SUSE-SU-2015:0812-1: important: Security update for Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Apr 30 13:04:51 MDT 2015


   SUSE Security Update: Security update for Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:0812-1
Rating:             important
References:         #677286 #679812 #681175 #681999 #683282 #685402 
                    #687812 #730118 #730200 #738400 #758813 #760902 
                    #769784 #823260 #846404 #853040 #854722 #863335 
                    #874307 #875051 #880484 #883223 #883795 #885422 
                    #891844 #892490 #896390 #896391 #896779 #902346 
                    #907818 #908382 #910251 #911325 
Cross-References:   CVE-2011-1090 CVE-2011-1163 CVE-2011-1476
                    CVE-2011-1477 CVE-2011-1493 CVE-2011-1494
                    CVE-2011-1495 CVE-2011-1585 CVE-2011-4127
                    CVE-2011-4132 CVE-2011-4913 CVE-2011-4914
                    CVE-2012-2313 CVE-2012-2319 CVE-2012-3400
                    CVE-2012-6657 CVE-2013-2147 CVE-2013-4299
                    CVE-2013-6405 CVE-2013-6463 CVE-2014-0181
                    CVE-2014-1874 CVE-2014-3184 CVE-2014-3185
                    CVE-2014-3673 CVE-2014-3917 CVE-2014-4652
                    CVE-2014-4653 CVE-2014-4654 CVE-2014-4655
                    CVE-2014-4656 CVE-2014-4667 CVE-2014-5471
                    CVE-2014-5472 CVE-2014-9090 CVE-2014-9322
                    CVE-2014-9420 CVE-2014-9584 CVE-2015-2041
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

   An update that fixes 39 vulnerabilities is now available.

Description:


   The SUSE Linux Enterprise 10 SP4 LTSS kernel was updated to receive
   various security and bugfixes.

   The following security bugs have been fixed:

