From sle-security-updates at lists.suse.com Wed Aug 1 10:07:35 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Aug 2018 18:07:35 +0200 (CEST) Subject: SUSE-SU-2018:2158-1: moderate: Security update for ovmf Message-ID: <20180801160735.DBF42FD35@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2158-1 Rating: moderate References: #1077330 #1094290 #1094291 Cross-References: CVE-2018-0739 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for ovmf provide the following fix: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094290, bsc#1094291). Bug fixes: - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility. (bsc#1077330) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1470=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): ovmf-2017+git1492060560.b6d11d7c46-4.9.4 ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4 - SUSE Linux Enterprise Server 12-SP3 (noarch): qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4 qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.9.4 References: https://www.suse.com/security/cve/CVE-2018-0739.html https://bugzilla.suse.com/1077330 https://bugzilla.suse.com/1094290 https://bugzilla.suse.com/1094291 From sle-security-updates at lists.suse.com Wed Aug 1 10:10:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Aug 2018 18:10:45 +0200 (CEST) Subject: SUSE-SU-2018:2162-1: moderate: Security update for cups Message-ID: <20180801161045.2580EFD35@maintenance.suse.de> SUSE Security Update: Security update for cups ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2162-1 Rating: moderate References: #1050082 #1061066 #1087018 #1096405 #1096406 #1096407 #1096408 Cross-References: CVE-2017-18248 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for cups fixes the following issues: The following security vulnerabilities were fixed: - CVE-2017-18248: Handle invalid characters properly in printing jobs. This fixes a problem that was causing the DBUS library to abort the calling process. (bsc#1061066 bsc#1087018) - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405) - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406) - CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407) - CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408) The following other issue was fixed: - Fixed authorization check for clients (like samba) connected through the local socket when Kerberos authentication is enabled (bsc#1050082) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1471=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1471=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1471=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): cups-ddk-1.7.5-20.14.1 cups-ddk-debuginfo-1.7.5-20.14.1 cups-debuginfo-1.7.5-20.14.1 cups-debugsource-1.7.5-20.14.1 cups-devel-1.7.5-20.14.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cups-1.7.5-20.14.1 cups-client-1.7.5-20.14.1 cups-client-debuginfo-1.7.5-20.14.1 cups-debuginfo-1.7.5-20.14.1 cups-debugsource-1.7.5-20.14.1 cups-libs-1.7.5-20.14.1 cups-libs-debuginfo-1.7.5-20.14.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): cups-libs-32bit-1.7.5-20.14.1 cups-libs-debuginfo-32bit-1.7.5-20.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cups-1.7.5-20.14.1 cups-client-1.7.5-20.14.1 cups-client-debuginfo-1.7.5-20.14.1 cups-debuginfo-1.7.5-20.14.1 cups-debugsource-1.7.5-20.14.1 cups-libs-1.7.5-20.14.1 cups-libs-32bit-1.7.5-20.14.1 cups-libs-debuginfo-1.7.5-20.14.1 cups-libs-debuginfo-32bit-1.7.5-20.14.1 References: https://www.suse.com/security/cve/CVE-2017-18248.html https://www.suse.com/security/cve/CVE-2018-4180.html https://www.suse.com/security/cve/CVE-2018-4181.html https://www.suse.com/security/cve/CVE-2018-4182.html https://www.suse.com/security/cve/CVE-2018-4183.html https://bugzilla.suse.com/1050082 https://bugzilla.suse.com/1061066 https://bugzilla.suse.com/1087018 https://bugzilla.suse.com/1096405 https://bugzilla.suse.com/1096406 https://bugzilla.suse.com/1096407 https://bugzilla.suse.com/1096408 From sle-security-updates at lists.suse.com Wed Aug 1 10:12:18 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Aug 2018 18:12:18 +0200 (CEST) Subject: SUSE-SU-2018:2163-1: moderate: Security update for polkit Message-ID: <20180801161218.475C6FD35@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2163-1 Rating: moderate References: #1099031 Cross-References: CVE-2018-1116 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1468=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1468=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1468=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1468=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libpolkit0-32bit-0.113-5.9.1 libpolkit0-debuginfo-32bit-0.113-5.9.1 polkit-debugsource-0.113-5.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): polkit-debuginfo-0.113-5.9.1 polkit-debugsource-0.113-5.9.1 polkit-devel-0.113-5.9.1 polkit-devel-debuginfo-0.113-5.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpolkit0-0.113-5.9.1 libpolkit0-debuginfo-0.113-5.9.1 polkit-0.113-5.9.1 polkit-debuginfo-0.113-5.9.1 polkit-debugsource-0.113-5.9.1 typelib-1_0-Polkit-1_0-0.113-5.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpolkit0-0.113-5.9.1 libpolkit0-32bit-0.113-5.9.1 libpolkit0-debuginfo-0.113-5.9.1 libpolkit0-debuginfo-32bit-0.113-5.9.1 polkit-0.113-5.9.1 polkit-debuginfo-0.113-5.9.1 polkit-debugsource-0.113-5.9.1 typelib-1_0-Polkit-1_0-0.113-5.9.1 References: https://www.suse.com/security/cve/CVE-2018-1116.html https://bugzilla.suse.com/1099031 From sle-security-updates at lists.suse.com Wed Aug 1 10:13:30 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Aug 2018 18:13:30 +0200 (CEST) Subject: SUSE-SU-2018:2165-1: moderate: Security update for polkit Message-ID: <20180801161330.46344FD35@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2165-1 Rating: moderate References: #1099031 Cross-References: CVE-2018-1116 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1469=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpolkit0-0.114-3.3.1 libpolkit0-debuginfo-0.114-3.3.1 polkit-0.114-3.3.1 polkit-debuginfo-0.114-3.3.1 polkit-debugsource-0.114-3.3.1 polkit-devel-0.114-3.3.1 polkit-devel-debuginfo-0.114-3.3.1 typelib-1_0-Polkit-1_0-0.114-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-1116.html https://bugzilla.suse.com/1099031 From sle-security-updates at lists.suse.com Thu Aug 2 10:07:55 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Aug 2018 18:07:55 +0200 (CEST) Subject: SUSE-SU-2018:2171-1: important: Security update for libtirpc Message-ID: <20180802160755.CF840FD35@maintenance.suse.de> SUSE Security Update: Security update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2171-1 Rating: important References: #1072183 #968175 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libtirpc fixes the following issues: Security issue fixed: - bsc#968175: Fix remote crash of RPC services. Bug fixes: - bsc#1072183: Send RPC getport call as specified via parameter. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1474=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1474=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1474=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.3.1 libtirpc-devel-1.0.1-17.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.3.1 libtirpc-netconfig-1.0.1-17.3.1 libtirpc3-1.0.1-17.3.1 libtirpc3-debuginfo-1.0.1-17.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libtirpc3-32bit-1.0.1-17.3.1 libtirpc3-debuginfo-32bit-1.0.1-17.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libtirpc-debugsource-1.0.1-17.3.1 libtirpc-netconfig-1.0.1-17.3.1 libtirpc3-1.0.1-17.3.1 libtirpc3-32bit-1.0.1-17.3.1 libtirpc3-debuginfo-1.0.1-17.3.1 libtirpc3-debuginfo-32bit-1.0.1-17.3.1 - SUSE CaaS Platform ALL (x86_64): libtirpc-debugsource-1.0.1-17.3.1 libtirpc-netconfig-1.0.1-17.3.1 libtirpc3-1.0.1-17.3.1 libtirpc3-debuginfo-1.0.1-17.3.1 - SUSE CaaS Platform 3.0 (x86_64): libtirpc-debugsource-1.0.1-17.3.1 libtirpc-netconfig-1.0.1-17.3.1 libtirpc3-1.0.1-17.3.1 libtirpc3-debuginfo-1.0.1-17.3.1 References: https://bugzilla.suse.com/1072183 https://bugzilla.suse.com/968175 From sle-security-updates at lists.suse.com Thu Aug 2 10:08:41 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Aug 2018 18:08:41 +0200 (CEST) Subject: SUSE-SU-2018:2172-1: moderate: Security update for cups Message-ID: <20180802160841.AF274FD35@maintenance.suse.de> SUSE Security Update: Security update for cups ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2172-1 Rating: moderate References: #1096405 #1096406 #1096407 #1096408 Cross-References: CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for cups fixes the following issues: The following security vulnerabilities were fixed: - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405) - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406) - CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407) - CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1476=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1476=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1476=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): cups-ddk-2.2.7-3.3.1 cups-ddk-debuginfo-2.2.7-3.3.1 cups-debuginfo-2.2.7-3.3.1 cups-debugsource-2.2.7-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): cups-debugsource-2.2.7-3.3.1 libcups2-32bit-2.2.7-3.3.1 libcups2-32bit-debuginfo-2.2.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): cups-2.2.7-3.3.1 cups-client-2.2.7-3.3.1 cups-client-debuginfo-2.2.7-3.3.1 cups-config-2.2.7-3.3.1 cups-debuginfo-2.2.7-3.3.1 cups-debugsource-2.2.7-3.3.1 cups-devel-2.2.7-3.3.1 libcups2-2.2.7-3.3.1 libcups2-debuginfo-2.2.7-3.3.1 libcupscgi1-2.2.7-3.3.1 libcupscgi1-debuginfo-2.2.7-3.3.1 libcupsimage2-2.2.7-3.3.1 libcupsimage2-debuginfo-2.2.7-3.3.1 libcupsmime1-2.2.7-3.3.1 libcupsmime1-debuginfo-2.2.7-3.3.1 libcupsppdc1-2.2.7-3.3.1 libcupsppdc1-debuginfo-2.2.7-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-4180.html https://www.suse.com/security/cve/CVE-2018-4181.html https://www.suse.com/security/cve/CVE-2018-4182.html https://www.suse.com/security/cve/CVE-2018-4183.html https://bugzilla.suse.com/1096405 https://bugzilla.suse.com/1096406 https://bugzilla.suse.com/1096407 https://bugzilla.suse.com/1096408 From sle-security-updates at lists.suse.com Thu Aug 2 10:09:59 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Aug 2018 18:09:59 +0200 (CEST) Subject: SUSE-SU-2018:2174-1: moderate: Security update for Mozilla Thunderbird Message-ID: <20180802160959.80F74FD35@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Thunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2174-1 Rating: moderate References: #1076907 #1085780 #1091376 #1098998 #1100079 #1100081 #1100082 #1100780 Cross-References: CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374 CVE-2018-5188 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for Mozilla Thunderbird to version 52.9.1 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base (MFSA 2018-16, bsc#1098998): - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-5188: Memory safety bugs fixed in Thunderbird 52.9.0 Security issues fixed that affect e-mail privacy and integrity (including EFAIL): - CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML emails (bsc#1100082) - CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward (bsc#1100079) - CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing enter in form field (bsc#1100081) The following options are available for added security in certain scenarios: - Option for not decrypting subordinate message parts that otherwise might reveal decryted content to the attacker. Preference mailnews.p7m_subparts_external needs to be set to true for added security. The following upstream changes are included: - Thunderbird will now prompt to compact IMAP folders even if the account is online - Fix various problems when forwarding messages inline when using "simple" HTML view - Deleting or detaching attachments corrupted messages under certain circumstances (bsc#1100780) The following tracked packaging changes are included: - correct requires and provides handling (boo#1076907) - reduce memory footprint with %ix86 at linking time via additional compiler flags (boo#1091376) - Build from upstream source archive and verify source signature (boo#1085780) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-1475=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-52.9.1-3.7.1 MozillaThunderbird-debuginfo-52.9.1-3.7.1 MozillaThunderbird-debugsource-52.9.1-3.7.1 MozillaThunderbird-devel-52.9.1-3.7.1 MozillaThunderbird-translations-common-52.9.1-3.7.1 MozillaThunderbird-translations-other-52.9.1-3.7.1 References: https://www.suse.com/security/cve/CVE-2018-12359.html https://www.suse.com/security/cve/CVE-2018-12360.html https://www.suse.com/security/cve/CVE-2018-12362.html https://www.suse.com/security/cve/CVE-2018-12363.html https://www.suse.com/security/cve/CVE-2018-12364.html https://www.suse.com/security/cve/CVE-2018-12365.html https://www.suse.com/security/cve/CVE-2018-12366.html https://www.suse.com/security/cve/CVE-2018-12372.html https://www.suse.com/security/cve/CVE-2018-12373.html https://www.suse.com/security/cve/CVE-2018-12374.html https://www.suse.com/security/cve/CVE-2018-5188.html https://bugzilla.suse.com/1076907 https://bugzilla.suse.com/1085780 https://bugzilla.suse.com/1091376 https://bugzilla.suse.com/1098998 https://bugzilla.suse.com/1100079 https://bugzilla.suse.com/1100081 https://bugzilla.suse.com/1100082 https://bugzilla.suse.com/1100780 From sle-security-updates at lists.suse.com Fri Aug 3 13:09:31 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Aug 2018 21:09:31 +0200 (CEST) Subject: SUSE-SU-2018:2181-1: moderate: Recommended update for yast2-ftp-server Message-ID: <20180803190931.98C11FD82@maintenance.suse.de> SUSE Security Update: Recommended update for yast2-ftp-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2181-1 Rating: moderate References: #1041829 #921303 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for yast2-ftp-server fixes the following issues: Feature update: fate#321043: Added additional searchkeys to desktop file. Security issues fixed: - bsc#921303: Drop SSLv2 and SSLv3 as it is dropped for security reason for vsftpd. Bug fixes: - bsc#1041829: Do not modify value when Browse dialog is canceled. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1491=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-ftp-server-4.0.7-3.3.1 References: https://bugzilla.suse.com/1041829 https://bugzilla.suse.com/921303 From sle-security-updates at lists.suse.com Fri Aug 3 13:16:55 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Aug 2018 21:16:55 +0200 (CEST) Subject: SUSE-SU-2018:2185-1: important: Security update for glibc Message-ID: <20180803191655.D5BFEFD82@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2185-1 Rating: important References: #1051791 #1064569 #1064580 #1064583 #1094161 Cross-References: CVE-2017-12132 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2018-11236 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-15804: Fix buffer overflow during unescaping of user names in the glob function in glob.c (bsc#1064580). - CVE-2017-15670: Fix buffer overflow in glob with GLOB_TILDE (bsc#1064583). - CVE-2017-15671: Fix memory leak in glob with GLOB_TILDE (bsc#1064569). - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161). - CVE-2017-12132: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks (bsc#1051791). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1482=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1482=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): glibc-2.19-40.16.950 glibc-debuginfo-2.19-40.16.950 glibc-debugsource-2.19-40.16.950 glibc-devel-2.19-40.16.950 glibc-devel-debuginfo-2.19-40.16.950 glibc-locale-2.19-40.16.950 glibc-locale-debuginfo-2.19-40.16.950 glibc-profile-2.19-40.16.950 nscd-2.19-40.16.950 nscd-debuginfo-2.19-40.16.950 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): glibc-html-2.19-40.16.950 glibc-i18ndata-2.19-40.16.950 glibc-info-2.19-40.16.950 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): glibc-32bit-2.19-40.16.950 glibc-debuginfo-32bit-2.19-40.16.950 glibc-devel-32bit-2.19-40.16.950 glibc-devel-debuginfo-32bit-2.19-40.16.950 glibc-locale-32bit-2.19-40.16.950 glibc-locale-debuginfo-32bit-2.19-40.16.950 glibc-profile-32bit-2.19-40.16.950 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): glibc-2.19-40.16.950 glibc-debuginfo-2.19-40.16.950 glibc-debugsource-2.19-40.16.950 glibc-devel-2.19-40.16.950 glibc-devel-debuginfo-2.19-40.16.950 glibc-locale-2.19-40.16.950 glibc-locale-debuginfo-2.19-40.16.950 glibc-profile-2.19-40.16.950 nscd-2.19-40.16.950 nscd-debuginfo-2.19-40.16.950 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): glibc-32bit-2.19-40.16.950 glibc-debuginfo-32bit-2.19-40.16.950 glibc-devel-32bit-2.19-40.16.950 glibc-devel-debuginfo-32bit-2.19-40.16.950 glibc-locale-32bit-2.19-40.16.950 glibc-locale-debuginfo-32bit-2.19-40.16.950 glibc-profile-32bit-2.19-40.16.950 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): glibc-html-2.19-40.16.950 glibc-i18ndata-2.19-40.16.950 glibc-info-2.19-40.16.950 References: https://www.suse.com/security/cve/CVE-2017-12132.html https://www.suse.com/security/cve/CVE-2017-15670.html https://www.suse.com/security/cve/CVE-2017-15671.html https://www.suse.com/security/cve/CVE-2017-15804.html https://www.suse.com/security/cve/CVE-2018-11236.html https://bugzilla.suse.com/1051791 https://bugzilla.suse.com/1064569 https://bugzilla.suse.com/1064580 https://bugzilla.suse.com/1064583 https://bugzilla.suse.com/1094161 From sle-security-updates at lists.suse.com Fri Aug 3 13:18:40 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Aug 2018 21:18:40 +0200 (CEST) Subject: SUSE-SU-2018:2187-1: important: Security update for glibc Message-ID: <20180803191840.7F180FD82@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2187-1 Rating: important References: #1051791 #1064569 #1064580 #1064583 #1074293 #1094161 Cross-References: CVE-2017-12132 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2018-1000001 CVE-2018-11236 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-15804: Fix buffer overflow during unescaping of user names in the glob function in glob.c (bsc#1064580). - CVE-2017-15670: Fix buffer overflow in glob with GLOB_TILDE (bsc#1064583). - CVE-2017-15671: Fix memory leak in glob with GLOB_TILDE (bsc#1064569). - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161). - CVE-2017-12132: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks (bsc#1051791). - CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1484=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): glibc-2.19-22.27.958 glibc-debuginfo-2.19-22.27.958 glibc-debugsource-2.19-22.27.958 glibc-devel-2.19-22.27.958 glibc-devel-debuginfo-2.19-22.27.958 glibc-locale-2.19-22.27.958 glibc-locale-debuginfo-2.19-22.27.958 glibc-profile-2.19-22.27.958 nscd-2.19-22.27.958 nscd-debuginfo-2.19-22.27.958 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): glibc-32bit-2.19-22.27.958 glibc-debuginfo-32bit-2.19-22.27.958 glibc-devel-32bit-2.19-22.27.958 glibc-devel-debuginfo-32bit-2.19-22.27.958 glibc-locale-32bit-2.19-22.27.958 glibc-locale-debuginfo-32bit-2.19-22.27.958 glibc-profile-32bit-2.19-22.27.958 - SUSE Linux Enterprise Server 12-LTSS (noarch): glibc-html-2.19-22.27.958 glibc-i18ndata-2.19-22.27.958 glibc-info-2.19-22.27.958 References: https://www.suse.com/security/cve/CVE-2017-12132.html https://www.suse.com/security/cve/CVE-2017-15670.html https://www.suse.com/security/cve/CVE-2017-15671.html https://www.suse.com/security/cve/CVE-2017-15804.html https://www.suse.com/security/cve/CVE-2018-1000001.html https://www.suse.com/security/cve/CVE-2018-11236.html https://bugzilla.suse.com/1051791 https://bugzilla.suse.com/1064569 https://bugzilla.suse.com/1064580 https://bugzilla.suse.com/1064583 https://bugzilla.suse.com/1074293 https://bugzilla.suse.com/1094161 From sle-security-updates at lists.suse.com Fri Aug 3 13:21:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Aug 2018 21:21:32 +0200 (CEST) Subject: SUSE-SU-2018:2189-1: moderate: Security update for kernel-firmware Message-ID: <20180803192132.50E2AFD82@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2189-1 Rating: moderate References: #1095735 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware to version 20180525 fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1490=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-firmware-20180525-3.3.1 ucode-amd-20180525-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1095735 From sle-security-updates at lists.suse.com Mon Aug 6 07:08:31 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Aug 2018 15:08:31 +0200 (CEST) Subject: SUSE-SU-2018:2204-1: moderate: Security update for libsoup Message-ID: <20180806130831.E4005FD35@maintenance.suse.de> SUSE Security Update: Security update for libsoup ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2204-1 Rating: moderate References: #1052916 #1086036 #1100097 Cross-References: CVE-2017-2885 CVE-2018-12910 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libsoup fixes the following issues: Security issue fixed: - CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097). - CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers (bsc#1052916). Bug fixes: - bsc#1086036: translation-update-upstream commented out for Leap Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1497=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1497=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1497=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsoup-debugsource-2.62.2-5.7.1 libsoup-devel-2.62.2-5.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsoup-2_4-1-2.62.2-5.7.1 libsoup-2_4-1-debuginfo-2.62.2-5.7.1 libsoup-debugsource-2.62.2-5.7.1 typelib-1_0-Soup-2_4-2.62.2-5.7.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsoup-2_4-1-32bit-2.62.2-5.7.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.7.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): libsoup-lang-2.62.2-5.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsoup-2_4-1-2.62.2-5.7.1 libsoup-2_4-1-32bit-2.62.2-5.7.1 libsoup-2_4-1-debuginfo-2.62.2-5.7.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.7.1 libsoup-debugsource-2.62.2-5.7.1 typelib-1_0-Soup-2_4-2.62.2-5.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libsoup-lang-2.62.2-5.7.1 References: https://www.suse.com/security/cve/CVE-2017-2885.html https://www.suse.com/security/cve/CVE-2018-12910.html https://bugzilla.suse.com/1052916 https://bugzilla.suse.com/1086036 https://bugzilla.suse.com/1100097 From sle-security-updates at lists.suse.com Mon Aug 6 07:10:30 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Aug 2018 15:10:30 +0200 (CEST) Subject: SUSE-SU-2018:2207-1: moderate: Security update for openssl Message-ID: <20180806131030.83EF0FD35@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2207-1 Rating: moderate References: #1097158 #1097624 #1098592 Cross-References: CVE-2018-0732 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-openssl-13713=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openssl-13713=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssl-13713=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openssl-13713=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-13713=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-13713=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-13713=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.106.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.106.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libopenssl-devel-32bit-0.9.8j-0.106.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.106.12.1 libopenssl0_9_8-hmac-0.9.8j-0.106.12.1 openssl-0.9.8j-0.106.12.1 openssl-doc-0.9.8j-0.106.12.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.106.12.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.12.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libopenssl0_9_8-x86-0.9.8j-0.106.12.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.106.12.1 libopenssl0_9_8-0.9.8j-0.106.12.1 libopenssl0_9_8-hmac-0.9.8j-0.106.12.1 openssl-0.9.8j-0.106.12.1 openssl-doc-0.9.8j-0.106.12.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.106.12.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.12.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libopenssl-devel-0.9.8j-0.106.12.1 libopenssl0_9_8-0.9.8j-0.106.12.1 libopenssl0_9_8-hmac-0.9.8j-0.106.12.1 openssl-0.9.8j-0.106.12.1 openssl-doc-0.9.8j-0.106.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.12.1 openssl-debugsource-0.9.8j-0.106.12.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.12.1 openssl-debugsource-0.9.8j-0.106.12.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097624 https://bugzilla.suse.com/1098592 From sle-security-updates at lists.suse.com Mon Aug 6 13:07:39 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Aug 2018 21:07:39 +0200 (CEST) Subject: SUSE-SU-2018:2217-1: moderate: Security update for rubygem-sprockets-2_12 Message-ID: <20180806190739.A7FE9FD35@maintenance.suse.de> SUSE Security Update: Security update for rubygem-sprockets-2_12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2217-1 Rating: moderate References: #1098369 Cross-References: CVE-2018-3760 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-sprockets-2_12 fixes the following issues: Security issue fixed: - CVE-2018-3760: Fix path traversal in sprockets/server.rb:forbidden_request?() that can allow remote attackers to read arbitrary files (bsc#1098369). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1500=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-sprockets-2_12-2.12.5-1.3.1 References: https://www.suse.com/security/cve/CVE-2018-3760.html https://bugzilla.suse.com/1098369 From sle-security-updates at lists.suse.com Mon Aug 6 16:07:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Aug 2018 00:07:38 +0200 (CEST) Subject: SUSE-SU-2018:2222-1: important: Security update for the Linux Kernel Message-ID: <20180806220738.AF8D6FD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2222-1 Rating: important References: #1012382 #1037697 #1046299 #1046300 #1046302 #1046303 #1046305 #1046306 #1046307 #1046533 #1046543 #1048129 #1050242 #1050529 #1050536 #1050538 #1050540 #1050549 #1051510 #1054245 #1056651 #1056787 #1058115 #1058169 #1058659 #1060463 #1066110 #1068032 #1075087 #1075360 #1075876 #1077338 #1077761 #1077989 #1078248 #1085042 #1085536 #1085539 #1086282 #1086283 #1086286 #1086301 #1086313 #1086314 #1086319 #1086323 #1086324 #1086457 #1086652 #1087092 #1087202 #1087217 #1087233 #1087978 #1088821 #1088866 #1090098 #1090888 #1091041 #1091171 #1091424 #1091860 #1092472 #1093035 #1093118 #1093148 #1093290 #1093666 #1094119 #1094244 #1094978 #1095155 #1095337 #1096330 #1096529 #1096790 #1096793 #1097034 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1097941 #1097961 #1098050 #1098236 #1098401 #1098599 #1098626 #1098633 #1098706 #1098983 #1098995 #1099029 #1099041 #1099109 #1099142 #1099183 #1099193 #1099715 #1099792 #1099918 #1099924 #1099966 #1100132 #1100209 #1100340 #1100362 #1100382 #1100416 #1100418 #1100491 #1100602 #1100633 #1100843 #1100884 #1101143 #1101296 #1101315 #1101324 #1101337 #1101352 #1101564 #1101669 #1101674 #1101789 #1101813 #1101816 #1102088 #1102097 #1102147 #1102340 #1102512 #1102851 #1103216 #1103220 #1103230 #1103421 Cross-References: CVE-2017-18344 CVE-2017-5753 CVE-2018-1118 CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-5390 CVE-2018-9385 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 132 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel-azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5390 aka "SegmentSmack": A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP and/or TCP fragment reassembly (bsc#1102340) - CVE-2017-18344: The timer_create syscall implementation didn't properly validate input, which could have lead to out-of-bounds access. This allowed userspace applications to read arbitrary kernel memory in some setups. (bsc#1102851) - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1100418) - CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow via a large relative timeout because ktime_add_safe was not used (bnc#1099924) - CVE-2018-13405: The inode_init_owner function allowed local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID (bnc#1100416) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bsc#1068032) - CVE-2018-1118: Linux kernel vhost did not properly initialize memory in messages passed between virtual guests and the host operating system. This could have allowed local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file (bsc#1092472) The following non-security bugs were fixed: - 1wire: family module autoload fails because of upper/lower case mismatch (bsc#1051510) - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() (networking-stable-18_05_15) - acpi / LPSS: Add missing prv_offset setting for byt/cht PWM devices (bsc#1051510) - acpi / processor: Finish making acpi_processor_ppc_has_changed() void (bsc#1051510) - acpi / watchdog: properly initialize resources (bsc#1051510) - acpi, APEI, EINJ: Subtract any matching Register Region from Trigger resources (bsc#1051510) - acpi, nfit: Fix scrub idle detection (bsc#1094119) - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1051510) - acpi: Add helper for deactivating memory region (bsc#1100132) - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS (bsc#1051510) - alsa: hda - Handle pm failure during hotplug (bsc#1051510) - alsa: hda/ca0132 - use ARRAY_SIZE (bsc#1051510) - alsa: hda/ca0132: Delete pointless assignments to struct auto_pin_cfg fields (bsc#1051510) - alsa: hda/ca0132: Delete redundant UNSOL event requests (bsc#1051510) - alsa: hda/ca0132: Do not test for QUIRK_NONE (bsc#1051510) - alsa: hda/ca0132: Fix DMic data rate for Alienware M17x R4 (bsc#1051510) - alsa: hda/ca0132: Restore PCM Analog Mic-In2 (bsc#1051510) - alsa: hda/ca0132: Restore behavior of QUIRK_ALIENWARE (bsc#1051510) - alsa: hda/ca0132: make array ca0132_alt_chmaps static (bsc#1051510) - alsa: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk (bsc#1051510) - alsa: hda/realtek - Add a quirk for FSC ESPRIMO U9210 (bsc#1051510) - alsa: hda/realtek - Fix pop noise on Lenovo P50 and co (bsc#1051510) - alsa: hda/realtek - Fix the problem of two front mics on more machines (bsc#1051510) - alsa: hda/realtek - Yet another Clevo P950 quirk entry (bsc#1101143) - alsa: hda/realtek - two more lenovo models need fixup of MIC_LOCATION (bsc#1051510) - alsa: hda: add mute led support for HP ProBook 455 G5 (bsc#1051510) - alsa: rawmidi: Change resized buffers atomically (bsc#1051510) - alsa: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl (bsc#1051510) - alsa: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl (bsc#1051510) - alx: take rtnl before calling __alx_open from resume (bsc#1051510) - amd-xgbe: Add pre/post auto-negotiation phy hooks (networking-stable-18_04_26) - amd-xgbe: Improve KR auto-negotiation and training (networking-stable-18_04_26) - amd-xgbe: Only use the SFP supported transceiver signals (networking-stable-18_04_26) - amd-xgbe: Restore pci interrupt enablement setting on resume (networking-stable-18_03_07) - arch/*: Kconfig: fix documentation for NMI watchdog (bsc#1099918) - arm64: kpti: Use early_param for kpti= command-line option (bsc#1103220) - arm: amba: Do not read past the end of sysfs "driver_override" buffer (CVE-2018-9385,bsc#1100491) - arm: module: fix modsign build error (bsc#1093666) - arp: fix arp_filter on l3slave devices (networking-stable-18_04_10) - asoc: cirrus: i2s: Fix LRCLK configuration (bsc#1051510) - asoc: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bsc#1051510) - asoc: cs35l35: Add use_single_rw to regmap config (bsc#1051510) - asoc: dapm: delete dapm_kcontrol_data paths list before freeing it (bsc#1051510) - asoc: mediatek: preallocate pages use platform device (bsc#1051510) - ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() (bsc#1051510) - atl1c: reserve min skb headroom (bsc#1051510) - audit: Fix wrong task in comparison of session ID (bsc#1051510) - audit: ensure that 'audit=1' actually enables audit for PID 1 (bsc#1051510) - audit: return on memory error to avoid null pointer dereference (bsc#1051510) - auxdisplay: fix broken menu (bsc#1051510) - auxdisplay: img-ascii-lcd: Only build on archs that have IOMEM (bsc#1051510) - auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510) - b44: Initialize 64-bit stats seqcount (bsc#1051510) - backlight: as3711_bl: Fix Device Tree node leaks (bsc#1051510) - backlight: as3711_bl: Fix Device Tree node lookup (bsc#1051510) - backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1051510) - backlight: max8925_bl: Fix Device Tree node lookup (bsc#1051510) - backlight: tps65217_bl: Fix Device Tree node lookup (bsc#1051510) - batman-adv: Accept only filled wifi station info (bsc#1051510) - batman-adv: Always initialize fragment header priority (bsc#1051510) - batman-adv: Avoid race in TT TVLV allocator helper (bsc#1051510) - batman-adv: Avoid storing non-TT-sync flags on singular entries too (bsc#1051510) - batman-adv: Fix TT sync flags for intermediate TT responses (bsc#1051510) - batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump (bsc#1051510) - batman-adv: Fix bat_v best gw refcnt after netlink dump (bsc#1051510) - batman-adv: Fix check of retrieved orig_gw in batadv_v_gw_is_eligible (bsc#1051510) - batman-adv: Fix debugfs path for renamed hardif (bsc#1051510) - batman-adv: Fix debugfs path for renamed softif (bsc#1051510) - batman-adv: Fix internal interface indices types (bsc#1051510) - batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq (bsc#1051510) - batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag (bsc#1051510) - batman-adv: Fix netlink dumping of BLA backbones (bsc#1051510) - batman-adv: Fix netlink dumping of BLA claims (bsc#1051510) - batman-adv: Fix skbuff rcsum on packet reroute (bsc#1051510) - batman-adv: Ignore invalid batadv_iv_gw during netlink send (bsc#1051510) - batman-adv: Ignore invalid batadv_v_gw during netlink send (bsc#1051510) - batman-adv: Use default throughput value on cfg80211 error (bsc#1051510) - batman-adv: fix TT sync flag inconsistencies (bsc#1051510) - batman-adv: fix header size check in batadv_dbg_arp() (bsc#1051510) - batman-adv: fix multicast-via-unicast transmission with AP isolation (bsc#1051510) - batman-adv: fix packet checksum in receive path (bsc#1051510) - batman-adv: fix packet loss for broadcasted DHCP packets to a server (bsc#1051510) - batman-adv: invalidate checksum on fragment reassembly (bsc#1051510) - batman-adv: update data pointers after skb_cow() (bsc#1051510) - bfq: Re-enable auto-loading when built as a module (bsc#1099918) - blk-mq-debugfs: fix device sched directory for default scheduler (bsc#1099918) - blk-mq: count allocated but not started requests in iostats inflight (bsc#1077989) - blk-mq: do not keep offline CPUs mapped to hctx 0 (bsc#1099918) - blk-mq: fix sysfs inflight counter (bsc#1077989) - blk-mq: make sure hctx->next_cpu is set correctly (bsc#1099918) - blk-mq: make sure that correct hctx->next_cpu is set (bsc#1099918) - blk-mq: reinit q->tag_set_list entry only after grace period (bsc#1099918) - blk-mq: simplify queue mapping; schedule with each possisble CPU (bsc#1099918) - block, bfq: add missing invocations of bfqg_stats_update_io_add/remove (bsc#1099918) - block, bfq: fix occurrences of request finish method's old name (bsc#1099918) - block/swim: Remove extra put_disk() call from error path (bsc#1099918) - block: Fix __bio_integrity_endio() documentation (bsc#1099918) - block: Fix cloning of requests with a special payload (bsc#1099918) - block: always set partition number to '0' in blk_partition_remap() (bsc#1054245) - block: always set partition number to '0' in blk_partition_remap() (bsc#1077989) - block: bio_check_eod() needs to consider partitions (bsc#1077989) - block: cope with WRITE ZEROES failing in blkdev_issue_zeroout() (bsc#1099918) - block: factor out __blkdev_issue_zero_pages() (bsc#1099918) - block: fail op_is_write() requests to read-only partitions (bsc#1077989) - block: pass 'run_queue' to blk_mq_request_bypass_insert (bsc#1077989) - block: sed-opal: Fix a couple off by one bugs (bsc#1099918) - block: set request_list for request (bsc#1077989) - bluetooth: avoid recursive locking in hci_send_to_channel() (bsc#1051510) - bluetooth: hci_ll: Add support for the external clock (bsc#1051510) - bluetooth: hci_ll: Fix download_firmware() return when __hci_cmd_sync fails (bsc#1051510) - bluetooth: hci_nokia: select BT_HCIUART_H4 (bsc#1051510) - bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader (bsc#1051510) - bluetooth: hci_uart: fix kconfig dependency (bsc#1051510) - bnx2x: Collect the device debug information during Tx timeout (bsc#1086323) - bnx2x: Collect the device debug information during Tx timeout (bsc#1086323) - bnx2x: Deprecate pci_get_bus_and_slot() (bsc#1086323) - bnx2x: Replace doorbell barrier() with wmb() (bsc#1086323) - bnx2x: Use NETIF_F_GRO_HW (bsc#1086323) - bnx2x: Use pci_ari_enabled() instead of local copy (bsc#1086323) - bnx2x: fix slowpath null crash (bsc#1086323) - bnx2x: fix spelling mistake: "registeration" -> "registration" (bsc#1086323) - bnx2x: fix spelling mistake: "registeration" -> "registration" (bsc#1086323) - bnx2x: use the right constant (bsc#1086323) - bnxt_en: Add BCM5745X NPAR device IDs (bsc#1086282) - bnxt_en: Add IRQ remapping logic (bsc#1086282) - bnxt_en: Add TC to hardware QoS queue mapping logic (bsc#1086282) - bnxt_en: Add ULP calls to stop and restart IRQs (bsc#1086282) - bnxt_en: Add cache line size setting to optimize performance (bsc#1086282) - bnxt_en: Add cache line size setting to optimize performance (bsc#1086282) - bnxt_en: Add extended port statistics support (bsc#1086282) - bnxt_en: Add support for ndo_set_vf_trust (bsc#1086282) - bnxt_en: Add the new firmware API to query hardware resources (bsc#1086282) - bnxt_en: Add the new firmware API to query hardware resources (bsc#1086282) - bnxt_en: Adjust default rings for multi-port NICs (bsc#1086282) - bnxt_en: Always forward VF MAC address to the PF (bsc#1086282) - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#1050242) - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#1050242) - bnxt_en: Change IRQ assignment for rdma driver (bsc#1086282) - bnxt_en: Check max_tx_scheduler_inputs value from firmware (bsc#1086282) - bnxt_en: Check max_tx_scheduler_inputs value from firmware (bsc#1086282) - bnxt_en: Check the lengths of encapsulated firmware responses (bsc#1086282) - bnxt_en: Check the lengths of encapsulated firmware responses (bsc#1086282) - bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only (bsc#1086282) - bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only (bsc#1086282) - bnxt_en: Display function level rx/tx_discard_pkts via ethtool (bsc#1086282) - bnxt_en: Display function level rx/tx_discard_pkts via ethtool (bsc#1086282) - bnxt_en: Do not allow VF to read EEPROM (bsc#1086282) - bnxt_en: Do not modify max IRQ count after rdma driver requests/frees IRQs (bsc#1050242) - bnxt_en: Do not modify max IRQ count after rdma driver requests/frees IRQs (bsc#1050242) - bnxt_en: Do not reserve rings on VF when min rings were not provisioned by PF (bsc#1086282) - bnxt_en: Do not reserve rings on VF when min rings were not provisioned by PF (bsc#1086282) - bnxt_en: Do not set firmware time from VF driver on older firmware (bsc#1086282) - bnxt_en: Do not set firmware time from VF driver on older firmware (bsc#1086282) - bnxt_en: Eliminate duplicate barriers on weakly-ordered archs (bsc#1086282) - bnxt_en: Eliminate duplicate barriers on weakly-ordered archs (bsc#1086282) - bnxt_en: Expand bnxt_check_rings() to check all resources (bsc#1086282) - bnxt_en: Expand bnxt_check_rings() to check all resources (bsc#1086282) - bnxt_en: Fix NULL pointer dereference at bnxt_free_irq() (bsc#1086282) - bnxt_en: Fix NULL pointer dereference at bnxt_free_irq() (bsc#1086282) - bnxt_en: Fix ethtool -x crash when device is down (bsc#1086282) - bnxt_en: Fix firmware message delay loop regression (bsc#1086282) - bnxt_en: Fix for system hang if request_irq fails (bsc#1050242) - bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1050242) - bnxt_en: Fix regressions when setting up MQPRIO TX rings (bsc#1086282) - bnxt_en: Fix regressions when setting up MQPRIO TX rings (bsc#1086282) - bnxt_en: Fix the vlan_tci exact match check (bsc#1050242) - bnxt_en: Fix vnic accounting in the bnxt_check_rings() path (bsc#1086282) - bnxt_en: Fix vnic accounting in the bnxt_check_rings() path (bsc#1086282) - bnxt_en: Forward VF MAC address to the PF (bsc#1086282) - bnxt_en: Implement new method for the PF to assign SRIOV resources (bsc#1086282) - bnxt_en: Implement new method for the PF to assign SRIOV resources (bsc#1086282) - bnxt_en: Implement new method to reserve rings (bsc#1086282) - bnxt_en: Improve resource accounting for SRIOV (bsc#1086282) - bnxt_en: Improve ring allocation logic (bsc#1086282) - bnxt_en: Improve valid bit checking in firmware response message (bsc#1086282) - bnxt_en: Improve valid bit checking in firmware response message (bsc#1086282) - bnxt_en: Include additional hardware port statistics in ethtool -S (bsc#1086282) - bnxt_en: Include additional hardware port statistics in ethtool -S (bsc#1086282) - bnxt_en: Increase RING_IDLE minimum threshold to 50 (bsc#1086282) - bnxt_en: Need to include rdma rings in bnxt_check_rings() (bsc#1086282) - bnxt_en: Need to include rdma rings in bnxt_check_rings() (bsc#1086282) - bnxt_en: Pass complete VLAN TCI to the stack (bsc#1086282) - bnxt_en: Read phy eeprom A2h address only when optical diagnostics is supported (bsc#1086282) - bnxt_en: Read phy eeprom A2h address only when optical diagnostics is supported (bsc#1086282) - bnxt_en: Refactor bnxt_close_nic() (bsc#1086282) - bnxt_en: Refactor bnxt_need_reserve_rings() (bsc#1086282) - bnxt_en: Refactor hardware resource data structures (bsc#1086282) - bnxt_en: Refactor the functions to reserve hardware rings (bsc#1086282) - bnxt_en: Refactor the functions to reserve hardware rings (bsc#1086282) - bnxt_en: Remap TC to hardware queues when configuring PFC (bsc#1086282) - bnxt_en: Remap TC to hardware queues when configuring PFC (bsc#1086282) - bnxt_en: Reserve RSS and L2 contexts for VF (bsc#1086282) - bnxt_en: Reserve completion rings and MSIX for bnxt_re rdma driver (bsc#1086282) - bnxt_en: Reserve completion rings and MSIX for bnxt_re rdma driver (bsc#1086282) - bnxt_en: Reserve resources for RFS (bsc#1086282) - bnxt_en: Reserve rings at driver open if none was reserved at probe time (bsc#1086282) - bnxt_en: Reserve rings at driver open if none was reserved at probe time (bsc#1086282) - bnxt_en: Reserve rings in bnxt_set_channels() if device is down (bsc#1086282) - bnxt_en: Reserve rings in bnxt_set_channels() if device is down (bsc#1086282) - bnxt_en: Restore MSIX after disabling SRIOV (bsc#1086282) - bnxt_en: Set initial default RX and TX ring numbers the same in combined mode (bsc#1086282) - bnxt_en: Set initial default RX and TX ring numbers the same in combined mode (bsc#1086282) - bnxt_en: Simplify ring alloc/free error messages (bsc#1086282) - bnxt_en: Support max-mtu with VF-reps (bsc#1086282) - bnxt_en: Update firmware interface to 1.9.0 (bsc#1086282) - bnxt_en: Update firmware interface to 1.9.1.15 (bsc#1086282) - bnxt_en: Use a dedicated VNIC mode for rdma (bsc#1086282) - bnxt_en: close and open NIC, only when the interface is in running state (bsc#1086282) - bnxt_en: close and open NIC, only when the interface is in running state (bsc#1086282) - bnxt_en: export a common switchdev PARENT_ID for all reps of an adapter (bsc#1086282) - bnxt_en: export a common switchdev PARENT_ID for all reps of an adapter (bsc#1086282) - bnxt_en: reduce timeout on initial HWRM calls (bsc#1086282) - bonding: do not allow rlb updates to invalid mac (networking-stable-18_05_15) - bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave (networking-stable-18_04_26) - bonding: fix the err path for dev hwaddr sync in bond_enslave (networking-stable-18_04_10) - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave (networking-stable-18_04_10) - bonding: process the err returned by dev_set_allmulti properly in bond_enslave (networking-stable-18_04_10) - bonding: re-evaluate force_primary when the primary slave name changes (networking-stable-18_06_20) - bonding: send learning packets for vlans on slave (networking-stable-18_05_15) - bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (bsc#1086282) - bridge: check iface upper dev when setting master via ioctl (networking-stable-18_05_15) - btrfs: Do not remove block group still has pinned down bytes (bsc#1086457) - btrfs: use btrfs_op instead of bio_op in __btrfs_map_block (bsc#1099918) - bus: arm-cci: Fix use of smp_processor_id() in preemptible context (bsc#1051510) - bus: arm-ccn: Check memory allocation failure (bsc#1051510) - bus: arm-ccn: Fix use of smp_processor_id() in preemptible context (bsc#1051510) - bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left (bsc#1051510) - can: bcm: check for null sk before deferencing it via the call to sock_net (bsc#1051510) - can: hi311x: Acquire SPI lock on ->do_get_berr_counter (bsc#1051510) - can: hi311x: Work around TX complete interrupt erratum (bsc#1051510) - can: m_can.c: fix setup of CCCR register: clear CCCR NISO bit before checking can.ctrlmode (bsc#1051510) - can: mpc5xxx_can: check of_iomap return before use (bsc#1051510) - can: peak_canfd: fix firmware: limit allocation to 32-bit DMA addr only (bsc#1051510) - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK (bsc#1051510) - can: xilinx_can: fix RX overflow interrupt not being enabled (bsc#1051510) - can: xilinx_can: fix device dropping off bus on RX overrun (bsc#1051510) - can: xilinx_can: fix incorrect clear of non-processed interrupts (bsc#1051510) - can: xilinx_can: fix power management handling (bsc#1051510) - can: xilinx_can: fix recovery from error states not being propagated (bsc#1051510) - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting (bsc#1051510) - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN (networking-stable-18_04_13) - cdc_ncm: avoid padding beyond end of skb (networking-stable-18_06_20) - ceph: fix dentry leak in splice_dentry() (bsc#1098236) - cfg80211: initialize sinfo in cfg80211_get_station (bsc#1051510) - checkpatch: add 6 missing types to --list-types (bsc#1051510) - cifs: Check for timeout on Negotiate stage (bsc#1091171) - cifs: Fix infinite loop when using hard mount option (bsc#1091171) - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097) - clk: Do not show the incorrect clock phase (bsc#1051510) - clk: Do not write error code into divider register (bsc#1051510) - clk: Fix __set_clk_rates error print-string (bsc#1051510) - clk: at91: PLL recalc_rate() now using cached MUL and DIV values (bsc#1051510) - clk: at91: fix clk-generated parenting (bsc#1051510) - clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() (bsc#1051510) - clk: bcm2835: De-assert/assert PLL reset signal when appropriate (bsc#1051510) - clk: fix false-positive Wmaybe-uninitialized warning (bsc#1051510) - clk: fix mux clock documentation (bsc#1051510) - clk: fix set_rate_range when current rate is out of range (bsc#1051510) - clk: hi3660: fix incorrect uart3 clock freqency (bsc#1051510) - clk: hi6220: change watchdog clock source (bsc#1051510) - clk: hi6220: mark clock cs_atb_syspll as critical (bsc#1051510) - clk: hisilicon: fix potential NULL dereference in hisi_clk_alloc() (bsc#1051510) - clk: hisilicon: mark wdt_mux_p[] as const (bsc#1051510) - clk: honor CLK_MUX_ROUND_CLOSEST in generic clk mux (bsc#1051510) - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bsc#1051510) - clk: imx7d: fix mipi dphy div parent (bsc#1051510) - clk: mediatek: add the option for determining PLL source clock (bsc#1051510) - clk: mediatek: mark mtk_infrasys_init_early __init (bsc#1051510) - clk: meson: gxbb: fix clk_mclk_i958 divider flags (bsc#1051510) - clk: meson: gxbb: fix meson cts_amclk divider flags (bsc#1051510) - clk: meson: gxbb: fix wrong clock for SARADC/SANA (bsc#1051510) - clk: meson: meson8b: fix protection against undefined clks (bsc#1051510) - clk: meson: mpll: fix mpll0 fractional part ignored (bsc#1051510) - clk: meson: mpll: use 64-bit maths in params_from_rate (bsc#1051510) - clk: meson: remove unnecessary rounding in the pll clock (bsc#1051510) - clk: mvebu: use correct bit for 98DX3236 NAND (bsc#1051510) - clk: qcom: Base rcg parent rate off plan frequency (bsc#1051510) - clk: qcom: clk-smd-rpm: Fix the reported rate of branches (bsc#1051510) - clk: qcom: common: fix legacy board-clock registration (bsc#1051510) - clk: qcom: msm8916: Fix bimc gpu clock ops (bsc#1051510) - clk: qcom: msm8916: fix mnd_width for codec_digcodec (bsc#1051510) - clk: renesas: div6: Document fields used for parent selection (bsc#1051510) - clk: renesas: r8a7745: Remove PLL configs for MD19=0 (bsc#1051510) - clk: renesas: r8a7745: Remove nonexisting scu-src[0789] clocks (bsc#1051510) - clk: renesas: r8a7795: Correct pwm, gpio, and i2c parent clocks on ES2.0 (bsc#1051510) - clk: renesas: rcar-gen2: Fix PLL0 on R-Car V2H and E2 (bsc#1051510) - clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 (bsc#1051510) - clk: rockchip: Prevent calculating mmc phase if clock rate is zero (bsc#1051510) - clk: samsung: Fix m2m scaler clock on Exynos542x (bsc#1051510) - clk: samsung: exynos3250: Fix PLL rates (bsc#1051510) - clk: samsung: exynos5250: Add missing clocks for FIMC LITE SYSMMU devices (bsc#1051510) - clk: samsung: exynos5250: Fix PLL rates (bsc#1051510) - clk: samsung: exynos5260: Fix PLL rates (bsc#1051510) - clk: samsung: exynos5433: Fix PLL rates (bsc#1051510) - clk: samsung: exynos7: Fix PLL rates (bsc#1051510) - clk: samsung: s3c2410: Fix PLL rates (bsc#1051510) - clk: scpi: error when clock fails to register (bsc#1051510) - clk: scpi: fix return type of __scpi_dvfs_round_rate (bsc#1051510) - clk: si5351: Rename internal plls to avoid name collisions (bsc#1051510) - clk: si5351: fix PLL reset (bsc#1051510) - clk: socfpga: Fix the smplsel on Arria10 and Stratix10 (bsc#1051510) - clk: sunxi-ng: Fix fractional mode for N-M clocks (bsc#1051510) - clk: sunxi-ng: Make fractional helper less chatty (bsc#1051510) - clk: sunxi-ng: Wait for lock when using fractional mode (bsc#1051510) - clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops (bsc#1051510) - clk: sunxi-ng: add CLK_SET_RATE_PARENT flag to H3 GPU clock (bsc#1051510) - clk: sunxi-ng: add CLK_SET_RATE_UNGATE to all H3 PLLs (bsc#1051510) - clk: sunxi-ng: allow set parent clock (PLL_CPUX) for CPUX clock on H3 (bsc#1051510) - clk: sunxi-ng: h3: gate then ungate PLL CPU clk after rate change (bsc#1051510) - clk: sunxi-ng: multiplier: Fix fractional mode (bsc#1051510) - clk: sunxi-ng: nm: Check if requested rate is supported by fractional clock (bsc#1051510) - clk: sunxi-ng: sun5i: Fix bit offset of audio PLL post-divider (bsc#1051510) - clk: sunxi-ng: sun6i: Export video PLLs (bsc#1051510) - clk: sunxi-ng: sun6i: Rename HDMI DDC clock to avoid name collision (bsc#1051510) - clk: sunxi: fix build warning (bsc#1051510) - clk: sunxi: fix uninitialized access (bsc#1051510) - clk: tegra: Fix cclk_lp divisor register (bsc#1051510) - clk: tegra: Fix pll_u rate configuration (bsc#1051510) - clk: tegra: Use readl_relaxed_poll_timeout_atomic() in tegra210_clock_init() (bsc#1051510) - clk: ti: dra7-atl-clock: fix child-node lookups (bsc#1051510) - clk: uniphier: fix DAPLL2 clock rate of Pro5 (bsc#1051510) - clk: x86: Do not gate clocks enabled by the firmware (bsc#1051510) - clockevents/drivers/cs5535: Improve resilience to spurious interrupts (bsc#1051510) - clocksource/drivers/stm32: Fix kernel panic with multiple timers (bsc#1051510) - cnic: Fix an error handling path in 'cnic_alloc_bnx2x_resc()' (bsc#1086324) - cnic: Fix an error handling path in 'cnic_alloc_bnx2x_resc()' (bsc#1086324) - cpufreq: CPPC: Initialize shared perf capabilities of CPUs (bsc#1100884) - cpufreq: Fix new policy initialization during limits updates via sysfs (bsc#1100884) - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path (bsc#1100884) - cpufreq: docs: Add missing cpuinfo_cur_freq description (bsc#1051510) - cpufreq: docs: Drop intel-pstate.txt from index.txt (bsc#1051510) - cpufreq: governors: Fix long idle detection logic in load calculation (bsc#1100884) - cpufreq: intel_pstate: Add HWP boost utility and sched util hooks (bsc#1066110) - cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 (bsc#1051510) - cpufreq: intel_pstate: HWP boost performance on IO wakeup (bsc#1066110) - cpufreq: intel_pstate: New sysfs entry to control HWP boost (bsc#1066110) - cpufreq: intel_pstate: enable boost for Skylake Xeon (bsc#1066110) - cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt (bsc#1100884) - cpuidle: powernv: Fix promotion from snooze if next state disabled (bsc#1100884) - crash_dump: is_kdump_kernel can be boolean (bsc#1103230) - crypto: caam/qi - explicitly set dma_ops (bsc#1051510) - crypto: ccp - remove unused variable qim (bsc#1051510) - crypto: change transient busy return code to -ENOSPC (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Add authenc versions of ctr and sha (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Check error code with IS_ERR macro (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Fix IV updated in XTS operation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Fix Indentation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Fix an error code in chcr_hash_dma_map() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Fix indentation warning (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Fix iv passed in fallback path for rfc3686 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Fix src buffer dma length (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Make function aead_ccm_validate_input static (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Move DMA un/mapping to chcr from lld cxgb4 driver (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Remove allocation of sg list to implement 2K limit of dsgl header (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Remove dst sg size zero check (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Remove unused parameter (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Update IV before sending request to HW (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Use kernel round function to align lengths (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Use x8_ble gf multiplication to calculate IV (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - check for sg null (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - do not leak pointers to authenc keys (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak (bsc#1051510) - crypto: crypto4xx - remove bad list_del (bsc#1051510) - crypto: gf128mul - The x8_ble multiplication functions (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: sha512-mb - add some missing unlock on error (bsc#1051510) - cxgb4/cxgb4vf: Notify link changes to OS-dependent code (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4/cxgb4vf: add support for ndo_set_vf_vlan (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4/cxgb4vf: check fw caps to set link mode mask (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4/cxgb4vf: link management changes for new SFP (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add FORCE_PAUSE bit to 32 bit port caps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add HMA support (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add TP Congestion map entry for single-port (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add new T5 device id (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add new T6 device ids (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add support for ethtool i2c dump (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add support to initialise/read SRQ entries (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add support to query HW SRQ parameters (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Adds CPL support for Shared Receive Queues (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Check alignment constraint for T6 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Check for kvzalloc allocation failure (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Fix error handling path in 'init_one()' (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Fix queue free path of ULD drivers (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Fix {vxlan/geneve}_port initialization (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: IPv6 filter takes 2 tids (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Setup FW queues before registering netdev (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Support firmware rdma write completion work request (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Support firmware rdma write with immediate work request (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: add new T5 device id's (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: avoid schedule while atomic (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: change the port capability bits definition (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: clean up init_one (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: collect SGE PF/VF queue map (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: collect hardware dump in second kernel (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: copy adap index to PF0-3 adapter instances (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: copy mbox log size to PF0-3 adap instances (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: copy the length of cpl_tx_pkt_core to fw_wr (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: copy vlan_id in ndo_get_vf_config (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: depend on firmware event for link status (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: do L1 config when module is inserted (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: do not display 50Gbps as unsupported speed (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: do not fail vf instatiation in slave mode (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: do not set needs_free_netdev for mgmt dev's (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: enable ZLIB_DEFLATE when building cxgb4 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: enable inner header checksum calculation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: fix the wrong conversion of Mbps to Kbps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: free up resources of pf 0-3 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: increase max tx rate limit to 100 Gbps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: notify fatal error to uld drivers (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: remove dead code when allocating filter (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: restructure VF mgmt code (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: rework on-chip memory read (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: support new ISSI flash parts (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: update LE-TCAM collection for T6 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: update dump collection logic to use compression (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: update latest firmware version supported (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: use CLIP with LIP6 on T6 for TCAM filters (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: use zlib deflate to compress firmware dump (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: zero the HMA memory (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4vf: Forcefully link up virtual interfaces (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4vf: display pause settings (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgbit: call neigh_event_send() to update MAC address (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - dax: check for QUEUE_FLAG_DAX in bdev_dax_supported() (bsc#1101315) - dccp: do not free ccid2_hc_tx_sock struct in dccp_disconnect() (networking-stable-18_06_08) - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state (networking-stable-18_01_28) - dccp: fix tasklet usage (networking-stable-18_05_15) - dell_rbu: make firmware payload memory uncachable (bsc#1087978) - device property: Allow iterating over available child fwnodes (bsc#1098633) - device property: Introduce fwnode_call_bool_op() for ops that return bool (bsc#1098633) - device property: Introduce fwnode_device_is_available() (bsc#1098633) - device property: Introduce fwnode_get_mac_address() (bsc#1098633) - device property: Introduce fwnode_get_phy_mode() (bsc#1098633) - device property: Introduce fwnode_irq_get() (bsc#1098633) - device property: Move FW type specific functionality to FW specific files (bsc#1098633) - device property: Move fwnode graph ops to firmware specific locations (bsc#1098633) - device property: preserve usecount for node passed to of_fwnode_graph_get_port_parent() (bsc#1098633) - device: Fix kABI breakage for of/device change (bsc#1051510) - devlink: Remove redundant free on error path (networking-stable-18_03_28) - dm integrity: use kvfree for kvmalloc'd memory (bsc#1099918) - dm mpath: fix bio-based multipath queue_if_no_path handling (bsc#1099918) - dm raid: do not use 'const' in function return (bsc#1099918) - dm zoned: avoid triggering reclaim from inside dmz_map() (bsc#1099918) - dm: convert DM printk macros (bsc#1099918) - dm: fix printk() rate limiting code (bsc#1099918) - dm: use bio_split() when splitting out the already processed bio (bsc#1099918) - dmaengine: fsl-edma: disable clks on all error paths (bsc#1051510) - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() (bsc#1051510) - dmaengine: mv_xor_v2: Fix clock resource by adding a register clock (bsc#1051510) - dmaengine: omap-dma: port_window support correction for both direction (bsc#1051510) - dmaengine: pl330: fix a race condition in case of threaded irqs (bsc#1051510) - dmaengine: pl330: report BURST residue granularity (bsc#1051510) - dmaengine: qcom: bam_dma: get num-channels and num-ees from dt (bsc#1051510) - dmaengine: qcom_hidma: check pending interrupts (bsc#1051510) - dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() (bsc#1051510) - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 (bsc#1051510) - dmaengine: tegra-apb: Really fix runtime-pm usage (bsc#1051510) - dmaengine: tegra210-adma: fix of_irq_get() error check (bsc#1051510) - dmaengine: xilinx_dma: Fix error code format specifier (bsc#1051510) - dmaengine: zynqmp_dma: Fix race condition in the probe (bsc#1051510) - doc: Rename .system_keyring to .builtin_trusted_keys (bsc#1051510) - doc: SKB_GSO_[IPIP|SIT] have been replaced (bsc#1051510) - docs-rst: fix broken links to dynamic-debug-howto in kernel-parameters (bsc#1051510) - docs: segmentation-offloads.txt: Fix ref to SKB_GSO_TUNNEL_REMCSUM (bsc#1051510) - documentation: admin-guide: intel_pstate: Fix sysfs path (bsc#1051510) - dp83640: Ensure against premature access to PHY registers after reset (bsc#1051510) - dpaa_eth: increment the RX dropped counter when needed (networking-stable-18_03_28) - dpaa_eth: remove duplicate increment of the tx_errors counter (networking-stable-18_03_28) - dpaa_eth: remove duplicate initialization (networking-stable-18_03_28) - drbd: Fix drbd_request_prepare() discard handling (bsc#1099918) - drbd: fix access after free (bsc#1051510) - driver core: Do not ignore class_dir_create_and_add() failure (bsc#1051510) - driver core: Fix link to device power management documentation (bsc#1051510) - driver core: Move device_links_purge() after bus_remove_device() (bsc#1099918) - driver core: Partially revert "driver core: correct device's shutdown order" (bsc#1051510) - drivers/firmware: psci_checker: Add missing destroy_timer_on_stack() (bsc#1051510) - drivers/net/ethernet/qlogic/qed: Fix __qed_spq_block() ordering (bsc#1086314 bsc#1086313 bsc#1086301) - drivers/net/ethernet/qlogic/qed: Fix __qed_spq_block() ordering (bsc#1086314 bsc#1086313 bsc#1086301) - drivers: Move upstreamed ideapad-laptop patch to sorted section (bsc#1093035) - drivers: net: bnx2x: use setup_timer() helper (bsc#1086323) - drivers: net: i40evf: use setup_timer() helper (bsc#1101816) - drm/amdgpu: Add APU support in vi_set_uvd_clocks (bsc#1051510) - drm/amdgpu: Add APU support in vi_set_vce_clocks (bsc#1051510) - drm/amdgpu: Use kvmalloc_array for allocating VRAM manager nodes array (bsc#1051510) - drm/atmel-hlcdc: check stride values in the first plane (bsc#1051510) - drm/bridge/sii8620: fix potential buffer overflow (bsc#1051510) - drm/exynos: Fix dma-buf import (bsc#1051510) - drm/i915/dp: Send DPCD ON for MST before phy_up (bsc#1051510) - drm/i915/gvt: fix memory leak of a cmd_entry struct on error exit path (bsc#1051510) - drm/i915/psr: Chase psr.enabled only under the psr.lock (bsc#1051510) - drm/i915: Apply batch location restrictions before pinning (bsc#1051510) - drm/i915: Enable provoking vertex fix on Gen9 systems (bsc#1051510) - drm/i915: Fix context ban and hang accounting for client (bsc#1051510) - drm/i915: Fix hotplug irq ack on i965/g4x (bsc#1051510) - drm/i915: Only call tasklet_kill() on the first prepare_reset (bsc#1051510) - drm/i915: Remove unbannable context spam from reset (bsc#1051510) - drm/i915: Try GGTT mmapping whole object as partial (bsc#1051510) - drm/msm: do not deref error pointer in the msm_fbdev_create error path (bsc#1100209) - drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit() (bsc#1090888) - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bsc#1051510) - drm/nouveau: Avoid looping through fake MST connectors (bsc#1051510) - drm/nouveau: Use drm_connector_list_iter_* for iterating connectors (bsc#1051510) - drm/qxl: Call qxl_bo_unref outside atomic context (bsc#1051510) - drm/rockchip: Fix build warning in analogix_dp-rockchip.c (bsc#1085536) - drm/rockchip: analogix_dp: Remove unnecessary init code (bsc#1085536) - drm/rockchip: dw_hdmi: Move HDMI vpll clock enable to bind() (bsc#1087092) - drm/rockchip: inno_hdmi: Fix error handling path (bsc#1087092) - drm/rockchip: inno_hdmi: reorder clk_disable_unprepare call in unbind (bsc#1087092) - drm/tegra: Acquire a reference to the IOVA cache (bsc#1090888) - drm/udl: fix display corruption of the last line (bsc#1101337) - drm: Use kvzalloc for allocating blob property memory (bsc#1101352) - drm: mali-dp: Uninitialized variable in malidp_se_check_scaling() (bsc#1087092) - drm: rcar-du: Remove zpos field from rcar_du_vsp_plane_state structure (bsc#1085539) - drm: rcar-du: lvds: Fix LVDCR1 for R-Car gen3 (bsc#1085539) - dvb_frontend: do not use-after-free the frontend struct (bsc#1051510) - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bsc#1075876) - earlycon: Use a pointer table to fix __earlycon_table stride (bsc#1099918) - efi/efi_test: Prevent an Oops in efi_runtime_query_capsulecaps() (bsc#1051510) - enic: do not overwrite error code (bsc#1037697) - enic: enable rq before updating rq descriptors (bsc#1037697) - enic: set DMA mask to 47 bit (networking-stable-18_06_08) - ethernet/broadcom: Use zeroing memory allocator than allocator/memset (bsc#1086282) - ethernet/broadcom: Use zeroing memory allocator than allocator/memset (bsc#1086282) - ethtool: add ethtool_intersect_link_masks (bsc#1101816) - f2fs: fix to wake up all sleeping flusher (bsc#1099918) - fib_semantics: Do not match route with mismatching tclassid (networking-stable-18_03_07) - firewire: net: max MTU off by one (bsc#1051510) - firmware: arm_scpi: fix endianness of dev_id in struct dev_pstate_set (bsc#1051510) - firmware: dmi: Optimize dmi_matches (bsc#1051510) - firmware: tegra: Fix locking bugs in BPMP (bsc#1051510) - fix Patch-mainline header - fix kabi due to perf_event.h uapi field change - flow_dissector: properly cap thoff field (networking-stable-18_01_28) - fm10k: Fix configuration for macvlan offload (bsc#1101813) - fm10k: Fix misuse of net_ratelimit() (bsc#1101813) - fm10k: Use seq_putc() in fm10k_dbg_desc_break() (bsc#1101813) - fm10k: add missing fall through comment (bsc#1101813) - fm10k: avoid divide by zero in rare cases when device is resetting (bsc#1101813) - fm10k: avoid divide by zero in rare cases when device is resetting (bsc#1101813) - fm10k: avoid needless delay when loading driver (bsc#1101813) - fm10k: avoid possible truncation of q_vector->name (bsc#1101813) - fm10k: bump version number (bsc#1101813) - fm10k: clarify action when updating the VLAN table (bsc#1101813) - fm10k: cleanup unnecessary parenthesis in fm10k_iov.c (bsc#1101813) - fm10k: cleanup unnecessary parenthesis in fm10k_iov.c (bsc#1101813) - fm10k: correct typo in fm10k_pf.c (bsc#1101813) - fm10k: do not assume VLAN 1 is enabled (bsc#1101813) - fm10k: do not loop while resetting VFs due to VFLR event (bsc#1101813) - fm10k: do not loop while resetting VFs due to VFLR event (bsc#1101813) - fm10k: do not protect fm10k_queue_mac_request by fm10k_host_mbx_ready (bsc#1101813) - fm10k: do not protect fm10k_queue_mac_request by fm10k_host_mbx_ready (bsc#1101813) - fm10k: fix "failed to kill vid" message for VF (bsc#1101813) - fm10k: fix function doxygen comments (bsc#1101813) - fm10k: fix incorrect warning for function prototype (bsc#1101813) - fm10k: fix typos on fall through comments (bsc#1101813) - fm10k: introduce a message queue for MAC/VLAN messages (bsc#1101813) - fm10k: introduce a message queue for MAC/VLAN messages (bsc#1101813) - fm10k: mark PM functions as __maybe_unused (bsc#1101813) - fm10k: move fm10k_prepare_for_reset and fm10k_handle_reset (bsc#1101813) - fm10k: move fm10k_prepare_for_reset and fm10k_handle_reset (bsc#1101813) - fm10k: prefer %s and __func__ for diagnostic prints (bsc#1101813) - fm10k: prepare_for_reset() when we lose pcie Link (bsc#1101813) - fm10k: prevent race condition of __FM10K_SERVICE_SCHED (bsc#1101813) - fm10k: prevent race condition of __FM10K_SERVICE_SCHED (bsc#1101813) - fm10k: reduce duplicate fm10k_stat macro code (bsc#1101813) - fm10k: reschedule service event if we stall the PF-SM mailbox (bsc#1101813) - fm10k: reschedule service event if we stall the PF-SM mailbox (bsc#1101813) - fm10k: setup VLANs for l2 accelerated macvlan interfaces (bsc#1101813) - fm10k: setup VLANs for l2 accelerated macvlan interfaces (bsc#1101813) - fm10k: simplify reading PFVFLRE register (bsc#1101813) - fm10k: stop adding VLAN 0 to the VLAN table (bsc#1101813) - fm10k: stop spurious link down messages when Tx FIFO is full (bsc#1101813) - fm10k: stop spurious link down messages when Tx FIFO is full (bsc#1101813) - fm10k: use generic PM hooks instead of legacy pcie power hooks (bsc#1101813) - fm10k: use generic PM hooks instead of legacy pcie power hooks (bsc#1101813) - fm10k: use macro to avoid passing the array and size separately (bsc#1101813) - fm10k: use macro to avoid passing the array and size separately (bsc#1101813) - fm10k: use spinlock to implement mailbox lock (bsc#1101813) - fm10k: use the MAC/VLAN queue for VF-PF MAC/VLAN requests (bsc#1101813) - fm10k: use the MAC/VLAN queue for VF-PF MAC/VLAN requests (bsc#1101813) - fm10k: use variadic arguments to fm10k_add_stat_strings (bsc#1101813) - fm10k: use variadic arguments to fm10k_add_stat_strings (bsc#1101813) - fm10k: warn if the stat size is unknown (bsc#1101813) - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099142) - fsi: core: register with postcore_initcall (bsc#1051510) - ftrace: Fix selftest goto location on error (bsc#1099918) - fuse: Remove the buggy retranslation of pids in fuse_dev_do_read (bsc#1051510) - fuse: atomic_o_trunc should truncate pagecache (bsc#1051510) - fuse: do not keep dead fuse_conn at fuse_fill_super() (bsc#1051510) - fuse: fix congested state leak on aborted connections (bsc#1051510) - fuse: fix control dir setup and teardown (bsc#1051510) - gpio: acpi: work around false-positive -Wstring-overflow warning (bsc#1051510) - gpio: brcmstb: allow all instances to be wakeup sources (bsc#1051510) - gpio: brcmstb: check return value of gpiochip_irqchip_add() (bsc#1051510) - gpio: brcmstb: correct the configuration of level interrupts (bsc#1051510) - gpio: brcmstb: release the bgpio lock during irq handlers (bsc#1051510) - gpio: brcmstb: switch to handle_level_irq flow (bsc#1051510) - gpio: pca953x: fix vendor prefix for PCA9654 (bsc#1051510) - gpio: reject invalid gpio before getting gpio_desc (bsc#1051510) - gpio: tegra: fix unbalanced chained_irq_enter/exit (bsc#1051510) - gpu: host1x: Acquire a reference to the IOVA cache (bsc#1090888) - hdlc_ppp: carrier detect ok, do not turn off negotiation (networking-stable-18_03_07) - hid: add backlight level quirk for Asus ROG laptops (bsc#1101324) - hid: debug: check length before copy_to_user() (bsc#1051510) - hid: hiddev: fix potential Spectre v1 (bsc#1051510) - hid: i2c-hid: Fix "incomplete report" noise (bsc#1051510) - hid: intel-ish-hid: use put_device() instead of kfree() (bsc#1051510) - hid: intel_ish-hid: ipc: register more pm callbacks to support hibernation (bsc#1051510) - hid: lenovo: Add support for IBM/Lenovo Scrollpoint mice (bsc#1051510) - hid: wacom: Add support for One by Wacom (CTL-472 / CTL-672) (bsc#1100633) - hid: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large (bsc#1051510) - hid: wacom: Correct touch maximum XY of 2nd-gen Intuos (bsc#1051510) - hid: wacom: Release device resource data obtained by devres_alloc() (bsc#1051510) - hwmon: (aspeed-pwm) add THERMAL dependency (bsc#1051510) - hwmon: (ftsteutates) Fix clearing alarm sysfs entries (bsc#1051510) - hwmon: (jc42) optionally try to disable the SMBUS timeout (bsc#1051510) - hwmon: (ltc2990) Fix incorrect conversion of negative temperatures (bsc#1051510) - hwmon: (nct6683) Enable EC access if disabled at boot (bsc#1051510) - hwmon: (nct6775) Fix writing pwmX_mode (bsc#1051510) - hwmon: (pmbus/adm1275) Accept negative page register values (bsc#1051510) - hwmon: (pmbus/max8688) Accept negative page register values (bsc#1051510) - hwmon: (stts751) buffer overrun on wrong chip configuration (bsc#1051510) - hwmon: (tmp102) Fix first temperature reading (bsc#1051510) - hwmon: Deal with errors from the thermal subsystem (bsc#1051510) - hwrng: stm32 - add reset during probe (bsc#1051510) - hwtracing: stm: fix build error on some arches (bsc#1051510) - i2c: axxia: enable clock before calling clk_get_rate() (bsc#1051510) - i2c: designware: Round down acpi provided clk to nearest supported clk (bsc#1051510) - i2c: mux: pinctrl: mention correct module name in Kconfig help text (bsc#1051510) - i2c: pmcmsp: fix error return from master_xfer (bsc#1051510) - i2c: pmcmsp: return message count on master_xfer success (bsc#1051510) - i2c: tegra: Fix NACK error handling (bsc#1051510) - i2c: viperboard: return message count on master_xfer success (bsc#1051510) - i40e/i40evf: Add support for new mechanism of updating adaptive ITR (bsc#1101816) - i40e/i40evf: Add support for new mechanism of updating adaptive ITR (bsc#1101816) - i40e/i40evf: Bump driver versions (bsc#1101816) - i40e/i40evf: Clean up logic for adaptive ITR (bsc#1101816) - i40e/i40evf: Clean-up of bits related to using q_vector->reg_idx (bsc#1101816) - i40e/i40evf: Clean-up of bits related to using q_vector->reg_idx (bsc#1101816) - i40e/i40evf: Detect and recover hung queue scenario (bsc#1101816) - i40e/i40evf: Do not bother setting the CLEARPBA bit (bsc#1101816) - i40e/i40evf: Enable NVMUpdate to retrieve AdminQ and add preservation flags for NVM update (bsc#1101816) - i40e/i40evf: Enable NVMUpdate to retrieve AdminQ and add preservation flags for NVM update (bsc#1101816) - i40e/i40evf: Only track one ITR setting per ring instead of Tx/Rx (bsc#1101816) - i40e/i40evf: Only track one ITR setting per ring instead of Tx/Rx (bsc#1101816) - i40e/i40evf: Record ITR register location in the q_vector (bsc#1101816) - i40e/i40evf: Record ITR register location in the q_vector (bsc#1101816) - i40e/i40evf: Split container ITR into current_itr and target_itr (bsc#1101816) - i40e/i40evf: Split container ITR into current_itr and target_itr (bsc#1101816) - i40e/i40evf: Update DESC_NEEDED value to reflect larger value (bsc#1101816) - i40e/i40evf: Update DESC_NEEDED value to reflect larger value (bsc#1101816) - i40e/i40evf: Use ring pointers to clean up _set_itr_per_queue (bsc#1101816) - i40e/i40evf: Use ring pointers to clean up _set_itr_per_queue (bsc#1101816) - i40e/i40evf: Use usec value instead of reg value for ITR defines (bsc#1101816) - i40e/i40evf: Use usec value instead of reg value for ITR defines (bsc#1101816) - i40e/i40evf: always set the CLEARPBA flag when re-enabling interrupts (bsc#1101816) - i40e/i40evf: always set the CLEARPBA flag when re-enabling interrupts (bsc#1101816) - i40e/i40evf: bundle more descriptors when allocating buffers (bsc#1101816) - i40e/i40evf: bundle more descriptors when allocating buffers (bsc#1101816) - i40e/i40evf: cleanup incorrect function doxygen comments (bsc#1101816) - i40e/i40evf: cleanup incorrect function doxygen comments (bsc#1101816) - i40e/i40evf: do not trust VF to reset itself (bsc#1101816) - i40e/i40evf: fix incorrect default ITR values on driver load (bsc#1101816) - i40e/i40evf: fix incorrect default ITR values on driver load (bsc#1101816) - i40e/i40evf: organize and re-number feature flags (bsc#1101816) - i40e/i40evf: rename bytes_per_int to bytes_per_usec (bsc#1101816) - i40e/i40evf: use DECLARE_BITMAP for state (bsc#1101816) - i40e/i40evf: use SW variables for hang detection (bsc#1101816) - i40e/virtchnl: fix application of sizeof to pointer (bsc#1101816) - i40e: Add advertising 10G LR mode (bsc#1101816) - i40e: Add delay after EMP reset for firmware to recover (bsc#1101816) - i40e: Add delay after EMP reset for firmware to recover (bsc#1101816) - i40e: Add infrastructure for queue channel support (bsc#1101816) - i40e: Add macro for PF reset bit (bsc#1101816) - i40e: Add new PHY types for 25G AOC and ACC support (bsc#1101816) - i40e: Add returning AQ critical error to SW (bsc#1101816) - i40e: Add support for 'ethtool -m' (bsc#1101816) - i40e: Cleanup i40e_vlan_rx_register (bsc#1101816) - i40e: Close client on suspend and restore client MSIx on resume (bsc#1088821) - i40e: Delete an error message for a failed memory allocation in i40e_init_interrupt_scheme() (bsc#1101816) - i40e: Delete an error message for a failed memory allocation in i40e_init_interrupt_scheme() (bsc#1101816) - i40e: Disable iWARP VSI PETCP_ENA flag on netdev down events (bsc#1101816) - i40e: Disable iWARP VSI PETCP_ENA flag on netdev down events (bsc#1101816) - i40e: Display error message if module does not meet thermal requirements (bsc#1101816) - i40e: Display error message if module does not meet thermal requirements (bsc#1101816) - i40e: Do not allow use more TC queue pairs than MSI-X vectors exist (bsc#1094978) - i40e: Enable VF to negotiate number of allocated queues (bsc#1101816) - i40e: Enable VF to negotiate number of allocated queues (bsc#1101816) - i40e: Fix FLR reset timeout issue (bsc#1101816) - i40e: Fix a potential NULL pointer dereference (bsc#1101816) - i40e: Fix for NUP NVM image downgrade failure (bsc#1101816) - i40e: Fix for adding multiple ethtool filters on the same location (bsc#1101816) - i40e: Fix for adding multiple ethtool filters on the same location (bsc#1101816) - i40e: Fix for blinking activity instead of link LEDs (bsc#1101816) - i40e: Fix for blinking activity instead of link LEDs (bsc#1101816) - i40e: Fix kdump failure (bsc#1101816) - i40e: Fix link down message when interface is brought up (bsc#1101816) - i40e: Fix link down message when interface is brought up (bsc#1101816) - i40e: Fix multiple issues with UDP tunnel offload filter configuration (bsc#1101816) - i40e: Fix multiple issues with UDP tunnel offload filter configuration (bsc#1101816) - i40e: Fix permission check for VF MAC filters (bsc#1101816) - i40e: Fix recalculation of MSI-X vectors for VMDq (bsc#1101816) - i40e: Fix reporting of supported link modes (bsc#1101816) - i40e: Fix the number of queues available to be mapped for use (bsc#1094978) - i40e: Fix the polling mechanism of GLGEN_RSTAT.DEVSTATE (bsc#1101816) - i40e: Fix the polling mechanism of GLGEN_RSTAT.DEVSTATE (bsc#1101816) - i40e: Fix unqualified module message while bringing link up (bsc#1101816) - i40e: Fix unqualified module message while bringing link up (bsc#1101816) - i40e: Prevent setting link speed on I40E_DEV_ID_25G_B (bsc#1101816) - i40e: Prevent setting link speed on I40E_DEV_ID_25G_B (bsc#1101816) - i40e: Prevent setting link speed on KX_X722 (bsc#1101816) - i40e: Properly maintain flow director filters list (bsc#1101816) - i40e: Remove limit of 64 max queues per channel (bsc#1101816) - i40e: Retry AQC GetPhyAbilities to overcome I2CRead hangs (bsc#1101816) - i40e: Retry AQC GetPhyAbilities to overcome I2CRead hangs (bsc#1101816) - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (bsc#1101816) - i40e: add check for return from find_first_bit call (bsc#1101816) - i40e: add doxygen comment for new mode parameter (bsc#1101816) - i40e: add function doc headers for ethtool stats functions (bsc#1101816) - i40e: add function doc headers for ethtool stats functions (bsc#1101816) - i40e: add function header for i40e_get_rxfh (bsc#1101816) - i40e: add helper conversion function for link_speed (bsc#1101816) - i40e: add tx_busy to ethtool stats (bsc#1101816) - i40e: allow XPS with QoS enabled (bsc#1101816) - i40e: always return VEB stat strings (bsc#1101816) - i40e: always return all queue stat strings (bsc#1101816) - i40e: avoid divide by zero (bsc#1101816) - i40e: avoid overflow in i40e_ptp_adjfreq() (bsc#1101816) - i40e: broadcast filters can trigger overflow promiscuous (bsc#1101816) - i40e: broadcast filters can trigger overflow promiscuous (bsc#1101816) - i40e: calculate ethtool stats size in a separate function (bsc#1101816) - i40e: calculate ethtool stats size in a separate function (bsc#1101816) - i40e: change flags to use 64 bits (bsc#1101816) - i40e: change ppp name to ddp (bsc#1101816) - i40e: check for invalid DCB config (bsc#1101816) - i40e: cleanup unnecessary parens (bsc#1101816) - i40e: cleanup whitespace for some ethtool stat definitions (bsc#1101816) - i40e: cleanup whitespace for some ethtool stat