1 libtasn1-6-4.9-3.10.1 libtasn1-6-debuginfo-32bit-4.9-3.10.1 libtasn1-6-debuginfo-4.9-3.10.1 libtasn1-debuginfo-4.9-3.10.1 libtasn1-debugsource-4.9-3.10.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libtasn1-4.9-3.10.1 libtasn1-6-32bit-4.9-3.10.1 libtasn1-6-4.9-3.10.1 libtasn1-6-debuginfo-32bit-4.9-3.10.1 libtasn1-6-debuginfo-4.9-3.10.1 libtasn1-debuginfo-4.9-3.10.1 libtasn1-debugsource-4.9-3.10.1 - SUSE CaaS Platform ALL (x86_64): libtasn1-4.9-3.10.1 libtasn1-6-4.9-3.10.1 libtasn1-6-debuginfo-4.9-3.10.1 libtasn1-debuginfo-4.9-3.10.1 libtasn1-debugsource-4.9-3.10.1 - SUSE CaaS Platform 3.0 (x86_64): libtasn1-4.9-3.10.1 libtasn1-6-4.9-3.10.1 libtasn1-6-debuginfo-4.9-3.10.1 libtasn1-debuginfo-4.9-3.10.1 libtasn1-debugsource-4.9-3.10.1 References: https://www.suse.com/security/cve/CVE-2017-6891.html https://www.suse.com/security/cve/CVE-2018-1000654.html https://bugzilla.suse.com/1040621 https://bugzilla.suse.com/1105435 From sle-updates at lists.suse.com Wed May 29 10:11:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 May 2019 18:11:05 +0200 (CEST) Subject: SUSE-RU-2019:1380-1: moderate: Recommended update for ipa-ex-fonts Message-ID: <20190529161105.E3489F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipa-ex-fonts ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1380-1 Rating: moderate References: #1112183 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ipa-ex-fonts fixes the following issues: - Update to version 004.01 * new glyph U+32FF "SQUARE ERA NAME REIWA" (boo#1112183) * add standardized variation sequences of 93 characters * update spaces of the two glyphs (U+26FF8, U+663B) - remove old Obsoletes and Provides for the past naming rule change Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1380=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): ipa-ex-gothic-fonts-004.01-3.3.1 ipa-ex-mincho-fonts-004.01-3.3.1 References: https://bugzilla.suse.com/1112183 From sle-updates at lists.suse.com Wed May 29 10:11:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 May 2019 18:11:51 +0200 (CEST) Subject: SUSE-RU-2019:1376-1: Recommended update for openal-soft Message-ID: <20190529161151.611F8F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for openal-soft ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1376-1 Rating: low References: #1131808 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openal-soft provides the following fixes: - Remove an unused file licensed under Apache-2.0 (and thus incompatible with the rest of the stack). (bsc#1131808) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1376=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1376=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libopenal0-1.17.2-3.7.41 libopenal0-debuginfo-1.17.2-3.7.41 openal-soft-1.17.2-3.7.41 openal-soft-debuginfo-1.17.2-3.7.41 openal-soft-debugsource-1.17.2-3.7.41 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libopenal1-1.17.2-3.7.41 libopenal1-debuginfo-1.17.2-3.7.41 openal-soft-debuginfo-1.17.2-3.7.41 openal-soft-debugsource-1.17.2-3.7.41 openal-soft-devel-1.17.2-3.7.41 openal-soft-devel-debuginfo-1.17.2-3.7.41 References: https://bugzilla.suse.com/1131808 From sle-updates at lists.suse.com Wed May 29 10:12:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 May 2019 18:12:34 +0200 (CEST) Subject: SUSE-RU-2019:1375-1: important: Recommended update for resource-agents Message-ID: <20190529161234.DCA71F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1375-1 Rating: important References: #1131793 #1132853 #1133337 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fix version string with vendor trailer comparison (bsc#1133337) - galera: Fix monitoring with ~/.my.cnf available (bsc#1132853) - galera: ignores safe_to_bootstrap in grastate.dat when a uuid is 00000000-0000-0000-0000-000000000000 (bsc#1131793) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1375=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.1.9+git24.9b664917-3.11.1 resource-agents-4.1.9+git24.9b664917-3.11.1 resource-agents-debuginfo-4.1.9+git24.9b664917-3.11.1 resource-agents-debugsource-4.1.9+git24.9b664917-3.11.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.1.9+git24.9b664917-3.11.1 References: https://bugzilla.suse.com/1131793 https://bugzilla.suse.com/1132853 https://bugzilla.suse.com/1133337 From sle-updates at lists.suse.com Thu May 30 04:13:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 May 2019 12:13:48 +0200 (CEST) Subject: SUSE-SU-2019:1381-1: important: Security update for rmt-server Message-ID: <20190530101348.A0BCBF7CE@maintenance.suse.de> SUSE Security Update: Security update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1381-1 Rating: important References: #1107806 #1117722 #1118745 #1125770 #1128858 #1129271 #1129392 #1132160 #1132690 #1134190 #1134428 #1135222 Cross-References: CVE-2019-11068 CVE-2019-5419 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has 10 fixes is now available. Description: This update for rmt-server to version 2.1.4 fixes the following issues: - Fix duplicate nginx location in rmt-server-pubcloud (bsc#1135222) - Mirror additional repos that were enabled during mirroring (bsc#1132690) - Make service IDs consistent across different RMT instances (bsc#1134428) - Make SMT data import scripts faster (bsc#1134190) - Fix incorrect triggering of