       * CVE-2015-2041: A information leak in the llc2_timeout_table was
         fixed (bnc#919007).
       * CVE-2014-9322: arch/x86/kernel/entry_64.S in the Linux kernel did
         not properly handle faults associated with the Stack Segment (SS)
         segment register, which allowed local users to gain privileges by
         triggering an IRET instruction that leads to access to a GS Base
         address from the wrong space (bnc#910251).
       * CVE-2014-9090: The do_double_fault function in
         arch/x86/kernel/traps.c in the Linux kernel did not properly handle
         faults associated with the Stack Segment (SS) segment register,
         which allowed local users to cause a denial of service (panic) via a
         modify_ldt system call, as demonstrated by sigreturn_32 in the
         1-clock-tests test suite (bnc#907818).
       * CVE-2014-4667: The sctp_association_free function in
         net/sctp/associola.c in the Linux kernel did not properly manage a
         certain backlog value, which allowed remote attackers to cause a
         denial of service (socket outage) via a crafted SCTP packet
         (bnc#885422).
       * CVE-2014-3673: The SCTP implementation in the Linux kernel allowed
         remote attackers to cause a denial of service (system crash) via a
         malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and
         net/sctp/sm_statefuns.c (bnc#902346).
       * CVE-2014-3185: Multiple buffer overflows in the
         command_port_read_callback function in
         drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in
         the Linux kernel allowed physically proximate attackers to execute
         arbitrary code or cause a denial of service (memory corruption and
         system crash) via a crafted device that provides a large amount of
         (1) EHCI or (2) XHCI data associated with a bulk response
         (bnc#896391).
       * CVE-2014-3184: The report_fixup functions in the HID subsystem in
         the Linux kernel might have allowed physically proximate attackers
         to cause a denial of service (out-of-bounds write) via a crafted
         device that provides a small report descriptor, related to (1)
         drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)
         drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)
         drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c
         (bnc#896390).
       * CVE-2014-1874: The security_context_to_sid_core function in
         security/selinux/ss/services.c in the Linux kernel allowed local
         users to cause a denial of service (system crash) by leveraging the
         CAP_MAC_ADMIN capability to set a zero-length security context
         (bnc#863335).
       * CVE-2014-0181: The Netlink implementation in the Linux kernel did
         not provide a mechanism for authorizing socket operations based on
         the
         opener of a socket, which allowed local users to bypass intended
   access restrictions and modify network configurations by using a Netlink
   socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051).
       * CVE-2013-4299: Interpretation conflict in
         drivers/md/dm-snap-persistent.c in the Linux kernel allowed remote
         authenticated users to obtain sensitive information or modify data
         via a crafted mapping to a snapshot block device (bnc#846404).
       * CVE-2013-2147: The HP Smart Array controller disk-array driver and
         Compaq SMART2 controller disk-array driver in the Linux kernel did
         not initialize certain data structures, which allowed local users to
         obtain sensitive information from kernel memory via (1) a crafted
   IDAGETPCIINFO command for a /dev/ida device, related to the
   ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted
   CCISS_PASSTHRU32 command for a /dev/cciss device, related to the
   cciss_ioctl32_passthru function in drivers/block/cciss.c (bnc#823260).
       * CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in
         the Linux kernel did not ensure that a keepalive action is
         associated with a stream socket, which allowed local users to cause
         a denial of service (system crash) by leveraging the ability to
         create a raw socket (bnc#896779).
       * CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol
         function in fs/udf/super.c in the Linux kernel allowed remote
         attackers to cause a denial of service (system crash) or possibly
         have unspecified other impact via a crafted UDF filesystem
         (bnc#769784).
       * CVE-2012-2319: Multiple buffer overflows in the hfsplus filesystem
         implementation in the Linux kernel allowed local users to gain
         privileges via a crafted HFS plus filesystem, a related issue to
         CVE-2009-4020 (bnc#760902).
       * CVE-2012-2313: The rio_ioctl function in
         drivers/net/ethernet/dlink/dl2k.c in the Linux kernel did not
         restrict access to the SIOCSMIIREG command, which allowed local
         users to write data to an Ethernet adapter via an ioctl call
         (bnc#758813).
       * CVE-2011-4132: The cleanup_journal_tail function in the Journaling
         Block Device (JBD) functionality in the Linux kernel 2.6 allowed
         local users to cause a denial of service (assertion error and kernel
         oops) via an ext3 or ext4 image with an "invalid log first block
   value" (bnc#730118).
       * CVE-2011-4127: The Linux kernel did not properly restrict SG_IO
         ioctl calls, which allowed local users to bypass intended
         restrictions on disk read and write operations by sending a SCSI
         command to (1) a partition block device or (2) an LVM volume
         (bnc#738400).
       * CVE-2011-1585: The cifs_find_smb_ses function in fs/cifs/connect.c
         in the Linux kernel did not properly determine the associations
         between users and sessions, which allowed local users to bypass CIFS
         share authentication by leveraging a mount of a share by a different
         user (bnc#687812).
       * CVE-2011-1494: Integer overflow in the _ctl_do_mpt_command function
         in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel might have
         allowed local users to gain privileges or cause a denial of service
         (memory corruption) via an ioctl call specifying a crafted value
         that triggers a heap-based buffer overflow (bnc#685402).
       * CVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux
         kernel did not validate (1) length and (2) offset values before