definitions (bsc#1101816) - i40e: cleanup wording in a header comment (bsc#1101816) - i40e: convert i40e_get_settings_link_up to new API (bsc#1101816) - i40e: convert i40e_phy_type_to_ethtool to new API (bsc#1101816) - i40e: convert i40e_set_link_ksettings to new API (bsc#1101816) - i40e: disallow programming multiple filters with same criteria (bsc#1101816) - i40e: disallow programming multiple filters with same criteria (bsc#1101816) - i40e: display priority_xon and priority_xoff stats (bsc#1101816) - i40e: do not clear suspended state until we finish resuming (bsc#1101816) - i40e: do not clear suspended state until we finish resuming (bsc#1101816) - i40e: do not enter PHY debug mode while setting LEDs behaviour (bsc#1101816) - i40e: do not enter PHY debug mode while setting LEDs behaviour (bsc#1101816) - i40e: do not force filter failure in overflow promiscuous (bsc#1101816) - i40e: do not force filter failure in overflow promiscuous (bsc#1101816) - i40e: do not hold spinlock while resetting VF (bsc#1101816) - i40e: do not leak memory addresses (bsc#1101816) - i40e: drop i40e_pf *pf from i40e_vc_disable_vf() (bsc#1101816) - i40e: ensure reset occurs when disabling VF (bsc#1101816) - i40e: factor out re-enable functions for ATR and SB (bsc#1101816) - i40e: fix a typo (bsc#1101816) - i40e: fix a typo in i40e_pf documentation (bsc#1101816) - i40e: fix clearing link masks in i40e_get_link_ksettings (bsc#1101816) - i40e: fix clearing link masks in i40e_get_link_ksettings (bsc#1101816) - i40e: fix comment typo (bsc#1101816) - i40e: fix flags declaration (bsc#1101816) - i40e: fix for flow director counters not wrapping as expected (bsc#1101816) - i40e: fix for flow director counters not wrapping as expected (bsc#1101816) - i40e: fix for wrong partition id calculation on OCP mezz cards (bsc#1101816) - i40e: fix for wrong partition id calculation on OCP mezz cards (bsc#1101816) - i40e: fix handling of vf_states variable (bsc#1101816) - i40e: fix i40e_phy_type_to_ethtool function header (bsc#1101816) - i40e: fix incorrect register definition (bsc#1101816) - i40e: fix link reporting (bsc#1101816) - i40e: fix merge error (bsc#1101816) - i40e: fix reading LLDP configuration (bsc#1101816) - i40e: fix typo in function description (bsc#1101816) - i40e: fix whitespace issues in i40e_ethtool.c (bsc#1101816) - i40e: fold prefix strings directly into stat names (bsc#1101816) - i40e: free skb after clearing lock in ptp_stop (bsc#1101816) - i40e: free the skb after clearing the bitlock (bsc#1101816) - i40e: group autoneg PHY types together (bsc#1101816) - i40e: hold the RTNL lock while changing interrupt schemes (bsc#1101816) - i40e: hold the RTNL lock while changing interrupt schemes (bsc#1101816) - i40e: ignore skb->xmit_more when deciding to set RS bit (bsc#1101816) - i40e: ignore skb->xmit_more when deciding to set RS bit (bsc#1101816) - i40e: implement split pci error reset handler (bsc#1101816) - i40e: limit lan queue count in large CPU count machine (bsc#1101816) - i40e: limit lan queue count in large CPU count machine (bsc#1101816) - i40e: make const array patterns static, reduces object code size (bsc#1101816) - i40e: make const array patterns static, reduces object code size (bsc#1101816) - i40e: make i40evf_map_rings_to_vectors void (bsc#1101816) - i40e: make use of i40e_vc_disable_vf (bsc#1101816) - i40e: mark PM functions as __maybe_unused (bsc#1101816) - i40e: move AUTO_DISABLED flags into the state field (bsc#1101816) - i40e: move I40E_FLAG_FILTER_SYNC to a state bit (bsc#1101816) - i40e: move I40E_FLAG_TEMP_LINK_POLLING to state field (bsc#1101816) - i40e: move I40E_FLAG_TEMP_LINK_POLLING to state field (bsc#1101816) - i40e: move I40E_FLAG_UDP_FILTER_SYNC to the state field (bsc#1101816) - i40e: move I40E_FLAG_UDP_FILTER_SYNC to the state field (bsc#1101816) - i40e: move client flags into state bits (bsc#1101816) - i40e: prevent service task from running while we're suspended (bsc#1101816) - i40e: prevent service task from running while we're suspended (bsc#1101816) - i40e: re-enable PTP L4 capabilities for XL710 if FW >6.0 (bsc#1101816) - i40e: re-enable PTP L4 capabilities for XL710 if FW >6.0 (bsc#1101816) - i40e: re-number feature flags to remove gaps (bsc#1101816) - i40e: redfine I40E_PHY_TYPE_MAX (bsc#1101816) - i40e: reduce lrxqthresh from 2 to 1 (bsc#1101816) - i40e: refactor FW version checking (bsc#1101816) - i40e: refactor promisc_changed in i40e_sync_vsi_filters (bsc#1101816) - i40e: refactor promisc_changed in i40e_sync_vsi_filters (bsc#1101816) - i40e: relax warning message in case of version mismatch (bsc#1101816) - i40e: relax warning message in case of version mismatch (bsc#1101816) - i40e: remove duplicate pfc stats (bsc#1101816) - i40e: remove i40e_fcoe files (bsc#1101816) - i40e: remove ifdef SPEED_25000 (bsc#1101816) - i40e: remove logically dead code (bsc#1101816) - i40e: remove redundant initialization of read_size (bsc#1101816) - i40e: rename 'change' variable to 'autoneg_changed' (bsc#1101816) - i40e: rename 'cmd' variables in ethtool interface (bsc#1101816) - i40e: restore TCPv4 input set when re-enabling ATR (bsc#1101816) - i40e: restore promiscuous after reset (bsc#1101816) - i40e: shutdown all IRQs and disable MSI-X when suspended (bsc#1101816) - i40e: shutdown all IRQs and disable MSI-X when suspended (bsc#1101816) - i40e: simplify member variable accesses (bsc#1101816) - i40e: split i40e_get_strings() into smaller functions (bsc#1101816) - i40e: split i40e_get_strings() into smaller functions (bsc#1101816) - i40e: stop using cmpxchg flow in i40e_set_priv_flags() (bsc#1101816) - i40e: stop using cmpxchg flow in i40e_set_priv_flags() (bsc#1101816) - i40e: track filter type statistics when deleting invalid filters (bsc#1101816) - i40e: track filter type statistics when deleting invalid filters (bsc#1101816) - i40e: track id can be 0 (bsc#1101816) - i40e: update VFs of link state after GET_VF_RESOURCES (bsc#1101816) - i40e: update VFs of link state after GET_VF_RESOURCES (bsc#1101816) - i40e: update data pointer directly when copying to the buffer (bsc#1101816) - i40e: update data pointer directly when copying to the buffer (bsc#1101816) - i40e: use WARN_ONCE to replace the commented BUG_ON size check (bsc#1101816) - i40e: use WARN_ONCE to replace the commented BUG_ON size check (bsc#1101816) - i40e: use a local variable instead of calculating multiple times (bsc#1101816) - i40e: use a local variable instead of calculating multiple times (bsc#1101816) - i40e: use admin queue for setting LEDs behavior (bsc#1101816) - i40e: use newer generic PM support instead of legacy PM callbacks (bsc#1101816) - i40e: use newer generic PM support instead of legacy PM callbacks (bsc#1101816) - i40e: use separate state bit for miscellaneous IRQ setup (bsc#1101816) - i40e: use separate state bit for miscellaneous IRQ setup (bsc#1101816) - i40e: use the more traditional 'i' loop variable (bsc#1101816) - i40evf: Allow turning off offloads when the VF has VLAN set (bsc#1101816) - i40evf: Allow turning off offloads when the VF has VLAN set (bsc#1101816) - i40evf: Clean-up flags for promisc mode to avoid high polling rate (bsc#1101816) - i40evf: Clean-up flags for promisc mode to avoid high polling rate (bsc#1101816) - i40evf: Correctly populate rxitr_idx and txitr_idx (bsc#1101816) - i40evf: Do not clear MSI-X PBA manually (bsc#1101816) - i40evf: Drop i40evf_fire_sw_int as it is prone to races (bsc#1101816) - i40evf: Drop i40evf_fire_sw_int as it is prone to races (bsc#1101816) - i40evf: Enable VF to request an alternate queue allocation (bsc#1101816) - i40evf: Enable VF to request an alternate queue allocation (bsc#1101816) - i40evf: Fix a hardware reset support in VF driver (bsc#1101816) - i40evf: Fix double locking the same resource (bsc#1101816) - i40evf: Fix link up issue when queues are disabled (bsc#1101816) - i40evf: Fix turning TSO, GSO and GRO on after (bsc#1101816) - i40evf: Make VF reset warning message more clear (bsc#1101816) - i40evf: Replace GFP_ATOMIC with GFP_KERNEL in i40evf_add_vlan (bsc#1101816) - i40evf: Replace GFP_ATOMIC with GFP_KERNEL in i40evf_add_vlan (bsc#1101816) - i40evf: Use an iterator of the same type as the list (bsc#1101816) - i40evf: Use an iterator of the same type as the list (bsc#1101816) - i40evf: enable support for VF VLAN tag stripping control (bsc#1101816) - i40evf: enable support for VF VLAN tag stripping control (bsc#1101816) - i40evf: fix client notify of l2 params (bsc#1101816) - i40evf: fix ring to vector mapping (bsc#1101816) - i40evf: hold the critical task bit lock while opening (bsc#1101816) - i40evf: hold the critical task bit lock while opening (bsc#1101816) - i40evf: lower message level (bsc#1101816) - i40evf: release bit locks in reverse order (bsc#1101816) - i40evf: remove flags that are never used (bsc#1101816) - i40evf: remove flush_scheduled_work call in i40evf_remove (bsc#1101816) - i40evf: remove flush_scheduled_work call in i40evf_remove (bsc#1101816) - i40evf: use GFP_ATOMIC under spin lock (bsc#1101816) - i40evf: use __dev_c_sync routines in .set_rx_mode (bsc#1101816) - i40evf: use spinlock to protect (mac|vlan)_filter_list (bsc#1101816) - i40evf: use spinlock to protect (mac|vlan)_filter_list (bsc#1101816) - i40iw: Fix memory leak in error path of create QP (bsc#1058659) - i40iw: Refactor of driver generated AEs (bsc#1058659) - i40iw: Tear-down connection after CQP Modify QP failure (bsc#1058659) - i40iw: Tear-down connection after CQP Modify QP failure (bsc#1058659) - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#1058659) - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#1058659) - ib/Hfi1: Read CCE Revision register to verify the device is responsive (bsc#1096793) - ib/Hfi1: Read CCE Revision register to verify the device is responsive (bsc#1096793) - ib/core: Fix error code for invalid GID entry (bsc#1046306) - ib/core: Honor port_num while resolving GID for IB link layer (bsc#1046306) - ib/core: Honor port_num while resolving GID for IB link layer (bsc#1046306) - ib/core: Make ib_mad_client_id atomic (bsc#1046306) - ib/core: Make testing MR flags for writability a static inline function (bsc#1046306) - ib/core: Make testing MR flags for writability a static inline function (bsc#1046306) - ib/core: Remove duplicate declaration of gid_cache_wq (bsc#1046306) - ib/core: Remove duplicate declaration of gid_cache_wq (bsc#1046306) - ib/hfi1 Use correct type for num_user_context (bsc#1096793) - ib/hfi1: Add a safe wrapper for _rcd_get_by_index (bsc#1096793) - ib/hfi1: Add bypass register defines and replace blind constants (bsc#1060463) - ib/hfi1: Add bypass register defines and replace blind constants (bsc#1060463) - ib/hfi1: Add tx_opcode_stats like the opcode_stats (bsc#1096793) - ib/hfi1: Complete check for locally terminated smp (bsc#1096793) - ib/hfi1: Compute BTH only for rdma_WRITE_LAST/SEND_LAST packet (bsc#1096793) - ib/hfi1: Compute BTH only for rdma_WRITE_LAST/SEND_LAST packet (bsc#1096793) - ib/hfi1: Convert PortXmitWait/PortVLXmitWait counters to flit times (bsc#1096793) - ib/hfi1: Convert PortXmitWait/PortVLXmitWait counters to flit times (bsc#1096793) - ib/hfi1: Create common functions for affinity CPU mask operations (bsc#1096793) - ib/hfi1: Create common functions for affinity CPU mask operations (bsc#1096793) - ib/hfi1: Do not allocate PIO send contexts for VNIC (bsc#1096793) - ib/hfi1: Do not modify num_user_contexts module parameter (bsc#1096793) - ib/hfi1: Do not modify num_user_contexts module parameter (bsc#1096793) - ib/hfi1: Do not override given pcie_pset value (bsc#1096793) - ib/hfi1: Ensure VL index is within bounds (bsc#1096793) - ib/hfi1: Fix a wrapping test to insure the correct timeout (bsc#1096793) - ib/hfi1: Fix a wrapping test to insure the correct timeout (bsc#1096793) - ib/hfi1: Fix fault injection init/exit issues (bsc#1060463) - ib/hfi1: Fix for early release of sdma context (bsc#1096793) - ib/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values (bsc#1060463) - ib/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values (bsc#1060463) - ib/hfi1: Fix loss of BECN with AHG (bsc#1096793) - ib/hfi1: Fix memory leak in exception path in get_irq_affinity() (bsc#1096793) - ib/hfi1: Fix memory leak in exception path in get_irq_affinity() (bsc#1096793) - ib/hfi1: Fix serdes loopback set-up (bsc#1096793) - ib/hfi1: Fix user context tail allocation for DMA_RTAIL (bsc#1060463) - ib/hfi1: Fix user context tail allocation for DMA_RTAIL (bsc#1060463) - ib/hfi1: Handle initial value of 0 for CCTI setting (bsc#1096793) - ib/hfi1: Inline common calculation (bsc#1096793) - ib/hfi1: Insure int mask for in-kernel receive contexts is clear (bsc#1096793) - ib/hfi1: Insure int mask for in-kernel receive contexts is clear (bsc#1096793) - ib/hfi1: Look up ibport using a pointer in receive path (bsc#1096793) - ib/hfi1: Look up ibport using a pointer in receive path (bsc#1096793) - ib/hfi1: Optimize kthread pointer locking when queuing CQ entries (bsc#1096793) - ib/hfi1: Optimize kthread pointer locking when queuing CQ entries (bsc#1096793) - ib/hfi1: Optimize packet type comparison using 9B and bypass code paths (bsc#1096793) - ib/hfi1: Optimize packet type comparison using 9B and bypass code paths (bsc#1096793) - ib/hfi1: Prevent LNI hang when LCB can't obtain lanes (bsc#1096793) - ib/hfi1: Prevent LNI hang when LCB can't obtain lanes (bsc#1096793) - ib/hfi1: Prohibit invalid Init to Armed state transition (bsc#1096793) - ib/hfi1: Prohibit invalid Init to Armed state transition (bsc#1096793) - ib/hfi1: Race condition between user notification and driver state (bsc#1096793) - ib/hfi1: Race condition between user notification and driver state (bsc#1096793) - ib/hfi1: Refactor assign_ctxt() IOCTL (bsc#1096793) - ib/hfi1: Refactor get_base_info (bsc#1096793) - ib/hfi1: Refactor get_ctxt_info (bsc#1096793) - ib/hfi1: Refactor get_user() IOCTLs (bsc#1096793) - ib/hfi1: Refactor hfi_user_exp_rcv_clear() IOCTLs (bsc#1096793) - ib/hfi1: Refactor hfi_user_exp_rcv_invalid() IOCTLs (bsc#1096793) - ib/hfi1: Refactor hfi_user_exp_rcv_setup() IOCTL (bsc#1096793) - ib/hfi1: Remove unused hfi1_cpulist variables (bsc#1096793) - ib/hfi1: Reorder incorrect send context disable (bsc#1096793) - ib/hfi1: Return actual error value from program_rcvarray() (bsc#1060463) - ib/hfi1: Return actual error value from program_rcvarray() (bsc#1060463) - ib/hfi1: Return correct value for device state (bsc#1096793) - ib/hfi1: Send 'reboot' as planned down remote reason (bsc#1096793) - ib/hfi1: Send 'reboot' as planned down remote reason (bsc#1096793) - ib/hfi1: Set port number for errorinfo MAD response (bsc#1096793) - ib/hfi1: Show fault stats in both TX and RX directions (bsc#1096793) - ib/hfi1: Show fault stats in both TX and RX directions (bsc#1096793) - ib/hfi1: Update HFI to use the latest pci API (bsc#1096793) - ib/hfi1: Use after free race condition in send context error path (bsc#1096793) - ib/hfi1: Use after free race condition in send context error path (bsc#1096793) - ib/hfi1: Validate PKEY for incoming GSI MAD packets (bsc#1096793) - ib/ipoib: Change number of TX wqe to 64 (bsc#1096793) - ib/ipoib: Fix for notify send CQ failure messages (bsc#1096793) - ib/ipoib: Get rid of the tx_outstanding variable in all modes (bsc#1096793) - ib/ipoib: Get rid of the tx_outstanding variable in all modes (bsc#1096793) - ib/ipoib: Use NAPI in UD/TX flows (bsc#1096793) - ib/iser: Do not reduce max_sectors (bsc#1046306) - ib/isert: Fix for lib/dma_debug check_sync warning (bsc#1046306) - ib/isert: fix T10-pi check mask setting (bsc#1046306) - ib/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' (bsc#1046302) - ib/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' (bsc#1046302) - ib/mlx4: Mark user MR as writable if actual virtual memory is writable (bsc#1046302) - ib/mlx4: Mark user MR as writable if actual virtual memory is writable (bsc#1046302) - ib/mlx5: Fetch soft WQE's on fatal error state (bsc#1046305) - ib/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046305) - ib/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046305) - ib/qedr: Remove GID add/del dummy routines (bsc#1086314 bsc#1086313 bsc#1086301) - ib/qedr: Remove GID add/del dummy routines (bsc#1086314 bsc#1086313 bsc#1086301) - ib/rdmavt: Add trace for RNRNAK timer (bsc#1096793) - ib/rdmavt: No need to cancel RNRNAK retry timer when it is running (bsc#1096793) - ib/rdmavt: No need to cancel RNRNAK retry timer when it is running (bsc#1096793) - ib/rdmavt: Use correct numa node for SRQ allocation (bsc#1096793) - ib/rxe: Fix for oops in rxe_register_device on ppc64le arch (bsc#1046306) - ib/rxe: Fix for oops in rxe_register_device on ppc64le arch (bsc#1046306) - ib/rxe: add RXE_START_MASK for rxe_opcode IB_OPCODE_RC_SEND_ONLY_INV (bsc#1046306) - ib/rxe: add RXE_START_MASK for rxe_opcode IB_OPCODE_RC_SEND_ONLY_INV (bsc#1046306) - ib/rxe: avoid double kfree_skb (bsc#1046306) - ib/umem: Use the correct mm during ib_umem_release (bsc#1046306) - ib/uverbs: Fix possible oops with duplicate ioctl attributes (bsc#1046306) - ib/uverbs: Fix possible oops with duplicate ioctl attributes (bsc#1046306) - ib/{hfi1, qib}: Add handling of kernel restart (bsc#1096793) - ib/{hfi1, rdmavt}: Fix memory leak in hfi1_alloc_devdata() upon failure (bsc#1096793) - ib/{hfi1, rdmavt}: Fix memory leak in hfi1_alloc_devdata() upon failure (bsc#1096793) - ib/{rdmavt,hfi1}: Change hrtimer add to use pinned version (bsc#1096793) - ib/{rdmavt,hfi1}: Change hrtimer add to use pinned version (bsc#1096793) - ibmvnic: Fix error recovery on login failure (bsc#1101789) - ide: Make ide_cdrom_prep_fs() initialize the sense buffer pointer (bsc#1099918) - ide: ide-atapi: fix compile error with defining macro DEBUG (bsc#1099918) - ide:ide-cd: fix kernel panic resulting from missing scsi_req_init (bsc#1099918) - idr: fix invalid ptr dereference on item delete (bsc#1051510) - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() (networking-stable-18_03_28) - igb: Fix not adding filter elements to the list (bsc#1056651) - igb: Fix queue selection on MAC filters on i210 (bsc#1056651) - iio: BME280: Updates to Humidity readings need ctrl_reg write! (bsc#1051510) - iio: accel: st_accel: fix data-ready line configuration (bsc#1051510) - iio: accel: st_accel_i2c: fix i2c_device_id table (bsc#1051510) - iio: accel: st_accel_spi: fix spi_device_id table (bsc#1051510) - iio: ad7793: implement IIO_CHAN_INFO_SAMP_FREQ (bsc#1051510) - iio: adc: sun4i-gpadc-iio: fix unbalanced irq enable/disable (bsc#1051510) - iio: adc: twl4030: Return an error if we can not enable the vusb3v1 regulator in 'twl4030_madc_probe()' (bsc#1051510) - iio: buffer: fix the function signature to match implementation (bsc#1051510) - iio: gyro: st_gyro: fix L3GD20H support (bsc#1051510) - iio: humidity: hts221: remove warnings in hts221_parse_{temp,rh}_caldata() (bsc#1051510) - iio: imu: inv_mpu6050: test whoami first and against all known values (bsc#1051510) - iio: magnetometer: st_magn: fix drdy line configuration for LIS3MDL (bsc#1051510) - iio: magnetometer: st_magn_core: enable multiread by default for LIS3MDL (bsc#1051510) - iio: magnetometer: st_magn_spi: fix spi_device_id table (bsc#1051510) - iio: pressure: bmp280: fix relative humidity unit (bsc#1051510) - iio: pressure: st_pressure: fix drdy configuration for LPS22HB and LPS25H (bsc#1051510) - iio: pressure: zpa2326: Remove always-true check which confuses gcc (bsc#1051510) - iio: pressure: zpa2326: report interrupted case as failure (bsc#1051510) - iio: trigger: stm32-timer: fix quadrature mode get routine (bsc#1051510) - iio: trigger: stm32-timer: fix write_raw return value (bsc#1051510) - iio: tsl2583: correct values in integration_time_available (bsc#1051510) - iio:buffer: make length types match kfifo types (bsc#1051510) - iio:kfifo_buf: check for uint overflow (bsc#1051510) - infiniband: fix a possible use-after-free bug (bsc#1046306) - input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) acpi ID (bsc#1051510) - input: elan_i2c_smbus - fix more potential stack buffer overflows (bsc#1051510) - input: elantech - enable middle button of touchpads on ThinkPad P52 (bsc#1051510) - input: elantech - fix V4 report decoding for module with middle key (bsc#1051510) - input: xpad - fix GPD Win 2 controller name (bsc#1051510) - iommu/vt-d: Clear Page Request Overflow fault bit - iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034) - ip6_gre: better validate user provided tunnel names (networking-stable-18_04_10) - ip6_gre: init dev->mtu and dev->hard_header_len correctly (networking-stable-18_01_28) - ip6_tunnel: better validate user provided tunnel names (networking-stable-18_04_10) - ip6_tunnel: remove magic mtu value 0xFFF8 (networking-stable-18_06_08) - ip6mr: fix stale iterator (networking-stable-18_02_06) - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds (git-fixes) - ip_tunnel: better validate user provided tunnel names (networking-stable-18_04_10) - ipc/shm: fix use-after-free of shm file via remap_file_pages() (bnc#1102512) - ipmr: properly check rhltable_init() return value (networking-stable-18_06_08) - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY (networking-stable-18_01_28) - ipv4: fix fnhe usage by non-cached routes (networking-stable-18_05_15) - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg (networking-stable-18_05_15) - ipv4: remove warning in ip_recv_error (networking-stable-18_06_08) - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (networking-stable-18_03_07) - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy (networking-stable-18_04_26) - ipv6: allow PMTU exceptions to local routes (networking-stable-18_06_20) - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() (networking-stable-18_03_28) - ipv6: fix udpv6 sendmsg crash caused by too small MTU (networking-stable-18_01_28) - ipv6: old_dport should be a __be16 in __ip6_datagram_connect() (networking-stable-18_03_28) - ipv6: sit: better validate user provided tunnel names (networking-stable-18_04_10) - ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts (git-fixes) - ipv6: sr: fix NULL pointer dereference when setting encap source address (networking-stable-18_03_28) - ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline (networking-stable-18_06_08) - ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state (networking-stable-18_03_28) - ipv6: sr: fix seg6 encap performances with TSO enabled (networking-stable-18_04_10) - ipv6: the entire IPv6 header chain must fit the first fragment (networking-stable-18_04_10) - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis (bsc#1098401) - iw_cxgb4: Add ib_device->get_netdev support (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - iw_cxgb4: correctly enforce the max reg_mr depth (bsc#1046543) - iw_cxgb4: initialize ib_mr fields for user mrs (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - iwlwifi: fw: harden page loading code (bsc#1051510) - iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs (bsc#1051510) - ixgbe/fm10k: Record macvlan stats instead of Rx queue for macvlan offloaded rings (bsc#1101674) - ixgbe/fm10k: Record macvlan stats instead of Rx queue for macvlan offloaded rings (bsc#1101674) - ixgbe/ixgbevf: Free IRQ when pci error recovery removes the device (bsc#1101674) - ixgbe/ixgbevf: Free IRQ when pci error recovery removes the device (bsc#1101674) - ixgbe: Add receive length error counter (bsc#1101674) - ixgbe: Add support for macvlan offload RSS on X550 and clean-up pool handling (bsc#1101674) - ixgbe: Add support for macvlan offload RSS on X550 and clean-up pool handling (bsc#1101674) - ixgbe: Assume provided MAC filter has been verified by macvlan (bsc#1101674) - ixgbe: Assume provided MAC filter has been verified by macvlan (bsc#1101674) - ixgbe: Avoid to write the RETA table when unnecessary (bsc#1101674) - ixgbe: Avoid to write the RETA table when unnecessary (bsc#1101674) - ixgbe: Clear SWFW_SYNC register during init (bsc#1101674) - ixgbe: Default to 1 pool always being allocated (bsc#1101674) - ixgbe: Do not assume dev->num_tc is equal to hardware TC config (bsc#1101674) - ixgbe: Do not assume dev->num_tc is equal to hardware TC config (bsc#1101674) - ixgbe: Do not manipulate macvlan Tx queues when performing macvlan offload (bsc#1101674) - ixgbe: Do not manipulate macvlan Tx queues when performing macvlan offload (bsc#1101674) - ixgbe: Do not report unsupported timestamping filters for X550 (bsc#1101674) - ixgbe: Do not report unsupported timestamping filters for X550 (bsc#1101674) - ixgbe: Drop l2_accel_priv data pointer from ring struct (bsc#1101674) - ixgbe: Drop l2_accel_priv data pointer from ring struct (bsc#1101674) - ixgbe: Drop support for macvlan specific unicast lists (bsc#1101674) - ixgbe: Drop support for macvlan specific unicast lists (bsc#1101674) - ixgbe: Fix handling of macvlan Tx offload (bsc#1101674) - ixgbe: Fix interaction between SR-IOV and macvlan offload (bsc#1101674) - ixgbe: Fix interaction between SR-IOV and macvlan offload (bsc#1101674) - ixgbe: Fix kernel-doc format warnings (bsc#1101674) - ixgbe: Fix limitations on macvlan so we can support up to 63 offloaded devices (bsc#1101674) - ixgbe: Fix limitations on macvlan so we can support up to 63 offloaded devices (bsc#1101674) - ixgbe: Fix logical operators typo (bsc#1101674) - ixgbe: Fix setting of TC configuration for macvlan case (bsc#1101674) - ixgbe: Fix setting of TC configuration for macvlan case (bsc#1101674) - ixgbe: Perform reinit any time number of VFs change (bsc#1101674) - ixgbe: Remove an obsolete comment about ITR (bsc#1101674) - ixgbe: There is no need to update num_rx_pools in L2 fwd offload (bsc#1101674) - ixgbe: There is no need to update num_rx_pools in L2 fwd offload (bsc#1101674) - ixgbe: Update adaptive ITR algorithm (bsc#1101674) - ixgbe: Use ring values to test for Tx pending (bsc#1101674) - ixgbe: add counter for times Rx pages gets allocated, not recycled (bsc#1101674) - ixgbe: add counter for times Rx pages gets allocated, not recycled (bsc#1101674) - ixgbe: add error checks when initializing the PHY (bsc#1101674) - ixgbe: add status reg reads to ixgbe_check_remove (bsc#1101674) - ixgbe: add support for reporting 5G link speed (bsc#1101674) - ixgbe: advertise highest capable link speed (bsc#1101674) - ixgbe: avoid bringing rings up/down as macvlans are added/removed (bsc#1101674) - ixgbe: avoid bringing rings up/down as macvlans are added/removed (bsc#1101674) - ixgbe: declare ixgbe_mac_operations structures as const (bsc#1101674) - ixgbe: declare ixgbe_mac_operations structures as const (bsc#1101674) - ixgbe: enable multicast on shutdown for WOL (bsc#1101674) - ixgbe: extend firmware version support (bsc#1101674) - ixgbe: fix crash when injecting AER after failed reset (bsc#1101674) - ixgbe: fix crash when injecting AER after failed reset (bsc#1101674) - ixgbe: fix disabling hide VLAN on VF reset (bsc#1101674) - ixgbe: fix possible race in reset subtask (bsc#1101674) - ixgbe: fix read-modify-write in x550 phy setup (bsc#1101674) - ixgbe: fix the FWSM.PT check in ixgbe_mng_present() (bsc#1101674) - ixgbe: force VF to grab new MAC on driver reload (bsc#1101674) - ixgbe: introduce a helper to simplify code (bsc#1101674) - ixgbe: remove redundant initialization of 'pool' (bsc#1101674) - ixgbe: remove unused enum latency_range (bsc#1101674) - ixgbe: restore normal RSS after last macvlan offload is removed (bsc#1101674) - ixgbe: restore normal RSS after last macvlan offload is removed (bsc#1101674) - ixgbe: return error on unsupported SFP module when resetting (bsc#1101674) - ixgbe: return error on unsupported SFP module when resetting (bsc#1101674) - ixgbe: split Tx/Rx ring clearing for ethtool loopback test (bsc#1101674) - ixgbe: split Tx/Rx ring clearing for ethtool loopback test (bsc#1101674) - ixgbe: use ARRAY_SIZE for array sizing calculation on array buf (bsc#1101674) - ixgbe: use ARRAY_SIZE for array sizing calculation on array buf (bsc#1101674) - ixgbevf: Fix kernel-doc format warnings (bsc#1101674) - ixgbevf: add build_skb support (bsc#1101674) - ixgbevf: add counters for Rx page allocations (bsc#1101674) - ixgbevf: add ethtool private flag for legacy Rx (bsc#1101674) - ixgbevf: add function for checking if we can reuse page (bsc#1101674) - ixgbevf: add function for checking if we can reuse page (bsc#1101674) - ixgbevf: add support for DMA_ATTR_SKIP_CPU_SYNC/WEAK_ORDERING (bsc#1101674) - ixgbevf: add support for DMA_ATTR_SKIP_CPU_SYNC/WEAK_ORDERING (bsc#1101674) - ixgbevf: add support for padding packet (bsc#1101674) - ixgbevf: add support for using order 1 pages to receive large frames (bsc#1101674) - ixgbevf: add support for using order 1 pages to receive large frames (bsc#1101674) - ixgbevf: allocate the rings as part of q_vector (bsc#1101674) - ixgbevf: break out Rx buffer page management (bsc#1101674) - ixgbevf: clear rx_buffer_info in configure instead of clean (bsc#1101674) - ixgbevf: clear rx_buffer_info in configure instead of clean (bsc#1101674) - ixgbevf: do not bother clearing tx_buffer_info in ixgbevf_clean_tx_ring() (bsc#1101674) - ixgbevf: do not bother clearing tx_buffer_info in ixgbevf_clean_tx_ring() (bsc#1101674) - ixgbevf: fix MAC address changes through ixgbevf_set_mac() (bsc#1101674) - ixgbevf: fix MAC address changes through ixgbevf_set_mac() (bsc#1101674) - ixgbevf: fix ixgbevf_xmit_frame()'s return type (bsc#1101674) - ixgbevf: fix possible race in the reset subtask (bsc#1101674) - ixgbevf: fix unused variable warning (bsc#1101674) - ixgbevf: improve performance and reduce size of ixgbevf_tx_map() (bsc#1101674) - ixgbevf: improve performance and reduce size of ixgbevf_tx_map() (bsc#1101674) - ixgbevf: make sure all frames fit minimum size requirements (bsc#1101674) - ixgbevf: make sure all frames fit minimum size requirements (bsc#1101674) - ixgbevf: only DMA sync frame length (bsc#1101674) - ixgbevf: remove redundant initialization of variable 'dma' (bsc#1101674) - ixgbevf: remove redundant initialization of variable 'dma' (bsc#1101674) - ixgbevf: remove redundant setting of xcast_mode (bsc#1101674) - ixgbevf: setup queue counts (bsc#1101674) - ixgbevf: update code to better handle incrementing page count (bsc#1101674) - ixgbevf: update code to better handle incrementing page count (bsc#1101674) - ixgbevf: use ARRAY_SIZE for various array sizing calculations (bsc#1101674) - ixgbevf: use ARRAY_SIZE for various array sizing calculations (bsc#1101674) - ixgbevf: use length to determine if descriptor is done (bsc#1101674) - ixgbevf: use length to determine if descriptor is done (bsc#1101674) - ixgbevf: use page_address offset from page (bsc#1101674) - jump_label: Add branch hints to static_branch_{un,}likely() (bnc#1101669 optimise numa balancing for fast migrate) - kABI fixes for nvme-if_ready-checks-fail-io-to-deleting-controll.patch (bsc#1077989) - kABI fixes for qla2xxx-Fix-inconsistent-DMA-mem-alloc-free.patch (bsc#1077989) - kABI: protect ife_tlv_meta_decode (kabi) - kABI: protect struct cstate (kabi) - kabi cxgb4 MU (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - kabi mlx5 hide cpu_rmap (bsc#1046303) - kabi mvpp2 10gkr support (bsc#1098633) - kabi protect fwnode_handle (bsc#1098633) - kabi/severities: add nvdimm internal symbols to kabi ignore list - kabi/severities: add qed inter module symbols to kabi ignore list - kcm: Fix use-after-free caused by clonned sockets (networking-stable-18_06_08) - kcm: lock lower socket in kcm_attach (networking-stable-18_03_28) - kconfig: Avoid format overflow warning from GCC 8.1 (bsc#1051510) - kconfig: Do not leak main menus during parsing (bsc#1051510) - kconfig: Fix automatic menu creation mem leak (bsc#1051510) - kconfig: Fix expr_free() E_NOT leak (bsc#1051510) - kernel/params.c: downgrade warning for unsafe parameters (bsc#1051510) - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (bsc#1051510) - keys: DNS: fix parsing multiple options (bsc#1051510) - keys: DNS: limit the length of option strings (networking-stable-18_04_26) - kmod: fix wait on recursive loop (bsc#1099792) - kmod: reduce atomic operations on kmod_concurrent and simplify (bsc#1099792) - kmod: throttle kmod thread limit (bsc#1099792) - kobject: do not use WARN for registration failures (bsc#1051510) - kvm: PPC: Check if IOMMU page is contained in the pinned physical page (bsc#1077761, git-fixes) - kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183) - kvm: x86: fix vcpu initialization with userspace lapic (bsc#1101564) - kvm: x86: move LAPIC initialization after VMCS creation (bsc#1101564) - l2tp: check sockaddr length in pppol2tp_connect() (networking-stable-18_04_26) - lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) (networking-stable-18_04_10) - lib/kobject: Join string literals back (bsc#1051510) - lib/string_helpers: Add missed declaration of struct task_struct (bsc#1099918) - lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly (bsc#1051510) - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bsc#1051510) - libata: Blacklist some Sandisk SSDs for NCQ (bsc#1051510) - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bsc#1051510) - libata: blacklist Micron 500IT SSD with MU01 firmware (bsc#1051510) - libata: zpodd: make arrays cdb static, reduces object code size (bsc#1051510) - libata: zpodd: small read overflow in eject_tray() (bsc#1051510) - libnvdimm, label: fix index block size calculation (bsc#1102147) - libnvdimm, pmem: Add sysfs notifications to badblocks - libnvdimm, pmem: Do not flush power-fail protected CPU caches (bsc#1091424) - libnvdimm, pmem: Unconditionally deep flush on *sync (bsc#1091424) - libnvdimm, region, pmem: fix 'badblocks' sysfs_get_dirent() reference lifetime - libnvdimm, region, pmem: fix 'badblocks' sysfs_get_dirent() reference lifetime - libnvdimm: add an api to cast a 'struct nd_region' to its 'struct device' (bsc#1094119) - llc: better deal with too small mtu (networking-stable-18_05_15) - llc: delete timers synchronously in llc_sk_free() (networking-stable-18_04_26) - llc: fix NULL pointer deref for SOCK_ZAPPED (networking-stable-18_04_26) - llc: hold llc_sap before release_sock() (networking-stable-18_04_26) - locking/qspinlock: Ensure node is initialised before updating prev->next (bsc#1050549) - locking/qspinlock: Ensure node->count is updated before initialising node (bsc#1050549) - locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath() (bsc#1050549) - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak (bsc#1051510) - macros.kernel-source: define linux_arch for KMPs (boo#1098050). CONFIG_64BIT is no longer defined so KMP spec files need to include %{?linux_make_arch} in any make call to build modules or descent into the kernel directory for any reason - macvlan: filter out unsupported feature flags (networking-stable-18_03_28) - macvlan: fix memory hole in macvlan_dev (bsc#1099918) - macvlan: remove unused fields in struct macvlan_dev (bsc#1099918) - mailbox: PCC: erroneous error message when parsing acpi PCCT (bsc#1096330) - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush sequence (bsc#1051510) - mailbox: bcm-flexrm-mailbox: Fix mask used in CMPL_START_ADDR_VALUE() (bsc#1051510) - mailbox: bcm2835: Fix of_xlate return value (bsc#1051510) - mailbox: mailbox-test: do not rely on rx_buffer content to signal data ready (bsc#1051510) - mdio-sun4i: Fix a memory leak (bsc#1051510) - media: coda/imx-vdoa: Check for platform_get_resource() error (bsc#1051510) - media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bsc#1051510) - media: cx25840: Use subdev host data for PLL override (bsc#1051510) - media: cx88: Get rid of spurious call to cx8800_start_vbi_dma() (bsc#1051510) - media: cxusb: restore RC_MAP for MyGica T230 (bsc#1051510) - media: dt-bindings: media: rcar_vin: Use status "okay" (bsc#1051510) - media: dvb-core: always call invoke_release() in fe_free() (bsc#1051510) - media: dvb_frontend: fix ifnullfree.cocci warnings (bsc#1051510) - media: dvb_frontend: fix locking issues at dvb_frontend_get_event() (bsc#1051510) - media: dvb_frontend: only use kref after initialized (bsc#1051510) - media: dvb_net: ensure that dvb_net_ule_handle is fully initialized (bsc#1051510) - media: mxl111sf: Fix potential null pointer dereference (bsc#1051510) - media: omap3isp/isp: remove an unused static var (bsc#1051510) - media: s5p-jpeg: fix number of components macro (bsc#1051510) - media: s5p-mfc: Fix lock contention - request_firmware() once (bsc#1051510) - media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918) - media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bsc#1051510) - media: uvcvideo: Support realtek's UVC 1.5 device (bsc#1099109) - media: v4l2-compat-ioctl32: prevent go past max size (bsc#1051510) - media: vivid: potential integer overflow in vidioc_g_edid() (bsc#1051510) - mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock (bsc#1051510) - mfd: intel-lpss: Program REMAP register in PIO mode (bsc#1051510) - mfd: tps65218: Reorder tps65218_regulator_id enum (bsc#1051510) - mfd: tps65911-comparator: Fix a build error (bsc#1051510) - mfd: tps65911-comparator: Fix an off by one bug (bsc#1051510) - mlxsw: spectrum: Forbid creation of VLAN 1 over port/LAG (networking-stable-18_06_08) - mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic (networking-stable-18_03_28) - mlxsw: spectrum_router: Do not log an error on missing neighbor (networking-stable-18_01_28) - mlxsw: spectrum_router: Fix error path in mlxsw_sp_vr_create (networking-stable-18_03_07) - mlxsw: spectrum_switchdev: Check success of FDB add operation (networking-stable-18_03_07) - mm, oom_reaper: skip mm structs with mmu notifiers (bsc#1099918) - mm/pkeys, powerpc, x86: Provide an empty vma_pkey() in linux/pkeys.h (, bsc#1078248) - mm/pkeys, powerpc, x86: Provide an empty vma_pkey() in linux/pkeys.h (bsc#1078248) - mm/pkeys, x86, powerpc: Display pkey in smaps if arch supports pkeys (, bsc#1078248) - mm/pkeys, x86, powerpc: Display pkey in smaps if arch supports pkeys (bsc#1078248) - mm/pkeys: Add an empty arch_pkeys_enabled() (, bsc#1078248) - mm/pkeys: Add an empty arch_pkeys_enabled() (bsc#1078248) - mm/pkeys: Remove include of asm/mmu_context.h from pkeys.h (, bsc#1078248) - mm/pkeys: Remove include of asm/mmu_context.h from pkeys.h (bsc#1078248) - mmc: Downgrade printk level for MMC SDHCI host version error (bsc#1097941) - mmc: cavium: Fix use-after-free in of_platform_device_destroy (bsc#1051510) - mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433 (bsc#1051510) - mmc: dw_mmc: fix card threshold control configuration (bsc#1051510) - mmc: meson-gx: remove CLK_DIVIDER_ALLOW_ZERO clock flag (bsc#1051510) - mmc: sdhci-msm: fix issue with power irq (bsc#1051510) - mmc: sdhci-of-esdhc: disable SD clock for clock value 0 (bsc#1051510) - mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec (bsc#1051510) - mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb (bsc#1051510) - mmc: sdhci-xenon: Fix clock resource by adding an optional bus clock (bsc#1051510) - mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable (bsc#1051510) - mmc: tmio: remove outdated comment (bsc#1051510) - modsign: log module name in the event of an error (bsc#1093666) - modsign: print module name along with error message (bsc#1093666) - module: make it clear when we're handling the module copy in info->hdr (bsc#1093666) - module: setup load info before module_sig_check() (bsc#1093666) - mq-deadline: Enable auto-loading when built as module (bsc#1099918) - mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS (bsc#1099918) - mtd: jedec_probe: Fix crash in jedec_read_mfr() (bsc#1099918) - mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0 (bsc#1099918) - mtd: partitions: add helper for deleting partition (bsc#1099918) - mtd: partitions: remove sysfs files when deleting all master's partitions (bsc#1099918) - mvpp2: fix multicast address filter (bsc#1098633) - n_tty: Access echo_* variables carefully (bsc#1051510) - n_tty: Fix stall at n_tty_receive_char_special() (bsc#1051510) - nbd: do not start req until after the dead connection logic (bsc#1099918) - nbd: fix -ERESTARTSYS handling (bsc#1099918) - nbd: fix nbd device deletion (bsc#1099918) - nbd: fix return value in error handling path (bsc#1099918) - nbd: wait uninterruptible for the dead timeout (bsc#1099918) - net sched actions: fix refcnt leak in skbmod (networking-stable-18_05_15) - net-sysfs: Fix memory leak in XPS configuration (networking-stable-18_06_08) - net/ipv6: Fix route leaking between VRFs (networking-stable-18_04_10) - net/ipv6: Increment OUTxxx counters after netfilter hook (networking-stable-18_04_10) - net/iucv: Free memory obtained by kzalloc (networking-stable-18_03_28) - net/mlx4: Fix irq-unsafe spinlock usage (networking-stable-18_06_08) - net/mlx4_core: Fix error handling in mlx4_init_port_info (bsc#1046300) - net/mlx4_core: Fix error handling in mlx4_init_port_info (bsc#1046300) - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bsc#1046300) - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bsc#1046300) - net/mlx4_en: Do not reuse RX page when XDP is set (bsc#1046299) - net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()' (networking-stable-18_05_15) - net/mlx4_en: Verify coalescing parameters are in range (networking-stable-18_05_15) - net/mlx5: Adjust clock overflow work period (bsc#1046303) - net/mlx5: E-Switch, Include VF rdma stats in vport statistics (networking-stable-18_05_15) - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303) - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303) - net/mlx5: FPGA, Call DMA unmap with the right size (bsc#1046303) - net/mlx5: Fix command interface race in polling mode (bsc#1046300) - net/mlx5: Fix command interface race in polling mode (bsc#1046300) - net/mlx5: Fix dump_command mailbox length printed (bsc#1046303) - net/mlx5: Fix incorrect raw command length parsing (bsc#1046300) - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#1046300) - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#1046300) - net/mlx5: Free IRQs in shutdown path (bsc#1046303) - net/mlx5: IPSec, Fix a race between concurrent sandbox QP commands (bsc#1046303) - net/mlx5: IPSec, Fix a race between concurrent sandbox QP commands (bsc#1046303) - net/mlx5: Properly deal with flow counters when deleting rules (bsc#1046303) - net/mlx5: Properly deal with flow counters when deleting rules (bsc#1046303) - net/mlx5: Protect from command bit overflow (bsc#1046303) - net/mlx5: Refactor num of blocks in mailbox calculation (bsc#1046303) - net/mlx5: Refactor num of blocks in mailbox calculation (bsc#1046303) - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303) - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303) - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1046303) - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1046303) - net/mlx5e: Do not attempt to dereference the ppriv struct if not being eswitch manager (bsc#1046300) - net/mlx5e: Do not attempt to dereference the ppriv struct if not being eswitch manager (bsc#1046300) - net/mlx5e: Err if asked to offload TC match on frag being first (networking-stable-18_05_15) - net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1046303) - net/mlx5e: Refine ets validation function (bsc#1075360) - net/mlx5e: Remove redundant vport context vlan update (bsc#1046303) - net/mlx5e: Remove redundant vport context vlan update (bsc#1046303) - net/mlx5e: TX, Use correct counter in dma_map error flow (networking-stable-18_05_15) - net/mlx5e: When RXFCS is set, add FCS data into checksum calculation (networking-stable-18_06_08) - net/packet: refine check for priv area size (networking-stable-18_06_08) - net/sched: act_simple: fix parsing of TCA_DEF_DATA (networking-stable-18_06_20) - net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used (bsc#1056787) - net/sched: cls_u32: fix cls_u32 on filter replace (networking-stable-18_03_07) - net/sched: fix NULL dereference in the error path of tcf_sample_init() (bsc#1056787) - net: Allow neigh contructor functions ability to modify the primary_key (networking-stable-18_01_28) - net: Fix hlist corruptions in inet_evict_bucket() (networking-stable-18_03_28) - net: Only honor ifindex in IP_PKTINFO if non-0 (networking-stable-18_03_28) - net: add rb_to_skb() and other rb tree helpers (bsc#1102340) - net: af_packet: fix race in PACKET_{R|T}X_RING (networking-stable-18_04_26) - net: cxgb3_main: fix potential Spectre v1 (bsc#1046533) - net: define the TSO header size in net/tso.h (bsc#1098633) - net: dsa: add error handling for pskb_trim_rcsum (networking-stable-18_06_20) - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred (networking-stable-18_03_28) - net: ethernet: davinci_emac: fix error handling in probe() (networking-stable-18_06_08) - net: ethernet: sun: niu set correct packet size in skb (networking-stable-18_05_15) - net: ethernet: ti: cpdma: correct error handling for chan create (networking-stable-18_06_08) - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface (networking-stable-18_03_28) - net: ethernet: ti: cpsw: fix net watchdog timeout (networking-stable-18_03_07) - net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode (networking-stable-18_05_15) - net: ethernet: ti: cpsw: fix tx vlan priority mapping (networking-stable-18_04_26) - net: ethtool: Add macro to clear a link mode setting (bsc#1101816) - net: ethtool: Add macro to clear a link mode setting (bsc#1101816) - net: fec: Fix unbalanced PM runtime calls (networking-stable-18_03_28) - net: fix deadlock while clearing neighbor proxy table (networking-stable-18_04_26) - net: fix possible out-of-bound read in skb_network_protocol() (networking-stable-18_04_10) - net: fool proof dev_valid_name() (networking-stable-18_04_10) - net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan (networking-stable-18_06_20) - net: ipv4: add missing RTA_TABLE to rtm_ipv4_policy (networking-stable-18_06_08) - net: ipv4: avoid unused variable warning for sysctl (git-fixes) - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (networking-stable-18_03_07) - net: ipv6: keep sk status consistent after datagram connect failure (networking-stable-18_03_28) - net: metrics: add proper netlink validation (networking-stable-18_06_08) - net: mvmdio: add xmdio xsmi support (bsc#1098633) - net: mvmdio: check the MII_ADDR_C45 bit is not set for smi operations (bsc#1098633) - net: mvmdio: introduce an ops structure (bsc#1098633) - net: mvmdio: put the poll intervals in the ops structure (bsc#1098633) - net: mvmdio: remove duplicate locking (bsc#1098633) - net: mvmdio: reorder headers alphabetically (bsc#1098633) - net: mvmdio: simplify the smi read and write error paths (bsc#1098633) - net: mvmdio: use GENMASK for masks (bsc#1098633) - net: mvmdio: use tabs for defines (bsc#1098633) - net: mvpp2: Add hardware offloading for VLAN filtering (bsc#1098633) - net: mvpp2: Add support for unicast filtering (bsc#1098633) - net: mvpp2: Do not use dynamic allocs for local variables (bsc#1098633) - net: mvpp2: Fix DMA address mask size (bsc#1098633) - net: mvpp2: Fix TCAM filter reserved range (bsc#1098633) - net: mvpp2: Fix clk error path in mvpp2_probe (bsc#1098633) - net: mvpp2: Fix clock resource by adding an optional bus clock (bsc#1098633) - net: mvpp2: Fix clock resource by adding missing mg_core_clk (bsc#1098633) - net: mvpp2: Fix parser entry init boundary check (bsc#1098633) - net: mvpp2: Make mvpp2_prs_hw_read a parser entry init function (bsc#1098633) - net: mvpp2: Prevent userspace from changing TX affinities (bsc#1098633) - net: mvpp2: Simplify MAC filtering function parameters (bsc#1098633) - net: mvpp2: Use relaxed I/O in data path (bsc#1098633) - net: mvpp2: add comments about smp_processor_id() usage (bsc#1098633) - net: mvpp2: add ethtool GOP statistics (bsc#1098633) - net: mvpp2: add support for TX interrupts and RX queue distribution modes (bsc#1098633) - net: mvpp2: adjust the coalescing parameters (bsc#1098633) - net: mvpp2: align values in ethtool get_coalesce (bsc#1098633) - net: mvpp2: allocate zeroed tx descriptors (bsc#1098633) - net: mvpp2: check ethtool sets the Tx ring size is to a valid min value (bsc#1098633) - net: mvpp2: cleanup probed ports in the probe error path (bsc#1098633) - net: mvpp2: do not call txq_done from the Tx path when Tx irqs are used (bsc#1098633) - net: mvpp2: do not disable GMAC padding (bsc#1098633) - net: mvpp2: do not select the internal source clock (bsc#1098633) - net: mvpp2: do not set GMAC autoneg when using XLG MAC (bsc#1098633) - net: mvpp2: do not sleep in set_rx_mode (bsc#1098633) - net: mvpp2: do not unmap TSO headers buffers (bsc#1098633) - net: mvpp2: dynamic reconfiguration of the comphy/GoP/MAC (bsc#1098633) - net: mvpp2: enable UDP/TCP checksum over IPv6 (bsc#1098633) - net: mvpp2: enable acpi support in the driver (bsc#1098633) - net: mvpp2: enable basic 10G support (bsc#1098633) - net: mvpp2: fallback using h/w and random mac if the dt one isn't valid (bsc#1098633) - net: mvpp2: fix GOP statistics loop start and stop conditions (bsc#1098633) - net: mvpp2: fix MVPP21_ISR_RXQ_GROUP_REG definition (bsc#1098633) - net: mvpp2: fix TSO headers allocation and management (bsc#1098633) - net: mvpp2: fix invalid parameters order when calling the tcam init (bsc#1098633) - net: mvpp2: fix parsing fragmentation detection (bsc#1098633) - net: mvpp2: fix port list indexing (bsc#1098633) - net: mvpp2: fix the RSS table entry offset (bsc#1098633) - net: mvpp2: fix the packet size configuration for 10G (bsc#1098633) - net: mvpp2: fix the synchronization module bypass macro name (bsc#1098633) - net: mvpp2: fix the txq_init error path (bsc#1098633) - net: mvpp2: fix typo in the tcam setup (bsc#1098633) - net: mvpp2: fix use of the random mac address for PPv2.2 (bsc#1098633) - net: mvpp2: improve the link management function (bsc#1098633) - net: mvpp2: initialize the GMAC when using a port (bsc#1098633) - net: mvpp2: initialize the GoP (bsc#1098633) - net: mvpp2: initialize the RSS tables (bsc#1098633) - net: mvpp2: initialize the Tx FIFO size (bsc#1098633) - net: mvpp2: initialize the XLG MAC when using a port (bsc#1098633) - net: mvpp2: initialize the comphy (bsc#1098633) - net: mvpp2: introduce per-port nrxqs/ntxqs variables (bsc#1098633) - net: mvpp2: introduce queue_vector concept (bsc#1098633) - net: mvpp2: jumbo frames support (bsc#1098633) - net: mvpp2: limit TSO segments and use stop/wake thresholds (bsc#1098633) - net: mvpp2: make the phy optional (bsc#1098633) - net: mvpp2: move from cpu-centric naming to "software thread" naming (bsc#1098633) - net: mvpp2: move the mac retrieval/copy logic into its own function (bsc#1098633) - net: mvpp2: move the mii configuration in the ndo_open path (bsc#1098633) - net: mvpp2: mvpp2_check_hw_buf_num() can be static (bsc#1098633) - net: mvpp2: only free the TSO header buffers when it was allocated (bsc#1098633) - net: mvpp2: remove RX queue group reset code (bsc#1098633) - net: mvpp2: remove mvpp2_pool_refill() (bsc#1098633) - net: mvpp2: remove unused mvpp2_bm_cookie_pool_set() function (bsc#1098633) - net: mvpp2: remove useless goto (bsc#1098633) - net: mvpp2: report the tx-usec coalescing information to ethtool (bsc#1098633) - net: mvpp2: set maximum packet size for 10G ports (bsc#1098633) - net: mvpp2: set the Rx FIFO size depending on the port speeds for PPv2.2 (bsc#1098633) - net: mvpp2: simplify maintaining enabled ports' list (bsc#1098633) - net: mvpp2: simplify the Tx desc set DMA logic (bsc#1098633) - net: mvpp2: simplify the link_event function (bsc#1098633) - net: mvpp2: software tso support (bsc#1098633) - net: mvpp2: split the max ring size from the default one (bsc#1098633) - net: mvpp2: take advantage of the is_rgmii helper (bsc#1098633) - net: mvpp2: unify register definitions coding style (bsc#1098633) - net: mvpp2: unify the txq size define use (bsc#1098633) - net: mvpp2: update the BM buffer free/destroy logic (bsc#1098633) - net: mvpp2: use a data size of 10kB for Tx FIFO on port 0 (bsc#1098633) - net: mvpp2: use correct index on array mvpp2_pools (bsc#1098633) - net: mvpp2: use device_*/fwnode_* APIs instead of of_* (bsc#1098633) - net: mvpp2: use the GoP interrupt for link status changes (bsc#1098633) - net: mvpp2: use the aggr txq size define everywhere (bsc#1098633) - net: mvpp2: use the same buffer pool for all ports (bsc#1098633) - net: phy: Tell caller result of phy_change() (networking-stable-18_03_28) - net: phy: add XAUI and 10GBASE-KR PHY connection types (bsc#1098633) - net: phy: broadcom: Fix auxiliary control register reads (networking-stable-18_06_08) - net: phy: broadcom: Fix bcm_write_exp() (networking-stable-18_06_08) - net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620 (networking-stable-18_06_20) - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT (networking-stable-18_03_07) - net: qdisc_pkt_len_init() should be more robust (networking-stable-18_01_28) - net: qed: use correct strncpy() size (bsc#1086314 bsc#1086313 bsc#1086301) - net: qed: use correct strncpy() size (bsc#1086314 bsc#1086313 bsc#1086301) - net: qlge: use memmove instead of skb_copy_to_linear_data (bsc#1050529 bsc#1086319) - net: qlge: use memmove instead of skb_copy_to_linear_data (bsc#1050529 bsc#1086319) - net: sched: fix error path in tcf_proto_create() when modules are not configured (networking-stable-18_05_15) - net: sched: ife: check on metadata length (networking-stable-18_04_26) - net: sched: ife: handle malformed tlv length (networking-stable-18_04_26) - net: sched: ife: signal not finding metaid (networking-stable-18_04_26) - net: sched: red: avoid hashing NULL child (bsc#1056787) - net: sched: report if filter is too large to dump (networking-stable-18_03_07) - net: support compat 64-bit time in {s,g}etsockopt (networking-stable-18_05_15) - net: systemport: Rewrite __bcm_sysport_tx_reclaim() (networking-stable-18_03_28) - net: tcp: close sock if net namespace is exiting (networking-stable-18_01_28) - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (networking-stable-18_06_08) - net: validate attribute sizes in neigh_dump_table() (networking-stable-18_04_26) - net: vrf: Add support for sends to local broadcast address (networking-stable-18_01_28) - net_sched: fq: take care of throttled flows before reuse (networking-stable-18_05_15) - netdev-FAQ: clarify DaveM's position for stable backports (networking-stable-18_06_08) - netlink: avoid a double skb free in genlmsg_mcast() (git-fixes) - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (networking-stable-18_03_07) - netlink: extack needs to be reset each time through loop (networking-stable-18_01_28) - netlink: make sure nladdr has correct size in netlink_connect() (networking-stable-18_04_10) - netlink: reset extack earlier in netlink_rcv_skb (networking-stable-18_01_28) - nfc: llcp: Limit size of SDP URI (bsc#1051510) - nfc: nfcmrvl_uart: fix device-node leak during probe (bsc#1051510) - nfc: pn533: Fix wrong GFP flag usage (bsc#1051510) - nfc: pn533: do not send usb data off of the stack (bsc#1051510) - nfit, address-range-scrub: add module option to skip initial ars (bsc#1094119) - nfit, address-range-scrub: determine one platform max_ars value (bsc#1094119) - nfit, address-range-scrub: fix scrub in-progress reporting (bsc#1051510) - nfit, address-range-scrub: introduce nfit_spa->ars_state (bsc#1094119) - nfit, address-range-scrub: rework and simplify ARS state machine (bsc#1094119) - nfit: fix region registration vs block-data-window ranges (bsc#1051510) - nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1051510) - nfs: Revert "NFS: Move the flock open mode check into nfs_flock()" (bsc#1098983) - nfsv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") (git-fixes) - nl80211: relax ht operation checks for mesh (bsc#1051510) - nubus: Avoid array underflow and overflow (bsc#1099918) - nubus: Fix up header split (bsc#1099918) - nvme-fabrics: allow duplicate connections to the discovery controller (bsc#1098706) - nvme-fabrics: allow internal passthrough command on deleting controllers (bsc#1098706) - nvme-fabrics: centralize discovery controller defaults (bsc#1098706) - nvme-fabrics: fix and refine state checks in __nvmf_check_ready (bsc#1098706) - nvme-fabrics: handle the admin-only case properly in nvmf_check_ready (bsc#1098706) - nvme-fabrics: refactor queue ready check (bsc#1098706) - nvme-fabrics: remove unnecessary controller subnqn validation (bsc#1098706) - nvme-fc: change controllers first connect to use reconnect path (bsc#1098706) - nvme-fc: fix nulling of queue data on reconnect (bsc#1098706) - nvme-fc: release io queues to allow fast fail (bsc#1098706) - nvme-fc: remove reinit_request routine (bsc#1098706) - nvme-fc: remove setting DNR on exception conditions (bsc#1098706) - nvme-loop: add support for multiple ports (bsc#1054245) - nvme-multipath: fix sysfs dangerously created links (bsc#1096529) - nvme-rdma: Fix command completion race at error recovery (bsc#1099041) - nvme-rdma: correctly check for target keyed sgl support (bsc#1099041) - nvme-rdma: do not override opts->queue_size (bsc#1099041) - nvme-rdma: fix error flow during mapping request data (bsc#1099041) - nvme-rdma: fix possible double free condition when failing to create a controller (bsc#1099041) - nvme.h: add AEN configuration symbols (bsc#1054245) - nvme.h: add ANA definitions (bsc#1054245) - nvme.h: add support for the log specific field (bsc#1054245) - nvme.h: add the changed namespace list log (bsc#1054245) - nvme.h: untangle AEN notice definitions (bsc#1054245) - nvme/multipath: Disable runtime writable enabling parameter (bsc#1054245) - nvme/multipath: Fix multipath disabled naming collisions (bsc#1098706) - nvme: Fix sync controller reset return (bsc#1077989) - nvme: Revert "nvme: mark nvme_queue_scan static" (bsc#1054245) - nvme: Set integrity flag for user passthrough commands (bsc#1098706) - nvme: Skip checking heads without namespaces (bsc#1098706) - nvme: Use admin command effects for admin commands (bsc#1098706) - nvme: add ANA support (bsc#1054245) - nvme: add bio remapping tracepoint (bsc#1054245) - nvme: allow duplicate controller if prior controller being deleted (bsc#1098706) - nvme: centralize ctrl removal prints (bsc#1054245) - nvme: check return value of init_srcu_struct function (bsc#1098706) - nvme: cleanup double shift issue (bsc#1054245) - nvme: do not enable AEN if not supported (bsc#1077989) - nvme: do not hold nvmf_transports_rwsem for more than transport lookups (bsc#1054245) - nvme: do not rely on the changed namespace list log (bsc#1054245) - nvme: enforce 64bit offset for nvme_get_log_ext fn (bsc#1054245) - nvme: expand nvmf_check_if_ready checks (bsc#1098706) - nvme: fix NULL pointer dereference in nvme_init_subsystem (bsc#1098706) - nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD - nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD (,) - nvme: fix potential memory leak in option parsing (bsc#1098706) - nvme: fix use-after-free in nvme_free_ns_head (bsc#1054245) - nvme: guard additional fields in nvme command structures (bsc#1054245) - nvme: host: core: fix precedence of ternary operator (bsc#1054245) - nvme: if_ready checks to fail io to deleting controller (bsc#1077989) - nvme: implement log page low/high offset and dwords (bsc#1054245) - nvme: kABI fix for ANA support in nvme_ctrl (bsc#1054245) - nvme: kABI fixes for nvmet_ctrl (bsc#1054245) - nvme: kabi fixes for nvme_ctrl (bsc#1054245) - nvme: make nvme_get_log_ext non-static (bsc#1054245) - nvme: mark nvme_queue_scan static (bsc#1054245) - nvme: move init of keep_alive work item to controller initialization (bsc#1098706) - nvme: partially revert "nvme: remove nvme_req_needs_failover" (bsc#1054245) - nvme: reintruduce nvme_get_log_ext() (bsc#1054245) - nvme: remove nvme_req_needs_failover (bsc#1054245) - nvme: simplify the API for getting log pages (bsc#1054245) - nvme: submit AEN event configuration on startup (bsc#1054245) - nvme: use the changed namespaces list log to clear ns data changed AENs (bsc#1054245) - nvmet-fc: fix target sgl list on large transfers - nvmet-fc: fix target sgl list on large transfers (,) - nvmet-fc: increase LS buffer count per fc port (bsc#1098706) - nvmet: Revert 'nvmet: constify struct nvmet_fabrics_ops' (bsc#1054245) - nvmet: add AEN configuration support (bsc#1054245) - nvmet: add a new nvmet_zero_sgl helper (bsc#1054245) - nvmet: add minimal ANA support (bsc#1054245) - nvmet: constify struct nvmet_fabrics_ops (bsc#1054245) - nvmet: filter newlines from user input (bsc#1054245) - nvmet: fixup crash on NULL device path (bsc#1054245) - nvmet: implement the changed namespaces log (bsc#1054245) - nvmet: kABI fixes for ANA support (bsc#1054245) - nvmet: keep a port pointer in nvmet_ctrl (bsc#1054245) - nvmet: mask pending AENs (bsc#1054245) - nvmet: reset keep alive timer in controller enable (bsc#1054245) - nvmet: return all zeroed buffer when we can't find an active namespace (bsc#1054245) - nvmet: split log page implementation (bsc#1054245) - nvmet: support configuring ANA groups (bsc#1054245) - nvmet: switch loopback target state to connecting when resetting (bsc#1098706) - nvmet: track and limit the number of namespaces per subsystem (1054245) - nvmet: use Retain Async Event bit to clear AEN (bsc#1054245) - of/pci: Fix theoretical NULL dereference (bsc#1051510) - of: Make of_fwnode_handle() safer (bsc#1098633) - of: fix DMA mask generation (bsc#1051510) - of: overlay: validate offset from property fixups (bsc#1051510) - of: platform: stop accessing invalid dev in of_platform_device_destroy (bsc#1051510) - of: restrict DMA configuration (bsc#1051510) - of: unittest: for strings, account for trailing \0 in property length field (bsc#1051510) - openvswitch: Do not swap table in nlattr_set() after OVS_ATTR_NESTED is found (networking-stable-18_05_15) - p54: do not unregister leds when they are not initialized (bsc#1051510) - packet: fix bitfield update race (networking-stable-18_04_26) - pci: Account for all bridges on bus when distributing bus numbers (bsc#1100132) - pci: Add ACS quirk for Intel 300 series (bsc#1051510) - pci: Add ACS quirk for Intel 7th and 8th Gen mobile (bsc#1051510) - pci: Add function 1 DMA alias quirk for Marvell 88SE9220 (bsc#1051510) - pci: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken (bsc#1051510) - pci: Restore config space on runtime resume despite being unbound (bsc#1051510) - pci: aardvark: Fix logic in advk_pcie_{rd,wr}_conf() (bsc#1051510) - pci: aardvark: Fix pcie Max Read Request Size setting (bsc#1051510) - pci: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf() (bsc#1051510) - pci: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode (bsc#1051510) - pci: altera: Fix bool initialization in tlp_read_packet() (bsc#1051510) - pci: dwc: Fix enumeration end when reaching root subordinate (bsc#1100132) - pci: endpoint: Fix kernel panic after put_device() (bsc#1051510) - pci: endpoint: Populate func_no before calling pci_epc_add_epf() (bsc#1051510) - pci: exynos: Fix a potential init_clk_resources NULL pointer dereference (bsc#1051510) - pci: faraday: Fix of_irq_get() error check (bsc#1051510) - pci: ibmphp: Fix use-before-set in get_max_bus_speed() (bsc#1051510) - pci: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume (bsc#1051510) - pci: shpchp: Fix AMD POGO identification (bsc#1051510) - perf intel-pt: Always set no branch for dummy event (bsc#1087217) - perf intel-pt: Set no_aux_samples for the tracking event (bsc#1087217) - perf/x86/intel/uncore: Add event constraint for BDX PCU (bsc#1087202) - perf/x86/intel/uncore: Fix SKX CHA event extra regs (bsc#1087233) - perf/x86/intel/uncore: Fix Skylake UPI PMU event masks (bsc#1087233) - perf/x86/intel/uncore: Fix Skylake server CHA LLC_LOOKUP event umask (bsc#1087233) - perf/x86/intel/uncore: Fix Skylake server PCU PMU event format (bsc#1087233) - perf/x86/intel/uncore: Fix missing marker for skx_uncore_cha_extra_regs (bsc#1087233) - perf/x86/intel/uncore: Remove invalid Skylake server CHA filter field (bsc#1087233) - perf/x86: Fix data source decoding for Skylake - phy: add sgmii and 10gkr modes to the phy_mode enum (bsc#1098633) - pinctrl/amd: Fix build dependency on pinmux code (bsc#1051510) - pinctrl/amd: save pin registers over suspend/resume (bsc#1051510) - pinctrl: adi2: Fix Kconfig build problem (bsc#1051510) - pinctrl: armada-37xx: Fix direction_output() callback behavior (bsc#1051510) - pinctrl: artpec6: dt: add missing pin group uart5nocts (bsc#1051510) - pinctrl: bcm2835: Avoid warning from __irq_do_set_handler (bsc#1051510) - pinctrl: imx: fix debug message for SHARE_MUX_CONF_REG case (bsc#1051510) - pinctrl: intel: Initialize GPIO properly when used through irqchip (bsc#1087092) - pinctrl: intel: Read back TX buffer state (bsc#1051510) - pinctrl: meson-gxbb: remove non-existing pin GPIOX_22 (bsc#1051510) - pinctrl: meson-gxl: Fix typo in AO I2S pins (bsc#1051510) - pinctrl: meson-gxl: Fix typo in AO SPDIF pins (bsc#1051510) - pinctrl: mvebu: use correct MPP sel value for dev pins (bsc#1051510) - pinctrl: nand: meson-gxbb: fix missing data pins (bsc#1051510) - pinctrl: nsp: Fix potential NULL dereference (bsc#1051510) - pinctrl: nsp: off by ones in nsp_pinmux_enable() (bsc#1100132) - pinctrl: pinctrl-single: Fix pcs_request_gpio() when bits_per_mux != 0 (bsc#1051510) - pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510) - pinctrl: rockchip: enable clock when reading pin direction register (bsc#1051510) - pinctrl: samsung: Fix NULL pointer exception on external interrupts on S3C24xx (bsc#1051510) - pinctrl: samsung: Fix invalid register offset used for Exynos5433 external interrupts (bsc#1051510) - pinctrl: sh-pfc: r8a7790: Add missing TX_ER pin to avb_mii group (bsc#1051510) - pinctrl: sh-pfc: r8a7795-es1: Fix MOD_SEL1 bit[25:24] to 0x3 when using STP_ISEN_1_D (bsc#1051510) - pinctrl: sh-pfc: r8a7795: Fix MOD_SEL register pin assignment for SSI pins group (bsc#1051510) - pinctrl: sh-pfc: r8a7795: Fix to delete A20..A25 pins function definitions (bsc#1051510) - pinctrl: sh-pfc: r8a7796: Fix IPSR and MOD_SEL register pin assignment for NDFC pins group (bsc#1051510) - pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group (bsc#1051510) - pinctrl: sh-pfc: r8a7796: Fix to delete A20..A25 pins function definitions (bsc#1051510) - pinctrl: sh-pfc: r8a7796: Fix to delete FSCLKST pin and IPSR7 bit[15:12] register definitions (bsc#1051510) - pinctrl: sunxi: Fix A64 UART mux value (bsc#1051510) - pinctrl: sunxi: Fix A80 interrupt pin bank (bsc#1051510) - pinctrl: sunxi: fix V3s pinctrl driver IRQ bank base (bsc#1051510) - pinctrl: sunxi: fix wrong irq_banks number for H5 pinctrl (bsc#1051510) - pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping (bsc#1051510) - pinctrl: sx150x: Register pinctrl before adding the gpiochip (bsc#1051510) - pinctrl: sx150x: Unregister the pinctrl on release (bsc#1051510) - pinctrl: uniphier: fix members of rmii group for Pro4 (bsc#1051510) - pinctrl: uniphier: fix pin_config_get() for input-enable (bsc#1051510) - pipe: fix off-by-one error when checking buffer limits (bsc#1051510) - pktcdvd: Fix a recently introduced NULL pointer dereference (bsc#1099918) - pktcdvd: Fix pkt_setup_dev() error path (bsc#1099918) - platform/chrome: cros_ec_lpc: remove redundant pointer request (bsc#1051510) - platform/x86: asus-wmi: Fix NULL pointer dereference (bsc#1051510) - platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too (bsc#1098626) - pm/core: Fix supplier device runtime PM usage counter imbalance (bsc#1051510) - pm/hibernate: Fix oops at snapshot_write() (bsc#1051510) - pm/hibernate: Use CONFIG_HAVE_SET_MEMORY for include condition (bsc#1051510) - pm/wakeup: Only update last time for active wakeup sources (bsc#1051510) - power: gemini-poweroff: Avoid spurious poweroff (bsc#1051510) - power: supply: act8945a_charger: fix of_irq_get() error check (bsc#1051510) - power: supply: cpcap-charger: add OMAP_usb2 dependency (bsc#1051510) - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently (bnc#1012382) - powerpc/64s: Clear PCR on boot (bnc#1012382) - powerpc/64s: Fix mce accounting for powernv (bsc#1094244) - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041) - powerpc/eeh: Fix enabling bridge MMIO windows (bnc#1012382) - powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382) - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bnc#1012382) - powerpc/mm: Fix thread_pkey_regs_init() (, bsc#1078248, git-fixes) - powerpc/mm: Fix thread_pkey_regs_init() (bsc#1078248, git-fixes) - powerpc/mpic: Check if cpu_possible() in mpic_physmask() (bnc#1012382) - powerpc/pkeys: Detach execute_only key on !PROT_EXEC (, bsc#1078248, git-fixes) - powerpc/pkeys: Detach execute_only key on !PROT_EXEC (bsc#1078248, git-fixes) - powerpc/pkeys: Drop private VM_PKEY definitions (, bsc#1078248) - powerpc/pkeys: Drop private VM_PKEY definitions (bsc#1078248) - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing (bnc#1012382) - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops (bnc#1012382) - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() (bnc#1012382) - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops (bnc#1012382) - powerpc/ptrace: Fix enforcement of DAWR constraints (bsc#1099918) - powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG (bnc#1012382) - powerpc: Add missing prototype for arch_irq_work_raise() (bnc#1012382) - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244) - powerpc: mmu_context: provide old version of mm_iommu_ua_to_hpa (bsc#1077761, git-fixes) - ppp: avoid loop in xmit recursion detection code (networking-stable-18_03_28) - ppp: prevent unregistered channels from connecting to PPP units (networking-stable-18_03_07) - ppp: unlock all_ppp_mutex before registering device (networking-stable-18_01_28) - pppoe: check sockaddr length in pppoe_connect() (networking-stable-18_04_26) - pppoe: take ->needed_headroom of lower device into account on xmit (networking-stable-18_01_28) - pptp: remove a buggy dst release in pptp_connect() (networking-stable-18_04_10) - printk: fix possible reuse of va_list variable (bsc#1100602) - procfs: add tunable for fd/fdinfo dentry retention (bsc#1086652) - pty: cancel pty slave port buf's work in tty_release (bsc#1051510) - pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume (bsc#1051510) - pwm: meson: Fix allocation of PWM channel array (bsc#1051510) - pwm: meson: Improve PWM calculation precision (bsc#1051510) - pwm: rcar: Fix a condition to prevent mismatch value setting to duty (bsc#1051510) - pwm: stm32: Enforce dependency on CONFIG_MFD_STM32_TIMERS (bsc#1051510) - pwm: stm32: Remove unused struct device (bsc#1051510) - pwm: stmpe: Fix wrong register offset for hwpwm=2 case (bsc#1051510) - pwm: tiehrpwm: Fix runtime PM imbalance at unbind (bsc#1051510) - pwm: tiehrpwm: fix clock imbalance in probe error path (bsc#1051510) - qed* : Add new TLV to request PF to update MAC in bulletin board (bsc#1086314 bsc#1086313 bsc#1086301) - qed* : Add new TLV to request PF to update MAC in bulletin board (bsc#1086314 bsc#1086313 bsc#1086301) - qed* : use trust mode to allow VF to override forced MAC (bsc#1086314 bsc#1086313 bsc#1086301) - qed* : use trust mode to allow VF to override forced MAC (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Advance drivers' version to 8.33.0.20 (bsc#1086314) - qed*: HSI renaming for different types of HW (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: HSI renaming for different types of HW (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Refactor mf_mode to consist of bits (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Refactor mf_mode to consist of bits (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Refactoring and rearranging FW API with no functional impact (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Refactoring and rearranging FW API with no functional impact (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Support drop action classification (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Support drop action classification (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Support other classification modes (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Support other classification modes (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Utilize FW 8.33.1.0 (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Utilize FW 8.33.1.0 (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Utilize FW 8.33.11.0 (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Utilize FW 8.33.11.0 (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Adapter flash update support (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Adapter flash update support (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add APIs for flash access (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add APIs for flash access (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add MFW interfaces for TLV request support (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add MFW interfaces for TLV request support (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add configuration information to register dump and debug data (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add configuration information to register dump and debug data (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add driver infrastucture for handling mfw requests (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add driver infrastucture for handling mfw requests (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add sanity check for SIMD fastpath handler (bsc#1050536) - qed: Add support for Unified Fabric Port (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for Unified Fabric Port (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for multi function mode with 802.1ad tagging (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for multi function mode with 802.1ad tagging (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for processing fcoe tlv request (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for processing fcoe tlv request (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for processing iscsi tlv request (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for processing iscsi tlv request (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for tlv request processing (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for tlv request processing (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1050536) - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1050536) - qed: Delete unused parameter p_ptt from mcp APIs (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Delete unused parameter p_ptt from mcp APIs (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1050536) - qed: Fix LL2 race during connection terminate (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix LL2 race during connection terminate (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix PTT entry leak in the selftest error flow (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix PTT entry leak in the selftest error flow (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix copying 2 strings (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix copying 2 strings (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix link flap issue due to mismatching EEE capabilities (bsc#1050536) - qed: Fix link flap issue due to mismatching EEE capabilities (bsc#1050536) - qed: Fix mask for physical address in ILT entry (networking-stable-18_06_08) - qed: Fix possibility of list corruption during rmmod flows (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix possibility of list corruption during rmmod flows (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix possible memory leak in Rx error path handling (bsc#1050536) - qed: Fix possible memory leak in Rx error path handling (bsc#1050536) - qed: Fix possible race for the link state value (bsc#1050536) - qed: Fix potential use-after-free in qed_spq_post() (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix potential use-after-free in qed_spq_post() (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix reading stale configuration information (bsc#1086314) - qed: Fix setting of incorrect eswitch mode (bsc#1050536) - qed: Fix shared memory inconsistency between driver and the MFW (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix shared memory inconsistency between driver and the MFW (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix use of incorrect shmem address (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix use of incorrect shmem address (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix use of incorrect size in memcpy call (bsc#1050536) - qed: Free reserved MR tid (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Free reserved MR tid (bsc#1086314 bsc#1086313 bsc#1086301) - qed: LL2 flush isles when connection is closed (bsc#1086314 bsc#1086313 bsc#1086301) - qed: LL2 flush isles when connection is closed (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Limit msix vectors in kdump kernel to the minimum required count (bsc#1050536) - qed: Limit msix vectors in kdump kernel to the minimum required count (bsc#1050536) - qed: Populate nvm image attribute shadow (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Populate nvm image attribute shadow (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Remove reserveration of dpi for kernel (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Remove reserveration of dpi for kernel (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Remove unused data member 'is_mf_default' (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Remove unused data member 'is_mf_default' (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Use true and false for boolean values (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Use true and false for boolean values (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301) - qed: code indent should use tabs where possible (bsc#1086314 bsc#1086313 bsc#1086301) - qed: code indent should use tabs where possible (bsc#1086314 bsc#1086313 bsc#1086301) - qed: fix spelling mistake: "checksumed" -> "checksummed" (bsc#1086314 bsc#1086313 bsc#1086301) - qed: fix spelling mistake: "checksumed" -> "checksummed" (bsc#1086314 bsc#1086313 bsc#1086301) - qed: fix spelling mistake: "offloded" -> "offloaded" (bsc#1086314 bsc#1086313 bsc#1086301) - qed: fix spelling mistake: "offloded" -> "offloaded" (bsc#1086314 bsc#1086313 bsc#1086301) - qed: fix spelling mistake: "taskelt" -> "tasklet" (bsc#1086314 bsc#1086313 bsc#1086301) - qed: fix spelling mistake: "taskelt" -> "tasklet" (bsc#1086314 bsc#1086313 bsc#1086301) - qed: off by one in qed_parse_mcp_trace_buf() (bsc#1086314 bsc#1086313 bsc#1086301) - qed: off by one in qed_parse_mcp_trace_buf() (bsc#1086314 bsc#1086313 bsc#1086301) - qed: use kzalloc instead of kmalloc and memset (bsc#1086314 bsc#1086313 bsc#1086301) - qed: use kzalloc instead of kmalloc and memset (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Add build_skb() support (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Add build_skb() support (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Add support for populating ethernet TLVs (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Add support for populating ethernet TLVs (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Adverstise software timestamp caps when PHC is not available (bsc#1050538) - qede: Adverstise software timestamp caps when PHC is not available (bsc#1050538) - qede: Do not drop rx-checksum invalidated packets (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Do not drop rx-checksum invalidated packets (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Ethtool flash update support (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Ethtool flash update support (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Fix barrier usage after tx doorbell write (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Fix barrier usage after tx doorbell write (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Fix ref-cnt usage count (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Fix ref-cnt usage count (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Refactor ethtool rx classification flow (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Refactor ethtool rx classification flow (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Support flow classification to the VFs (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Support flow classification to the VFs (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Use NETIF_F_GRO_HW (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Use NETIF_F_GRO_HW (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Validate unsupported configurations (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Validate unsupported configurations (bsc#1086314 bsc#1086313 bsc#1086301) - qede: fix spelling mistake: "registeration" -> "registration" (bsc#1086314 bsc#1086313 bsc#1086301) - qede: fix spelling mistake: "registeration" -> "registration" (bsc#1086314 bsc#1086313 bsc#1086301) - qedr: Fix spelling mistake: "hanlde" -> "handle" (bsc#1086314 bsc#1086313 bsc#1086301) - qedr: Fix spelling mistake: "hanlde" -> "handle" (bsc#1086314 bsc#1086313 bsc#1086301) - qlogic/qed: Constify *pkt_type_str (bsc#1086314 bsc#1086313 bsc#1086301) - qlogic/qed: Constify *pkt_type_str (bsc#1086314 bsc#1086313 bsc#1086301) - qlogic: check kstrtoul() for errors (bsc#1050540) - qmi_wwan: Add support for Quectel EP06 (networking-stable-18_02_06) - qmi_wwan: add support for Quectel EG91 (bsc#1051510) - qmi_wwan: add support for the Dell Wireless 5821e module (bsc#1051510) - qmi_wwan: fix interface number for DW5821e production firmware (bsc#1051510) - qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect (bsc#1051510) - r8152: fix tx packets accounting (bsc#1051510) - r8152: napi hangup fix after disconnect (bsc#1051510) - r8169: Be drop monitor friendly (bsc#1051510) - rbd: flush rbd_dev->watch_dwork after watch is unregistered (bsc#1103216) - rdma/bnxt_re: Fix broken RoCE driver due to recent L2 driver changes (bsc#1086283) - rdma/bnxt_re: Fix broken RoCE driver due to recent L2 driver changes (bsc#1086283) - rdma/bnxt_re: Remove redundant bnxt_qplib_disable_nq() call (bsc#1086283) - rdma/bnxt_re: Remove redundant bnxt_qplib_disable_nq() call (bsc#1086283) - rdma/cma: Do not query GID during QP state transition to RTR (bsc#1046306) - rdma/cma: Do not query GID during QP state transition to RTR (bsc#1046306) - rdma/cma: Fix use after destroy access to net namespace for IPoIB (bsc#1046306) - rdma/cma: Fix use after destroy access to net namespace for IPoIB (bsc#1046306) - rdma/cxgb4: Use structs to describe the uABI instead