registration sharing (bsc#1129392) - Fix license mirroring issue in some non-SUSE repositories (bsc#1128858) - Set CURLOPT_LOW_SPEED_LIMIT to prevent downloads from getting stuck (bsc#1107806) - Truncate the RMT lockfile when writing a new PID (bsc#1125770) - Fix missing trailing slashes on custom repository import from SMT (bsc#1118745) - Zypper authentication plugin (fate#326629) - Instance verification plugin in rmt-server-pubcloud (fate#326629) - Update dependencies to fix vulnerabilities in rails (CVE-2019-5419, bsc#1129271) and nokogiri (CVE-2019-11068, bsc#1132160) - Allow RMT registration to work under HTTP as well as HTTPS. - Offline migration from SLE 15 to SLE 15 SP1 will add Python2 module - Online migrations will automatically add additional modules to the client systems depending on the base product - Supply log severity to journald - Breaking Change: Added headers to generated CSV files Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1381=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): rmt-server-2.1.4-3.17.1 rmt-server-debuginfo-2.1.4-3.17.1 References: https://www.suse.com/security/cve/CVE-2019-11068.html https://www.suse.com/security/cve/CVE-2019-5419.html https://bugzilla.suse.com/1107806 https://bugzilla.suse.com/1117722 https://bugzilla.suse.com/1118745 https://bugzilla.suse.com/1125770 https://bugzilla.suse.com/1128858 https://bugzilla.suse.com/1129271 https://bugzilla.suse.com/1129392 https://bugzilla.suse.com/1132160 https://bugzilla.suse.com/1132690 https://bugzilla.suse.com/1134190 https://bugzilla.suse.com/1134428 https://bugzilla.suse.com/1135222 From sle-updates at lists.suse.com Thu May 30 04:16:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 May 2019 12:16:06 +0200 (CEST) Subject: SUSE-SU-2019:1382-1: moderate: Security update for axis Message-ID: <20190530101606.89AF4F7CE@maintenance.suse.de> SUSE Security Update: Security update for axis ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1382-1 Rating: moderate References: #1134598 Cross-References: CVE-2012-5784 CVE-2014-3596 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for axis fixes the following issues: Security issue fixed: - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1382=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1382=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): axis-1.4-290.6.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): axis-1.4-290.6.1 References: https://www.suse.com/security/cve/CVE-2012-5784.html https://www.suse.com/security/cve/CVE-2014-3596.html https://bugzilla.suse.com/1134598 From sle-updates at lists.suse.com Thu May 30 04:16:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 May 2019 12:16:55 +0200 (CEST) Subject: SUSE-RU-2019:1383-1: moderate: Recommended update for supportutils Message-ID: <20190530101655.B75DBF7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1383-1 Rating: moderate References: #1081326 #1088234 #1100529 #1120967 #1125623 #1132865 #1133844 #1134599 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for supportutils fixes the following issues: - Updated to version 3.1.3 + Uses SUSE FTP servers (bsc#1132865) + btrfs quota #43 + supportconfig: open-files: add file flags #44 + Merged etc_info: Add support for .cfg files in /etc dir #46 + Silence warning in rpm backup db collection path #47 + Set files in tarball to 660 instead of 600 #48 + SUSE separation finalized (bsc#1125623) + Default compression through xz, but -z forces bzip2 + Updated man pages (bsc#1088234) + Changed VAR_OPTION_BIN_TIMEOUT_SEC from 300 to 120 + Avoids some IO delays (bsc#1100529) + Corrected supported services help info for -U + Collects iSCSI Target information (bsc#1133844) + FTPES uses --ssl-reqd instead of depricated --ftp-ssl + Defaults to https FTP server uploads (bsc#1134599) - Updated to version 3.1.2 + Fixed missing sapconf and log (bsc#1081326) + Added timed_log_cmd to hwinfo and showmount commands (bsc#1120967) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1383=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): supportutils-3.1.3-5.13.1 References: https://bugzilla.suse.com/1081326 https://bugzilla.suse.com/1088234 https://bugzilla.suse.com/1100529 https://bugzilla.suse.com/1120967 https://bugzilla.suse.com/1125623 https://bugzilla.suse.com/1132865 https://bugzilla.suse.com/1133844 https://bugzilla.suse.com/1134599 From sle-updates at lists.suse.com Thu May 30 04:20:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 May 2019 12:20:41 +0200 (CEST) Subject: SUSE-RU-2019:1384-1: important: Recommended update for supportutils Message-ID: <20190530102041.96102F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1384-1 Rating: important References: #1081326 #1088234 #1100529 #1120967 #1132865 #1133723 #1134599 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for supportutils fixes the following issues: * SUSE specific infrastructure is now used (bsc#1132865) * Uploads now use https by default (bsc#1134599) * Support for FTPS has been added * Files in the tarball now have 660 permissions instead of 600 * The supportconfig.conf man pages have been updated to add some missing paramaters and fix some incorrect information (bsc#1088234) * Fix issues where some customers were unable to collect logs due to commands not timing out (bsc#1100529) (bsc#1120967) * DRBD