         performing memory copy operations, which might allow local users to
         gain privileges, cause a denial of service (memory corruption), or
         obtain sensitive information from kernel memory via a crafted ioctl
         call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer
         functions (bnc#685402).
       * CVE-2011-1493: Array index error in the rose_parse_national function
         in net/rose/rose_subr.c in the Linux kernel allowed remote attackers
         to cause a denial of service (heap memory corruption) or possibly
         have unspecified other impact by composing FAC_NATIONAL_DIGIS data
         that specifies a large number of digipeaters, and then sending this
         data to a ROSE socket (bnc#681175).
       * CVE-2011-4913: The rose_parse_ccitt function in net/rose/rose_subr.c
         in the Linux kernel did not validate the FAC_CCITT_DEST_NSAP and
         FAC_CCITT_SRC_NSAP fields, which allowed remote attackers to (1)
         cause a denial of service (integer underflow, heap memory
         corruption, and panic) via a small length value in data sent to a
         ROSE socket, or (2) conduct stack-based buffer overflow attacks via
         a large length value in data sent to a ROSE socket (bnc#681175).
       * CVE-2011-4914: The ROSE protocol implementation in the Linux kernel
         did not verify that certain data-length values are consistent with
         the amount of data sent, which might allow remote attackers to
         obtain sensitive information from kernel memory or cause a denial of
         service (out-of-bounds read) via crafted data to a ROSE socket
         (bnc#681175).
       * CVE-2011-1476: Integer underflow in the Open Sound System (OSS)
         subsystem in the Linux kernel on unspecified non-x86 platforms
         allowed local users to cause a denial of service (memory corruption)
         by leveraging write access to /dev/sequencer (bnc#681999).
       * CVE-2011-1477: Multiple array index errors in sound/oss/opl3.c in
         the Linux kernel allowed local users to cause a denial of service
         (heap memory corruption) or possibly gain privileges by leveraging
         write access to /dev/sequencer (bnc#681999).
       * CVE-2011-1163: The osf_partition function in fs/partitions/osf.c in
         the Linux kernel did not properly handle an invalid number of
         partitions, which might allow local users to obtain potentially
         sensitive information from kernel heap memory via vectors related to
         partition-table parsing (bnc#679812).
       * CVE-2011-1090: The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c
         in the Linux kernel stored NFSv4 ACL data in memory that is
         allocated by kmalloc but not properly freed, which allowed local
         users to cause a denial of service (panic) via a crafted attempt to
         set an ACL (bnc#677286).
       * CVE-2014-9584: The parse_rock_ridge_inode_internal function in
         fs/isofs/rock.c in the Linux kernel did not validate a length value
         in the Extensions Reference (ER) System Use Field, which allowed
         local users to obtain sensitive information from kernel memory via a
         crafted iso9660 image (bnc#912654).
       * CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the
         Linux kernel did not restrict the number of Rock Ridge continuation
         entries, which allowed local users to cause a denial of service
         (infinite loop, and system crash or hang) via a crafted iso9660
         image (bnc#911325).
       * CVE-2014-5471: Stack consumption vulnerability in the
         parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the
         Linux kernel allowed local users to cause a denial of service
         (uncontrolled recursion, and system crash or reboot) via a crafted
         iso9660 image with a CL entry referring to a directory entry that
         has a CL entry (bnc#892490).
       * CVE-2014-5472: The parse_rock_ridge_inode_internal function in
         fs/isofs/rock.c in the Linux kernel allowed local users to cause a
         denial of service (unkillable mount process) via a crafted iso9660
         image with a self-referential CL entry (bnc#892490).
       * CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when
         CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed
         local users to obtain potentially sensitive single-bit values from
         kernel memory or cause a denial of service (OOPS) via a large value
         of a syscall number (bnc#880484).
       * CVE-2014-4652: Race condition in the tlv handler functionality in
         the snd_ctl_elem_user_tlv function in sound/core/control.c in the
         ALSA control implementation in the Linux kernel allowed local users
         to
         obtain sensitive information from kernel memory by leveraging
   /dev/snd/controlCX access (bnc#883795).
       * CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c
         in the ALSA control implementation in the Linux kernel did not check
         authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which
         allowed local users to remove kernel controls and cause a denial of
         service (use-after-free and system crash) by leveraging
         /dev/snd/controlCX access for an ioctl call (bnc#883795).
       * CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c
         in the ALSA control implementation in the Linux kernel did not
         properly maintain the user_ctl_count value, which allowed local
         users to cause a denial of service (integer overflow and limit
         bypass) by leveraging /dev/snd/controlCX access for a large number
         of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls (bnc#883795).
       * CVE-2014-4653: sound/core/control.c in the ALSA control
         implementation in the Linux kernel did not ensure possession of a
         read/write lock, which allowed local users to cause a denial of
         service (use-after-free) and obtain sensitive information from
         kernel memory by leveraging /dev/snd/controlCX access (bnc#883795).
       * CVE-2014-4656: Multiple integer overflows in sound/core/control.c in
         the ALSA control implementation in the Linux kernel allowed local
         users to cause a denial of service by leveraging /dev/snd/controlCX
         access, related to (1) index values in the snd_ctl_add function and
         (2) numid values in the snd_ctl_remove_numid_conflict function
         (bnc#883795).