of opencoding (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - rdma/cxgb4: release hw resources on device removal (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - rdma/i40iw: Avoid panic when objects are being created and destroyed (bsc#1058659) - rdma/i40iw: Avoid panic when objects are being created and destroyed (bsc#1058659) - rdma/i40iw: Avoid reference leaks when processing the AEQ (bsc#1058659) - rdma/i40iw: Avoid reference leaks when processing the AEQ (bsc#1058659) - rdma/ipoib: Update paths on CLIENT_REREG/SM_CHANGE events (bsc#1046307) - rdma/ipoib: Update paths on CLIENT_REREG/SM_CHANGE events (bsc#1046307) - rdma/iwpm: fix memory leak on map_info (bsc#1046306) - rdma/mlx4: Discard unknown SQP work requests (bsc#1046302) - rdma/mlx5: Do not assume that medium blueFlame register exists (bsc#1046305) - rdma/mlx5: Do not assume that medium blueFlame register exists (bsc#1046305) - rdma/mlx5: Fix NULL dereference while accessing XRC_TGT QPs (bsc#1046305) - rdma/mlx5: Fix NULL dereference while accessing XRC_TGT QPs (bsc#1046305) - rdma/mlx5: Fix memory leak in mlx5_ib_create_srq() error path (bsc#1046305) - rdma/mlx5: Fix memory leak in mlx5_ib_create_srq() error path (bsc#1046305) - rdma/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow (bsc#1046305) - rdma/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow (bsc#1046305) - rdma/mlx5: Protect from shift operand overflow (bsc#1046305) - rdma/mlx5: Use proper spec flow label type (bsc#1046305) - rdma/qedr: Annotate iomem pointers correctly (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Annotate iomem pointers correctly (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Declare local functions static (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Declare local functions static (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix endian problems around imm_data (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix endian problems around imm_data (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix iWARP connect with port mapper (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix iWARP connect with port mapper (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix iWARP write and send with immediate (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix iWARP write and send with immediate (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix ipv6 destination address resolution (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix ipv6 destination address resolution (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix kernel panic when running fio over NFSordma (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix kernel panic when running fio over NFSordma (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix wmb usage in qedr (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix wmb usage in qedr (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Remove set-but-not-used variables (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Remove set-but-not-used variables (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Use NULL instead of 0 to represent a pointer (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Use NULL instead of 0 to represent a pointer (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Zero stack memory before copying to user space (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Zero stack memory before copying to user space (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: eliminate duplicate barriers on weakly-ordered archs (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: eliminate duplicate barriers on weakly-ordered archs (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: lower print level of flushed CQEs (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: lower print level of flushed CQEs (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/ucma: Do not allow setting rdma_OPTION_IB_PATH without an rdma device (bsc#1046306) - rdma/ucma: Do not allow setting rdma_OPTION_IB_PATH without an rdma device (bsc#1046306) - rdma/ucma: ucma_context reference leak in error path (bsc#1046306) - rdma/ucma: ucma_context reference leak in error path (bsc#1046306) - rdma/uverbs: Protect from attempts to create flows on unsupported QP (bsc#1046306) - rdma/uverbs: Protect from attempts to create flows on unsupported QP (bsc#1046306) - rdma/uverbs: Use an unambiguous errno for method not supported (bsc#1046306) - rdma/uverbs: Use an unambiguous errno for method not supported (bsc#1046306) - rds: MP-RDS may use an invalid c_path (networking-stable-18_04_13) - rds: do not leak kernel memory to user land (networking-stable-18_05_15) - regulator: Do not return or expect -errno from of_map_mode() (bsc#1099029) - regulator: max8998: Fix platform data retrieval (bsc#1051510) - regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' (bsc#1051510) - regulator: qcom_spmi: Include offset when translating voltages (bsc#1051510) - regulator: tps65218: Fix strobe assignment (bsc#1051510) - restore cond_resched() in shrink_dcache_parent() (bsc#1098599) - rmdir(),rename(): do shrink_dcache_parent() only on success (bsc#1100340) - rocker: fix possible null pointer dereference in rocker_router_fib_event_work (networking-stable-18_02_06) - route: check sysctl_fib_multipath_use_neigh earlier than hash (networking-stable-18_04_10) - rpm/config.sh: Use SUSE:SLE-15:Update project instead of GA - rpm/kernel-docs.spec.in: Fix and cleanup for 4.13 doc build (bsc#1048129) The whole DocBook stuff has been deleted. The PDF build still non-working thus the sub-packaging disabled so far - rpm/kernel-source.changes.old: Add pre-SLE15 history (bsc#1098995) - rpm/kernel-source.spec.in: Add more stuff to Recommends ... and move bc to Recommends as well. All these packages are needed for building a kernel manually from scratch with kernel-source files - rpm/kernel-source.spec.in: require bc for kernel-source This is needed for building include/generated/timeconst.h from kernel/time/timeconst.bc - rpm: ignore CONFIG_GCC_VERSION when checking for oldconfig changes Since 4.18-rc1, "make oldconfig" writes gcc version and capabilities into generated .config. Thus whenever we build the package or run checks with different gcc version than used to update config/*/*, check for "outdated configs" fails. As a quick band-aid, omit the lines with CONFIG_GCC_VERSION from both configs before comparing them. This way, the check won't fail unless run with newer gcc which would add new capabilities. More robust solution will require a wider discussion - rtc: ac100: Fix ac100 determine rate bug (bsc#1051510) - rtc: hctosys: Ensure system time does not overflow time_t (bsc#1051510) - rtc: pxa: fix probe function (bsc#1051510) - rtc: snvs: Fix usage of snvs_rtc_enable (bsc#1051510) - rtc: tx4939: avoid unintended sign extension on a 24 bit shift (bsc#1051510) - rtlwifi: Fix kernel Oops "Fw download fail!!" (bsc#1051510) - rtlwifi: rtl8821ae: fix firmware is not ready to run (bsc#1051510) - rtnetlink: validate attributes in do_setlink() (networking-stable-18_06_08) - rxrpc: Fix send in rxrpc_send_data_packet() (networking-stable-18_03_07) - s390/crc32-vx: use expoline for indirect branches (git-fixes f19fbd5ed6) - s390/ftrace: use expoline for indirect branches (git-fixes f19fbd5ed6) - s390/gs: add compat regset for the guarded storage broadcast control block (git-fixes e525f8a6e696) - s390/kernel: use expoline for indirect branches (git-fixes f19fbd5ed6) - s390/lib: use expoline for indirect branches (git-fixes f19fbd5ed6) - s390/qdio: do not merge ERROR output buffers (bsc#1099715) - s390/qdio: do not retry EQBS after CCQ 96 (bsc#1102088, LTC#169699) - s390/qeth: do not dump control cmd twice (bsc#1099715) - s390/qeth: fix IPA command submission race (bsc#1099715) - s390/qeth: fix IPA command submission race (networking-stable-18_03_07) - s390/qeth: fix error handling in adapter command callbacks (bsc#1102088, LTC#169699) - s390/qeth: fix overestimated count of buffer elements (bsc#1099715) - s390/qeth: fix overestimated count of buffer elements (networking-stable-18_03_07) - s390/qeth: fix race when setting MAC address (bnc#1093148, LTC#167307) - s390/qeth: free netdevice when removing a card (bsc#1099715) - s390/qeth: free netdevice when removing a card (networking-stable-18_03_28) - s390/qeth: lock read device while queueing next buffer (bsc#1099715) - s390/qeth: lock read device while queueing next buffer (networking-stable-18_03_28) - s390/qeth: when thread completes, wake up all waiters (bsc#1099715) - s390/qeth: when thread completes, wake up all waiters (networking-stable-18_03_28) - s390: Correct register corruption in critical section cleanup (git-fixes 6dd85fbb87) - s390: add assembler macros for CPU alternatives (git-fixes f19fbd5ed6) - s390: correct module section names for expoline code revert (git-fixes f19fbd5ed6) - s390: extend expoline to BC instructions (git-fixes, bsc#1103421) - s390: move expoline assembler macros to a header (git-fixes f19fbd5ed6) - s390: move spectre sysfs attribute code (bsc#1090098) - s390: optimize memset implementation (git-fixes f19fbd5ed6) - s390: remove indirect branch from do_softirq_own_stack (git-fixes f19fbd5ed6) - s390: use expoline thunks in the BPF JIT (git-fixes, bsc#1103421) - sch_netem: fix skb leak in netem_enqueue() (networking-stable-18_03_28) - sched/core: Optimize ttwu_stat() (bnc#1101669 optimise numa balancing for fast migrate) - sched/core: Optimize update_stats_*() (bnc#1101669 optimise numa balancing for fast migrate) - scripts/dtc: fix '%zx' warning (bsc#1051510) - scripts/gdb/linux/tasks.py: fix get_thread_info (bsc#1051510) - scripts/git_sort/git_sort.py: Add 'nvme-4.18' to the list of repositories - scripts/git_sort/git_sort.py: add modules-next tree - scripts/kernel-doc: Do not fail with status != 0 if error encountered with -none (bsc#1051510) - scsi: Revert "scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte()" (bsc#1099918) - scsi: aacraid: Correct hba_send to include iu_type (bsc#1077989) - scsi: core: clean up generated file scsi_devinfo_tbl.c (bsc#1077989) - scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte() (bsc#1099918) - scsi: cxgb4i: silence overflow warning in t4_uld_rx_handler() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - scsi: ipr: Format HCAM overlay ID 0x41 (bsc#1097961) - scsi: ipr: new IOASC update (bsc#1097961) - scsi: lpfc: Add per io channel NVME IO statistics (bsc#1088866) - scsi: lpfc: Change IO submit return to EBUSY if remote port is recovering (bsc#1088866) - scsi: lpfc: Comment cleanup regarding Broadcom copyright header (bsc#1088866) - scsi: lpfc: Correct fw download error message (bsc#1088866) - scsi: lpfc: Correct missing remoteport registration during link bounces (bsc#1088866) - scsi: lpfc: Correct target queue depth application changes (bsc#1088866) - scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt (bsc#1088866) - scsi: lpfc: Enhance log messages when reporting CQE errors (bsc#1088866) - scsi: lpfc: Enlarge nvmet asynchronous receive buffer counts (bsc#1088866) - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1093290) - scsi: lpfc: Fix Abort request WQ selection (bsc#1088866) - scsi: lpfc: Fix MDS diagnostics failure (bsc#1088866) - scsi: lpfc: Fix NULL pointer access in lpfc_nvme_info_show (bsc#1088866) - scsi: lpfc: Fix NULL pointer reference when resetting adapter (bsc#1088866) - scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc (bsc#1088866) - scsi: lpfc: Fix driver not recovering NVME rports during target link faults (bsc#1088866) - scsi: lpfc: Fix lingering lpfc_wq resource after driver unload (bsc#1088866) - scsi: lpfc: Fix multiple PRLI completion error path (bsc#1088866) - scsi: lpfc: Fix nvme remoteport registration race conditions (bsc#1088866) - scsi: lpfc: Fix port initialization failure (bsc#1093290) - scsi: lpfc: Fix up log messages and stats counters in IO submit code path (bsc#1088866) - scsi: lpfc: Handle new link fault code returned by adapter firmware (bsc#1088866) - scsi: lpfc: correct oversubscription of nvme io requests for an adapter (bsc#1088866) - scsi: lpfc: enhance LE data structure copies to hardware (bsc#1088866) - scsi: lpfc: fix spelling mistakes: "mabilbox" and "maibox" (bsc#1088866) - scsi: lpfc: update driver version to 12.0.0.2 (bsc#1088866) - scsi: lpfc: update driver version to 12.0.0.3 (bsc#1088866) - scsi: lpfc: update driver version to 12.0.0.4 (bsc#1088866) - scsi: megaraid_sas: Do not log an error if FW successfully initializes (bsc#1077989) - scsi: qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1077989) - scsi: qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1077338) - scsi: sg: mitigate read/write abuse (bsc#1101296) - scsi: target: fix crash with iscsi target and dvd (bsc#1099918) - scsi: zfcp: fix infinite iteration on ERP ready list (bsc#1102088, LTC#169699) - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bsc#1102088, LTC#169699) - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bsc#1102088, LTC#169699) - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bsc#1102088, LTC#169699) - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bsc#1102088, LTC#169699) - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bsc#1102088, LTC#169699) - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bsc#1102088, LTC#169699) - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bsc#1102088, LTC#169699) - sctp: delay the authentication for the duplicated cookie-echo chunk (networking-stable-18_05_15) - sctp: do not check port in sctp_inet6_cmp_addr (networking-stable-18_04_26) - sctp: do not leak kernel memory to user space (networking-stable-18_04_10) - sctp: fix dst refcnt leak in sctp_v6_get_dst() (networking-stable-18_03_07) - sctp: fix the issue that the cookie-ack with auth can't get processed (networking-stable-18_05_15) - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr (git-fixes) - sctp: not allow transport timeout value less than HZ/5 for hb_timer (networking-stable-18_06_08) - sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg (networking-stable-18_05_15) - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 (networking-stable-18_04_10) - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d (networking-stable-18_05_15) - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity (bsc#1051510) - selinux: ensure the context is NUL terminated in security_context_to_sid_core() (bsc#1051510) - selinux: skip bounded transition processing if the policy isn't loaded (bsc#1051510) - serdev: fix memleak on module unload (bsc#1051510) - serial: 8250: omap: Fix idling of clocks for unused uarts (bsc#1051510) - serial: altera: ensure port->regshift is honored consistently (bsc#1051510) - serial: arc_uart: Fix out-of-bounds access through DT alias (bsc#1051510) - serial: earlycon: Only try fdt when specify 'earlycon' exactly (bsc#1051510) - serial: fsl_lpuart: Fix out-of-bounds access through DT alias (bsc#1051510) - serial: imx: Fix out-of-bounds access through serial port index (bsc#1051510) - serial: imx: drop if that always evaluates to true (bsc#1051510) - serial: mxs-auart: Fix out-of-bounds access through serial port index (bsc#1051510) - serial: pxa: Fix out-of-bounds access through serial port index (bsc#1051510) - serial: samsung: Fix out-of-bounds access through serial port index (bsc#1051510) - serial: samsung: fix maxburst parameter for DMA transactions (bsc#1051510) - serial: sh-sci: Fix out-of-bounds access through DT alias (bsc#1051510) - serial: sh-sci: Stop using printk format %pCr (bsc#1051510) - serial: sh-sci: Update warning message in sci_request_dma_chan() (bsc#1051510) - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version (bsc#1051510) - serial: sirf: Fix out-of-bounds access through DT alias (bsc#1051510) - serial: xuartps: Fix out-of-bounds access through DT alias (bsc#1051510) - series.conf: Sort scheduler stats optimisations - sfc: stop the TX queue before pushing new buffers (bsc#1058169) - skbuff: Fix not waking applications when errors are enqueued (networking-stable-18_03_28) - slip: Check if rstate is initialized before uncompressing (networking-stable-18_04_13) - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1051510) - smsc75xx: fix smsc75xx_set_features() (bsc#1051510) - smsc95xx: Configure pause time to 0xffff when tx flow control enabled (bsc#1051510) - soc/fsl/qbman: fix issue in qman_delete_cgr_safe() (networking-stable-18_03_28) - socket: close race condition between sock_close() and sockfs_setattr() (networking-stable-18_06_20) - soreuseport: fix mem leak in reuseport_add_sock() (networking-stable-18_02_06) - spi: bcm-qspi: fIX some error handling paths (bsc#1051510) - spi: core: Fix devm_spi_register_master() function name in kerneldoc (bsc#1051510) - spi: pxa2xx: Do not touch CS pin until we have a transfer pending (bsc#1051510) - spi: sh-msiof: Fix bit field overflow writes to TSCR/RSCR (bsc#1051510) - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write() (bsc#1051510) - staging: fbtft: array underflow in fbtft_request_gpios_match() (bsc#1051510) - staging: iio: ade7759: fix signed extension bug on shift of a u8 (bsc#1051510) - staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data() (bsc#1051510) - staging: rtl8723bs: add missing range check on id (bsc#1051510) - staging: rtl8723bs: fix u8 less than zero check (bsc#1051510) - staging: rts5208: Fix "seg_no" calculation in reset_ms_card() (bsc#1051510) - staging: sm750fb: Fix parameter mistake in poke32 (bsc#1051510) - staging:iio:ade7854: Fix error handling on read/write (bsc#1051510) - staging:iio:ade7854: Fix the wrong number of bits to read (bsc#1051510) - stm class: Fix a use-after-free (bsc#1051510) - stm class: Use vmalloc for the master map (bsc#1051510) - strparser: Do not call mod_delayed_work with a timeout of LONG_MAX (networking-stable-18_04_26) - strparser: Fix incorrect strp->need_bytes value (networking-stable-18_04_26) - strparser: Fix sign of err codes (networking-stable-18_04_10) - sunrpc: remove incorrect HMAC request initialization (bsc#1051510) - swap: divide-by-zero when zero length swap file on ssd (bsc#1051510) - tcp: do not read out-of-bounds opsize (networking-stable-18_04_26) - tcp: ignore Fast Open on repair mode (networking-stable-18_05_15) - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets (networking-stable-18_04_26) - tcp: release sk_frag.page in tcp_disconnect (networking-stable-18_02_06) - tcp: revert F-RTO extension to detect more spurious timeouts (networking-stable-18_03_07) - tcp: verify the checksum of the first data segment in a new connection (networking-stable-18_06_20) - tcp_bbr: fix to zero idle_restart only upon S/ACKed data (networking-stable-18_05_15) - team: Fix double free in error path (networking-stable-18_03_28) - team: avoid adding twice the same option to the event list (networking-stable-18_04_26) - team: fix netconsole setup over team (networking-stable-18_04_26) - team: move dev_mc_sync after master_upper_dev_link in team_port_add (networking-stable-18_04_10) - team: use netdev_features_t instead of u32 (networking-stable-18_06_08) - tee: check shm references are consistent in offset/size (bsc#1051510) - tee: shm: fix use-after-free via temporarily dropped reference (bsc#1051510) - test_firmware: fix missing unlock on error in config_num_requests_store() (bsc#1051510) - test_firmware: fix setting old custom fw path back on exit (bsc#1051510) - test_firmware: fix setting old custom fw path back on exit, second try (bsc#1051510) - tg3: APE heartbeat changes (bsc#1086286) - tg3: Add Macronix NVRAM support (bsc#1086286) - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent() (bsc#1086286) - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent() (bsc#1086286) - tg3: prevent scheduling while atomic splat (bsc#1086286) - thermal/drivers/hisi: Fix kernel panic on alarm interrupt (bsc#1051510) - thermal/drivers/hisi: Fix missing interrupt enablement (bsc#1051510) - thermal/drivers/hisi: Fix multiple alarm interrupts firing (bsc#1051510) - thermal/drivers/hisi: Simplify the temperature/step computation (bsc#1051510) - thermal: bcm2835: Stop using printk format %pCr (bsc#1051510) - thermal: bcm2835: fix an error code in probe() (bsc#1051510) - thermal: exynos: Propagate error value from tmu_read() (bsc#1051510) - thermal: exynos: Reading temperature makes sense only when TMU is turned on (bsc#1051510) - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bsc#1051510) - thermal: int3400_thermal: fix error handling in int3400_thermal_probe() (bsc#1051510) - thermal: int3403_thermal: Fix NULL pointer deref on module load / probe (bsc#1051510) - time: Make sure jiffies_to_msecs() preserves non-zero time periods (bsc#1051510) - timekeeping: Eliminate the stale declaration of ktime_get_raw_and_real_ts64() (bsc#1099918) - timekeeping: Use proper timekeeper for debug code (bsc#1051510) - tipc: add policy for TIPC_NLA_NET_ADDR (networking-stable-18_04_26) - tipc: fix a memory leak in tipc_nl_node_get_link() (networking-stable-18_01_28) - tools lib traceevent: Fix get_field_str() for dynamic strings (bsc#1051510) - tools lib traceevent: Simplify pointer print logic and fix %pF (bsc#1051510) - tools/lib/lockdep: Define the ARRAY_SIZE() macro (bsc#1051510) - tools/lib/lockdep: Fix undefined symbol prandom_u32 (bsc#1051510) - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames (bsc#1051510) - tools/power turbostat: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1051510) - tools/thermal: tmon: fix for segfault (bsc#1051510) - tools/usbip: fixes build with musl libc toolchain (bsc#1051510) - tracing/uprobe_event: Fix strncpy corner case (bsc#1099918) - tracing: Fix converting enum's from the map in trace_event_eval_update() (bsc#1099918) - tracing: Fix missing tab for hwlat_detector print format (bsc#1099918) - tracing: Kconfig text fixes for CONFIG_HWLAT_TRACER (bsc#1099918) - tracing: Make the snapshot trigger work with instances (bsc#1099918) - tracing: probeevent: Fix to support minus offset from symbol (bsc#1099918) - tty/serial: atmel: use port->name as name in request_irq() (bsc#1051510) - tty: Avoid possible error pointer dereference at tty_ldisc_restore() (bsc#1051510) - tty: Do not call panic() at tty_ldisc_init() (bsc#1051510) - tty: Use __GFP_NOFAIL for tty_ldisc_get() (bsc#1051510) - tty: n_gsm: Allow ADM response in addition to UA for control dlci (bsc#1051510) - tty: n_gsm: Fix DLCI handling for ADM mode if debug is not set (bsc#1051510) - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode (bsc#1051510) - tty: pl011: Avoid spuriously stuck-off interrupts (bsc#1051510) - ubi: fastmap: Correctly handle interrupted erasures in EBA (bsc#1051510) - ubifs: Fix data node size for truncating uncompressed nodes (bsc#1051510) - ubifs: Fix potential integer overflow in allocation (bsc#1051510) - ubifs: Fix uninitialized variable in search_dh_cookie() (bsc#1051510) - ubifs: Fix unlink code wrt. double hash lookups (bsc#1051510) - udp: fix rx queue len reported by diag and proc interface (networking-stable-18_06_20) - usb-storage: Add compatibility quirk flags for G-Technologies G-Drive (bsc#1051510) - usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver (bsc#1051510) - usb/gadget: Fix "high bandwidth" check in usb_gadget_ep_match_desc() (bsc#1051510) - usb: Increment wakeup count on remote wakeup (bsc#1051510) - usb: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM (bsc#1087092) - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1051510) - usb: cdc_acm: Add quirk for Castles VEGA3000 (bsc#1051510) - usb: cdc_acm: Add quirk for Uniden UBC125 scanner (bsc#1051510) - usb: cdc_acm: prevent race at write to acm while system resumes (bsc#1087092) - usb: core: handle hub C_PORT_OVER_CURRENT condition (bsc#1051510) - usb: do not reset if a low-speed or full-speed device timed out (bsc#1051510) - usb: dwc2: Fix DMA alignment to start at allocated boundary (bsc#1051510) - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() (bsc#1051510) - usb: dwc2: Improve gadget state disconnection handling (bsc#1085539) - usb: dwc2: debugfs: Do not touch RX FIFO during register dump (bsc#1051510) - usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub (bsc#1051510) - usb: dwc2: hcd: Fix host channel halt flow (bsc#1051510) - usb: dwc2: host: Fix transaction errors in host mode (bsc#1051510) - usb: dwc3: Add SoftReset PHY synchonization delay (bsc#1051510) - usb: dwc3: Fix GDBGFIFOSPACE_TYPE values (bsc#1051510) - usb: dwc3: Makefile: fix link error on randconfig (bsc#1051510) - usb: dwc3: Undo PHY init if soft reset fails (bsc#1051510) - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields (bsc#1051510) - usb: dwc3: ep0: Reset TRB counter for ep0 IN (bsc#1051510) - usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue (bsc#1051510) - usb: dwc3: gadget: Set maxpacket size for ep0 IN (bsc#1051510) - usb: dwc3: of-simple: fix use-after-free on remove (bsc#1051510) - usb: dwc3: omap: do not miss events during suspend/resume (bsc#1051510) - usb: dwc3: pci: Properly cleanup resource (bsc#1051510) - usb: dwc3: prevent setting PRTCAP to OTG from debugfs (bsc#1051510) - usb: gadget: bdc: 64-bit pointer capability check (bsc#1051510) - usb: gadget: composite: fix incorrect handling of OS desc requests (bsc#1051510) - usb: gadget: core: Fix use-after-free of usb_request (bsc#1051510) - usb: gadget: dummy: fix nonsensical comparisons (bsc#1051510) - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() (bsc#1051510) - usb: gadget: f_fs: Only return delayed status when len is 0 (bsc#1051510) - usb: gadget: f_fs: Process all descriptors during bind (bsc#1051510) - usb: gadget: f_fs: Use config_ep_by_speed() (bsc#1051510) - usb: gadget: f_mass_storage: Fix the logic to iterate all common->luns (bsc#1051510) - usb: gadget: f_midi: fixing a possible double-free in f_midi (bsc#1051510) - usb: gadget: f_uac2: fix bFirstInterface in composite gadget (bsc#1051510) - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' (bsc#1051510) - usb: gadget: f_uac2: fix error handling in afunc_bind (again) (bsc#1051510) - usb: gadget: ffs: Execute copy_to_user() with USER_DS set (bsc#1051510) - usb: gadget: ffs: Let setup() return usb_GADGET_DELAYED_STATUS (bsc#1051510) - usb: gadget: fsl_udc_core: fix ep valid checks (bsc#1051510) - usb: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() (bsc#1051510) - usb: gadget: udc: change comparison to bitshift when dealing with a mask (bsc#1051510) - usb: gadget: udc: core: update usb_ep_queue() documentation (bsc#1051510) - usb: gadget: udc: renesas_usb3: disable the controller's irqs for reconnecting (bsc#1051510) - usb: host: ehci: use correct device pointer for dma ops (bsc#1087092) - usb: host: xhci-plat: revert "usb: host: xhci-plat: enable clk in resume timing" (bsc#1051510) - usb: ldusb: add PIDs for new CASSY devices supported by this driver (bsc#1051510) - usb: musb: Fix external abort in musb_remove on omap2430 (bsc#1051510) - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers (bsc#1051510) - usb: musb: fix enumeration after resume (bsc#1051510) - usb: musb: fix remote wakeup racing with suspend (bsc#1051510) - usb: musb: gadget: misplaced out of bounds check (bsc#1051510) - usb: musb: host: fix potential NULL pointer dereference (bsc#1051510) - usb: musb: trace: fix NULL pointer dereference in musb_g_tx() (bsc#1051510) - usb: option: Add support for FS040U modem (bsc#1087092) - usb: quirks: add delay quirks for Corsair Strafe (bsc#1051510) - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bsc#1051510) - usb: serial: cp210x: add CESINEL device ids (bsc#1051510) - usb: serial: cp210x: add ELDAT Easywave RX09 id (bsc#1051510) - usb: serial: cp210x: add ID for NI usb serial console (bsc#1051510) - usb: serial: cp210x: add Silicon Labs IDs for Windows Update (bsc#1051510) - usb: serial: cp210x: add another usb ID for Qivicon ZigBee stick (bsc#1051510) - usb: serial: ftdi_sio: add RT Systems VX-8 cable (bsc#1051510) - usb: serial: ftdi_sio: add support for Harman FirmwareHubEmulator (bsc#1051510) - usb: serial: ftdi_sio: use jtag quirk for Arrow usb Blaster (bsc#1051510) - usb: serial: keyspan_pda: fix modem-status error handling (bsc#1100132) - usb: serial: mos7840: fix status-register error handling (bsc#1051510) - usb: serial: option: Add support for Quectel EP06 (bsc#1051510) - usb: serial: option: adding support for ublox R410M (bsc#1051510) - usb: serial: option: reimplement interface masking (bsc#1051510) - usb: serial: simple: add libtransistor console (bsc#1051510) - usb: serial: visor: handle potential invalid device configuration (bsc#1051510) - usb: typec: ucsi: Fix for incorrect status data issue (bsc#1100132) - usb: typec: ucsi: acpi: Workaround for cache mode issue (bsc#1100132) - usb: yurex: fix out-of-bounds uaccess in read handler (bsc#1100132) - usbip: Correct maximum value of CONFIG_usbIP_VHCI_HC_PORTS (bsc#1051510) - usbip: usbip_event: fix to not print kernel pointer address (bsc#1051510) - usbip: usbip_host: refine probe and disconnect debug msgs to be useful (bsc#1051510) - usbip: vhci_hcd: Fix usb device and sockfd leaks (bsc#1051510) - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1051510) - userns: Do not fail follow_automount based on s_user_ns (bsc#1099918) - vfb: fix video mode and line_length being set when loaded (bsc#1100362) - vfio/pci: Fix potential Spectre v1 (bsc#1051510) - vfio/spapr: Use IOMMU pageshift rather than pagesize (bsc#1077761, git-fixes) - vfio: Use get_user_pages_longterm correctly (bsc#1095337) - vfio: platform: Fix reset module leak in error path (bsc#1099918) - vhost: Fix vhost_copy_to_user() (networking-stable-18_04_13) - vhost: correctly remove wait queue during poll failure (networking-stable-18_04_10) - vhost: fix vhost_vq_access_ok() log check (networking-stable-18_04_13) - vhost: synchronize IOTLB message with dev cleanup (networking-stable-18_06_08) - vhost: validate log when IOTLB is enabled (networking-stable-18_04_10) - vhost_net: add missing lock nesting notation (networking-stable-18_04_10) - vhost_net: stop device during reset owner (networking-stable-18_02_06) - video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bsc#1090888 bsc#1099966) - video/omap: add module license tags (bsc#1090888) - video: remove unused kconfig SH_LCD_MIPI_DSI (bsc#1087092) - virtio-gpu: fix ioctl and expose the fixed status to userspace (bsc#1100382) - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS (bsc#1051510) - virtio-net: correctly transmit XDP buff after linearizing (networking-stable-18_06_08) - virtio-net: fix leaking page for gso packet during mergeable XDP (networking-stable-18_06_08) - virtio-net: fix module unloading (bsc#1051510) - virtio: add ability to iterate over vqs (bsc#1051510) - virtio_console: do not tie bufs to a vq (bsc#1051510) - virtio_console: drop custom control queue cleanup (bsc#1051510) - virtio_console: free buffers after reset (bsc#1051510) - virtio_console: move removal code (bsc#1051510) - virtio_console: reset on out of memory (bsc#1051510) - virtio_net: Disable interrupts if napi_complete_done rescheduled napi (bsc#1051510) - virtio_net: fix XDP code path in receive_small() (bsc#1051510) - virtio_net: fix adding vids on big-endian (networking-stable-18_04_26) - virtio_net: split out ctrl buffer (networking-stable-18_04_26) - virtio_ring: fix num_free handling in error case (bsc#1051510) - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi (networking-stable-18_04_26) - vlan: also check phy_driver ts_info for vlan's real device (networking-stable-18_04_10) - vmcore: add API to collect hardware dump in second kernel (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - vmw_balloon: fix inflation with batching (bsc#1051510) - vmw_balloon: fixing double free when batching mode is off (bsc#1051510) - vmxnet3: avoid xmit reset due to a race in vmxnet3 (bsc#1091860) - vmxnet3: fix incorrect dereference when rxvlan is disabled (bsc#1091860) - vmxnet3: increase default rx ring sizes (bsc#1091860) - vmxnet3: set the DMA mask before the first DMA map operation (bsc#1091860) - vmxnet3: use DMA memory barriers where required (bsc#1091860) - vmxnet3: use correct flag to indicate LRO feature (bsc#1091860) - vrf: Fix use after free and double free in vrf_finish_output (networking-stable-18_04_10) - vrf: check the original netdevice for generating redirect (networking-stable-18_06_08) - vt: prevent leaking uninitialized data to userspace via /dev/vcs* (bsc#1051510) - vti6: better validate user provided tunnel names (networking-stable-18_04_10) - w1: mxc_w1: Enable clock before calling clk_get_rate() on it (bsc#1051510) - wait: add wait_event_killable_timeout() (bsc#1099792) - watchdog: da9063: Fix setting/changing timeout (bsc#1100843) - watchdog: da9063: Fix timeout handling during probe (bsc#1100843) - watchdog: da9063: Fix updating timeout value (bsc#1100843) - watchdog: f71808e_wdt: Fix magic close handling (bsc#1051510) - watchdog: sp5100_tco: Fix watchdog disable bit (bsc#1051510) - wlcore: add missing nvs file name info for wilink8 (bsc#1051510) - x.509: unpack RSA signatureValue field from BIT STRING (bsc#1051510) - x86/efi: Access EFI MMIO data as unencrypted when SEV is active (bsc#1099193) - x86/pkeys: Add arch_pkeys_enabled() (, bsc#1078248) - x86/pkeys: Add arch_pkeys_enabled() (bsc#1078248) - x86/pkeys: Move vma_pkey() into asm/pkeys.h (, bsc#1078248) - x86/pkeys: Move vma_pkey() into asm/pkeys.h (bsc#1078248) - x86/stacktrace: Clarify the reliable success paths (bnc#1058115) - x86/stacktrace: Do not fail for ORC with regs on stack (bnc#1058115) - x86/stacktrace: Do not unwind after user regs (bnc#1058115) - x86/stacktrace: Enable HAVE_RELIABLE_STACKTRACE for the ORC unwinder (bnc#1058115) - x86/stacktrace: Remove STACKTRACE_DUMP_ONCE (bnc#1058115) - x86/unwind/orc: Detect the end of the stack (bnc#1058115) - x86: Pass x86 as architecture on x86_64 and i386 (bsc#1093118) - xen/grant-table: log the lack of grants (bnc#1085042) - xhci: Add port status decoder for tracing purposes - xhci: Fix kernel oops in trace_xhci_free_virt_device (bsc#1100132) - xhci: Fix usb3 NULL pointer dereference at logical disconnect (bsc#1090888) - xhci: Fix use-after-free in xhci_free_virt_device (bsc#1100132) - xhci: Revert "xhci: plat: Register shutdown for xhci_plat" (bsc#1090888) - xhci: add definitions for all port link states - xhci: add port speed ID to portsc tracing - xhci: add port status tracing - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bsc#1100132) - xprtrdma: Fix list corruption / DMAR errors during MR recovery (git-fixes) - xprtrdma: Return -ENOBUFS when no pages are available (git-fixes) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2018-1505=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): kernel-azure-4.12.14-5.8.1 kernel-azure-base-4.12.14-5.8.1 kernel-azure-base-debuginfo-4.12.14-5.8.1 kernel-azure-debuginfo-4.12.14-5.8.1 kernel-azure-devel-4.12.14-5.8.1 kernel-syms-azure-4.12.14-5.8.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): kernel-devel-azure-4.12.14-5.8.1 kernel-source-azure-4.12.14-5.8.1 References: https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2018-1118.html https://www.suse.com/security/cve/CVE-2018-13053.html https://www.suse.com/security/cve/CVE-2018-13405.html https://www.suse.com/security/cve/CVE-2018-13406.html https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2018-9385.