SUSE-SU-2017:0471-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Feb 15 13:07:56 MST 2017


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:0471-1
Rating:             important
References:         #1003153 #1003925 #1004462 #1004517 #1005666 
                    #1007197 #1008833 #1008979 #1009969 #1010040 
                    #1010475 #1010478 #1010501 #1010502 #1010507 
                    #1010612 #1010711 #1010716 #1011820 #1012422 
                    #1013038 #1013531 #1013540 #1013542 #1014746 
                    #1016482 #1017410 #1017589 #1017710 #1019300 
                    #1019851 #1020602 #1021258 #881008 #915183 
                    #958606 #961257 #970083 #971989 #976195 #978094 
                    #980371 #980560 #981038 #981597 #981709 #982282 
                    #982544 #983619 #983721 #983977 #984148 #984419 
                    #984755 #985978 #986362 #986365 #986445 #986569 
                    #986572 #986811 #986941 #987542 #987565 #987576 
                    #989152 #990384 #991608 #991665 #993392 #993890 
                    #993891 #994296 #994748 #994881 #995968 #997708 
                    #998795 #999584 #999600 #999932 #999943 
Cross-References:   CVE-2014-9904 CVE-2015-8956 CVE-2015-8962
                    CVE-2015-8963 CVE-2015-8964 CVE-2016-10088
                    CVE-2016-4470 CVE-2016-4998 CVE-2016-5696
                    CVE-2016-5828 CVE-2016-5829 CVE-2016-6130
                    CVE-2016-6327 CVE-2016-6480 CVE-2016-6828
                    CVE-2016-7042 CVE-2016-7097 CVE-2016-7425
                    CVE-2016-7910 CVE-2016-7911 CVE-2016-7913
                    CVE-2016-7914 CVE-2016-8399 CVE-2016-8633
                    CVE-2016-8645 CVE-2016-8658 CVE-2016-9083
                    CVE-2016-9084 CVE-2016-9756 CVE-2016-9793
                    CVE-2016-9806 CVE-2017-2583 CVE-2017-2584
                    CVE-2017-5551
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12
                    SUSE Linux Enterprise Server 12-LTSS
                    SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

   An update that solves 34 vulnerabilities and has 48 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to
   receive various security and bugfixes.

   The following feature was implemented:

   - The ext2 filesystem got reenabled and supported to allow support for
     "XIP" (Execute In Place) (FATE#320805).


   The following security bugs were fixed:

   - CVE-2017-5551: The tmpfs filesystem implementation in the Linux kernel
     preserved the setgid bit during a setxattr call, which allowed local
     users to gain group privileges by leveraging the existence of a setgid
     program with restrictions on execute permissions (bsc#1021258).
   - CVE-2016-7097: The filesystem implementation in the Linux kernel
     preserved the setgid bit during a setxattr call, which allowed local
     users to gain group privileges by leveraging the existence of a setgid
     program with restrictions on execute permissions (bnc#995968).
   - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual
     Machine (CONFIG_KVM) support was vulnerable to an incorrect segment
     selector(SS) value error. A user/process inside guest could have used
     this flaw to crash the guest resulting in DoS or potentially escalate
     their privileges inside guest. (bsc#1020602).
   - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local
     users to obtain sensitive information from kernel memory or cause a
     denial of service (use-after-free) via a crafted application that
     leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt
     (bnc#1019851).
   - CVE-2016-10088: The sg implementation in the Linux kernel did not
     properly restrict write operations in situations where the KERNEL_DS
     option is set, which allowed local users to read or write to arbitrary
     kernel memory locations or cause a denial of service (use-after-free) by
     leveraging access to a /dev/sg device, related to block/bsg.c and
     drivers/scsi/sg.c.  NOTE: this vulnerability exists because of an
     incomplete fix for CVE-2016-9576 (bnc#1017710).
   - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb
     truncation, which allowed local users to cause a denial of service
     (system crash) via a crafted application that made sendto system calls,
     related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).
   - CVE-2016-8399: An elevation of privilege vulnerability in the kernel
     networking subsystem could enable a local malicious application to
     execute arbitrary code within the context of the kernel. This issue is
     rated as Moderate because it first requires compromising a privileged
     process and current compiler optimizations restrict access to the
     vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18.
     Android ID: A-31349935 (bnc#1014746).
   - CVE-2016-9806: Race condition in the netlink_dump function in
     net/netlink/af_netlink.c in the Linux kernel allowed local users to
     cause a denial of service (double free) or possibly have unspecified
     other impact via a crafted application that made sendmsg system calls,
     leading to a free operation associated with a new dump that started
     earlier than anticipated (bnc#1013540).
   - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not
     properly initialize Code Segment (CS) in certain error cases, which
     allowed local users to obtain sensitive information from kernel stack
     memory via a crafted application (bnc#1013038).
   - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the
     Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
     which allowed local users to cause a denial of service (memory
     corruption and system crash) or possibly have unspecified other impact
     by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt
     system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option
     (bnc#1013531).
   - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop
     function in block/genhd.c in the Linux kernel allowed local users to
     gain privileges by leveraging the execution of a certain stop operation
     even if the corresponding start operation had failed (bnc#1010716).
   - CVE-2015-8962: Double free vulnerability in the sg_common_write function
     in drivers/scsi/sg.c in the Linux kernel allowed local users to gain
     privileges or cause a denial of service (memory corruption and system
     crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).
   - CVE-2016-7913: The xc2028_set_config function in
     drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local
     users to gain privileges or cause a denial of service (use-after-free)
     via vectors involving omission of the firmware name from a certain data
     structure (bnc#1010478).
   - CVE-2016-7911: Race condition in the get_task_ioprio function in
     block/ioprio.c in the Linux kernel allowed local users to gain
     privileges or cause a denial of service (use-after-free) via a crafted
     ioprio_get system call (bnc#1010711).
   - CVE-2015-8964: The tty_set_termios_ldisc function in
     drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to
     obtain sensitive information from kernel memory by reading a tty data
     structure (bnc#1010507).
   - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux
     kernel allowed local users to gain privileges or cause a denial of
     service (use-after-free) by leveraging incorrect handling of an swevent
     data structure during a CPU unplug operation (bnc#1010502).
   - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in
     lib/assoc_array.c in the Linux kernel did not check whether a slot is a
     leaf, which allowed local users to obtain sensitive information from
     kernel memory or cause a denial of service (invalid pointer dereference
     and out-of-bounds read) via an application that uses associative-array
     data structures, as demonstrated by the keyutils test suite
     (bnc#1010475).
   - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel allowed remote
     attackers to execute arbitrary code via crafted fragmented packets
     (bnc#1008833).
   - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed
     local users to bypass integer overflow checks, and cause a denial of
     service (memory corruption) or have unspecified other impact, by
     leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS
     ioctl call, aka a "state machine confusion bug (bnc#1007197).
   - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel
     misused the kzalloc function, which allowed local users to cause a
     denial of service (integer overflow) or have unspecified other impact by
     leveraging access to a vfio PCI device file (bnc#1007197).
   - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in
     the Linux kernel uses an incorrect buffer size for certain timeout data,
     which allowed local users to cause a denial of service (stack memory
     corruption and panic) by reading the /proc/keys file (bnc#1004517).
   - CVE-2015-8956: The rfcomm_sock_bind function in
     net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to
     obtain sensitive information or cause a denial of service (NULL pointer
     dereference) via vectors involving a bind system call on a Bluetooth
     RFCOMM socket (bnc#1003925).
   - CVE-2016-8658: Stack-based buffer overflow in the
     brcmf_cfg80211_start_ap function in
     drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux
     kernel allowed local users to cause a denial of service (system crash)
     or possibly have unspecified other impact via a long SSID Information
     Element in a command to a Netlink socket (bnc#1004462).
   - CVE-2016-7425: The arcmsr_iop_message_xfer function in
     drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a
     certain length field, which allowed local users to gain privileges or
     cause a denial of service (heap-based buffer overflow) via an
     ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
   - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel
     allowed local users to cause a denial of service (NULL pointer
     dereference and system crash) by using an ABORT_TASK command to abort a
     device write operation (bnc#994748).
   - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in
     the Linux kernel did not properly maintain certain SACK state after a
     failed data copy, which allowed local users to cause a denial of service
     (tcp_xmit_retransmit_queue use-after-free and system crash) via a
     crafted SACK option (bnc#994296).
   - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly
     determine the rate of challenge ACK segments, which made it easier for
     remote attackers to hijack TCP sessions via a blind in-window attack
     (bnc#989152).
   - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in
     drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to
     obtain sensitive information from kernel memory by changing a certain
     length value, aka a "double fetch" vulnerability (bnc#987542).
   - CVE-2016-6480: Race condition in the ioctl_send_fib function in
     drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users
     to cause a denial of service (out-of-bounds access or system crash) by
     changing a certain size value, aka a "double fetch" vulnerability
     (bnc#991608).
   - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the
     netfilter subsystem in the Linux kernel allowed local users to cause a
     denial of service (out-of-bounds read) or possibly obtain sensitive
     information from kernel heap memory by leveraging in-container root
     access to provide a crafted offset value that leads to crossing a
     ruleset blob boundary (bnc#986362 bnc#986365).
   - CVE-2016-5828: The start_thread function in
     arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms
     mishandled transactional state, which allowed local users to cause a
     denial of service (invalid process state or TM Bad Thing exception, and
     system crash) or possibly have unspecified other impact by starting and
     suspending a transaction before an exec system call (bnc#986569).
   - CVE-2014-9904: The snd_compress_check_input function in
     sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel
     did not properly check for an integer overflow, which allowed local
     users to cause a denial of service (insufficient memory allocation) or
     possibly have unspecified other impact via a crafted
     SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).
   - CVE-2016-5829: Multiple heap-based buffer overflows in the
     hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux
     kernel allow local users to cause a denial of service or possibly have
     unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)
     HIDIOCSUSAGES ioctl call (bnc#986572).
   - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c
     in the Linux kernel did not ensure that a certain data structure is
     initialized, which allowed local users to cause a denial of service
     (system crash) via vectors involving a crafted keyctl request2 command
     (bnc#984755).