   The following non-security bugs have been fixed:

       * usb: class: cdc-acm: Be careful with bInterval (bnc#891844).
       * Fix BUG due to racing lookups with reiserfs extended attribute
         backing directories (bnc#908382).
       * reiserfs: eliminate per-super xattr lock (bnc#908382).
       * reiserfs: eliminate private use of struct file in xattr (bnc#908382).
       * reiserfs: Expand i_mutex to enclose lookup_one_len (bnc#908382).
       * reiserfs: fix up lockdep warnings (bnc#908382).
       * reiserfs: fix xattr root locking/refcount bug (bnc#908382).
       * reiserfs: make per-inode xattr locking more fine grained
         (bnc#908382).
       * reiserfs: remove IS_PRIVATE helpers (bnc#908382).
       * reiserfs: simplify xattr internal file lookups/opens (bnc#908382).
       * netfilter: TCP conntrack: improve dead connection detection
         (bnc#874307).
       * Fix kABI breakage due to addition of user_ctl_lock (bnc#883795).
       * isofs: Fix unchecked printing of ER records.
       * kabi: protect struct ip_ct_tcp for bnc#874307 fix (bnc#874307).
       * s390: fix system hang on shutdown because of sclp_con (bnc#883223).
       * udf: Check component length before reading it.
       * udf: Check path length when reading symlink.
       * udf: Verify i_size when loading inode.
       * udf: Verify symlink size before loading it.
       * x86, 64-bit: Move K8 B step iret fixup to fault entry asm
         (preparatory patch).
       * x86, asm: Flip RESTORE_ARGS arguments logic (preparatory patch).
       * x86, asm: Thin down SAVE/RESTORE_* asm macros (preparatory patch).
       * x86: move dwarf2 related macro to dwarf2.h (preparatory patch).
       * xen: x86, asm: Flip RESTORE_ARGS arguments logic (preparatory patch).

   Security Issues:

       * CVE-2011-1090
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1090>
       * CVE-2011-1163
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163>
       * CVE-2011-1476
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1476>
       * CVE-2011-1477
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1477>
       * CVE-2011-1493
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1493>
       * CVE-2011-1494
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494>
       * CVE-2011-1495
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495>
       * CVE-2011-1585
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1585>
       * CVE-2011-4127
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4127>
       * CVE-2011-4132
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132>
       * CVE-2011-4913
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4913>
       * CVE-2011-4914
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4914>
       * CVE-2012-2313
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2313>
       * CVE-2012-2319
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2319>
       * CVE-2012-3400
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3400>
       * CVE-2012-6657
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6657>
       * CVE-2013-2147
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2147>
       * CVE-2013-4299
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299>
       * CVE-2013-6405
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6405>
       * CVE-2013-6463
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6463>
       * CVE-2014-0181
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181>
       * CVE-2014-1874
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874>
       * CVE-2014-3184
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184>
       * CVE-2014-3185
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185>
       * CVE-2014-3673
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673>
       * CVE-2014-3917
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917>
       * CVE-2014-4652
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652>
       * CVE-2014-4653
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653>
       * CVE-2014-4654
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654>
       * CVE-2014-4655
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655>
       * CVE-2014-4656
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656>
       * CVE-2014-4667
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667>
       * CVE-2014-5471
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471>
       * CVE-2014-5472
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472>
       * CVE-2014-9090
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090>
       * CVE-2014-9322
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322>
       * CVE-2014-9420
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420>
       * CVE-2014-9584
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584>
       * CVE-2015-2041
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2041>

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):

      kernel-default-2.6.16.60-0.132.1
      kernel-source-2.6.16.60-0.132.1
      kernel-syms-2.6.16.60-0.132.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64):

      kernel-debug-2.6.16.60-0.132.1
      kernel-kdump-2.6.16.60-0.132.1
      kernel-smp-2.6.16.60-0.132.1
      kernel-xen-2.6.16.60-0.132.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586):

      kernel-bigsmp-2.6.16.60-0.132.1
      kernel-kdumppae-2.6.16.60-0.132.1
      kernel-vmi-2.6.16.60-0.132.1
      kernel-vmipae-2.6.16.60-0.132.1
      kernel-xenpae-2.6.16.60-0.132.1