resource configs were missing in support config (bsc#1133723) * FTPES now uses the --ssl-reqd paramater instead of the depricated --ftp-ssl * sapconf and log were missing from tuned.txt (bsc#1081326) * Some deprecated chkconfig code has been removed Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1384=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1384=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1384=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1384=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1384=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1384=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1384=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1384=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1384=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1384=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1384=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (noarch): supportutils-3.0.2-95.24.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): supportutils-3.0.2-95.24.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): supportutils-3.0.2-95.24.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): supportutils-3.0.2-95.24.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): supportutils-3.0.2-95.24.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): supportutils-3.0.2-95.24.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): supportutils-3.0.2-95.24.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): supportutils-3.0.2-95.24.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): supportutils-3.0.2-95.24.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): supportutils-3.0.2-95.24.1 - SUSE Enterprise Storage 4 (noarch): supportutils-3.0.2-95.24.1 - SUSE CaaS Platform ALL (noarch): supportutils-3.0.2-95.24.1 References: https://bugzilla.suse.com/1081326 https://bugzilla.suse.com/1088234 https://bugzilla.suse.com/1100529 https://bugzilla.suse.com/1120967 https://bugzilla.suse.com/1132865 https://bugzilla.suse.com/1133723 https://bugzilla.suse.com/1134599 From sle-updates at lists.suse.com Fri May 31 04:14:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 12:14:40 +0200 (CEST) Subject: SUSE-SU-2019:14069-1: Security update for jpeg Message-ID: <20190531101440.ECF75F7CE@maintenance.suse.de> SUSE Security Update: Security update for jpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14069-1 Rating: low References: #1122299 #1128712 Cross-References: CVE-2018-11212 CVE-2018-14498 Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for jpeg fixes the following issue: Security issue fixed: - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11212: Fixed divide by zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-14498: Fixed denial of service in get_8bit_row in rdbmp.c (bsc#1128712). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-jpeg-14069=1 Package List: - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): jpeg-debuginfo-6b-879.12.12.1 jpeg-debugsource-6b-879.12.12.1 References: https://www.suse.com/security/cve/CVE-2018-11212.html https://www.suse.com/security/cve/CVE-2018-14498.html https://bugzilla.suse.com/1122299 https://bugzilla.suse.com/1128712 From sle-updates at lists.suse.com Fri May 31 04:15:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 12:15:58 +0200 (CEST) Subject: SUSE-SU-2019:14068-1: important: Security update for mailman Message-ID: <20190531101558.210B8F7CE@maintenance.suse.de> SUSE Security Update: Security update for mailman ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14068-1 Rating: important References: #1102416 #997205 Cross-References: CVE-2016-6893 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mailman fixes the following issues: Security issue fixed: - CVE-2016-6893: Fixed a Cross-site request forgery vulnerability in the admin web interface (bsc#997205). Following bug was fixed: - Allow CSRF check to pass in mailman web frontend if the list name contains a "+" (bsc#1102416) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mailman-14068=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mailman-14068=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mailman-14068=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mailman-14068=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): mailman-2.1.15-9.6.12.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): mailman-2.1.15-9.6.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): mailman-debuginfo-2.1.15-9.6.12.1 mailman-debugsource-2.1.15-9.6.12.