   The following non-security bugs were fixed:

   - base: make module_create_drivers_dir race-free (bnc#983977).
   - btrfs-8448-improve-performance-on-fsync-against-new-inode.patch: Disable
     (bsc#981597).
   - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction
     (bsc#983619).
   - btrfs: be more precise on errors when getting an inode from disk
     (bsc#981038).
   - btrfs: do not create or leak aliased root while cleaning up orphans
     (bsc#994881).
   - btrfs: ensure that file descriptor used with subvol ioctls is a dir
     (bsc#999600).
   - btrfs: fix relocation incorrectly dropping data references (bsc#990384).
   - btrfs: handle quota reserve failure properly (bsc#1005666).
   - btrfs: improve performance on fsync against new inode after
     rename/unlink (bsc#981038).
   - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir
     (bsc#981709).
   - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()
     (bsc#981709).
   - cdc-acm: added sanity checking for probe() (bsc#993891).
   - ext2: Enable ext2 driver in config files (bsc#976195, fate#320805)
   - ext4: Add parameter for tuning handling of ext2 (bsc#976195).
   - ext4: Fixup handling for custom configs in tuning.
   - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short
     jumps to it (bsc#984419).
   - ipv6: Fix improper use or RCU in
     patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch.
     (bsc#961257)
   - ipv6: KABI workaround for ipv6: add complete rcu protection around
     np->opt.
   - kabi: prevent spurious modversion changes after bsc#982544 fix
     (bsc#982544).
   - kabi: reintroduce sk_filter (kabi).
   - kaweth: fix firmware download (bsc#993890).
   - kaweth: fix oops upon failed memory allocation (bsc#993890).
   - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread
     (bsc#1010612, fate#313296).
   - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410,
     fate#313296).
   - kgr: ignore zombie tasks during the patching (bnc#1008979).
   - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).
   - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED
     (VM Functionality, bnc#986445).
   - modsign: Print appropriate status message when accessing UEFI variable
     (bsc#958606).
   - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).
   - mpt3sas: Fix panic when aer correct error occurred (bsc#997708,
     bsc#999943).
   - netfilter: allow logging fron non-init netns (bsc#970083).
   - netfilter: bridge: do not leak skb in error paths (bsc#982544).
   - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).
   - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in
     br_validate_ipv6 (bsc#982544).
   - nfs: Do not write enable new pages while an invalidation is proceeding
     (bsc#999584).
   - nfs: Fix a regression in the read() syscall (bsc#999584).
   - pci/aer: Clear error status registers during enumeration and restore
     (bsc#985978).
   - ppp: defer netns reference release for ppp channel (bsc#980371).
   - reiserfs: fix race in prealloc discard (bsc#987576).
   - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)
   - scsi: Increase REPORT_LUNS timeout (bsc#982282).
   - series.conf: move stray netfilter patches to the right section
   - squashfs3: properly handle dir_emit() failures (bsc#998795).
   - supported.conf: Add ext2
   - timers: Use proper base migration in add_timer_on() (bnc#993392).
   - tty: audit: Fix audit source (bsc#1016482).
   - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).
   - usb: fix typo in wMaxPacketSize validation (bsc#991665).
   - usb: validate wMaxPacketValue entries in endpoint descriptors
     (bnc#991665).
   - xen: Fix refcnt regression in xen netback introduced by changes made for
     bug#881008 (bnc#978094)
   - xfs: allow lazy sb counter sync during filesystem freeze sequence
     (bsc#980560).
   - xfs: fixed signedness of error code in xfs_inode_buf_verify
     (bsc#1003153).
   - xfs: fix premature enospc on inode allocation (bsc#984148).
   - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148).
   - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148).
   - xfs: refactor xlog_recover_process_data() (bsc#1019300).
   - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).
   - xhci: silence warnings in switch (bnc#991665).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 12:

      zypper in -t patch SUSE-SLE-SAP-12-2017-247=1

   - SUSE Linux Enterprise Server 12-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-2017-247=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-247=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server for SAP 12 (noarch):

      kernel-devel-3.12.61-52.66.1
      kernel-macros-3.12.61-52.66.1
      kernel-source-3.12.61-52.66.1