References:

   https://www.suse.com/security/cve/CVE-2011-1090.html
   https://www.suse.com/security/cve/CVE-2011-1163.html
   https://www.suse.com/security/cve/CVE-2011-1476.html
   https://www.suse.com/security/cve/CVE-2011-1477.html
   https://www.suse.com/security/cve/CVE-2011-1493.html
   https://www.suse.com/security/cve/CVE-2011-1494.html
   https://www.suse.com/security/cve/CVE-2011-1495.html
   https://www.suse.com/security/cve/CVE-2011-1585.html
   https://www.suse.com/security/cve/CVE-2011-4127.html
   https://www.suse.com/security/cve/CVE-2011-4132.html
   https://www.suse.com/security/cve/CVE-2011-4913.html
   https://www.suse.com/security/cve/CVE-2011-4914.html
   https://www.suse.com/security/cve/CVE-2012-2313.html
   https://www.suse.com/security/cve/CVE-2012-2319.html
   https://www.suse.com/security/cve/CVE-2012-3400.html
   https://www.suse.com/security/cve/CVE-2012-6657.html
   https://www.suse.com/security/cve/CVE-2013-2147.html
   https://www.suse.com/security/cve/CVE-2013-4299.html
   https://www.suse.com/security/cve/CVE-2013-6405.html
   https://www.suse.com/security/cve/CVE-2013-6463.html
   https://www.suse.com/security/cve/CVE-2014-0181.html
   https://www.suse.com/security/cve/CVE-2014-1874.html
   https://www.suse.com/security/cve/CVE-2014-3184.html
   https://www.suse.com/security/cve/CVE-2014-3185.html
   https://www.suse.com/security/cve/CVE-2014-3673.html
   https://www.suse.com/security/cve/CVE-2014-3917.html
   https://www.suse.com/security/cve/CVE-2014-4652.html
   https://www.suse.com/security/cve/CVE-2014-4653.html
   https://www.suse.com/security/cve/CVE-2014-4654.html
   https://www.suse.com/security/cve/CVE-2014-4655.html
   https://www.suse.com/security/cve/CVE-2014-4656.html
   https://www.suse.com/security/cve/CVE-2014-4667.html
   https://www.suse.com/security/cve/CVE-2014-5471.html
   https://www.suse.com/security/cve/CVE-2014-5472.html
   https://www.suse.com/security/cve/CVE-2014-9090.html
   https://www.suse.com/security/cve/CVE-2014-9322.html
   https://www.suse.com/security/cve/CVE-2014-9420.html
   https://www.suse.com/security/cve/CVE-2014-9584.html
   https://www.suse.com/security/cve/CVE-2015-2041.html
   https://bugzilla.suse.com/677286
   https://bugzilla.suse.com/679812
   https://bugzilla.suse.com/681175
   https://bugzilla.suse.com/681999
   https://bugzilla.suse.com/683282
   https://bugzilla.suse.com/685402
   https://bugzilla.suse.com/687812
   https://bugzilla.suse.com/730118
   https://bugzilla.suse.com/730200
   https://bugzilla.suse.com/738400
   https://bugzilla.suse.com/758813
   https://bugzilla.suse.com/760902
   https://bugzilla.suse.com/769784
   https://bugzilla.suse.com/823260
   https://bugzilla.suse.com/846404
   https://bugzilla.suse.com/853040
   https://bugzilla.suse.com/854722
   https://bugzilla.suse.com/863335
   https://bugzilla.suse.com/874307
   https://bugzilla.suse.com/875051
   https://bugzilla.suse.com/880484
   https://bugzilla.suse.com/883223
   https://bugzilla.suse.com/883795
   https://bugzilla.suse.com/885422
   https://bugzilla.suse.com/891844
   https://bugzilla.suse.com/892490
   https://bugzilla.suse.com/896390
   https://bugzilla.suse.com/896391
   https://bugzilla.suse.com/896779
   https://bugzilla.suse.com/902346
   https://bugzilla.suse.com/907818
   https://bugzilla.suse.com/908382
   https://bugzilla.suse.com/910251
   https://bugzilla.suse.com/911325
   https://download.suse.com/patch/finder/?keywords=15c960abc4733df91b510dfe4ba2ac6d
   https://download.suse.com/patch/finder/?keywords=2a99948c9c3be4a024a9fa4d408002be
   https://download.suse.com/patch/finder/?keywords=53c468d2b277f3335fcb5ddb08bda2e4



More information about the sle-security-updates mailing list