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mailman-debuginfo-2.1.15-9.6.12.1 mailman-debugsource-2.1.15-9.6.12.1 References: https://www.suse.com/security/cve/CVE-2016-6893.html https://bugzilla.suse.com/1102416 https://bugzilla.suse.com/997205 From sle-updates at lists.suse.com Fri May 31 07:10:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 15:10:44 +0200 (CEST) Subject: SUSE-RU-2019:1387-1: moderate: Recommended update for alsa-firmware Message-ID: <20190531131044.A314EF7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for alsa-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1387-1 Rating: moderate References: #1136638 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for alsa-firmware fixes the following issues: - Install missing firmware files for CA0132 codec. (bsc#1136638) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1387=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1387=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): alsa-firmware-1.0.29-3.3.1 - SUSE Linux Enterprise Workstation Extension 15 (noarch): alsa-firmware-1.0.29-3.3.1 References: https://bugzilla.suse.com/1136638 From sle-updates at lists.suse.com Fri May 31 07:24:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 15:24:48 +0200 (CEST) Subject: SUSE-SU-2019:1389-1: Security update for cronie Message-ID: <20190531132448.7398BF7CE@maintenance.suse.de> SUSE Security Update: Security update for cronie ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1389-1 Rating: low References: #1128935 #1128937 #1130746 #1133100 Cross-References: CVE-2019-9704 CVE-2019-9705 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for cronie fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the daemon (bsc#1128937). - CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935). Bug fixes: - Manual start of cron is possible even when it's already started using systemd (bsc#1133100). - Cron schedules only one job of crontab (bsc#1130746). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1389=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1389=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): cronie-anacron-1.5.1-6.7.1 cronie-anacron-debuginfo-1.5.1-6.7.1 cronie-debuginfo-1.5.1-6.7.1 cronie-debugsource-1.5.1-6.7.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): cron-4.2-6.7.1 cronie-1.5.1-6.7.1 cronie-debuginfo-1.5.1-6.7.1 cronie-debugsource-1.5.1-6.7.1 References: https://www.suse.com/security/cve/CVE-2019-9704.html https://www.suse.com/security/cve/CVE-2019-9705.html https://bugzilla.suse.com/1128935 https://bugzilla.suse.com/1128937 https://bugzilla.suse.com/1130746 https://bugzilla.suse.com/1133100 From sle-updates at lists.suse.com Fri May 31 07:25:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 15:25:56 +0200 (CEST) Subject: SUSE-SU-2019:1392-1: moderate: Security update for java-1_7_0-openjdk Message-ID: <20190531132556.D2E7AF7CE@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1392-1 Rating: moderate References: #1122293 #1122299 #1132728 #1132729 #1132732 #1134297 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk fixes the following issues: Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU) Security issues fixed: - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw inside the RMI registry implementation (bsc#1132732). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2019-2426: Improve web server connections (bsc#1134297). Bug fixes: - Please check the package Changelog for detailed information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1392=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1392=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1392=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1392=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1392=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1392=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1392=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1392=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1392=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1392=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1392=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1392=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_0-openjdk-1.7.0.221-43.22.1 java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_0-openjdk-1.7.0.221-43.22.1 java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_7_0-openjdk-1.7.0.221-43.22.1 java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.221-43.22.1 java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.221-43.22.1 java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.221-43.22.1 java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_0-openjdk-1.7.0.221-43.22.1 java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.221-43.22.1 java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.221-43.22.1 java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): java-1_7_0-openjdk-1.7.0.221-43.22.1 java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): java-1_7_0-openjdk-1.7.0.221-43.22.1 java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1 - SUSE Enterprise Storage 4 (x86_64): java-1_7_0-openjdk-1.7.0.221-43.22.1 java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-1.7.0.221-43.22.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-1.7.0.221-43.22.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-1.7.0.221-43.22.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1 References: https://www.suse.com/security/cve/CVE-2018-11212.html https://www.suse.com/security/cve/CVE-2019-2422.html https://www.suse.com/security/cve/CVE-2019-2426.html https://www.suse.com/security/cve/CVE-2019-2602.html https://www.suse.com/security/cve/CVE-2019-2684.html https://www.suse.com/security/cve/CVE-2019-2698.html https://bugzilla.suse.com/1122293 https://bugzilla.suse.com/1122299 https://bugzilla.suse.com/1132728 https://bugzilla.suse.com/1132729 https://bugzilla.suse.com/1132732 https://bugzilla.suse.com/1134297 From sle-updates at lists.suse.com Fri May 31 07:27:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 15:27:15 +0200 (CEST) Subject: SUSE-SU-2019:1391-1: moderate: Security update for evolution Message-ID: <20190531132715.0DFC2F7CE@maintenance.suse.de> SUSE Security Update: Security update for evolution ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1391-1 Rating: moderate References: #1125230 Cross-References: CVE-2018-15587 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for evolution fixes the following issue: Security issue fixed: - CVE-2018-15587: Fixed OpenPGP signatures spoofing via specially crafted email that contains a valid signature (bsc#1125230). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1391=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1391=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1391=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1391=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1391=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1391=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): evolution-lang-3.22.6-19.9.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): evolution-3.22.6-19.9.1 evolution-debuginfo-3.22.6-19.9.1 evolution-debugsource-3.22.6-19.9.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): evolution-3.22.6-19.9.1 evolution-debuginfo-3.22.6-19.9.1 evolution-debugsource-3.22.6-19.9.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): evolution-lang-3.22.6-19.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): evolution-debuginfo-3.22.6-19.9.1 evolution-debugsource-3.22.6-19.9.1 evolution-devel-3.22.6-19.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): evolution-debuginfo-3.22.6-19.9.1 evolution-debugsource-3.22.6-19.9.1 evolution-devel-3.22.6-19.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): evolution-lang-3.22.6-19.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): evolution-3.22.6-19.9.1 evolution-debuginfo-3.22.6-19.9.1 evolution-debugsource-3.22.6-19.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): evolution-3.22.6-19.9.1 evolution-debuginfo-3.22.6-19.9.1 evolution-debugsource-3.22.6-19.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): evolution-lang-3.22.6-19.9.1 References: https://www.suse.com/security/cve/CVE-2018-15587.html https://bugzilla.suse.com/1125230 From sle-updates at lists.suse.com Fri May 31 07:27:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 15:27:55 +0200 (CEST) Subject: SUSE-RU-2019:1394-1: moderate: Recommended update for pam-config Message-ID: <20190531132755.6862FF7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam-config ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1394-1 Rating: moderate References: #1114835 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam-config fixes the following issues: - Update to version 0.96: * Add missing pam_cracklib options [bsc#1114835] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1394=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): pam-config-0.96-4.3.1 pam-config-debuginfo-0.96-4.3.1 pam-config-debugsource-0.96-4.3.1 References: https://bugzilla.suse.com/1114835 From sle-updates at lists.suse.com Fri May 31 07:28:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 15:28:33 +0200 (CEST) Subject: SUSE-RU-2019:1396-1: important: Recommended update for golang-github-prometheus-node_exporter Message-ID: <20190531132833.96DB0F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-prometheus-node_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1396-1 Rating: important References: #1135921 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-github-prometheus-node_exporter fixes the following issues: - Demote log message about "Personality unknown" for inactive mdadm arrays from info to debug bsc#1135921 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1396=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): golang-github-prometheus-node_exporter-0.14.0-5.8.1 References: https://bugzilla.suse.com/1135921 From sle-updates at lists.suse.com Fri May 31 07:29:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 15:29:14 +0200 (CEST) Subject: SUSE-RU-2019:1395-1: moderate: Recommended update for mozc Message-ID: <20190531132914.4818AF7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozc ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1395-1 Rating: moderate References: #1132450 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mozc fixes the following issues: - Update to support the Japanese new era, Reiwa (bsc#1132450) - Update zip code dictionary Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1395=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le x86_64): ibus-mozc-2.18.2612.102-4.3.1 ibus-mozc-debuginfo-2.18.2612.102-4.3.1 mozc-2.18.2612.102-4.3.1 mozc-debuginfo-2.18.2612.102-4.3.1 mozc-debugsource-2.18.2612.102-4.3.1 mozc-gui-tools-2.18.2612.102-4.3.1 mozc-gui-tools-debuginfo-2.18.2612.102-4.3.1 References: https://bugzilla.suse.com/1132450 From sle-updates at lists.suse.com Fri May 31 07:29:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 15:29:54 +0200 (CEST) Subject: SUSE-SU-2019:1390-1: moderate: Security update for gnome-shell Message-ID: <20190531132954.AE55AF7CE@maintenance.suse.de> SUSE Security Update: Security update for gnome-shell ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1390-1 Rating: moderate References: #1124493 Cross-References: CVE-2019-3820 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gnome-shell fixes the following issues: Security issue fixed: - CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). Fixed bugs: - Remove sessionList of endSessionDialog for security reasons (jsc#SLE-6660). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1390=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1390=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1390=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1390=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1390=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1390=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1390=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1390=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): gnome-shell-calendar-3.20.4-77.23.1 gnome-shell-calendar-debuginfo-3.20.4-77.23.1 gnome-shell-debuginfo-3.20.4-77.23.1 gnome-shell-debugsource-3.20.4-77.23.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gnome-shell-calendar-3.20.4-77.23.1 gnome-shell-calendar-debuginfo-3.20.4-77.23.1 gnome-shell-debuginfo-3.20.4-77.23.1 gnome-shell-debugsource-3.20.4-77.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): gnome-shell-debuginfo-3.20.4-77.23.1 gnome-shell-debugsource-3.20.4-77.23.1 gnome-shell-devel-3.20.4-77.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-shell-debuginfo-3.20.4-77.23.1 gnome-shell-debugsource-3.20.4-77.23.1 gnome-shell-devel-3.20.4-77.23.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gnome-shell-3.20.4-77.23.1 gnome-shell-browser-plugin-3.20.4-77.23.1 gnome-shell-browser-plugin-debuginfo-3.20.4-77.23.1 gnome-shell-debuginfo-3.20.4-77.23.1 gnome-shell-debugsource-3.20.4-77.23.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): gnome-shell-lang-3.20.4-77.23.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-shell-3.20.4-77.23.1 gnome-shell-browser-plugin-3.20.4-77.23.1 gnome-shell-browser-plugin-debuginfo-3.20.4-77.23.1 gnome-shell-debuginfo-3.20.4-77.23.1 gnome-shell-debugsource-3.20.4-77.23.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): gnome-shell-lang-3.20.4-77.23.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): gnome-shell-lang-3.20.4-77.23.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gnome-shell-3.20.4-77.23.1 gnome-shell-browser-plugin-3.20.4-77.23.1 gnome-shell-browser-plugin-debuginfo-3.20.4-77.23.1 gnome-shell-calendar-3.20.4-77.23.1 gnome-shell-calendar-debuginfo-3.20.4-77.23.1 gnome-shell-debuginfo-3.20.4-77.23.1 gnome-shell-debugsource-3.20.4-77.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gnome-shell-lang-3.20.4-77.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-shell-3.20.4-77.23.1 gnome-shell-browser-plugin-3.20.4-77.23.1 gnome-shell-browser-plugin-debuginfo-3.20.4-77.23.1 gnome-shell-calendar-3.20.4-77.23.1 gnome-shell-calendar-debuginfo-3.20.4-77.23.1 gnome-shell-debuginfo-3.20.4-77.23.1 gnome-shell-debugsource-3.20.4-77.23.1 References: https://www.suse.com/security/cve/CVE-2019-3820.html https://bugzilla.suse.com/1124493 From sle-updates at lists.suse.com Fri May 31 07:30:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 15:30:37 +0200 (CEST) Subject: SUSE-RU-2019:1393-1: moderate: Recommended update for pesign Message-ID: <20190531133037.28709F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1393-1 Rating: moderate References: #1130588 #1134670 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pesign fixes the following issues: - Enable build on %arm as we can sign kernel on %arm (bsc#1134670) - Require shadow instead of old pwdutils (bsc#192328) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1393=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 x86_64): pesign-0.112-4.3.1 pesign-debuginfo-0.112-4.3.1 pesign-debugsource-0.112-4.3.1 References: https://bugzilla.suse.com/1130588 https://bugzilla.suse.com/1134670 From sle-updates at lists.suse.com Fri May 31 07:31:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 15:31:25 +0200 (CEST) Subject: SUSE-RU-2019:1355-1: moderate: Recommended update for clamav-database Message-ID: <20190531133125.AFC12F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamav-database ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1355-1 Rating: moderate References: #1084929 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for clamav-database fixes the following issues: Database refresh on 2019-05-27 (bsc#1084929). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1355=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): clamav-database-201905270015-3.162.1 References: https://bugzilla.suse.com/1084929 From sle-updates at lists.suse.com Fri May 31 07:32:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 15:32:48 +0200 (CEST) Subject: SUSE-SU-2019:1388-1: important: Security update for MozillaFirefox Message-ID: <20190531133248.0338FF7CE@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1388-1 Rating: important References: #1135824 Cross-References: CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-7317 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Security issues fixed: - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removing listeners in the event listener manager - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux - CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks - CVE-2019-7317: Use-after-free in png_image_free of libpng library - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS - CVE-2019-9816: Type confusion with object groups and UnboxedObjects - CVE-2019-9817: Stealing of cross-domain images using canvas - CVE-2019-9818: Use-after-free in crash generation server - CVE-2019-9819: Compartment mismatch with fetch API - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell Non-security issues fixed: - Font and date adjustments to accommodate the new Reiwa era in Japan - Update to Firefox ESR 60.7 (bsc#1135824) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1388=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1388=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1388=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1388=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1388=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1388=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1388=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1388=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1388=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1388=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1388=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1388=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1388=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1388=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.7.0-109.72.1 MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-devel-60.7.0-109.72.1 MozillaFirefox-translations-common-60.7.0-109.72.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-devel-60.7.0-109.72.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-devel-60.7.0-109.72.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.7.0-109.72.1 MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-devel-60.7.0-109.72.1 MozillaFirefox-translations-common-60.7.0-109.72.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.7.0-109.72.1 MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-devel-60.7.0-109.72.1 MozillaFirefox-translations-common-60.7.0-109.72.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.0-109.72.1 MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-translations-common-60.7.0-109.72.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.7.0-109.72.1 MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-translations-common-60.7.0-109.72.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.7.0-109.72.1 MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-devel-60.7.0-109.72.1 MozillaFirefox-translations-common-60.7.0-109.72.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-60.7.0-109.72.1 MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-devel-60.7.0-109.72.1 MozillaFirefox-translations-common-60.7.0-109.72.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.7.0-109.72.1 MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-devel-60.7.0-109.72.1 MozillaFirefox-translations-common-60.7.0-109.72.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.7.0-109.72.1 MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-devel-60.7.0-109.72.1 MozillaFirefox-translations-common-60.7.0-109.72.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.7.0-109.72.1 MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-translations-common-60.7.0-109.72.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-60.7.0-109.72.1 MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-translations-common-60.7.0-109.72.1 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.7.0-109.72.1 MozillaFirefox-debuginfo-60.7.0-109.72.1 MozillaFirefox-debugsource-60.7.0-109.72.1 MozillaFirefox-devel-60.7.0-109.72.1 MozillaFirefox-translations-common-60.7.0-109.72.1 References: https://www.suse.com/security/cve/CVE-2019-11691.html https://www.suse.com/security/cve/CVE-2019-11692.html https://www.suse.com/security/cve/CVE-2019-11693.html https://www.suse.com/security/cve/CVE-2019-11694.html https://www.suse.com/security/cve/CVE-2019-11698.html https://www.suse.com/security/cve/CVE-2019-7317.html https://www.suse.com/security/cve/CVE-2019-9800.html https://www.suse.com/security/cve/CVE-2019-9815.html https://www.suse.com/security/cve/CVE-2019-9816.html https://www.suse.com/security/cve/CVE-2019-9817.html https://www.suse.com/security/cve/CVE-2019-9818.html https://www.suse.com/security/cve/CVE-2019-9819.html https://www.suse.com/security/cve/CVE-2019-9820.html https://bugzilla.suse.com/1135824 From sle-updates at lists.suse.com Fri May 31 07:33:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 15:33:33 +0200 (CEST) Subject: SUSE-RU-2019:1361-2: moderate: Recommended update for go1.11 Message-ID: <20190531133333.4D03EF7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1361-2 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for go1.11 fixes the following issues: go1.11.10 (released 2019/05/06) includes fixes to the runtime and the linker. * go#31195 cmd/go: pseudoversions can refer to external commits * go#30989 runtime: dll injection vulnerabilities on Windows Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1361=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): go1.11-1.11.10-1.15.1 go1.11-doc-1.11.10-1.