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1037697 https://bugzilla.suse.com/1046299 https://bugzilla.suse.com/1046300 https://bugzilla.suse.com/1046302 https://bugzilla.suse.com/1046303 https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1046307 https://bugzilla.suse.com/1046533 https://bugzilla.suse.com/1046543 https://bugzilla.suse.com/1048129 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050529 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050538 https://bugzilla.suse.com/1050540 https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054245 https://bugzilla.suse.com/1056651 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1058169 https://bugzilla.suse.com/1058659 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1066110 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1075087 https://bugzilla.suse.com/1075360 https://bugzilla.suse.com/1075876 https://bugzilla.suse.com/1077338 https://bugzilla.suse.com/1077761 https://bugzilla.suse.com/1077989 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086286 https://bugzilla.suse.com/1086301 https://bugzilla.suse.com/1086313 https://bugzilla.suse.com/1086314 https://bugzilla.suse.com/1086319 https://bugzilla.suse.com/1086323 https://bugzilla.suse.com/1086324 https://bugzilla.suse.com/1086457 https://bugzilla.suse.com/1086652 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1087202 https://bugzilla.suse.com/1087217 https://bugzilla.suse.com/1087233 https://bugzilla.suse.com/1087978 https://bugzilla.suse.com/1088821 https://bugzilla.suse.com/1088866 https://bugzilla.suse.com/1090098 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091041 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1091424 https://bugzilla.suse.com/1091860 https://bugzilla.suse.com/1092472 https://bugzilla.suse.com/1093035 https://bugzilla.suse.com/1093118 https://bugzilla.suse.com/1093148 https://bugzilla.suse.com/1093290 https://bugzilla.suse.com/1093666 https://bugzilla.suse.com/1094119 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094978 https://bugzilla.suse.com/1095155 https://bugzilla.suse.com/1095337 https://bugzilla.suse.com/1096330 https://bugzilla.suse.com/1096529 https://bugzilla.suse.com/1096790 https://bugzilla.suse.com/1096793 https://bugzilla.suse.com/1097034 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1097941 https://bugzilla.suse.com/1097961 https://bugzilla.suse.com/1098050 https://bugzilla.suse.com/1098236 https://bugzilla.suse.com/1098401 https://bugzilla.suse.com/1098599 https://bugzilla.suse.com/1098626 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1098706 https://bugzilla.suse.com/1098983 https://bugzilla.suse.com/1098995 https://bugzilla.suse.com/1099029 https://bugzilla.suse.com/1099041 https://bugzilla.suse.com/1099109 https://bugzilla.suse.com/1099142 https://bugzilla.suse.com/1099183 https://bugzilla.suse.com/1099193 https://bugzilla.suse.com/1099715 https://bugzilla.suse.com/1099792 https://bugzilla.suse.com/1099918 https://bugzilla.suse.com/1099924 https://bugzilla.suse.com/1099966 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1100209 https://bugzilla.suse.com/1100340 https://bugzilla.suse.com/1100362 https://bugzilla.suse.com/1100382 https://bugzilla.suse.com/1100416 https://bugzilla.suse.com/1100418 https://bugzilla.suse.com/1100491 https://bugzilla.suse.com/1100602 https://bugzilla.suse.com/1100633 https://bugzilla.suse.com/1100843 https://bugzilla.suse.com/1100884 https://bugzilla.suse.com/1101143 https://bugzilla.suse.com/1101296 https://bugzilla.suse.com/1101315 https://bugzilla.suse.com/1101324 https://bugzilla.suse.com/1101337 https://bugzilla.suse.com/1101352 https://bugzilla.suse.com/1101564 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1101674 https://bugzilla.suse.com/1101789 https://bugzilla.suse.com/1101813 https://bugzilla.suse.com/1101816 https://bugzilla.suse.com/1102088 https://bugzilla.suse.com/1102097 https://bugzilla.suse.com/1102147 https://bugzilla.suse.com/1102340 https://bugzilla.suse.com/1102512 https://bugzilla.suse.com/1102851 https://bugzilla.suse.com/1103216 https://bugzilla.suse.com/1103220 https://bugzilla.suse.com/1103230 https://bugzilla.suse.com/1103421 From sle-security-updates at lists.suse.com Mon Aug 6 16:31:35 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Aug 2018 00:31:35 +0200 (CEST) Subject: SUSE-SU-2018:2223-1: important: Security update for the Linux Kernel Message-ID: <20180806223135.B9A03FD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2223-1 Rating: important References: #1012382 #1037697 #1046299 #1046300 #1046302 #1046303 #1046305 #1046306 #1046307 #1046533 #1046543 #1050242 #1050536 #1050538 #1050540 #1051510 #1054245 #1056651 #1056787 #1058169 #1058659 #1060463 #1068032 #1075087 #1075360 #1077338 #1077761 #1077989 #1085042 #1085536 #1085539 #1086301 #1086313 #1086314 #1086324 #1086457 #1087092 #1087202 #1087217 #1087233 #1090098 #1090888 #1091041 #1091171 #1093148 #1093666 #1094119 #1096330 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1098633 #1099193 #1100132 #1100884 #1101143 #1101337 #1101352 #1101564 #1101669 #1101674 #1101789 #1101813 #1101816 #1102088 #1102097 #1102147 #1102340 #1102512 #1102851 #1103216 #1103220 #1103230 #1103421 Cross-References: CVE-2017-18344 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has 75 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-5390 aka SegmentSmack: A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP and/or TCP fragment reassembly (bsc#1102340) CVE-2017-18344: The timer_create syscall implementation didn't properly validate input, which could have lead to out-of-bounds access. This allowed userspace applications to read arbitrary kernel memory in some setups. (bsc#1102851) The following non-security bugs were fixed: - acpi, apei, einj: Subtract any matching Register Region from Trigger resources (bsc#1051510). - acpi, nfit: Fix scrub idle detection (bsc#1094119). - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1051510). - acpi/processor: Finish making acpi_processor_ppc_has_changed() void (bsc#1051510). - ahci: Disable Lpm on Lenovo 50 series laptops with a too old BIOS (bsc#1051510). - alsa: hda - Handle pm failure during hotplug (bsc#1051510). - alsa: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk (bsc#1051510). - alsa: hda/realtek - Yet another Clevo P950 quirk entry (bsc#1101143). - alsa: hda/realtek - two more lenovo models need fixup of MIC_LOCATION (bsc#1051510). - alsa: hda: add mute led support for HP ProBook 455 G5 (bsc#1051510). - alsa: rawmidi: Change resized buffers atomically (bsc#1051510). - alx: take rtnl before calling __alx_open from resume (bsc#1051510). - arm64: kpti: Use early_param for kpti= command-line option (bsc#1103220). - arm: module: fix modsign build error (bsc#1093666). - asoc: mediatek: preallocate pages use platform device (bsc#1051510). - ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() (bsc#1051510). - atl1c: reserve min skb headroom (bsc#1051510). - audit: Fix wrong task in comparison of session ID (bsc#1051510). - audit: ensure that 'audit=1' actually enables audit for PID 1 (bsc#1051510). - audit: return on memory error to avoid null pointer dereference (bsc#1051510). - b44: Initialize 64-bit stats seqcount (bsc#1051510). - backlight: as3711_bl: Fix Device Tree node leaks (bsc#1051510). - backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1051510). - batman-adv: Accept only filled wifi station info (bsc#1051510). - batman-adv: Always initialize fragment header priority (bsc#1051510). - batman-adv: Avoid race in TT TVLV allocator helper (bsc#1051510). - batman-adv: Avoid storing non-TT-sync flags on singular entries too (bsc#1051510). - batman-adv: Fix TT sync flags for intermediate TT responses (bsc#1051510). - batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump (bsc#1051510). - batman-adv: Fix bat_v best gw refcnt after netlink dump (bsc#1051510). - batman-adv: Fix check of retrieved orig_gw in batadv_v_gw_is_eligible (bsc#1051510). - batman-adv: Fix debugfs path for renamed hardif (bsc#1051510). - batman-adv: Fix debugfs path for renamed softif (bsc#1051510). - batman-adv: Fix internal interface indices types (bsc#1051510). - batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq (bsc#1051510). - batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag (bsc#1051510). - batman-adv: Fix netlink dumping of BLA backbones (bsc#1051510). - batman-adv: Fix netlink dumping of BLA claims (bsc#1051510). - batman-adv: Fix skbuff rcsum on packet reroute (bsc#1051510). - batman-adv: Ignore invalid batadv_iv_gw during netlink send (bsc#1051510). - batman-adv: Ignore invalid batadv_v_gw during netlink send (bsc#1051510). - batman-adv: Use default throughput value on cfg80211 error (bsc#1051510). - batman-adv: fix TT sync flag inconsistencies (bsc#1051510). - batman-adv: fix header size check in batadv_dbg_arp() (bsc#1051510). - batman-adv: fix multicast-via-unicast transmission with AP isolation (bsc#1051510). - batman-adv: fix packet checksum in receive path (bsc#1051510). - batman-adv: fix packet loss for broadcasted DHCP packets to a server (bsc#1051510). - batman-adv: invalidate checksum on fragment reassembly (bsc#1051510). - batman-adv: update data pointers after skb_cow() (bsc#1051510). - blk-mq: count allocated but not started requests in iostats inflight (bsc#1077989). - blk-mq: fix sysfs inflight counter (bsc#1077989). - block: always set partition number to '0' in blk_partition_remap() (bsc#1054245). - block: always set partition number to '0' in blk_partition_remap() (bsc#1077989). - block: bio_check_eod() needs to consider partitions (bsc#1077989). - block: fail op_is_write() requests to read-only partitions (bsc#1077989). - block: pass 'run_queue' to blk_mq_request_bypass_insert (bsc#1077989). - block: set request_list for request (bsc#1077989). - bluetooth: avoid recursive locking in hci_send_to_channel() (bsc#1051510). - bluetooth: hci_ll: Add support for the external clock (bsc#1051510). - bluetooth: hci_ll: Fix download_firmware() return when __hci_cmd_sync fails (bsc#1051510). - bluetooth: hci_nokia: select BT_HCIUART_H4 (bsc#1051510). - bluetooth: hci_uart: fix kconfig dependency (bsc#1051510). - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#1050242). - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#1050242). - bnxt_en: Do not modify max IRQ count after rdma driver requests/frees IRQs (bsc#1050242). - bnxt_en: Do not modify max IRQ count after rdma driver requests/frees IRQs (bsc#1050242). - bnxt_en: Fix for system hang if request_irq fails (bsc#1050242). - bnxt_en: Fix for system hang if request_irq fails (bsc#1050242). - bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1050242). - bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1050242). - bnxt_en: Fix the vlan_tci exact match check (bsc#1050242). - bnxt_en: Fix the vlan_tci exact match check (bsc#1050242). - bonding: re-evaluate force_primary when the primary slave name changes (networking-stable-18_06_20). - btrfs: Do not remove block group still has pinned down bytes (bsc#1086457). - bus: arm-cci: Fix use of smp_processor_id() in preemptible context (bsc#1051510). - bus: arm-ccn: Check memory allocation failure (bsc#1051510). - bus: arm-ccn: Fix use of smp_processor_id() in preemptible context (bsc#1051510). - bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left (bsc#1051510). - can: bcm: check for null sk before deferencing it via the call to sock_net (bsc#1051510). - can: m_can.c: fix setup of CCCR register: clear CCCR NISO bit before checking can.ctrlmode (bsc#1051510). - can: mpc5xxx_can: check of_iomap return before use (bsc#1051510). - can: peak_canfd: fix firmware v3.3.0: limit allocation to 32-bit DMA addr only (bsc#1051510). - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK (bsc#1051510). - can: xilinx_can: fix RX overflow interrupt not being enabled (bsc#1051510). - can: xilinx_can: fix device dropping off bus on RX overrun (bsc#1051510). - can: xilinx_can: fix incorrect clear of non-processed interrupts (bsc#1051510). - can: xilinx_can: fix power management handling (bsc#1051510). - can: xilinx_can: fix recovery from error states not being propagated (bsc#1051510). - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting (bsc#1051510). - cdc_ncm: avoid padding beyond end of skb (networking-stable-18_06_20). - cfg80211: initialize sinfo in cfg80211_get_station (bsc#1051510). - checkpatch: add 6 missing types to --list-types (bsc#1051510). - cifs: Fix infinite loop when using hard mount option (bsc#1091171). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097). - clk: Do not show the incorrect clock phase (bsc#1051510). - clk: Do not write error code into divider register (bsc#1051510). - clk: Fix __set_clk_rates error print-string (bsc#1051510). - clk: at91: PLL recalc_rate() now using cached MUL and DIV values (bsc#1051510). - clk: at91: fix clk-generated parenting (bsc#1051510). - clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() (bsc#1051510). - clk: bcm2835: De-assert/assert PLL reset signal when appropriate (bsc#1051510). - clk: fix false-positive Wmaybe-uninitialized warning (bsc#1051510). - clk: fix mux clock documentation (bsc#1051510). - clk: fix set_rate_range when current rate is out of range (bsc#1051510). - clk: hi3660: fix incorrect uart3 clock freqency (bsc#1051510). - clk: hi6220: change watchdog clock source (bsc#1051510). - clk: hi6220: mark clock cs_atb_syspll as critical (bsc#1051510). - clk: hisilicon: fix potential NULL dereference in hisi_clk_alloc() (bsc#1051510). - clk: hisilicon: mark wdt_mux_p[] as const (bsc#1051510). - clk: honor CLK_MUX_ROUND_CLOSEST in generic clk mux (bsc#1051510). - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bsc#1051510). - clk: imx7d: fix mipi dphy div parent (bsc#1051510). - clk: mediatek: add the option for determining PLL source clock (bsc#1051510). - clk: mediatek: mark mtk_infrasys_init_early __init (bsc#1051510). - clk: meson: gxbb: fix clk_mclk_i958 divider flags (bsc#1051510). - clk: meson: gxbb: fix meson cts_amclk divider flags (bsc#1051510). - clk: meson: gxbb: fix wrong clock for SARADC/SANA (bsc#1051510). - clk: meson: meson8b: fix protection against undefined clks (bsc#1051510). - clk: meson: mpll: fix mpll0 fractional part ignored (bsc#1051510). - clk: meson: mpll: use 64-bit maths in params_from_rate (bsc#1051510). - clk: meson: remove unnecessary rounding in the pll clock (bsc#1051510). - clk: mvebu: use correct bit for 98DX3236 NAND (bsc#1051510). - clk: qcom: Base rcg parent rate off plan frequency (bsc#1051510). - clk: qcom: clk-smd-rpm: Fix the reported rate of branches (bsc#1051510). - clk: qcom: common: fix legacy board-clock registration (bsc#1051510). - clk: qcom: msm8916: Fix bimc gpu clock ops (bsc#1051510). - clk: qcom: msm8916: fix mnd_width for codec_digcodec (bsc#1051510). - clk: renesas: div6: Document fields used for parent selection (bsc#1051510). - clk: renesas: r8a7745: Remove PLL configs for MD19=0 (bsc#1051510). - clk: renesas: r8a7745: Remove nonexisting scu-src[0789] clocks (bsc#1051510). - clk: renesas: r8a7795: Correct pwm, gpio, and i2c parent clocks on ES2.0 (bsc#1051510). - clk: renesas: rcar-gen2: Fix PLL0 on R-Car V2H and E2 (bsc#1051510). - clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 (bsc#1051510). - clk: rockchip: Prevent calculating mmc phase if clock rate is zero (bsc#1051510). - clk: samsung: Fix m2m scaler clock on Exynos542x (bsc#1051510). - clk: samsung: exynos3250: Fix PLL rates (bsc#1051510). - clk: samsung: exynos5250: Add missing clocks for FIMC LITE SYSMMU devices (bsc#1051510). - clk: samsung: exynos5250: Fix PLL rates (bsc#1051510). - clk: samsung: exynos5260: Fix PLL rates (bsc#1051510). - clk: samsung: exynos5433: Fix PLL rates (bsc#1051510). - clk: samsung: exynos7: Fix PLL rates (bsc#1051510). - clk: samsung: s3c2410: Fix PLL rates (bsc#1051510). - clk: scpi: error when clock fails to register (bsc#1051510). - clk: scpi: fix return type of __scpi_dvfs_round_rate (bsc#1051510). - clk: si5351: Rename internal plls to avoid name collisions (bsc#1051510). - clk: si5351: fix PLL reset (bsc#1051510). - clk: socfpga: Fix the smplsel on Arria10 and Stratix10 (bsc#1051510). - clk: sunxi-ng: Fix fractional mode for N-M clocks (bsc#1051510). - clk: sunxi-ng: Make fractional helper less chatty (bsc#1051510). - clk: sunxi-ng: Wait for lock when using fractional mode (bsc#1051510). - clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops (bsc#1051510). - clk: sunxi-ng: add CLK_SET_RATE_PARENT flag to H3 GPU clock (bsc#1051510). - clk: sunxi-ng: add CLK_SET_RATE_UNGATE to all H3 PLLs (bsc#1051510). - clk: sunxi-ng: allow set parent clock (PLL_CPUX) for CPUX clock on H3 (bsc#1051510). - clk: sunxi-ng: h3: gate then ungate PLL CPU clk after rate change (bsc#1051510). - clk: sunxi-ng: multiplier: Fix fractional mode (bsc#1051510). - clk: sunxi-ng: nm: Check if requested rate is supported by fractional clock (bsc#1051510). - clk: sunxi-ng: sun5i: Fix bit offset of audio PLL post-divider (bsc#1051510). - clk: sunxi-ng: sun6i: Export video PLLs (bsc#1051510). - clk: sunxi-ng: sun6i: Rename HDMI DDC clock to avoid name collision (bsc#1051510). - clk: sunxi: fix build warning (bsc#1051510). - clk: sunxi: fix uninitialized access (bsc#1051510). - clk: tegra: Fix cclk_lp divisor register (bsc#1051510). - clk: tegra: Fix pll_u rate configuration (bsc#1051510). - clk: tegra: Use readl_relaxed_poll_timeout_atomic() in tegra210_clock_init() (bsc#1051510). - clk: ti: dra7-atl-clock: fix child-node lookups (bsc#1051510). - clk: uniphier: fix DAPLL2 clock rate of Pro5 (bsc#1051510). - clk: x86: Do not gate clocks enabled by the firmware (bsc#1051510). - clockevents/drivers/cs5535: Improve resilience to spurious interrupts (bsc#1051510). - clocksource/drivers/stm32: Fix kernel panic with multiple timers (bsc#1051510). - cnic: Fix an error handling path in 'cnic_alloc_bnx2x_resc()' (bsc#1086324). - cnic: Fix an error handling path in 'cnic_alloc_bnx2x_resc()' (bsc#1086324). - cpufreq: CPPC: Initialize shared perf capabilities of CPUs (bsc#1100884). - cpufreq: Fix new policy initialization during limits updates via sysfs (bsc#1100884). - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path (bsc#1100884). - cpufreq: docs: Add missing cpuinfo_cur_freq description (bsc#1051510). - cpufreq: docs: Drop intel-pstate.txt from index.txt (bsc#1051510). - cpufreq: governors: Fix long idle detection logic in load calculation (bsc#1100884). - cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt (bsc#1100884). - cpuidle: powernv: Fix promotion from snooze if next state disabled (bsc#1100884). - crash_dump: is_kdump_kernel can be boolean (bsc#1103230). - crypto: caam/qi - explicitly set dma_ops (bsc#1051510). - crypto: ccp - remove unused variable qim (bsc#1051510). - crypto: change transient busy return code to -ENOSPC (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Add authenc versions of ctr and sha (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Check error code with IS_ERR macro (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix IV updated in XTS operation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix Indentation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix an error code in chcr_hash_dma_map() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix indentation warning (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix iv passed in fallback path for rfc3686 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix src buffer dma length (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Make function aead_ccm_validate_input static (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Move DMA un/mapping to chcr from lld cxgb4 driver (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Remove allocation of sg list to implement 2K limit of dsgl header (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Remove dst sg size zero check (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Remove unused parameter (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Update IV before sending request to HW (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Use kernel round function to align lengths (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Use x8_ble gf multiplication to calculate IV (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - check for sg null (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - do not leak pointers to authenc keys (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak (bsc#1051510). - crypto: crypto4xx - remove bad list_del (bsc#1051510). - crypto: gf128mul - The x8_ble multiplication functions (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: sha512-mb - add some missing unlock on error (bsc#1051510). - cxgb4/cxgb4vf: Notify link changes to OS-dependent code (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4/cxgb4vf: add support for ndo_set_vf_vlan (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4/cxgb4vf: check fw caps to set link mode mask (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4/cxgb4vf: link management changes for new SFP (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add FORCE_PAUSE bit to 32 bit port caps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add HMA support (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add TP Congestion map entry for single-port (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add new T5 device id (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add new T6 device ids (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add support for ethtool i2c dump (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add support to initialise/read SRQ entries (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add support to query HW SRQ parameters (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Adds CPL support for Shared Receive Queues (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Check alignment constraint for T6 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Check for kvzalloc allocation failure (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Fix error handling path in 'init_one()' (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Fix queue free path of ULD drivers (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Fix {vxlan/geneve}_port initialization (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: IPv6 filter takes 2 tids (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Setup FW queues before registering netdev (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Support firmware rdma write completion work request (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Support firmware rdma write with immediate work request (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: add new T5 device id's (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: avoid schedule while atomic (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: change the port capability bits definition (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: clean up init_one (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: collect SGE PF/VF queue map (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: collect hardware dump in second kernel (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: copy adap index to PF0-3 adapter instances (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: copy mbox log size to PF0-3 adap instances (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: copy the length of cpl_tx_pkt_core to fw_wr (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: copy vlan_id in ndo_get_vf_config (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: depend on firmware event for link status (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: do L1 config when module is inserted (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: do not display 50Gbps as unsupported speed (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: do not fail vf instatiation in slave mode (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: do not set needs_free_netdev for mgmt dev's (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: enable ZLib_DEFLATE when building cxgb4 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: enable inner header checksum calculation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: fix the wrong conversion of Mbps to Kbps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: free up resources of pf 0-3 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: increase max tx rate limit to 100 Gbps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: notify fatal error to uld drivers (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: remove dead code when allocating filter (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: restructure VF mgmt code (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: rework on-chip memory read (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: support new ISSI flash parts (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: update LE-TCAM collection for T6 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: update dump collection logic to use compression (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: update latest firmware version supported (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: update latest firmware version supported (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: use CLIP with LIP6 on T6 for TCAM filters (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: use zlib deflate to compress firmware dump (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: zero the HMA memory (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4vf: Forcefully link up virtual interfaces (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4vf: display pause settings (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgbit: call neigh_event_send() to update MAC address (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - dccp: do not free ccid2_hc_tx_sock struct in dccp_disconnect() (networking-stable-18_06_08). - device property: Allow iterating over available child fwnodes (bsc#1098633). - device property: Introduce fwnode_call_bool_op() for ops that return bool (bsc#1098633). - device property: Introduce fwnode_device_is_available() (bsc#1098633). - device property: Introduce fwnode_get_mac_address() (bsc#1098633). - device property: Introduce fwnode_get_phy_mode() (bsc#1098633). - device property: Introduce fwnode_irq_get() (bsc#1098633). - device property: Move FW type specific functionality to FW specific files (bsc#1098633). - device property: Move fwnode graph ops to firmware specific locations (bsc#1098633). - device property: preserve usecount for node passed to of_fwnode_graph_get_port_parent() (bsc#1098633). - dmaengine: fsl-edma: disable clks on all error paths (bsc#1051510). - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() (bsc#1051510). - dmaengine: mv_xor_v2: Fix clock resource by adding a register clock (bsc#1051510). - dmaengine: omap-dma: port_window support correction for both direction (bsc#1051510). - dmaengine: pl330: fix a race condition in case of threaded irqs (bsc#1051510). - dmaengine: pl330: report BURST residue granularity (bsc#1051510). - dmaengine: qcom: bam_dma: get num-channels and num-ees from dt (bsc#1051510). - dmaengine: qcom_hidma: check pending interrupts (bsc#1051510). - dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() (bsc#1051510). - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 (bsc#1051510). - dmaengine: tegra-apb: Really fix runtime-pm usage (bsc#1051510). - dmaengine: tegra210-adma: fix of_irq_get() error check (bsc#1051510). - dmaengine: xilinx_dma: Fix error code format specifier (bsc#1051510). - dmaengine: zynqmp_dma: Fix race condition in the probe (bsc#1051510). - doc: Rename .system_keyring to .builtin_trusted_keys (bsc#1051510). - doc: SKB_GSO_[IPIP|SIT] have been replaced (bsc#1051510). - docs-rst: fix broken links to dynamic-debug-howto in kernel-parameters (bsc#1051510). - docs: segmentation-offloads.txt: Fix ref to SKB_GSO_TUNNEL_REMCSUM (bsc#1051510). - docu: admin-guide: intel_pstate: Fix sysfs path (bsc#1051510). - dp83640: Ensure against premature access to PHY registers after reset (bsc#1051510). - drbd: fix access after free (bsc#1051510). - driver core: Fix link to device power management documentation (bsc#1051510). - driver core: Partially revert "driver core: correct device's shutdown order" (bsc#1051510). - drivers/firmware: psci_checker: Add missing destroy_timer_on_stack() (bsc#1051510). - drivers/net/ethernet/qlogic/qed: Fix __qed_spq_block() ordering (bsc#1086314 bsc#1086313 bsc#1086301). - drivers/net/ethernet/qlogic/qed: Fix __qed_spq_block() ordering (bsc#1086314 bsc#1086313 bsc#1086301). - drivers: net: i40evf: use setup_timer() helper (bsc#1101816). - drivers: net: i40evf: use setup_timer() helper (bsc#1101816). - drm/bridge/sii8620: fix potential buffer overflow (bsc#1051510). - drm/exynos: Fix dma-buf import (bsc#1051510). - drm/i915/dp: Send DPCD ON for MST before phy_up (bsc#1051510). - drm/i915: Fix hotplug irq ack on i965/g4x (bsc#1051510). - drm/i915: Only call tasklet_kill() on the first prepare_reset (bsc#1051510). - drm/nouveau/drm/nouveau: Fix runtime pm leak in nv50_disp_atomic_commit() (bsc#1090888). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bsc#1051510). - drm/nouveau: Avoid looping through fake MST connectors (bsc#1051510). - drm/nouveau: Use drm_connector_list_iter_* for iterating connectors (bsc#1051510). - drm/rockchip: Fix build warning in analogix_dp-rockchip.c (bsc#1085536). - drm/rockchip: analogix_dp: Remove unnecessary init code (bsc#1085536). - drm/rockchip: dw_hdmi: Move HDMI vpll clock enable to bind() (bsc#1087092). - drm/rockchip: inno_hdmi: Fix error handling path (bsc#1087092). - drm/rockchip: inno_hdmi: reorder clk_disable_unprepare call in unbind (bsc#1087092). - drm/tegra: Acquire a reference to the IOVA cache (bsc#1090888). - drm/udl: fix display corruption of the last line (bsc#1101337). - drm: Use kvzalloc for allocating blob property memory (bsc#1101352). - drm: mali-dp: Uninitialized variable in malidp_se_check_scaling() (bsc#1087092). - drm: rcar-du: Remove zpos field from rcar_du_vsp_plane_state structure (bsc#1085539). - drm: rcar-du: lvds: Fix LVDCR1 for R-Car gen3 (bsc#1085539). - dvb_frontend: do not use-after-free the frontend struct (bsc#1051510). - efi/efi_test: Prevent an Oops in efi_runtime_query_capsulecaps() (bsc#1051510). - enic: do not overwrite error code (bsc#1037697). - enic: enable rq before updating rq descriptors (bsc#1037697). - enic: set DMA mask to 47 bit (networking-stable-18_06_08). - ethtool: add ethtool_intersect_link_masks (bsc#1101816). - ethtool: add ethtool_intersect_link_masks (bsc#1101816). - firewire: net: max MTU off by one (bsc#1051510). - firmware: arm_scpi: fix endianness of dev_id in struct dev_pstate_set (bsc#1051510). - firmware: dmi: Optimize dmi_matches (bsc#1051510). - firmware: tegra: Fix locking bugs in BpmP (bsc#1051510). - fix kabi due to perf_event.h uapi field change (). - fm10k: Fix configuration for macvlan offload (bsc#1101813). - fm10k: Fix configuration for macvlan offload (bsc#1101813). - fm10k: Fix misuse of net_ratelimit() (bsc#1101813). - fm10k: Fix misuse of net_ratelimit() (bsc#1101813). - fm10k: Use seq_putc() in fm10k_dbg_desc_break() (bsc#1101813). - fm10k: Use seq_putc() in fm10k_dbg_desc_break() (bsc#1101813). - fm10k: add missing fall through comment (bsc#1101813). - fm10k: add missing fall through comment (bsc#1101813). - fm10k: avoid divide by zero in rare cases when device is resetting (bsc#1101813). - fm10k: avoid divide by zero in rare cases when device is resetting (bsc#1101813). - fm10k: avoid needless delay when loading driver (bsc#1101813). - fm10k: avoid needless delay when loading driver (bsc#1101813). - fm10k: avoid possible truncation of q_vector->name (bsc#1101813). - fm10k: avoid possible truncation of q_vector->name (bsc#1101813). - fm10k: bump version number (bsc#1101813). - fm10k: bump version number (bsc#1101813). - fm10k: bump version number (bsc#1101813). - fm10k: bump version number (bsc#1101813). - fm10k: clarify action when updating the VLAN table (bsc#1101813). - fm10k: clarify action when updating the VLAN table (bsc#1101813). - fm10k: cleanup unnecessary parenthesis in fm10k_iov.c (bsc#1101813). - fm10k: cleanup unnecessary parenthesis in fm10k_iov.c (bsc#1101813). - fm10k: correct typo in fm10k_pf.c (bsc#1101813). - fm10k: correct typo in fm10k_pf.c (bsc#1101813). - fm10k: do not assume VLAN 1 is enabled (bsc#1101813). - fm10k: do not assume VLAN 1 is enabled (bsc#1101813). - fm10k: do not loop while resetting VFs due to VFLR event (bsc#1101813). - fm10k: do not loop while resetting VFs due to VFLR event (bsc#1101813). - fm10k: do not protect fm10k_queue_mac_request by fm10k_host_mbx_ready (bsc#1101813). - fm10k: do not protect fm10k_queue_mac_request by fm10k_host_mbx_ready (bsc#1101813). - fm10k: fix "failed to kill vid" message for VF (bsc#1101813). - fm10k: fix "failed to kill vid" message for VF (bsc#1101813). - fm10k: fix function doxygen comments (bsc#1101813). - fm10k: fix function doxygen comments (bsc#1101813). - fm10k: fix incorrect warning for function prototype (bsc#1101813). - fm10k: fix incorrect warning for function prototype (bsc#1101813). - fm10k: fix typos on fall through comments (bsc#1101813). - fm10k: fix typos on fall through comments (bsc#1101813). - fm10k: introduce a message queue for MAC/VLAN messages (bsc#1101813). - fm10k: introduce a message queue for MAC/VLAN messages (bsc#1101813). - fm10k: mark pm functions as __maybe_unused (bsc#1101813). - fm10k: mark pm functions as __maybe_unused (bsc#1101813). - fm10k: move fm10k_prepare_for_reset and fm10k_handle_reset (bsc#1101813). - fm10k: move fm10k_prepare_for_reset and fm10k_handle_reset (bsc#1101813). - fm10k: prefer %s and __func__ for diagnostic prints (bsc#1101813). - fm10k: prefer %s and __func__ for diagnostic prints (bsc#1101813). - fm10k: prepare_for_reset() when we lose pcie Link (bsc#1101813). - fm10k: prepare_for_reset() when we lose pcie Link (bsc#1101813). - fm10k: prevent race condition of __FM10K_SERVICE_SCHED (bsc#1101813). - fm10k: prevent race condition of __FM10K_SERVICE_SCHED (bsc#1101813). - fm10k: reduce duplicate fm10k_stat macro code (bsc#1101813). - fm10k: reduce duplicate fm10k_stat macro code (bsc#1101813). - fm10k: reschedule service event if we stall the PF<->SM mailbox (bsc#1101813). - fm10k: reschedule service event if we stall the PF->SM mailbox (bsc#1101813). - fm10k: setup VLANs for l2 accelerated macvlan interfaces (bsc#1101813). - fm10k: setup VLANs for l2 accelerated macvlan interfaces (bsc#1101813). - fm10k: simplify reading PFVFLRE register (bsc#1101813). - fm10k: simplify reading PFVFLRE register (bsc#1101813). - fm10k: stop adding VLAN 0 to the VLAN table (bsc#1101813). - fm10k: stop adding VLAN 0 to the VLAN table (bsc#1101813). - fm10k: stop spurious link down messages when Tx FIFO is full (bsc#1101813). - fm10k: stop spurious link down messages when Tx FIFO is full (bsc#1101813). - fm10k: use generic pm hooks instead of legacy pcie power hooks (bsc#1101813). - fm10k: use generic pm hooks instead of legacy pcie power hooks (bsc#1101813). - fm10k: use macro to avoid passing the array and size separately (bsc#1101813). - fm10k: use macro to avoid passing the array and size separately (bsc#1101813). - fm10k: use spinlock to implement mailbox lock (bsc#1101813). - fm10k: use spinlock to implement mailbox lock (bsc#1101813). - fm10k: use the MAC/VLAN queue for VF<->PF MAC/VLAN requests (bsc#1101813). - fm10k: use the MAC/VLAN queue for VF->PF MAC/VLAN requests (bsc#1101813). - fm10k: use variadic arguments to fm10k_add_stat_strings (bsc#1101813). - fm10k: use variadic arguments to fm10k_add_stat_strings (bsc#1101813). - fm10k: warn if the stat size is unknown (bsc#1101813). - fm10k: warn if the stat size is unknown (bsc#1101813). - fsi: core: register with postcore_initcall (bsc#1051510). - fuse: Remove the buggy retranslation of pids in fuse_dev_do_read (bsc#1051510). - fuse: atomic_o_trunc should truncate pagecache (bsc#1051510). - fuse: do not keep dead fuse_conn at fuse_fill_super() (bsc#1051510). - fuse: fix congested state leak on aborted connections (bsc#1051510). - fuse: fix control dir setup and teardown (bsc#1051510). - gpio: acpi: work around false-positive -Wstring-overflow warning (bsc#1051510). - gpio: brcmstb: allow all instances to be wakeup sources (bsc#1051510). - gpio: brcmstb: check return value of gpiochip_irqchip_add() (bsc#1051510). - gpio: brcmstb: correct the configuration of level interrupts (bsc#1051510). - gpio: brcmstb: release the bgpio lock during irq handlers (bsc#1051510). - gpio: brcmstb: switch to handle_level_irq flow (bsc#1051510). - gpio: pca953x: fix vendor prefix for PCA9654 (bsc#1051510). - gpio: reject invalid gpio before getting gpio_desc (bsc#1051510). - gpio: tegra: fix unbalanced chained_irq_enter/exit (bsc#1051510). - gpu: host1x: Acquire a reference to the IOVA cache (bsc#1090888). - hwmon: (aspeed-pwm) add THERMAL dependency (bsc#1051510). - hwmon: (ftsteutates) Fix clearing alarm sysfs entries (bsc#1051510). - hwmon: (ltc2990) Fix incorrect conversion of negative temperatures (bsc#1051510). - hwmon: (nct6683) Enable EC access if disabled at boot (bsc#1051510). - hwmon: (stts751) buffer overrun on wrong chip configuration (bsc#1051510). - hwmon: (tmp102) Fix first temperature reading (bsc#1051510). - hwmon: Deal with errors from the thermal subsystem (bsc#1051510). - hwrng: stm32 - add reset during probe (bsc#1051510). - i2c: axxia: enable clock before calling clk_get_rate() (bsc#1051510). - i2c: designware: Round down ACPI provided clk to nearest supported clk (bsc#1051510). - i2c: mux: pinctrl: mention correct module name in Kconfig help text (bsc#1051510). - i2c: tegra: Fix NACK error handling (bsc#1051510). - i40e/i40evf: Add support for new mechanism of updating adaptive ITR (bsc#1101816). - i40e/i40evf: Add support for new mechanism of updating adaptive ITR (bsc#1101816). - i40e/i40evf: Bump driver versions (bsc#1101816). - i40e/i40evf: Bump driver versions (bsc#1101816). - i40e/i40evf: Clean up logic for adaptive ITR (bsc#1101816). - i40e/i40evf: Clean up logic for adaptive ITR (bsc#1101816). - i40e/i40evf: Clean-up of bits related to using q_vector->reg_idx (bsc#1101816). - i40e/i40evf: Clean-up of bits related to using q_vector->reg_idx (bsc#1101816). - i40e/i40evf: Detect and recover hung queue scenario (bsc#1101816). - i40e/i40evf: Detect and recover hung queue scenario (bsc#1101816). - i40e/i40evf: Do not bother setting the CLEARPBA bit (bsc#1101816). - i40e/i40evf: Do not bother setting the CLEARPBA bit (bsc#1101816). - i40e/i40evf: Enable NVMUpdate to retrieve AdminQ and add preservation flags for NVM update (bsc#1101816). - i40e/i40evf: Enable NVMUpdate to retrieve AdminQ and add preservation flags for NVM update (bsc#1101816). - i40e/i40evf: Only track one ITR setting per ring instead of Tx/Rx (bsc#1101816). - i40e/i40evf: Only track one ITR setting per ring instead of Tx/Rx (bsc#1101816). - i40e/i40evf: Record ITR register location in the q_vector (bsc#1101816). - i40e/i40evf: Record ITR register location in the q_vector (bsc#1101816). - i40e/i40evf: Split container ITR into current_itr and target_itr (bsc#1101816). - i40e/i40evf: Split container ITR into current_itr and target_itr (bsc#1101816). - i40e/i40evf: Update DESC_NEEDED value to reflect larger value (bsc#1101816). - i40e/i40evf: Update DESC_NEEDED value to reflect larger value (bsc#1101816). - i40e/i40evf: Use ring pointers to clean up _set_itr_per_queue (bsc#1101816). - i40e/i40evf: Use ring pointers to clean up _set_itr_per_queue (bsc#1101816). - i40e/i40evf: Use usec value instead of reg value for ITR defines (bsc#1101816). - i40e/i40evf: Use usec value instead of reg value for ITR defines (bsc#1101816). - i40e/i40evf: always set the CLEARPBA flag when re-enabling interrupts (bsc#1101816). - i40e/i40evf: always set the CLEARPBA flag when re-enabling interrupts (bsc#1101816). - i40e/i40evf: bundle more descriptors when allocating buffers (bsc#1101816). - i40e/i40evf: bundle more descriptors when allocating buffers (bsc#1101816). - i40e/i40evf: cleanup incorrect function doxygen comments (bsc#1101816). - i40e/i40evf: cleanup incorrect function doxygen comments (bsc#1101816). - i40e/i40evf: do not trust VF to reset itself (bsc#1101816). - i40e/i40evf: do not trust VF to reset itself (bsc#1101816). - i40e/i40evf: fix incorrect default ITR values on driver load (bsc#1101816). - i40e/i40evf: fix incorrect default ITR values on driver load (bsc#1101816). - i40e/i40evf: organize and re-number feature flags (bsc#1101816). - i40e/i40evf: organize and re-number feature flags (bsc#1101816). - i40e/i40evf: rename bytes_per_int to bytes_per_usec (bsc#1101816). - i40e/i40evf: rename bytes_per_int to bytes_per_usec (bsc#1101816). - i40e/i40evf: use DECLARE_BITMAP for state (bsc#1101816). - i40e/i40evf: use DECLARE_BITMAP for state (bsc#1101816). - i40e/i40evf: use SW variables for hang detection (bsc#1101816). - i40e/i40evf: use SW variables for hang detection (bsc#1101816). - i40e/virtchnl: fix application of sizeof to pointer (bsc#1101816). - i40e/virtchnl: fix application of sizeof to pointer (bsc#1101816). - i40e: Add advertising 10G LR mode (bsc#1101816). - i40e: Add advertising 10G LR mode (bsc#1101816). - i40e: Add delay after EMP reset for firmware to recover (bsc#1101816). - i40e: Add delay after EMP reset for firmware to recover (bsc#1101816). - i40e: Add infrastructure for queue channel support (bsc#1101816). - i40e: Add infrastructure for queue channel support (bsc#1101816). - i40e: Add macro for PF reset bit (bsc#1101816). - i40e: Add macro for PF reset bit (bsc#1101816). - i40e: Add new PHY types for 25G AOC and ACC support (bsc#1101816). - i40e: Add new PHY types for 25G AOC and ACC support (bsc#1101816). - i40e: Add returning AQ critical error to SW (bsc#1101816). - i40e: Add returning AQ critical error to SW (bsc#1101816). - i40e: Add support for 'ethtool -m' (bsc#1101816). - i40e: Add support for 'ethtool -m' (bsc#1101816). - i40e: Cleanup i40e_vlan_rx_register (bsc#1101816). - i40e: Cleanup i40e_vlan_rx_register (bsc#1101816). - i40e: Delete an error message for a failed memory allocation in i40e_init_interrupt_scheme() (bsc#1101816). - i40e: Delete an error message for a failed memory allocation in i40e_init_interrupt_scheme() (bsc#1101816). - i40e: Disable iWARP VSI PETCP_ENA flag on netdev down events (bsc#1101816). - i40e: Disable iWARP VSI PETCP_ENA flag on netdev down events (bsc#1101816). - i40e: Display error message if module does not meet thermal requirements (bsc#1101816). - i40e: Display error message if module does not meet thermal requirements (bsc#1101816). - i40e: Enable VF to negotiate number of allocated queues (bsc#1101816). - i40e: Enable VF to negotiate number of allocated queues (bsc#1101816). - i40e: Fix FLR reset timeout issue (bsc#1101816). - i40e: Fix FLR reset timeout issue (bsc#1101816). - i40e: Fix a potential NULL pointer dereference (bsc#1101816). - i40e: Fix a potential NULL pointer dereference (bsc#1101816). - i40e: Fix for NUP NVM image downgrade failure (bsc#1101816). - i40e: Fix for NUP NVM image downgrade failure (bsc#1101816). - i40e: Fix for adding multiple ethtool filters on the same location (bsc#1101816). - i40e: Fix for adding multiple ethtool filters on the same location (bsc#1101816). - i40e: Fix for blinking activity instead of link LEDs (bsc#1101816). - i40e: Fix for blinking activity instead of link LEDs (bsc#1101816). - i40e: Fix kdump failure (bsc#1101816). - i40e: Fix kdump failure (bsc#1101816). - i40e: Fix link down message when interface is brought up (bsc#1101816). - i40e: Fix link down message when interface is brought up (bsc#1101816). - i40e: Fix multiple issues with UDP tunnel offload filter configuration (bsc#1101816). - i40e: Fix multiple issues with UDP tunnel offload filter configuration (bsc#1101816). - i40e: Fix permission check for VF MAC filters (bsc#1101816). - i40e: Fix permission check for VF MAC filters (bsc#1101816). - i40e: Fix recalculation of MSI-X vectors for VMDq (bsc#1101816). - i40e: Fix recalculation of MSI-X vectors for VMDq (bsc#1101816). - i40e: Fix reporting of supported link modes (bsc#1101816). - i40e: Fix reporting of supported link modes (bsc#1101816). - i40e: Fix the polling mechanism of GLGEN_RSTAT.DEVSTATE (bsc#1101816). - i40e: Fix the polling mechanism of GLGEN_RSTAT.DEVSTATE (bsc#1101816). - i40e: Fix unqualified module message while bringing link up (bsc#1101816). - i40e: Fix unqualified module message while bringing link up (bsc#1101816). - i40e: Prevent setting link speed on I40E_DEV_ID_25G_B (bsc#1101816). - i40e: Prevent setting link speed on I40E_DEV_ID_25G_B (bsc#1101816). - i40e: Prevent setting link speed on KX_X722 (bsc#1101816). - i40e: Prevent setting link speed on KX_X722 (bsc#1101816). - i40e: Properly maintain flow director filters list (bsc#1101816). - i40e: Properly maintain flow director filters list (bsc#1101816). - i40e: Remove limit of 64 max queues per channel (bsc#1101816). - i40e: Remove limit of 64 max queues per channel (bsc#1101816). - i40e: Retry AQC GetPhyAbilities to overcome I2CRead hangs (bsc#1101816). - i40e: Retry AQC GetPhyAbilities to overcome I2CRead hangs (bsc#1101816). - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (bsc#1101816). - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (bsc#1101816). - i40e: add check for return from find_first_bit call (bsc#1101816). - i40e: add check for return from find_first_bit call (bsc#1101816). - i40e: add doxygen comment for new mode parameter (bsc#1101816). - i40e: add doxygen comment for new mode parameter (bsc#1101816). - i40e: add function doc headers for ethtool stats functions (bsc#1101816). - i40e: add function doc headers for ethtool stats functions (bsc#1101816). - i40e: add function header for i40e_get_rxfh (bsc#1101816). - i40e: add function header for i40e_get_rxfh (bsc#1101816). - i40e: add helper conversion function for link_speed (bsc#1101816). - i40e: add helper conversion function for link_speed (bsc#1101816). - i40e: add tx_busy to ethtool stats (bsc#1101816). - i40e: add tx_busy to ethtool stats (bsc#1101816). - i40e: allow XPS with QoS enabled (bsc#1101816). - i40e: allow XPS with QoS enabled (bsc#1101816). - i40e: always return VEB stat strings (bsc#1101816). - i40e: always return VEB stat strings (bsc#1101816). - i40e: always return all queue stat strings (bsc#1101816). - i40e: always return all queue stat strings (bsc#1101816). - i40e: avoid divide by zero (bsc#1101816). - i40e: avoid divide by zero (bsc#1101816). - i40e: avoid overflow in i40e_ptp_adjfreq() (bsc#1101816). - i40e: avoid overflow in i40e_ptp_adjfreq() (bsc#1101816). - i40e: broadcast filters can trigger overflow promiscuous (bsc#1101816). - i40e: broadcast filters can trigger overflow promiscuous (bsc#1101816). - i40e: calculate ethtool stats size in a separate function (bsc#1101816). - i40e: calculate ethtool stats size in a separate function (bsc#1101816). - i40e: change flags to use 64 bits (bsc#1101816). - i40e: change flags to use 64 bits (bsc#1101816). - i40e: change ppp name to ddp (bsc#1101816). - i40e: change ppp name to ddp (bsc#1101816). - i40e: check for invalid DCB config (bsc#1101816). - i40e: check for invalid DCB config (bsc#1101816). - i40e: cleanup unnecessary parens (bsc#1101816). - i40e: cleanup unnecessary parens (bsc#1101816). - i40e: cleanup whitespace for some ethtool stat definitions (bsc#1101816). - i40e: cleanup whitespace for some ethtool stat definitions (bsc#1101816). - i40e: cleanup wording in a header comment (bsc#1101816). - i40e: cleanup wording in a header comment (bsc#1101816). - i40e: convert i40e_get_settings_link_up to new API (bsc#1101816). - i40e: convert i40e_get_settings_link_up to new API (bsc#1101816). - i40e: convert i40e_phy_type_to_ethtool to new API (bsc#1101816). - i40e: convert i40e_phy_type_to_ethtool to new API (bsc#1101816). - i40e: convert i40e_set_link_ksettings to new API (bsc#1101816). - i40e: convert i40e_set_link_ksettings to new API (bsc#1101816). - i40e: disallow programming multiple filters with same criteria (bsc#1101816). - i40e: disallow programming multiple filters with same criteria (bsc#1101816). - i40e: display priority_xon and priority_xoff stats (bsc#1101816). - i40e: display priority_xon and priority_xoff stats (bsc#1101816). - i40e: do not clear suspended state until we finish resuming (bsc#1101816). - i40e: do not clear suspended state until we finish resuming (bsc#1101816). - i40e: do not enter PHY debug mode while setting LEDs behaviour (bsc#1101816). - i40e: do not enter PHY debug mode while setting LEDs behaviour (bsc#1101816). - i40e: do not force filter failure in overflow promiscuous (bsc#1101816). - i40e: do not force filter failure in overflow promiscuous (bsc#1101816). - i40e: do not hold spinlock while resetting VF (bsc#1101816). - i40e: do not hold spinlock while resetting VF (bsc#1101816). - i40e: do not leak memory addresses (bsc#1101816). - i40e: do not leak memory addresses (bsc#1101816). - i40e: drop i40e_pf *pf from i40e_vc_disable_vf() (bsc#1101816). - i40e: drop i40e_pf *pf from i40e_vc_disable_vf() (bsc#1101816). - i40e: ensure reset occurs when disabling VF (bsc#1101816). - i40e: ensure reset occurs when disabling VF (bsc#1101816). - i40e: factor out re-enable functions for ATR and SB (bsc#1101816). - i40e: factor out re-enable functions for ATR and SB (bsc#1101816). - i40e: fix a typo (bsc#1101816). - i40e: fix a typo (bsc#1101816). - i40e: fix a typo in i40e_pf documentation (bsc#1101816). - i40e: fix a typo in i40e_pf documentation (bsc#1101816). - i40e: fix clearing link masks in i40e_get_link_ksettings (bsc#1101816). - i40e: fix clearing link masks in i40e_get_link_ksettings (bsc#1101816). - i40e: fix comment typo (bsc#1101816). - i40e: fix comment typo (bsc#1101816). - i40e: fix flags declaration (bsc#1101816). - i40e: fix flags declaration (bsc#1101816). - i40e: fix for flow director counters not wrapping as expected (bsc#1101816). - i40e: fix for flow director counters not wrapping as expected (bsc#1101816). - i40e: fix for wrong partition id calculation on OCP mezz cards (bsc#1101816). - i40e: fix for wrong partition id calculation on OCP mezz cards (bsc#1101816). - i40e: fix handling of vf_states variable (bsc#1101816). - i40e: fix handling of vf_states variable (bsc#1101816). - i40e: fix i40e_phy_type_to_ethtool function header (bsc#1101816). - i40e: fix i40e_phy_type_to_ethtool function header (bsc#1101816). - i40e: fix incorrect register definition (bsc#1101816). - i40e: fix incorrect register definition (bsc#1101816). - i40e: fix link reporting (bsc#1101816). - i40e: fix link reporting (bsc#1101816). - i40e: fix merge error (bsc#1101816). - i40e: fix merge error (bsc#1101816). - i40e: fix reading LLDP configuration (bsc#1101816). - i40e: fix reading LLDP configuration (bsc#1101816). - i40e: fix typo in function description (bsc#1101816). - i40e: fix typo in function description (bsc#1101816). - i40e: fix whitespace issues in i40e_ethtool.c (bsc#1101816). - i40e: fix whitespace issues in i40e_ethtool.c (bsc#1101816). - i40e: fold prefix strings directly into stat names (bsc#1101816). - i40e: fold prefix strings directly into stat names (bsc#1101816). - i40e: free skb after clearing lock in ptp_stop (bsc#1101816). - i40e: free skb after clearing lock in ptp_stop (bsc#1101816). - i40e: free the skb after clearing the bitlock (bsc#1101816). - i40e: free the skb after clearing the bitlock (bsc#1101816). - i40e: group autoneg PHY types together (bsc#1101816). - i40e: group autoneg PHY types together (bsc#1101816). - i40e: hold the RTNL lock while changing interrupt schemes (bsc#1101816). - i40e: hold the RTNL lock while changing interrupt schemes (bsc#1101816). - i40e: ignore skb->xmit_more when deciding to set RS bit (bsc#1101816). - i40e: ignore skb->xmit_more when deciding to set RS bit (bsc#1101816). - i40e: implement split pci error reset handler (bsc#1101816). - i40e: implement split pci error reset handler (bsc#1101816). - i40e: limit lan queue count in large CPU count machine (bsc#1101816). - i40e: limit lan queue count in large CPU count machine (bsc#1101816). - i40e: make const array patterns static, reduces object code size (bsc#1101816). - i40e: make const array patterns static, reduces object code size (bsc#1101816). - i40e: make i40evf_map_rings_to_vectors void (bsc#1101816). - i40e: make i40evf_map_rings_to_vectors void (bsc#1101816). - i40e: make use of i40e_vc_disable_vf (bsc#1101816). - i40e: make use of i40e_vc_disable_vf (bsc#1101816). - i40e: mark pm functions as __maybe_unused (bsc#1101816). - i40e: mark pm functions as __maybe_unused (bsc#1101816). - i40e: move AUTO_DISABLED flags into the state field (bsc#1101816). - i40e: move AUTO_DISABLED flags into the state field (bsc#1101816). - i40e: move I40E_FLAG_FILTER_SYNC to a state bit (bsc#1101816). - i40e: move I40E_FLAG_FILTER_SYNC to a state bit (bsc#1101816). - i40e: move I40E_FLAG_TEMP_LINK_POLLING to state field (bsc#1101816). - i40e: move I40E_FLAG_TEMP_LINK_POLLING to state field (bsc#1101816). - i40e: move I40E_FLAG_UDP_FILTER_SYNC to the state field (bsc#1101816). - i40e: move I40E_FLAG_UDP_FILTER_SYNC to the state field (bsc#1101816). - i40e: move client flags into state bits (bsc#1101816). - i40e: move client flags into state bits (bsc#1101816). - i40e: prevent service task from running while we're suspended (bsc#1101816). - i40e: prevent service task from running while we're suspended (bsc#1101816). - i40e: re-enable PTP L4 capabilities for XL710 if FW >6.0 (bsc#1101816). - i40e: re-enable PTP L4 capabilities for XL710 if FW >6.0 (bsc#1101816). - i40e: re-number feature flags to remove gaps (bsc#1101816). - i40e: re-number feature flags to remove gaps (bsc#1101816). - i40e: redfine I40E_PHY_TYPE_MAX (bsc#1101816). - i40e: redfine I40E_PHY_TYPE_MAX (bsc#1101816). - i40e: reduce lrxqthresh from 2 to 1 (bsc#1101816). - i40e: reduce lrxqthresh from 2 to 1 (bsc#1101816). - i40e: refactor FW version checking (bsc#1101816). - i40e: refactor FW version checking (bsc#1101816). - i40e: refactor promisc_changed in i40e_sync_vsi_filters (bsc#1101816). - i40e: refactor promisc_changed in i40e_sync_vsi_filters (bsc#1101816). - i40e: relax warning message in case of version mismatch (bsc#1101816). - i40e: relax warning message in case of version mismatch (bsc#1101816). - i40e: remove duplicate pfc stats (bsc#1101816). - i40e: remove duplicate pfc stats (bsc#1101816). - i40e: remove i40e_fcoe files (bsc#1101816). - i40e: remove i40e_fcoe files (bsc#1101816). - i40e: remove ifdef SPEED_25000 (bsc#1101816). - i40e: remove ifdef SPEED_25000 (bsc#1101816). - i40e: remove logically dead code (bsc#1101816). - i40e: remove logically dead code (bsc#1101816). - i40e: remove redundant initialization of read_size (bsc#1101816). - i40e: remove redundant initialization of read_size (bsc#1101816). - i40e: rename 'change' variable to 'autoneg_changed' (bsc#1101816). - i40e: rename 'change' variable to 'autoneg_changed' (bsc#1101816). - i40e: rename 'cmd' variables in ethtool interface (bsc#1101816). - i40e: rename 'cmd' variables in ethtool interface (bsc#1101816). - i40e: restore TCPv4 input set when re-enabling ATR (bsc#1101816). - i40e: restore TCPv4 input set when re-enabling ATR (bsc#1101816). - i40e: restore promiscuous after reset (bsc#1101816). - i40e: restore promiscuous after reset (bsc#1101816). - i40e: shutdown all IRQs and disable MSI-X when suspended (bsc#1101816). - i40e: shutdown all IRQs and disable MSI-X when suspended (bsc#1101816). - i40e: simplify member variable accesses (bsc#1101816). - i40e: simplify member variable accesses (bsc#1101816). - i40e: split i40e_get_strings() into smaller functions (bsc#1101816). - i40e: split i40e_get_strings() into smaller functions (bsc#1101816). - i40e: stop using cmpxchg flow in i40e_set_priv_flags() (bsc#1101816). - i40e: stop using cmpxchg flow in i40e_set_priv_flags() (bsc#1101816). - i40e: track filter type statistics when deleting invalid filters (bsc#1101816). - i40e: track filter type statistics when deleting invalid filters (bsc#1101816). - i40e: track id can be 0 (bsc#1101816). - i40e: track id can be 0 (bsc#1101816). - i40e: update VFs of link state after GET_VF_RESOURCES (bsc#1101816). - i40e: update VFs of link state after GET_VF_RESOURCES (bsc#1101816). - i40e: update data pointer directly when copying to the buffer (bsc#1101816). - i40e: update data pointer directly when copying to the buffer (bsc#1101816). - i40e: use WARN_ONCE to replace the commented BUG_ON size check (bsc#1101816). - i40e: use WARN_ONCE to replace the commented BUG_ON size check (bsc#1101816). - i40e: use a local variable instead of calculating multiple times (bsc#1101816). - i40e: use a local variable instead of calculating multiple times (bsc#1101816). - i40e: use admin queue for setting LEDs behavior (bsc#1101816). - i40e: use admin queue for setting LEDs behavior (bsc#1101816). - i40e: use newer generic pm support instead of legacy pm callbacks (bsc#1101816). - i40e: use newer generic pm support instead of legacy pm callbacks (bsc#1101816). - i40e: use separate state bit for miscellaneous IRQ setup (bsc#1101816). - i40e: use separate state bit for miscellaneous IRQ setup (bsc#1101816). - i40e: use the more traditional 'i' loop variable (bsc#1101816). - i40e: use the more traditional 'i' loop variable (bsc#1101816). - i40evf: Allow turning off offloads when the VF has VLAN set (bsc#1101816). - i40evf: Allow turning off offloads when the VF has VLAN set (bsc#1101816). - i40evf: Clean-up flags for promisc mode to avoid high polling rate (bsc#1101816). - i40evf: Clean-up flags for promisc mode to avoid high polling rate (bsc#1101816). - i40evf: Correctly populate rxitr_idx and txitr_idx (bsc#1101816). - i40evf: Correctly populate rxitr_idx and txitr_idx (bsc#1101816). - i40evf: Do not clear MSI-X PBA manually (bsc#1101816). - i40evf: Do not clear MSI-X PBA manually (bsc#1101816). - i40evf: Drop i40evf_fire_sw_int as it is prone to races (bsc#1101816). - i40evf: Drop i40evf_fire_sw_int as it is prone to races (bsc#1101816). - i40evf: Enable VF to request an alternate queue allocation (bsc#1101816). - i40evf: Enable VF to request an alternate queue allocation (bsc#1101816). - i40evf: Fix a hardware reset support in VF driver (bsc#1101816). - i40evf: Fix a hardware reset support in VF driver (bsc#1101816). - i40evf: Fix double locking the same resource (bsc#1101816). - i40evf: Fix double locking the same resource (bsc#1101816). - i40evf: Fix link up issue when queues are disabled (bsc#1101816). - i40evf: Fix link up issue when queues are disabled (bsc#1101816). - i40evf: Fix turning TSO, GSO and GRO on after (bsc#1101816). - i40evf: Fix turning TSO, GSO and GRO on after (bsc#1101816). - i40evf: Make VF reset warning message more clear (bsc#1101816). - i40evf: Make VF reset warning message more clear (bsc#1101816). - i40evf: Replace GFP_ATOMIC with GFP_KERNEL in i40evf_add_vlan (bsc#1101816). - i40evf: Replace GFP_ATOMIC with GFP_KERNEL in i40evf_add_vlan (bsc#1101816). - i40evf: Use an iterator of the same type as the list (bsc#1101816). - i40evf: Use an iterator of the same type as the list (bsc#1101816). - i40evf: enable support for VF VLAN tag stripping control (bsc#1101816). - i40evf: enable support for VF VLAN tag stripping control (bsc#1101816). - i40evf: fix client notify of l2 params (bsc#1101816). - i40evf: fix client notify of l2 params (bsc#1101816). - i40evf: fix ring to vector mapping (bsc#1101816). - i40evf: fix ring to vector mapping (bsc#1101816). - i40evf: hold the critical task bit lock while opening (bsc#1101816). - i40evf: hold the critical task bit lock while opening (bsc#1101816). - i40evf: lower message level (bsc#1101816). - i40evf: lower message level (bsc#1101816). - i40evf: release bit locks in reverse order (bsc#1101816). - i40evf: release bit locks in reverse order (bsc#1101816). - i40evf: remove flags that are never used (bsc#1101816). - i40evf: remove flags that are never used (bsc#1101816). - i40evf: remove flush_scheduled_work call in i40evf_remove (bsc#1101816). - i40evf: remove flush_scheduled_work call in i40evf_remove (bsc#1101816). - i40evf: use GFP_ATOMIC under spin lock (bsc#1101816). - i40evf: use GFP_ATOMIC under spin lock (bsc#1101816). - i40evf: use __dev_c_sync routines in .set_rx_mode (bsc#1101816). - i40evf: use __dev_c_sync routines in .set_rx_mode (bsc#1101816). - i40evf: use spinlock to protect (mac|vlan)_filter_list (bsc#1101816). - i40evf: use spinlock to protect (mac|vlan)_filter_list (bsc#1101816). - i40iw: Fix memory leak in error path of create QP (bsc#1058659). - i40iw: Fix memory leak in error path of create QP (bsc#1058659). - i40iw: Refactor of driver generated AEs (bsc#1058659). - i40iw: Refactor of driver generated AEs (bsc#1058659). - i40iw: Tear-down connection after CQP Modify QP failure (bsc#1058659). - i40iw: Tear-down connection after CQP Modify QP failure (bsc#1058659). - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#1058659). - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#1058659). - ib/core: Fix error code for invalid GID entry (bsc#1046306). - ib/core: Fix error code for invalid GID entry (bsc#1046306). - ib/core: Honor port_num while resolving GID for ib link layer (bsc#1046306). - ib/core: Honor port_num while resolving GID for ib link layer (bsc#1046306). - ib/core: Make ib_mad_client_id atomic (bsc#1046306). - ib/core: Make ib_mad_client_id atomic (bsc#1046306). - ib/core: Make testing MR flags for writability a static inline function (bsc#1046306). - ib/core: Make testing MR flags for writability a static inline function (bsc#1046306). - ib/core: Remove duplicate declaration of gid_cache_wq (bsc#1046306). - ib/core: Remove duplicate declaration of gid_cache_wq (bsc#1046306). - ib/hfi1: Add bypass register defines and replace blind constants (bsc#1060463). - ib/hfi1: Add bypass register defines and replace blind constants (bsc#1060463). - ib/hfi1: Fix fault injection init/exit issues (bsc#1060463). - ib/hfi1: Fix fault injection init/exit issues (bsc#1060463). - ib/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values (bsc#1060463). - ib/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values (bsc#1060463). - ib/hfi1: Fix user context tail allocation for DMA_RTAIL (bsc#1060463). - ib/hfi1: Fix user context tail allocation for DMA_RTAIL (bsc#1060463). - ib/hfi1: Return actual error value from program_rcvarray() (bsc#1060463). - ib/hfi1: Return actual error value from program_rcvarray() (bsc#1060463). - ib/iser: Do not reduce max_sectors (bsc#1046306). - ib/iser: Do not reduce max_sectors (bsc#1046306). - ib/isert: Fix for lib/dma_debug check_sync warning (bsc#1046306). - ib/isert: Fix for lib/dma_debug check_sync warning (bsc#1046306). - ib/isert: fix T10-pi check mask setting (bsc#1046306). - ib/isert: fix T10-pi check mask setting (bsc#1046306). - ib/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' (bsc#1046302). - ib/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' (bsc#1046302). - ib/mlx4: Mark user MR as writable if actual virtual memory is writable (bsc#1046302). - ib/mlx4: Mark user MR as writable if actual virtual memory is writable (bsc#1046302). - ib/mlx5: Fetch soft WQE's on fatal error state (bsc#1046305). - ib/mlx5: Fetch soft WQE's on fatal error state (bsc#1046305). - ib/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046305). - ib/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046305). - ib/qedr: Remove GID add/del dummy routines (bsc#1086314 bsc#1086313 bsc#1086301). - ib/qedr: Remove GID add/del dummy routines (bsc#1086314 bsc#1086313 bsc#1086301). - ib/rxe: Fix for oops in rxe_register_device on ppc64le arch (bsc#1046306). - ib/rxe: Fix for oops in rxe_register_device on ppc64le arch (bsc#1046306). - ib/rxe: add RXE_START_MASK for rxe_opcode ib_OPCODE_RC_SEND_ONLY_INV (bsc#1046306). - ib/rxe: add RXE_START_MASK for rxe_opcode ib_OPCODE_RC_SEND_ONLY_INV (bsc#1046306). - ib/rxe: avoid double kfree_skb (bsc#1046306). - ib/rxe: avoid double kfree_skb (bsc#1046306). - ib/umem: Use the correct mm during ib_umem_release (bsc#1046306). - ib/umem: Use the correct mm during ib_umem_release (bsc#1046306). - ib/uverbs: Fix possible oops with duplicate ioctl attributes (bsc#1046306). - ib/uverbs: Fix possible oops with duplicate ioctl attributes (bsc#1046306). - ibmvnic: Fix error recovery on login failure (bsc#1101789). - igb: Fix not adding filter elements to the list (bsc#1056651). - igb: Fix not adding filter elements to the list (bsc#1056651). - igb: Fix queue selection on MAC filters on i210 (bsc#1056651). - igb: Fix queue selection on MAC filters on i210 (bsc#1056651). - iio: BME280: Updates to Humidity readings need ctrl_reg write! (bsc#1051510). - iio: accel: st_accel: fix data-ready line configuration (bsc#1051510). - iio: accel: st_accel_i2c: fix i2c_device_id table (bsc#1051510). - iio: accel: st_accel_spi: fix spi_device_id table (bsc#1051510). - iio: adc: sun4i-gpadc-iio: fix unbalanced irq enable/disable (bsc#1051510). - iio: adc: twl4030: Return an error if we can not enable the vusb3v1 regulator in 'twl4030_madc_probe()' (bsc#1051510). - iio: gyro: st_gyro: fix L3GD20H support (bsc#1051510). - iio: humidity: hts221: remove warnings in hts221_parse_{temp,rh}_caldata() (bsc#1051510). - iio: imu: inv_mpu6050: test whoami first and against all known values (bsc#1051510). - iio: magnetometer: st_magn: fix drdy line configuration for LIS3MDL (bsc#1051510). - iio: magnetometer: st_magn_core: enable multiread by default for LIS3MDL (bsc#1051510). - iio: magnetometer: st_magn_spi: fix spi_device_id table (bsc#1051510). - iio: pressure: bmp280: fix relative humidity unit (bsc#1051510). - iio: pressure: st_pressure: fix drdy configuration for LPS22HB and LPS25H (bsc#1051510). - iio: pressure: zpa2326: Remove always-true check which confuses gcc (bsc#1051510). - iio: pressure: zpa2326: report interrupted case as failure (bsc#1051510). - iio: trigger: stm32-timer: fix quadrature mode get routine (bsc#1051510). - iio: trigger: stm32-timer: fix write_raw return value (bsc#1051510). - iio: tsl2583: correct values in integration_time_available (bsc#1051510). - infiniband: fix a possible use-after-free bug (bsc#1046306). - infiniband: fix a possible use-after-free bug (bsc#1046306). - iommu/vt-d: Clear Page Request Overflow fault bit (). - iommu/vt-d: Clear Page Request Overflow fault bit (). - ip6_tunnel: remove magic mtu value 0xFFF8 (networking-stable-18_06_08). - ipc/shm: fix use-after-free of shm file via remap_file_pages() (bnc#1102512). - ipmr: properly check rhltable_init() return value (networking-stable-18_06_08). - ipv4: remove warning in ip_recv_error (networking-stable-18_06_08). - ipv6: allow pmTU exceptions to local routes (networking-stable-18_06_20). - ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline (networking-stable-18_06_08). - iw_cxgb4: Add ib_device->get_netdev support (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - iw_cxgb4: correctly enforce the max reg_mr depth (bsc#1046543). - iw_cxgb4: correctly enforce the max reg_mr depth (bsc#1046543). - iw_cxgb4: initialize ib_mr fields for user mrs (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - ixgbe/fm10k: Record macvlan stats instead of Rx queue for macvlan offloaded rings (bsc#1101674). - ixgbe/fm10k: Record macvlan stats instead of Rx queue for macvlan offloaded rings (bsc#1101674). - ixgbe/ixgbevf: Free IRQ when pci error recovery removes the device (bsc#1101674). - ixgbe/ixgbevf: Free IRQ when pci error recovery removes the device (bsc#1101674). - ixgbe: Add receive length error counter (bsc#1101674). - ixgbe: Add receive length error counter (bsc#1101674). - ixgbe: Add support for macvlan offload RSS on X550 and clean-up pool handling (bsc#1101674). - ixgbe: Add support for macvlan offload RSS on X550 and clean-up pool handling (bsc#1101674). - ixgbe: Assume provided MAC filter has been verified by macvlan (bsc#1101674). - ixgbe: Assume provided MAC filter has been verified by macvlan (bsc#1101674). - ixgbe: Avoid to write the RETA table when unnecessary (bsc#1101674). - ixgbe: Avoid to write the RETA table when unnecessary (bsc#1101674). - ixgbe: Clear SWFW_SYNC register during init (bsc#1101674). - ixgbe: Clear SWFW_SYNC register during init (bsc#1101674). - ixgbe: Default to 1 pool always being allocated (bsc#1101674). - ixgbe: Default to 1 pool always being allocated (bsc#1101674). - ixgbe: Do not assume dev->num_tc is equal to hardware TC config (bsc#1101674). - ixgbe: Do not assume dev->num_tc is equal to hardware TC config (bsc#1101674). - ixgbe: Do not manipulate macvlan Tx queues when performing macvlan offload (bsc#1101674). - ixgbe: Do not manipulate macvlan Tx queues when performing macvlan offload (bsc#1101674). - ixgbe: Do not report unsupported timestamping filters for X550 (bsc#1101674). - ixgbe: Do not report unsupported timestamping filters for X550 (bsc#1101674). - ixgbe: Drop l2_accel_priv data pointer from ring struct (bsc#1101674). - ixgbe: Drop l2_accel_priv data pointer from ring struct (bsc#1101674). - ixgbe: Drop support for macvlan specific unicast lists (bsc#1101674). - ixgbe: Drop support for macvlan specific unicast lists (bsc#1101674). - ixgbe: Fix && vs || typo (bsc#1101674). - ixgbe: Fix handling of macvlan Tx offload (bsc#1101674). - ixgbe: Fix handling of macvlan Tx offload (bsc#1101674). - ixgbe: Fix interaction between SR-IOV and macvlan offload (bsc#1101674). - ixgbe: Fix interaction between SR-IOV and macvlan offload (bsc#1101674). - ixgbe: Fix kernel-doc format warnings (bsc#1101674). - ixgbe: Fix kernel-doc format warnings (bsc#1101674). - ixgbe: Fix limitations on macvlan so we can support up to 63 offloaded devices (bsc#1101674). - ixgbe: Fix limitations on macvlan so we can support up to 63 offloaded devices (bsc#1101674). - ixgbe: Fix logic operator typo (bsc#1101674). - ixgbe: Fix setting of TC configuration for macvlan case (bsc#1101674). - ixgbe: Fix setting of TC configuration for macvlan case (bsc#1101674). - ixgbe: Perform reinit any time number of VFs change (bsc#1101674). - ixgbe: Perform reinit any time number of VFs change (bsc#1101674). - ixgbe: Remove an obsolete comment about ITR (bsc#1101674). - ixgbe: Remove an obsolete comment about ITR (bsc#1101674). - ixgbe: There is no need to update num_rx_pools in L2 fwd offload (bsc#1101674). - ixgbe: There is no need to update num_rx_pools in L2 fwd offload (bsc#1101674). - ixgbe: Update adaptive ITR algorithm (bsc#1101674). - ixgbe: Update adaptive ITR algorithm (bsc#1101674). - ixgbe: Use ring values to test for Tx pending (bsc#1101674). - ixgbe: Use ring values to test for Tx pending (bsc#1101674). - ixgbe: add counter for times Rx pages gets allocated, not recycled (bsc#1101674). - ixgbe: add counter for times Rx pages gets allocated, not recycled (bsc#1101674). - ixgbe: add error checks when initializing the PHY (bsc#1101674). - ixgbe: add error checks when initializing the PHY (bsc#1101674). - ixgbe: add status reg reads to ixgbe_check_remove (bsc#1101674). - ixgbe: add status reg reads to ixgbe_check_remove (bsc#1101674). - ixgbe: add support for reporting 5G link speed (bsc#1101674). - ixgbe: add support for reporting 5G link speed (bsc#1101674). - ixgbe: advertise highest capable link speed (bsc#1101674). - ixgbe: advertise highest capable link speed (bsc#1101674). - ixgbe: avoid bringing rings up/down as macvlans are added/removed (bsc#1101674). - ixgbe: avoid bringing rings up/down as macvlans are added/removed (bsc#1101674). - ixgbe: declare ixgbe_mac_operations structures as const (bsc#1101674). - ixgbe: declare ixgbe_mac_operations structures as const (bsc#1101674). - ixgbe: enable multicast on shutdown for WOL (bsc#1101674). - ixgbe: enable multicast on shutdown for WOL (bsc#1101674). - ixgbe: extend firmware version support (bsc#1101674). - ixgbe: extend firmware version support (bsc#1101674). - ixgbe: fix crash when injecting AER after failed reset (bsc#1101674). - ixgbe: fix crash when injecting AER after failed reset (bsc#1101674). - ixgbe: fix disabling hide VLAN on VF reset (bsc#1101674). - ixgbe: fix disabling hide VLAN on VF reset (bsc#1101674). - ixgbe: fix possible race in reset subtask (bsc#1101674). - ixgbe: fix possible race in reset subtask (bsc#1101674). - ixgbe: fix read-modify-write in x550 phy setup (bsc#1101674). - ixgbe: fix read-modify-write in x550 phy setup (bsc#1101674). - ixgbe: fix the FWSM.PT check in ixgbe_mng_present() (bsc#1101674). - ixgbe: fix the FWSM.PT check in ixgbe_mng_present() (bsc#1101674). - ixgbe: force VF to grab new MAC on driver reload (bsc#1101674). - ixgbe: force VF to grab new MAC on driver reload (bsc#1101674). - ixgbe: introduce a helper to simplify code (bsc#1101674). - ixgbe: introduce a helper to simplify code (bsc#1101674). - ixgbe: remove redundant initialization of 'pool' (bsc#1101674). - ixgbe: remove redundant initialization of 'pool' (bsc#1101674). - ixgbe: remove unused enum latency_range (bsc#1101674). - ixgbe: remove unused enum latency_range (bsc#1101674). - ixgbe: restore normal RSS after last macvlan offload is removed (bsc#1101674). - ixgbe: restore normal RSS after last macvlan offload is removed (bsc#1101674). - ixgbe: return error on unsupported SFP module when resetting (bsc#1101674). - ixgbe: return error on unsupported SFP module when resetting (bsc#1101674). - ixgbe: split Tx/Rx ring clearing for ethtool loopback test (bsc#1101674). - ixgbe: split Tx/Rx ring clearing for ethtool loopback test (bsc#1101674). - ixgbe: use ARRAY_SIZE for array sizing calculation on array buf (bsc#1101674). - ixgbe: use ARRAY_SIZE for array sizing calculation on array buf (bsc#1101674). - ixgbevf: Fix kernel-doc format warnings (bsc#1101674). - ixgbevf: Fix kernel-doc format warnings (bsc#1101674). - ixgbevf: add build_skb support (bsc#1101674). - ixgbevf: add build_skb support (bsc#1101674). - ixgbevf: add counters for Rx page allocations (bsc#1101674). - ixgbevf: add counters for Rx page allocations (bsc#1101674). - ixgbevf: add ethtool private flag for legacy Rx (bsc#1101674). - ixgbevf: add ethtool private flag for legacy Rx (bsc#1101674). - ixgbevf: add function for checking if we can reuse page (bsc#1101674). - ixgbevf: add function for checking if we can reuse page (bsc#1101674). - ixgbevf: add support for DMA_ATTR_SKIP_CPU_SYNC/WEAK_ORDERING (bsc#1101674). - ixgbevf: add support for DMA_ATTR_SKIP_CPU_SYNC/WEAK_ORDERING (bsc#1101674). - ixgbevf: add support for padding packet (bsc#1101674). - ixgbevf: add support for padding packet (bsc#1101674). - ixgbevf: add support for using order 1 pages to receive large frames (bsc#1101674). - ixgbevf: add support for using order 1 pages to receive large frames (bsc#1101674). - ixgbevf: allocate the rings as part of q_vector (bsc#1101674). - ixgbevf: allocate the rings as part of q_vector (bsc#1101674). - ixgbevf: break out Rx buffer page management (bsc#1101674). - ixgbevf: break out Rx buffer page management (bsc#1101674). - ixgbevf: clear rx_buffer_info in configure instead of clean (bsc#1101674). - ixgbevf: clear rx_buffer_info in configure instead of clean (bsc#1101674). - ixgbevf: do not bother clearing tx_buffer_info in ixgbevf_clean_tx_ring() (bsc#1101674). - ixgbevf: do not bother clearing tx_buffer_info in ixgbevf_clean_tx_ring() (bsc#1101674). - ixgbevf: fix MAC address changes through ixgbevf_set_mac() (bsc#1101674). - ixgbevf: fix MAC address changes through ixgbevf_set_mac() (bsc#1101674). - ixgbevf: fix ixgbevf_xmit_frame()'s return type (bsc#1101674). - ixgbevf: fix ixgbevf_xmit_frame()'s return type (bsc#1101674). - ixgbevf: fix possible race in the reset subtask (bsc#1101674). - ixgbevf: fix possible race in the reset subtask (bsc#1101674). - ixgbevf: fix unused variable warning (bsc#1101674). - ixgbevf: fix unused variable warning (bsc#1101674). - ixgbevf: improve performance and reduce size of ixgbevf_tx_map() (bsc#1101674). - ixgbevf: improve performance and reduce size of ixgbevf_tx_map() (bsc#1101674). - ixgbevf: make sure all frames fit minimum size requirements (bsc#1101674). - ixgbevf: make sure all frames fit minimum size requirements (bsc#1101674). - ixgbevf: only DMA sync frame length (bsc#1101674). - ixgbevf: only DMA sync frame length (bsc#1101674). - ixgbevf: remove redundant initialization of variable 'dma' (bsc#1101674). - ixgbevf: remove redundant initialization of variable 'dma' (bsc#1101674). - ixgbevf: remove redundant setting of xcast_mode (bsc#1101674). - ixgbevf: remove redundant setting of xcast_mode (bsc#1101674). - ixgbevf: setup queue counts (bsc#1101674). - ixgbevf: setup queue counts (bsc#1101674). - ixgbevf: update code to better handle incrementing page count (bsc#1101674). - ixgbevf: update code to better handle incrementing page count (bsc#1101674). - ixgbevf: use ARRAY_SIZE for various array sizing calculations (bsc#1101674). - ixgbevf: use ARRAY_SIZE for various array sizing calculations (bsc#1101674). - ixgbevf: use length to determine if descriptor is done (bsc#1101674). - ixgbevf: use length to determine if descriptor is done (bsc#1101674). - ixgbevf: use page_address offset from page (bsc#1101674). - ixgbevf: use page_address offset from page (bsc#1101674). - jump_label: Add branch hints to static_branch_{un,}likely() (bnc#1101669 optimise numa balancing for fast migrate). - kABI: fixes for nvme (bsc#1077989). - kABI: fixes for qla2xxx (bsc#1077989). - kabi mlx5 hide cpu_rmap (bsc#1046303). - kabi/severities: add qed inter module symbols to kabi ignore list - kabi: breakage for of/device change (bsc#1051510). - kabi: cxgb4 MU (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - kabi: due to perf_event.h uapi field change (). - kabi: for rtl_deinit_deferred_work() rewrite (bsc#1051510). - kabi: mlx5 hide cpu_rmap (bsc#1046303). - kabi: mvpp2 10gkr support (bsc#1098633). - kabi: powerpc: mmu_context: provide old version of mm_iommu_ua_to_hpa (bsc#1077761, git-fixes). - kabi: protect fwnode_handle (bsc#1098633). - kcm: Fix use-after-free caused by clonned sockets (networking-stable-18_06_08). - kernel/params.c: downgrade warning for unsafe parameters (bsc#1051510). - keys: DNS: fix parsing multiple options (bsc#1051510). - kvm: PPC: Check if IOMMU page is contained in the pinned physical page (bsc#1077761, git-fixes). - kvm: x86: fix vcpu initialization with userspace lapic (bsc#1101564). - kvm: x86: move LAPIC initialization after VMCS creation (bsc#1101564). - libnvdimm, label: fix index block size calculation (bsc#1102147). - libnvdimm: add an api to cast a 'struct nd_region' to its 'struct device' (bsc#1094119). - mailbox: PCC: erroneous error message when parsing ACPI PCCT (bsc#1096330). - mailbox: bcm2835: Fix of_xlate return value (bsc#1051510). - mdio-sun4i: Fix a memory leak (bsc#1051510). - media: coda/imx-vdoa: Check for platform_get_resource() error (bsc#1051510). - media: cx25840: Use subdev host data for PLL override (bsc#1051510). - media: cx88: Get rid of spurious call to cx8800_start_vbi_dma() (bsc#1051510). - media: cxusb: restore RC_MAP for MyGica T230 (bsc#1051510). - media: dt-bindings: media: rcar_vin: Use status "okay" (bsc#1051510). - media: dvb-core: always call invoke_release() in fe_free() (bsc#1051510). - media: dvb_frontend: fix ifnullfree.cocci warnings (bsc#1051510). - media: dvb_frontend: only use kref after initialized (bsc#1051510). - media: dvb_net: ensure that dvb_net_ule_handle is fully initialized (bsc#1051510). - media: mxl111sf: Fix potential null pointer dereference (bsc#1051510). - media: omap3isp/isp: remove an unused static var (bsc#1051510). - media: s5p-jpeg: fix number of components macro (bsc#1051510). - media: s5p-mfc: Fix lock contention - request_firmware() once (bsc#1051510). - media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bsc#1051510). - media: vivid: potential integer overflow in vidioc_g_edid() (bsc#1051510). - mfd: tps65218: Reorder tps65218_regulator_id enum (bsc#1051510). - mfd: tps65911-comparator: Fix a build error (bsc#1051510). - mfd: tps65911-comparator: Fix an off by one bug (bsc#1051510). - mlxsw: spectrum: Forbid creation of VLAN 1 over port/LAG (networking-stable-18_06_08). - mmc: cavium: Fix use-after-free in of_platform_device_destroy (bsc#1051510). - mmc: dw_mmc: fix card threshold control configuration (bsc#1051510). - mmc: meson-gx: remove CLK_DIVIDER_ALLOW_ZERO clock flag (bsc#1051510). - mmc: sdhci-msm: fix issue with power irq (bsc#1051510). - mmc: sdhci-of-esdhc: disable SD clock for clock value 0 (bsc#1051510). - mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec (bsc#1051510). - mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb (bsc#1051510). - mmc: sdhci-xenon: Fix clock resource by adding an optional bus clock (bsc#1051510). - mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable (bsc#1051510). - mmc: tmio: remove outdated comment (bsc#1051510). - modsign: log module name in the event of an error (bsc#1093666). - modsign: print module name along with error message (bsc#1093666). - module: make it clear when we're handling the module copy in info->hdr (bsc#1093666). - module: setup load info before module_sig_check() (bsc#1093666). - mvpp2: fix multicast address filter (bsc#1098633). - net-sysfs: Fix memory leak in XPS configuration (networking-stable-18_06_08). - net/mlx4: Fix irq-unsafe spinlock usage (networking-stable-18_06_08). - net/mlx4_core: Fix error handling in mlx4_init_port_info (bsc#1046300). - net/mlx4_core: Fix error handling in mlx4_init_port_info (bsc#1046300). - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bsc#1046300). - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bsc#1046300). - net/mlx4_en: Do not reuse RX page when XDP is set (bsc#1046299). - net/mlx4_en: Do not reuse RX page when XDP is set (bsc#1046299). - net/mlx5: Adjust clock overflow work period (bsc#1046303). - net/mlx5: Adjust clock overflow work period (bsc#1046303). - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303). - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303). - net/mlx5: FPGA, Call DMA unmap with the right size (bsc#1046303). - net/mlx5: FPGA, Call DMA unmap with the right size (bsc#1046303). - net/mlx5: Fix command interface race in polling mode (bsc#1046300). - net/mlx5: Fix command interface race in polling mode (bsc#1046300). - net/mlx5: Fix dump_command mailbox length printed (bsc#1046303). - net/mlx5: Fix dump_command mailbox length printed (bsc#1046303). - net/mlx5: Fix incorrect raw command length parsing (bsc#1046300). - net/mlx5: Fix incorrect raw command length parsing (bsc#1046300). - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#1046300). - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#1046300). - net/mlx5: Free IRQs in shutdown path (bsc#1046303). - net/mlx5: Free IRQs in shutdown path (bsc#1046303). - net/mlx5: IPSec, Fix a race between concurrent sandbox QP commands (bsc#1046303). - net/mlx5: IPSec, Fix a race between concurrent sandbox QP commands (bsc#1046303). - net/mlx5: Properly deal with flow counters when deleting rules (bsc#1046303). - net/mlx5: Properly deal with flow counters when deleting rules (bsc#1046303). - net/mlx5: Protect from command bit overflow (bsc#1046303). - net/mlx5: Protect from command bit overflow (bsc#1046303). - net/mlx5: Refactor num of blocks in mailbox calculation (bsc#1046303). - net/mlx5: Refactor num of blocks in mailbox calculation (bsc#1046303). - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303). - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303). - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1046303). - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1046303). - net/mlx5e: Do not attempt to dereference the ppriv struct if not being eswitch manager (bsc#1046300). - net/mlx5e: Do not attempt to dereference the ppriv struct if not being eswitch manager (bsc#1046300). - net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1046303). - net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1046303). - net/mlx5e: Refine ets validation function (bsc#1075360). - net/mlx5e: Remove redundant vport context vlan update (bsc#1046303). - net/mlx5e: Remove redundant vport context vlan update (bsc#1046303). - net/mlx5e: When RXFCS is set, add FCS data into checksum calculation (networking-stable-18_06_08). - net/packet: refine check for priv area size (networking-stable-18_06_08). - net/sched: act_simple: fix parsing of TCA_DEF_DATA (networking-stable-18_06_20). - net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used (bsc#1056787). - net/sched: fix NULL dereference in the error path of tcf_sample_init() (bsc#1056787). - net: add rb_to_skb() and other rb tree helpers (bsc#1102340). - net: cxgb3_main: fix potential Spectre v1 (bsc#1046533). - net: cxgb3_main: fix potential Spectre v1 (bsc#1046533). - net: define the TSO header size in net/tso.h (bsc#1098633). - net: dsa: add error handling for pskb_trim_rcsum (networking-stable-18_06_20). - net: ethernet: davinci_emac: fix error handling in probe() (networking-stable-18_06_08). - net: ethernet: ti: cpdma: correct error handling for chan create (networking-stable-18_06_08). - net: ethtool: Add macro to clear a link mode setting (bsc#1101816). - net: ethtool: Add macro to clear a link mode setting (bsc#1101816). - net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan (networking-stable-18_06_20). - net: ipv4: add missing RTA_TABLE to rtm_ipv4_policy (networking-stable-18_06_08). - net: metrics: add proper netlink validation (networking-stable-18_06_08). - net: mvmdio: add xmdio xsmi support (bsc#1098633). - net: mvmdio: check the MII_ADDR_C45 bit is not set for smi operations (bsc#1098633). - net: mvmdio: introduce an ops structure (bsc#1098633). - net: mvmdio: put the poll intervals in the ops structure (bsc#1098633). - net: mvmdio: remove duplicate locking (bsc#1098633). - net: mvmdio: reorder headers alphabetically (bsc#1098633). - net: mvmdio: simplify the smi read and write error paths (bsc#1098633). - net: mvmdio: use GENMASK for masks (bsc#1098633). - net: mvmdio: use tabs for defines (bsc#1098633). - net: mvpp2: Add hardware offloading for VLAN filtering (bsc#1098633). - net: mvpp2: Add support for unicast filtering (bsc#1098633). - net: mvpp2: Do not use dynamic allocs for local variables (bsc#1098633). - net: mvpp2: Fix DMA address mask size (bsc#1098633). - net: mvpp2: Fix TCAM filter reserved range (bsc#1098633). - net: mvpp2: Fix clk error path in mvpp2_probe (bsc#1098633). - net: mvpp2: Fix clock resource by adding an optional bus clock (bsc#1098633). - net: mvpp2: Fix clock resource by adding missing mg_core_clk (bsc#1098633). - net: mvpp2: Fix parser entry init boundary check (bsc#1098633). - net: mvpp2: Make mvpp2_prs_hw_read a parser entry init function (bsc#1098633). - net: mvpp2: Prevent userspace from changing TX affinities (bsc#1098633). - net: mvpp2: Simplify MAC filtering function parameters (bsc#1098633). - net: mvpp2: Use relaxed I/O in data path (bsc#1098633). - net: mvpp2: add comments about smp_processor_id() usage (bsc#1098633). - net: mvpp2: add ethtool GOP statistics (bsc#1098633). - net: mvpp2: add support for TX interrupts and RX queue distribution modes (bsc#1098633). - net: mvpp2: adjust the coalescing parameters (bsc#1098633). - net: mvpp2: align values in ethtool get_coalesce (bsc#1098633). - net: mvpp2: allocate zeroed tx descriptors (bsc#1098633). - net: mvpp2: check ethtool sets the Tx ring size is to a valid min value (bsc#1098633). - net: mvpp2: cleanup probed ports in the probe error path (bsc#1098633). - net: mvpp2: do not call txq_done from the Tx path when Tx irqs are used (bsc#1098633). - net: mvpp2: do not disable GMAC padding (bsc#1098633). - net: mvpp2: do not select the internal source clock (bsc#1098633). - net: mvpp2: do not set GMAC autoneg when using XLG MAC (bsc#1098633). - net: mvpp2: do not sleep in set_rx_mode (bsc#1098633). - net: mvpp2: do not unmap TSO headers buffers (bsc#1098633). - net: mvpp2: dynamic reconfiguration of the comphy/GoP/MAC (bsc#1098633). - net: mvpp2: enable ACPI support in the driver (bsc#1098633). - net: mvpp2: enable UDP/TCP checksum over IPv6 (bsc#1098633). - net: mvpp2: enable basic 10G support (bsc#1098633). - net: mvpp2: fallback using h/w and random mac if the dt one isn't valid (bsc#1098633). - net: mvpp2: fix GOP