   - SUSE Linux Enterprise Server for SAP 12 (x86_64):

      kernel-default-3.12.61-52.66.1
      kernel-default-base-3.12.61-52.66.1
      kernel-default-base-debuginfo-3.12.61-52.66.1
      kernel-default-debuginfo-3.12.61-52.66.1
      kernel-default-debugsource-3.12.61-52.66.1
      kernel-default-devel-3.12.61-52.66.1
      kernel-syms-3.12.61-52.66.1
      kernel-xen-3.12.61-52.66.1
      kernel-xen-base-3.12.61-52.66.1
      kernel-xen-base-debuginfo-3.12.61-52.66.1
      kernel-xen-debuginfo-3.12.61-52.66.1
      kernel-xen-debugsource-3.12.61-52.66.1
      kernel-xen-devel-3.12.61-52.66.1
      kgraft-patch-3_12_61-52_66-default-1-2.1
      kgraft-patch-3_12_61-52_66-xen-1-2.1

   - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

      kernel-default-3.12.61-52.66.1
      kernel-default-base-3.12.61-52.66.1
      kernel-default-base-debuginfo-3.12.61-52.66.1
      kernel-default-debuginfo-3.12.61-52.66.1
      kernel-default-debugsource-3.12.61-52.66.1
      kernel-default-devel-3.12.61-52.66.1
      kernel-syms-3.12.61-52.66.1

   - SUSE Linux Enterprise Server 12-LTSS (noarch):

      kernel-devel-3.12.61-52.66.1
      kernel-macros-3.12.61-52.66.1
      kernel-source-3.12.61-52.66.1

   - SUSE Linux Enterprise Server 12-LTSS (x86_64):

      kernel-xen-3.12.61-52.66.1
      kernel-xen-base-3.12.61-52.66.1
      kernel-xen-base-debuginfo-3.12.61-52.66.1
      kernel-xen-debuginfo-3.12.61-52.66.1
      kernel-xen-debugsource-3.12.61-52.66.1
      kernel-xen-devel-3.12.61-52.66.1
      kgraft-patch-3_12_61-52_66-default-1-2.1
      kgraft-patch-3_12_61-52_66-xen-1-2.1

   - SUSE Linux Enterprise Server 12-LTSS (s390x):

      kernel-default-man-3.12.61-52.66.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.61-52.66.1
      kernel-ec2-debuginfo-3.12.61-52.66.1
      kernel-ec2-debugsource-3.12.61-52.66.1
      kernel-ec2-devel-3.12.61-52.66.1
      kernel-ec2-extra-3.12.61-52.66.1
      kernel-ec2-extra-debuginfo-3.12.61-52.66.1


References:

   https://www.suse.com/security/cve/CVE-2014-9904.html
   https://www.suse.com/security/cve/CVE-2015-8956.html
   https://www.suse.com/security/cve/CVE-2015-8962.html
   https://www.suse.com/security/cve/CVE-2015-8963.html
   https://www.suse.com/security/cve/CVE-2015-8964.html
   https://www.suse.com/security/cve/CVE-2016-10088.html
   https://www.suse.com/security/cve/CVE-2016-4470.html
   https://www.suse.com/security/cve/CVE-2016-4998.html
   https://www.suse.com/security/cve/CVE-2016-5696.html
   https://www.suse.com/security/cve/CVE-2016-5828.html
   https://www.suse.com/security/cve/CVE-2016-5829.html
   https://www.suse.com/security/cve/CVE-2016-6130.html
   https://www.suse.com/security/cve/CVE-2016-6327.html
   https://www.suse.com/security/cve/CVE-2016-6480.html
   https://www.suse.com/security/cve/CVE-2016-6828.html
   https://www.suse.com/security/cve/CVE-2016-7042.html
   https://www.suse.com/security/cve/CVE-2016-7097.html
   https://www.suse.com/security/cve/CVE-2016-7425.html
   https://www.suse.com/security/cve/CVE-2016-7910.html
   https://www.suse.com/security/cve/CVE-2016-7911.html
   https://www.suse.com/security/cve/CVE-2016-7913.html
   https://www.suse.com/security/cve/CVE-2016-7914.html
   https://www.suse.com/security/cve/CVE-2016-8399.html
   https://www.suse.com/security/cve/CVE-2016-8633.html
   https://www.suse.com/security/cve/CVE-2016-8645.html
   https://www.suse.com/security/cve/CVE-2016-8658.html
   https://www.suse.com/security/cve/CVE-2016-9083.html
   https://www.suse.com/security/cve/CVE-2016-9084.html
   https://www.suse.com/security/cve/CVE-2016-9756.html
   https://www.suse.com/security/cve/CVE-2016-9793.html
   https://www.suse.com/security/cve/CVE-2016-9806.html
   https://www.suse.com/security/cve/CVE-2017-2583.html
   https://www.suse.com/security/cve/CVE-2017-2584.html
   https://www.suse.com/security/cve/CVE-2017-5551.html
   https://bugzilla.suse.com/1003153
   https://bugzilla.suse.com/1003925
   https://bugzilla.suse.com/1004462
   https://bugzilla.suse.com/1004517
   https://bugzilla.suse.com/1005666
   https://bugzilla.suse.com/1007197
   https://bugzilla.suse.com/1008833
   https://bugzilla.suse.com/1008979
   https://bugzilla.suse.com/1009969
   https://bugzilla.suse.com/1010040
   https://bugzilla.suse.com/1010475
   https://bugzilla.suse.com/1010478
   https://bugzilla.suse.com/1010501
   https://bugzilla.suse.com/1010502
   https://bugzilla.suse.com/1010507
   https://bugzilla.suse.com/1010612
   https://bugzilla.suse.com/1010711
   https://bugzilla.suse.com/1010716
   https://bugzilla.suse.com/1011820
   https://bugzilla.suse.com/1012422
   https://bugzilla.suse.com/1013038
   https://bugzilla.suse.com/1013531
   https://bugzilla.suse.com/1013540
   https://bugzilla.suse.com/1013542
   https://bugzilla.suse.com/1014746
   https://bugzilla.suse.com/1016482
   https://bugzilla.suse.com/1017410
   https://bugzilla.suse.com/1017589
   https://bugzilla.suse.com/1017710
   https://bugzilla.suse.com/1019300
   https://bugzilla.suse.com/1019851
   https://bugzilla.suse.com/1020602
   https://bugzilla.suse.com/1021258
   https://bugzilla.suse.com/881008
   https://bugzilla.suse.com/915183
   https://bugzilla.suse.com/958606
   https://bugzilla.suse.com/961257
   https://bugzilla.suse.com/970083
   https://bugzilla.suse.com/971989
   https://bugzilla.suse.com/976195
   https://bugzilla.suse.com/978094
   https://bugzilla.suse.com/980371
   https://bugzilla.suse.com/980560
   https://bugzilla.suse.com/981038
   https://bugzilla.suse.com/981597
   https://bugzilla.suse.com/981709
   https://bugzilla.suse.com/982282
   https://bugzilla.suse.com/982544
   https://bugzilla.suse.com/983619
   https://bugzilla.suse.com/983721
   https://bugzilla.suse.com/983977
   https://bugzilla.suse.com/984148
   https://bugzilla.suse.com/984419
   https://bugzilla.suse.com/984755
   https://bugzilla.suse.com/985978
   https://bugzilla.suse.com/986362
   https://bugzilla.suse.com/986365
   https://bugzilla.suse.com/986445
   https://bugzilla.suse.com/986569
   https://bugzilla.suse.com/986572
   https://bugzilla.suse.com/986811
   https://bugzilla.suse.com/986941
   https://bugzilla.suse.com/987542
   https://bugzilla.suse.com/987565
   https://bugzilla.suse.com/987576
   https://bugzilla.suse.com/989152
   https://bugzilla.suse.com/990384
   https://bugzilla.suse.com/991608
   https://bugzilla.suse.com/991665
   https://bugzilla.suse.com/993392
   https://bugzilla.suse.com/993890
   https://bugzilla.suse.com/993891
   https://bugzilla.suse.com/994296
   https://bugzilla.suse.com/994748
   https://bugzilla.suse.com/994881
   https://bugzilla.suse.com/995968
   https://bugzilla.suse.com/997708
   https://bugzilla.suse.com/998795
   https://bugzilla.suse.com/999584
   https://bugzilla.suse.com/999600
   https://bugzilla.suse.com/999932
   https://bugzilla.suse.com/999943



More information about the sle-security-updates mailing list