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): go1.11-race-1.11.10-1.15.1 References: From sle-updates at lists.suse.com Fri May 31 07:34:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 15:34:03 +0200 (CEST) Subject: SUSE-RU-2019:1350-2: moderate: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy Message-ID: <20190531133403.25F5BF7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1350-2 Rating: moderate References: #1102770 #1135703 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-susemanager, release-notes-susemanager-proxy provides the following fixes: - Fix invalid characters in ncurses mode and provide a style for the HTML page. (bsc#1102770) - Add Single Sign-On feature. (bsc#1135703) - Improve logging for Salt Remote Command page. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1350=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): release-notes-susemanager-4.0~rc1-3.3.1 release-notes-susemanager-proxy-4.0~rc1-0.16.3.1 References: https://bugzilla.suse.com/1102770 https://bugzilla.suse.com/1135703 From sle-updates at lists.suse.com Fri May 31 08:23:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 16:23:23 +0200 (CEST) Subject: SUSE-SU-2019:1398-1: Security update for libpng16 Message-ID: <20190531142323.D9302F7CE@maintenance.suse.de> SUSE Security Update: Security update for libpng16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1398-1 Rating: low References: #1100687 #1121624 #1124211 Cross-References: CVE-2018-13785 CVE-2019-7317 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1398=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1398=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libpng16-debugsource-1.6.34-3.9.1 libpng16-tools-1.6.34-3.9.1 libpng16-tools-debuginfo-1.6.34-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpng16-16-1.6.34-3.9.1 libpng16-16-debuginfo-1.6.34-3.9.1 libpng16-compat-devel-1.6.34-3.9.1 libpng16-debugsource-1.6.34-3.9.1 libpng16-devel-1.6.34-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libpng16-16-32bit-1.6.34-3.9.1 libpng16-16-32bit-debuginfo-1.6.34-3.9.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1100687 https://bugzilla.suse.com/1121624 https://bugzilla.suse.com/1124211 From sle-updates at lists.suse.com Fri May 31 08:24:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 16:24:34 +0200 (CEST) Subject: SUSE-RU-2019:1397-1: Recommended update for libev Message-ID: <20190531142434.6C3B5F7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for libev ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1397-1 Rating: low References: #1131940 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libev fixes the following issue: - ship libev-devel in the SDK. (bsc#1131940 fate#325720) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1397=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1397=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1397=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1397=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1397=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1397=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libev-devel-4.22-3.2.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libev-devel-4.22-3.2.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libev-debugsource-4.22-3.2.1 libev4-4.22-3.2.1 libev4-debuginfo-4.22-3.2.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libev-debugsource-4.22-3.2.1 libev4-4.22-3.2.1 libev4-debuginfo-4.22-3.2.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libev-debugsource-4.22-3.2.1 libev4-4.22-3.2.1 libev4-debuginfo-4.22-3.2.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libev-debugsource-4.22-3.2.1 libev4-4.22-3.2.1 libev4-debuginfo-4.22-3.2.1 References: https://bugzilla.suse.com/1131940 From sle-updates at lists.suse.com Fri May 31 10:10:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 18:10:38 +0200 (CEST) Subject: SUSE-RU-2019:1399-1: moderate: Recommended update for sap-suse-cluster-connector Message-ID: <20190531161038.67B0EF7CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-suse-cluster-connector ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1399-1 Rating: moderate References: #1135487 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sap-suse-cluster-connector fixes the following issues: - Support groups and primitives names containing dashes. (bsc#1135487) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2019-1399=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): sap-suse-cluster-connector-3.1.1-4.9.1 References: https://bugzilla.suse.com/1135487 From sle-updates at lists.suse.com Fri May 31 13:11:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 May 2019 21:11:10 +0200 (CEST) Subject: SUSE-SU-2018:3963-2: important: Security update for apache2-mod_jk Message-ID: <20190531191110.D2CF0F7CE@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_jk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3963-2 Rating: important References: #1114612 Cross-References: CVE-2018-11759 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_jk fixes the following issue: Security issue fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1400=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_jk-1.2.40-7.3.1 apache2-mod_jk-debuginfo-1.2.40-7.3.1 apache2-mod_jk-debugsource-1.2.40-7.3.1 References: https://www.suse.com/security/cve/CVE-2018-11759.html https://bugzilla.suse.com/1114612