statistics loop start and stop conditions (bsc#1098633). - net: mvpp2: fix MVPP21_ISR_RXQ_GROUP_REG definition (bsc#1098633). - net: mvpp2: fix TSO headers allocation and management (bsc#1098633). - net: mvpp2: fix invalid parameters order when calling the tcam init (bsc#1098633). - net: mvpp2: fix parsing fragmentation detection (bsc#1098633). - net: mvpp2: fix port list indexing (bsc#1098633). - net: mvpp2: fix the RSS table entry offset (bsc#1098633). - net: mvpp2: fix the packet size configuration for 10G (bsc#1098633). - net: mvpp2: fix the synchronization module bypass macro name (bsc#1098633). - net: mvpp2: fix the txq_init error path (bsc#1098633). - net: mvpp2: fix typo in the tcam setup (bsc#1098633). - net: mvpp2: fix use of the random mac address for PPv2.2 (bsc#1098633). - net: mvpp2: improve the link management function (bsc#1098633). - net: mvpp2: initialize the GMAC when using a port (bsc#1098633). - net: mvpp2: initialize the GoP (bsc#1098633). - net: mvpp2: initialize the RSS tables (bsc#1098633). - net: mvpp2: initialize the Tx FIFO size (bsc#1098633). - net: mvpp2: initialize the XLG MAC when using a port (bsc#1098633). - net: mvpp2: initialize the comphy (bsc#1098633). - net: mvpp2: introduce per-port nrxqs/ntxqs variables (bsc#1098633). - net: mvpp2: introduce queue_vector concept (bsc#1098633). - net: mvpp2: jumbo frames support (bsc#1098633). - net: mvpp2: limit TSO segments and use stop/wake thresholds (bsc#1098633). - net: mvpp2: make the phy optional (bsc#1098633). - net: mvpp2: move from cpu-centric naming to "software thread" naming (bsc#1098633). - net: mvpp2: move the mac retrieval/copy logic into its own function (bsc#1098633). - net: mvpp2: move the mii configuration in the ndo_open path (bsc#1098633). - net: mvpp2: mvpp2_check_hw_buf_num() can be static (bsc#1098633). - net: mvpp2: only free the TSO header buffers when it was allocated (bsc#1098633). - net: mvpp2: remove RX queue group reset code (bsc#1098633). - net: mvpp2: remove mvpp2_pool_refill() (bsc#1098633). - net: mvpp2: remove unused mvpp2_bm_cookie_pool_set() function (bsc#1098633). - net: mvpp2: remove useless goto (bsc#1098633). - net: mvpp2: report the tx-usec coalescing information to ethtool (bsc#1098633). - net: mvpp2: set maximum packet size for 10G ports (bsc#1098633). - net: mvpp2: set the Rx FIFO size depending on the port speeds for PPv2.2 (bsc#1098633). - net: mvpp2: simplify maintaining enabled ports' list (bsc#1098633). - net: mvpp2: simplify the Tx desc set DMA logic (bsc#1098633). - net: mvpp2: simplify the link_event function (bsc#1098633). - net: mvpp2: software tso support (bsc#1098633). - net: mvpp2: split the max ring size from the default one (bsc#1098633). - net: mvpp2: take advantage of the is_rgmii helper (bsc#1098633). - net: mvpp2: unify register definitions coding style (bsc#1098633). - net: mvpp2: unify the txq size define use (bsc#1098633). - net: mvpp2: update the BM buffer free/destroy logic (bsc#1098633). - net: mvpp2: use a data size of 10kB for Tx FIFO on port 0 (bsc#1098633). - net: mvpp2: use correct index on array mvpp2_pools (bsc#1098633). - net: mvpp2: use device_*/fwnode_* APIs instead of of_* (bsc#1098633). - net: mvpp2: use the GoP interrupt for link status changes (bsc#1098633). - net: mvpp2: use the aggr txq size define everywhere (bsc#1098633). - net: mvpp2: use the same buffer pool for all ports (bsc#1098633). - net: phy: add XAUI and 10GBASE-KR PHY connection types (bsc#1098633). - net: phy: broadcom: Fix auxiliary control register reads (networking-stable-18_06_08). - net: phy: broadcom: Fix bcm_write_exp() (networking-stable-18_06_08). - net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620 (networking-stable-18_06_20). - net: qed: use correct strncpy() size (bsc#1086314 bsc#1086313 bsc#1086301). - net: qed: use correct strncpy() size (bsc#1086314 bsc#1086313 bsc#1086301). - net: sched: red: avoid hashing NULL child (bsc#1056787). - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (networking-stable-18_06_08). - netdev-FAQ: clarify DaveM's position for stable backports (networking-stable-18_06_08). - nfc: nfcmrvl_uart: fix device-node leak during probe (bsc#1051510). - nfc: pn533: Fix wrong GFP flag usage (bsc#1051510). - nfit, address-range-scrub: add module option to skip initial ars (bsc#1094119). - nfit, address-range-scrub: determine one platform max_ars value (bsc#1094119). - nfit, address-range-scrub: fix scrub in-progress reporting (bsc#1051510). - nfit, address-range-scrub: introduce nfit_spa->ars_state (bsc#1094119). - nfit, address-range-scrub: rework and simplify ARS state machine (bsc#1094119). - nfit: fix region registration vs block-data-window ranges (bsc#1051510). - nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1051510). - nvme-loop: add support for multiple ports (bsc#1054245). - nvme.h: add AEN configuration symbols (bsc#1054245). - nvme.h: add ANA definitions (bsc#1054245). - nvme.h: add support for the log specific field (bsc#1054245). - nvme.h: add the changed namespace list log (bsc#1054245). - nvme.h: untangle AEN notice definitions (bsc#1054245). - nvme/multipath: Disable runtime writable enabling parameter (bsc#1054245). - nvme: Fix sync controller reset return (bsc#1077989). - nvme: add ANA support (bsc#1054245). - nvme: add bio remapping tracepoint (bsc#1054245). - nvme: centralize ctrl removal prints (bsc#1054245). - nvme: cleanup double shift issue (bsc#1054245). - nvme: do not enable AEN if not supported (bsc#1077989). - nvme: do not hold nvmf_transports_rwsem for more than transport lookups (bsc#1054245). - nvme: do not rely on the changed namespace list log (bsc#1054245). - nvme: enforce 64bit offset for nvme_get_log_ext fn (bsc#1054245). - nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD (,). - nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD (). - nvme: fix use-after-free in nvme_free_ns_head (bsc#1054245). - nvme: guard additional fields in nvme command structures (bsc#1054245). - nvme: host: core: fix precedence of ternary operator (bsc#1054245). - nvme: if_ready checks to fail io to deleting controller (bsc#1077989). - nvme: implement log page low/high offset and dwords (bsc#1054245). - nvme: kABI fix for ANA support in nvme_ctrl (bsc#1054245). - nvme: kABI fixes for nvmet_ctrl (bsc#1054245). - nvme: kabi fixes for nvme_ctrl (bsc#1054245). - nvme: make nvme_get_log_ext non-static (bsc#1054245). - nvme: mark nvme_queue_scan static (bsc#1054245). - nvme: partially revert "nvme: remove nvme_req_needs_failover" (bsc#1054245). - nvme: reintruduce nvme_get_log_ext() (bsc#1054245). - nvme: remove nvme_req_needs_failover (bsc#1054245). - nvme: revert "nvme: mark nvme_queue_scan static" (bsc#1054245). - nvme: simplify the API for getting log pages (bsc#1054245). - nvme: submit AEN event configuration on startup (bsc#1054245). - nvme: use the changed namespaces list log to clear ns data changed AENs (bsc#1054245). - nvmet-fc: fix target sgl list on large transfers (). - nvmet-fc: fix target sgl list on large transfers (,). - nvmet: add AEN configuration support (bsc#1054245). - nvmet: add a new nvmet_zero_sgl helper (bsc#1054245). - nvmet: add minimal ANA support (bsc#1054245). - nvmet: constify struct nvmet_fabrics_ops (bsc#1054245). - nvmet: filter newlines from user input (bsc#1054245). - nvmet: fixup crash on NULL device path (bsc#1054245). - nvmet: implement the changed namespaces log (bsc#1054245). - nvmet: kABI fixes for ANA support (bsc#1054245). - nvmet: keep a port pointer in nvmet_ctrl (bsc#1054245). - nvmet: mask pending AENs (bsc#1054245). - nvmet: reset keep alive timer in controller enable (bsc#1054245). - nvmet: return all zeroed buffer when we can't find an active namespace (bsc#1054245). - nvmet: revert 'nvmet: constify struct nvmet_fabrics_ops' (bsc#1054245). - nvmet: split log page implementation (bsc#1054245). - nvmet: support configuring ANA groups (bsc#1054245). - nvmet: track and limit the number of namespaces per subsystem (1054245). - nvmet: use Retain Async Event bit to clear AEN (bsc#1054245). - of/pci: Fix theoretical NULL dereference (bsc#1051510). - of: Make of_fwnode_handle() safer (bsc#1098633). - of: fix DMA mask generation (bsc#1051510). - of: restrict DMA configuration (bsc#1051510). - pci: Account for all bridges on bus when distributing bus numbers (bsc#1100132). - pci: altera: Fix bool initialization in tlp_read_packet() (bsc#1051510). - pci: dwc: Fix enumeration end when reaching root subordinate (bsc#1100132). - pci: endpoint: Fix kernel panic after put_device() (bsc#1051510). - pci: endpoint: Populate func_no before calling pci_epc_add_epf() (bsc#1051510). - pci: exynos: Fix a potential init_clk_resources NULL pointer dereference (bsc#1051510). - pci: faraday: Fix of_irq_get() error check (bsc#1051510). - pci: ibmphp: Fix use-before-set in get_max_bus_speed() (bsc#1051510). - pci: shpchp: Fix AMD POGO identification (bsc#1051510). - perf intel-pt: Always set no branch for dummy event (bsc#1087217). - perf intel-pt: Set no_aux_samples for the tracking event (bsc#1087217). - perf/x86/intel/uncore: Add event constraint for BDX PCU (bsc#1087202). - perf/x86/intel/uncore: Fix SKX CHA event extra regs (bsc#1087233). - perf/x86/intel/uncore: Fix Skylake UPI pmU event masks (bsc#1087233). - perf/x86/intel/uncore: Fix Skylake server CHA LLC_LOOKUP event umask (bsc#1087233). - perf/x86/intel/uncore: Fix Skylake server PCU pmU event format (bsc#1087233). - perf/x86/intel/uncore: Fix missing marker for skx_uncore_cha_extra_regs (bsc#1087233). - perf/x86/intel/uncore: Remove invalid Skylake server CHA filter field (bsc#1087233). - perf/x86: Fix data source decoding for Skylake (). - perf/x86: Fix data source decoding for Skylake (). - phy: add sgmii and 10gkr modes to the phy_mode enum (bsc#1098633). - pinctrl: bcm2835: Avoid warning from __irq_do_set_handler (bsc#1051510). - pinctrl: imx: fix debug message for SHARE_MUX_CONF_REG case (bsc#1051510). - pinctrl: intel: Initialize GPIO properly when used through irqchip (bsc#1087092). - pinctrl: intel: Read back TX buffer state (bsc#1051510). - pinctrl: meson-gxbb: remove non-existing pin GPIOX_22 (bsc#1051510). - pinctrl: meson-gxl: Fix typo in AO I2S pins (bsc#1051510). - pinctrl: meson-gxl: Fix typo in AO SPDIF pins (bsc#1051510). - pinctrl: mvebu: use correct MPP sel value for dev pins (bsc#1051510). - pinctrl: nand: meson-gxbb: fix missing data pins (bsc#1051510). - pinctrl: nsp: Fix potential NULL dereference (bsc#1051510). - pinctrl: nsp: off by ones in nsp_pinmux_enable() (bsc#1100132). - pinctrl: pinctrl-single: Fix pcs_request_gpio() when bits_per_mux != 0 (bsc#1051510). - pinctrl: sh-pfc: r8a7790: Add missing TX_ER pin to avb_mii group (bsc#1051510). - pinctrl: sh-pfc: r8a7795: Fix MOD_SEL register pin assignment for SSI pins group (bsc#1051510). - pinctrl: sh-pfc: r8a7795: Fix to delete A20..A25 pins function definitions (bsc#1051510). - pinctrl: sh-pfc: r8a7796: Fix IPSR and MOD_SEL register pin assignment for NDFC pins group (bsc#1051510). - pinctrl: sh-pfc: r8a7796: Fix to delete A20..A25 pins function definitions (bsc#1051510). - pinctrl: sh-pfc: r8a7796: Fix to delete FSCLKST pin and IPSR7 bit[15:12] register definitions (bsc#1051510). - pinctrl: sunxi: fix V3s pinctrl driver IRQ bank base (bsc#1051510). - pinctrl: sunxi: fix wrong irq_banks number for H5 pinctrl (bsc#1051510). - pinctrl: uniphier: fix members of rmii group for Pro4 (bsc#1051510). - pinctrl: uniphier: fix pin_config_get() for input-enable (bsc#1051510). - pm/core: Fix supplier device runtime pm usage counter imbalance (bsc#1051510). - pm/hibernate: Fix oops at snapshot_write() (bsc#1051510). - pm/hibernate: Use CONFIG_HAVE_SET_MEMORY for include condition (bsc#1051510). - pm/wakeup: Only update last time for active wakeup sources (bsc#1051510). - power: gemini-poweroff: Avoid spurious poweroff (bsc#1051510). - power: supply: act8945a_charger: fix of_irq_get() error check (bsc#1051510). - power: supply: cpcap-charger: add OMAP_usb2 dependency (bsc#1051510). - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently (bnc#1012382). - powerpc/64s: Clear PCR on boot (bnc#1012382). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/eeh: Fix enabling bridge MMIO windows (bnc#1012382). - powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bnc#1012382). - powerpc/mpic: Check if cpu_possible() in mpic_physmask() (bnc#1012382). - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing (bnc#1012382). - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops (bnc#1012382). - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() (bnc#1012382). - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops (bnc#1012382). - powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG (bnc#1012382). - powerpc: Add missing prototype for arch_irq_work_raise() (bnc#1012382). - pwm: meson: Fix allocation of PWM channel array (bsc#1051510). - pwm: meson: Improve PWM calculation precision (bsc#1051510). - pwm: stm32: Enforce dependency on CONFIG_MFD_STM32_TIMERS (bsc#1051510). - pwm: stm32: Remove unused struct device (bsc#1051510). - pwm: tiehrpwm: Fix runtime pm imbalance at unbind (bsc#1051510). - pwm: tiehrpwm: fix clock imbalance in probe error path (bsc#1051510). - qed* : Add new TLV to request PF to update MAC in bulletin board (bsc#1086314 bsc#1086313 bsc#1086301). - qed* : use trust mode to allow VF to override forced MAC (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Add new TLV to request PF to update MAC in bulletin board (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Advance drivers' version to 8.33.0.20 (bsc#1086314). - qed*: Advance drivers' version to 8.33.0.20 (bsc#1086314). - qed*: HSI renaming for different types of HW (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: HSI renaming for different types of HW (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Refactor mf_mode to consist of bits (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Refactor mf_mode to consist of bits (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Refactoring and rearranging FW API with no functional impact (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Refactoring and rearranging FW API with no functional impact (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Support drop action classification (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Support drop action classification (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Support other classification modes (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Support other classification modes (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Utilize FW 8.33.1.0 (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Utilize FW 8.33.1.0 (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Utilize FW 8.33.11.0 (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Utilize FW 8.33.11.0 (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: use trust mode to allow VF to override forced MAC (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Adapter flash update support (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Adapter flash update support (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add APIs for flash access (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add APIs for flash access (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add MFW interfaces for TLV request support (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add MFW interfaces for TLV request support (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add configuration information to register dump and debug data (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add configuration information to register dump and debug data (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add driver infrastucture for handling mfw requests (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add driver infrastucture for handling mfw requests (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add sanity check for SIMD fastpath handler (bsc#1050536). - qed: Add sanity check for SIMD fastpath handler (bsc#1050536). - qed: Add support for Unified Fabric Port (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for Unified Fabric Port (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for multi function mode with 802.1ad tagging (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for multi function mode with 802.1ad tagging (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for processing fcoe tlv request (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for processing fcoe tlv request (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for processing iscsi tlv request (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for processing iscsi tlv request (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for tlv request processing (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for tlv request processing (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1050536). - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1050536). - qed: Delete unused parameter p_ptt from mcp APIs (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Delete unused parameter p_ptt from mcp APIs (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1050536). - qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1050536). - qed: Fix LL2 race during connection terminate (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix LL2 race during connection terminate (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT entry leak in the selftest error flow (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT entry leak in the selftest error flow (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix copying 2 strings (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix copying 2 strings (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix link flap issue due to mismatching EEE capabilities (bsc#1050536). - qed: Fix link flap issue due to mismatching EEE capabilities (bsc#1050536). - qed: Fix mask for physical address in ILT entry (networking-stable-18_06_08). - qed: Fix possibility of list corruption during rmmod flows (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix possibility of list corruption during rmmod flows (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix possible memory leak in Rx error path handling (bsc#1050536). - qed: Fix possible memory leak in Rx error path handling (bsc#1050536). - qed: Fix possible race for the link state value (bsc#1050536). - qed: Fix possible race for the link state value (bsc#1050536). - qed: Fix potential use-after-free in qed_spq_post() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential use-after-free in qed_spq_post() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading stale configuration information (bsc#1086314). - qed: Fix reading stale configuration information (bsc#1086314). - qed: Fix setting of incorrect eswitch mode (bsc#1050536). - qed: Fix setting of incorrect eswitch mode (bsc#1050536). - qed: Fix shared memory inconsistency between driver and the MFW (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix shared memory inconsistency between driver and the MFW (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix use of incorrect shmem address (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix use of incorrect shmem address (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix use of incorrect size in memcpy call (bsc#1050536). - qed: Fix use of incorrect size in memcpy call (bsc#1050536). - qed: Free reserved MR tid (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Free reserved MR tid (bsc#1086314 bsc#1086313 bsc#1086301). - qed: LL2 flush isles when connection is closed (bsc#1086314 bsc#1086313 bsc#1086301). - qed: LL2 flush isles when connection is closed (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Limit msix vectors in kdump kernel to the minimum required count (bsc#1050536). - qed: Limit msix vectors in kdump kernel to the minimum required count (bsc#1050536). - qed: Populate nvm image attribute shadow (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Populate nvm image attribute shadow (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Remove reserveration of dpi for kernel (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Remove reserveration of dpi for kernel (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Remove unused data member 'is_mf_default' (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Remove unused data member 'is_mf_default' (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Use true and false for boolean values (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Use true and false for boolean values (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301). - qed: code indent should use tabs where possible (bsc#1086314 bsc#1086313 bsc#1086301). - qed: code indent should use tabs where possible (bsc#1086314 bsc#1086313 bsc#1086301). - qed: fix spelling mistake: "checksumed" -> "checksummed" (bsc#1086314 bsc#1086313 bsc#1086301). - qed: fix spelling mistake: "checksumed" -> "checksummed" (bsc#1086314 bsc#1086313 bsc#1086301). - qed: fix spelling mistake: "offloded" -> "offloaded" (bsc#1086314 bsc#1086313 bsc#1086301). - qed: fix spelling mistake: "offloded" -> "offloaded" (bsc#1086314 bsc#1086313 bsc#1086301). - qed: fix spelling mistake: "taskelt" -> "tasklet" (bsc#1086314 bsc#1086313 bsc#1086301). - qed: fix spelling mistake: "taskelt" -> "tasklet" (bsc#1086314 bsc#1086313 bsc#1086301). - qed: off by one in qed_parse_mcp_trace_buf() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: off by one in qed_parse_mcp_trace_buf() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: use kzalloc instead of kmalloc and memset (bsc#1086314 bsc#1086313 bsc#1086301). - qed: use kzalloc instead of kmalloc and memset (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Add build_skb() support (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Add build_skb() support (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Add support for populating ethernet TLVs (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Add support for populating ethernet TLVs (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Adverstise software timestamp caps when PHC is not available (bsc#1050538). - qede: Adverstise software timestamp caps when PHC is not available (bsc#1050538). - qede: Do not drop rx-checksum invalidated packets (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Do not drop rx-checksum invalidated packets (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Ethtool flash update support (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Ethtool flash update support (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Fix barrier usage after tx doorbell write (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Fix barrier usage after tx doorbell write (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Fix ref-cnt usage count (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Fix ref-cnt usage count (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Refactor ethtool rx classification flow (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Refactor ethtool rx classification flow (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Support flow classification to the VFs (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Support flow classification to the VFs (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Use NETIF_F_GRO_HW (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Use NETIF_F_GRO_HW (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Validate unsupported configurations (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Validate unsupported configurations (bsc#1086314 bsc#1086313 bsc#1086301). - qede: fix spelling mistake: "registeration" -> "registration" (bsc#1086314 bsc#1086313 bsc#1086301). - qede: fix spelling mistake: "registeration" -> "registration" (bsc#1086314 bsc#1086313 bsc#1086301). - qedr: Fix spelling mistake: "hanlde" -> "handle" (bsc#1086314 bsc#1086313 bsc#1086301). - qedr: Fix spelling mistake: "hanlde" -> "handle" (bsc#1086314 bsc#1086313 bsc#1086301). - qlogic/qed: Constify *pkt_type_str (bsc#1086314 bsc#1086313 bsc#1086301). - qlogic/qed: Constify *pkt_type_str (bsc#1086314 bsc#1086313 bsc#1086301). - qlogic: check kstrtoul() for errors (bsc#1050540). - qlogic: check kstrtoul() for errors (bsc#1050540). - qmi_wwan: add support for Quectel EG91 (bsc#1051510). - qmi_wwan: add support for the Dell Wireless 5821e module (bsc#1051510). - qmi_wwan: fix interface number for DW5821e production firmware (bsc#1051510). - qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect (bsc#1051510). - r8152: fix tx packets accounting (bsc#1051510). - r8152: napi hangup fix after disconnect (bsc#1051510). - r8169: Be drop monitor friendly (bsc#1051510). - rbd: flush rbd_dev->watch_dwork after watch is unregistered (bsc#1103216). - rdma/cma: Do not query GID during QP state transition to RTR (bsc#1046306). - rdma/cma: Do not query GID during QP state transition to RTR (bsc#1046306). - rdma/cma: Fix use after destroy access to net namespace for IPoib (bsc#1046306). - rdma/cma: Fix use after destroy access to net namespace for IPoib (bsc#1046306). - rdma/cxgb4: Use structs to describe the uABI instead of opencoding (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - rdma/cxgb4: release hw resources on device removal (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - rdma/i40iw: Avoid panic when objects are being created and destroyed (bsc#1058659). - rdma/i40iw: Avoid panic when objects are being created and destroyed (bsc#1058659). - rdma/i40iw: Avoid reference leaks when processing the AEQ (bsc#1058659). - rdma/i40iw: Avoid reference leaks when processing the AEQ (bsc#1058659). - rdma/ipoib: Update paths on CLIENT_REREG/SM_CHANGE events (bsc#1046307). - rdma/ipoib: Update paths on CLIENT_REREG/SM_CHANGE events (bsc#1046307). - rdma/iwpm: fix memory leak on map_info (bsc#1046306). - rdma/iwpm: fix memory leak on map_info (bsc#1046306). - rdma/mlx4: Discard unknown SQP work requests (bsc#1046302). - rdma/mlx4: Discard unknown SQP work requests (bsc#1046302). - rdma/mlx5: Do not assume that medium blueFlame register exists (bsc#1046305). - rdma/mlx5: Do not assume that medium blueFlame register exists (bsc#1046305). - rdma/mlx5: Fix NULL dereference while accessing XRC_TGT QPs (bsc#1046305). - rdma/mlx5: Fix NULL dereference while accessing XRC_TGT QPs (bsc#1046305). - rdma/mlx5: Fix memory leak in mlx5_ib_create_srq() error path (bsc#1046305). - rdma/mlx5: Fix memory leak in mlx5_ib_create_srq() error path (bsc#1046305). - rdma/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow (bsc#1046305). - rdma/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow (bsc#1046305). - rdma/mlx5: Protect from shift operand overflow (bsc#1046305). - rdma/mlx5: Protect from shift operand overflow (bsc#1046305). - rdma/mlx5: Use proper spec flow label type (bsc#1046305). - rdma/mlx5: Use proper spec flow label type (bsc#1046305). - rdma/qedr: Annotate iomem pointers correctly (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Annotate iomem pointers correctly (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Declare local functions static (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Declare local functions static (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix endian problems around imm_data (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix endian problems around imm_data (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix iWARP connect with port mapper (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix iWARP connect with port mapper (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix iWARP write and send with immediate (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix iWARP write and send with immediate (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix ipv6 destination address resolution (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix ipv6 destination address resolution (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix kernel panic when running fio over NFSordma (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix kernel panic when running fio over NFSordma (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix wmb usage in qedr (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix wmb usage in qedr (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Remove set-but-not-used variables (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Remove set-but-not-used variables (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Use NULL instead of 0 to represent a pointer (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Use NULL instead of 0 to represent a pointer (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Zero stack memory before copying to user space (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Zero stack memory before copying to user space (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: eliminate duplicate barriers on weakly-ordered archs (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: eliminate duplicate barriers on weakly-ordered archs (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: lower print level of flushed CQEs (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: lower print level of flushed CQEs (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/ucma: Do not allow setting rdma_OPTION_ib_PATH without an rdma device (bsc#1046306). - rdma/ucma: Do not allow setting rdma_OPTION_ib_PATH without an rdma device (bsc#1046306). - rdma/ucma: ucma_context reference leak in error path (bsc#1046306). - rdma/ucma: ucma_context reference leak in error path (bsc#1046306). - rdma/uverbs: Protect from attempts to create flows on unsupported QP (bsc#1046306). - rdma/uverbs: Protect from attempts to create flows on unsupported QP (bsc#1046306). - rdma/uverbs: Use an unambiguous errno for method not supported (bsc#1046306). - rdma/uverbs: Use an unambiguous errno for method not supported (bsc#1046306). - regulator: max8998: Fix platform data retrieval (bsc#1051510). - regulator: qcom_spmi: Include offset when translating voltages (bsc#1051510). - regulator: tps65218: Fix strobe assignment (bsc#1051510). - rpm/kernel-source.spec.in: Add more stuff to Recommends ... and move bc to Recommends as well. All these packages are needed for building a kernel manually from scratch with kernel-source files. - rpm/kernel-source.spec.in: require bc for kernel-source This is needed for building include/generated/timeconst.h from kernel/time/timeconst.bc. - rtc: ac100: Fix ac100 determine rate bug (bsc#1051510). - rtc: pxa: fix probe function (bsc#1051510). - rtlwifi: Fix kernel Oops "Fw download fail!!" (bsc#1051510). - rtlwifi: rtl8821ae: fix firmware is not ready to run (bsc#1051510). - rtnetlink: validate attributes in do_setlink() (networking-stable-18_06_08). - s390/crc32-vx: use expoline for indirect branches (git-fixes f19fbd5ed6). - s390/ftrace: use expoline for indirect branches (git-fixes f19fbd5ed6). - s390/gs: add compat regset for the guarded storage broadcast control block (git-fixes e525f8a6e696). - s390/kernel: use expoline for indirect branches (git-fixes f19fbd5ed6). - s390/lib: use expoline for indirect branches (git-fixes f19fbd5ed6). - s390/qdio: do not retry EQBS after CCQ 96 (bsc#1102088, LTC#169699). - s390/qeth: fix error handling in adapter command callbacks (bsc#1102088, LTC#169699). - s390/qeth: fix race when setting MAC address (bnc#1093148, LTC#167307). - s390: Correct register corruption in critical section cleanup (git-fixes 6dd85fbb87). - s390: add assembler macros for CPU alternatives (git-fixes f19fbd5ed6). - s390: correct module section names for expoline code revert (git-fixes f19fbd5ed6). - s390: extend expoline to BC instructions (git-fixes, bsc#1103421). - s390: move expoline assembler macros to a header (git-fixes f19fbd5ed6). - s390: move spectre sysfs attribute code (bsc#1090098). - s390: optimize memset implementation (git-fixes f19fbd5ed6). - s390: remove indirect branch from do_softirq_own_stack (git-fixes f19fbd5ed6). - s390: use expoline thunks in the BPF JIT (git-fixes, bsc#1103421). - sched/core: Optimize ttwu_stat() (bnc#1101669 optimise numa balancing for fast migrate). - sched/core: Optimize update_stats_*() (bnc#1101669 optimise numa balancing for fast migrate). - scripts/dtc: fix '%zx' warning (bsc#1051510). - scripts/gdb/linux/tasks.py: fix get_thread_info (bsc#1051510). - scripts/git_sort/git_sort.py: Add 'nvme-4.18' to the list of repositories - scripts/git_sort/git_sort.py: add modules-next tree - scripts/kernel-doc: Do not fail with status != 0 if error encountered with -none (bsc#1051510). - scsi: aacraid: Correct hba_send to include iu_type (bsc#1077989). - scsi: core: clean up generated file scsi_devinfo_tbl.c (bsc#1077989). - scsi: cxgb4i: silence overflow warning in t4_uld_rx_handler() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - scsi: megaraid_sas: Do not log an error if FW successfully initializes (bsc#1077989). - scsi: qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1077989). - scsi: qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1077338). - scsi: zfcp: fix infinite iteration on ERP ready list (bsc#1102088, LTC#169699). - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bsc#1102088, LTC#169699). - sctp: not allow transport timeout value less than HZ/5 for hb_timer (networking-stable-18_06_08). - serial: earlycon: Only try fdt when specify 'earlycon' exactly (bsc#1051510). - serial: imx: drop if that always evaluates to true (bsc#1051510). - serial: pxa: Fix out-of-bounds access through serial port index (bsc#1051510). - serial: sh-sci: Update warning message in sci_request_dma_chan() (bsc#1051510). - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version (bsc#1051510). - serial: sirf: Fix out-of-bounds access through DT alias (bsc#1051510). - sfc: stop the TX queue before pushing new buffers (bsc#1058169). - sfc: stop the TX queue before pushing new buffers (bsc#1058169). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1051510). - smsc75xx: fix smsc75xx_set_features() (bsc#1051510). - smsc95xx: Configure pause time to 0xffff when tx flow control enabled (bsc#1051510). - socket: close race condition between sock_close() and sockfs_setattr() (networking-stable-18_06_20). - spi: bcm-qspi: fIX some error handling paths (bsc#1051510). - spi: core: Fix devm_spi_register_master() function name in kerneldoc (bsc#1051510). - spi: pxa2xx: Do not touch CS pin until we have a transfer pending (bsc#1051510). - spi: sh-msiof: Fix bit field overflow writes to TSCR/RSCR (bsc#1051510). - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write() (bsc#1051510). - staging: fbtft: array underflow in fbtft_request_gpios_match() (bsc#1051510). - staging: iio: ade7759: fix signed extension bug on shift of a u8 (bsc#1051510). - staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data() (bsc#1051510). - staging: rtl8723bs: add missing range check on id (bsc#1051510). - staging: rtl8723bs: fix u8 less than zero check (bsc#1051510). - staging: rts5208: Fix "seg_no" calculation in reset_ms_card() (bsc#1051510). - staging: sm750fb: Fix parameter mistake in poke32 (bsc#1051510). - staging:iio:ade7854: Fix error handling on read/write (bsc#1051510). - staging:iio:ade7854: Fix the wrong number of bits to read (bsc#1051510). - tcp: verify the checksum of the first data segment in a new connection (networking-stable-18_06_20). - team: use netdev_features_t instead of u32 (networking-stable-18_06_08). - thermal/drivers/hisi: Fix kernel panic on alarm interrupt (bsc#1051510). - thermal/drivers/hisi: Fix missing interrupt enablement (bsc#1051510). - thermal/drivers/hisi: Fix multiple alarm interrupts firing (bsc#1051510). - thermal/drivers/hisi: Simplify the temperature/step computation (bsc#1051510). - thermal: bcm2835: fix an error code in probe() (bsc#1051510). - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bsc#1051510). - time: Make sure jiffies_to_msecs() preserves non-zero time periods (bsc#1051510). - timekeeping: Use proper timekeeper for debug code (bsc#1051510). - tools lib traceevent: Fix get_field_str() for dynamic strings (bsc#1051510). - tools lib traceevent: Simplify pointer print logic and fix %pF (bsc#1051510). - tools/lib/lockdep: Define the ARRAY_SIZE() macro (bsc#1051510). - tools/lib/lockdep: Fix undefined symbol prandom_u32 (bsc#1051510). - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames (bsc#1051510). - tools/power turbostat: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1051510). - tools/thermal: tmon: fix for segfault (bsc#1051510). - tools/usbip: fixes build with musl libc toolchain (bsc#1051510). - ubi: fastmap: Correctly handle interrupted erasures in EBA (bsc#1051510). - ubifs: Fix data node size for truncating uncompressed nodes (bsc#1051510). - ubifs: Fix potential integer overflow in allocation (bsc#1051510). - ubifs: Fix uninitialized variable in search_dh_cookie() (bsc#1051510). - ubifs: Fix unlink code wrt. double hash lookups (bsc#1051510). - udp: fix rx queue len reported by diag and proc interface (networking-stable-18_06_20). - usb-storage: Add compatibility quirk flags for G-Technologies G-Drive (bsc#1051510). - usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver (bsc#1051510). - usb/gadget: Fix "high bandwidth" check in usb_gadget_ep_match_desc() (bsc#1051510). - usb: Increment wakeup count on remote wakeup (bsc#1051510). - usb: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM (bsc#1087092). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1051510). - usb: cdc_acm: Add quirk for Castles VEGA3000 (bsc#1051510). - usb: cdc_acm: Add quirk for Uniden UBC125 scanner (bsc#1051510). - usb: cdc_acm: prevent race at write to acm while system resumes (bsc#1087092). - usb: core: handle hub C_PORT_OVER_CURRENT condition (bsc#1051510). - usb: do not reset if a low-speed or full-speed device timed out (bsc#1051510). - usb: dwc2: Fix DMA alignment to start at allocated boundary (bsc#1051510). - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() (bsc#1051510). - usb: dwc2: Improve gadget state disconnection handling (bsc#1085539). - usb: dwc2: debugfs: Do not touch RX FIFO during register dump (bsc#1051510). - usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub (bsc#1051510). - usb: dwc2: hcd: Fix host channel halt flow (bsc#1051510). - usb: dwc2: host: Fix transaction errors in host mode (bsc#1051510). - usb: dwc3: Add SoftReset PHY synchonization delay (bsc#1051510). - usb: dwc3: Fix GDBGFIFOSPACE_TYPE values (bsc#1051510). - usb: dwc3: Makefile: fix link error on randconfig (bsc#1051510). - usb: dwc3: Undo PHY init if soft reset fails (bsc#1051510). - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields (bsc#1051510). - usb: dwc3: ep0: Reset TRB counter for ep0 IN (bsc#1051510). - usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue (bsc#1051510). - usb: dwc3: gadget: Set maxpacket size for ep0 IN (bsc#1051510). - usb: dwc3: of-simple: fix use-after-free on remove (bsc#1051510). - usb: dwc3: omap: do not miss events during suspend/resume (bsc#1051510). - usb: dwc3: pci: Properly cleanup resource (bsc#1051510). - usb: dwc3: prevent setting PRTCAP to OTG from debugfs (bsc#1051510). - usb: gadget: bdc: 64-bit pointer capability check (bsc#1051510). - usb: gadget: composite: fix incorrect handling of OS desc requests (bsc#1051510). - usb: gadget: core: Fix use-after-free of usb_request (bsc#1051510). - usb: gadget: dummy: fix nonsensical comparisons (bsc#1051510). - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() (bsc#1051510). - usb: gadget: f_fs: Only return delayed status when len is 0 (bsc#1051510). - usb: gadget: f_fs: Process all descriptors during bind (bsc#1051510). - usb: gadget: f_fs: Use config_ep_by_speed() (bsc#1051510). - usb: gadget: f_mass_storage: Fix the logic to iterate all common->luns (bsc#1051510). - usb: gadget: f_midi: fixing a possible double-free in f_midi (bsc#1051510). - usb: gadget: f_uac2: fix bFirstInterface in composite gadget (bsc#1051510). - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' (bsc#1051510). - usb: gadget: f_uac2: fix error handling in afunc_bind (again) (bsc#1051510). - usb: gadget: ffs: Execute copy_to_user() with USER_DS set (bsc#1051510). - usb: gadget: ffs: Let setup() return usb_GADGET_DELAYED_STATUS (bsc#1051510). - usb: gadget: fsl_udc_core: fix ep valid checks (bsc#1051510). - usb: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() (bsc#1051510). - usb: gadget: udc: change comparison to bitshift when dealing with a mask (bsc#1051510). - usb: gadget: udc: core: update usb_ep_queue() documentation (bsc#1051510). - usb: gadget: udc: renesas_usb3: disable the controller's irqs for reconnecting (bsc#1051510). - usb: host: ehci: use correct device pointer for dma ops (bsc#1087092). - usb: host: xhci-plat: revert "usb: host: xhci-plat: enable clk in resume timing" (bsc#1051510). - usb: ldusb: add PIDs for new CASSY devices supported by this driver (bsc#1051510). - usb: musb: Fix external abort in musb_remove on omap2430 (bsc#1051510). - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers (bsc#1051510). - usb: musb: fix enumeration after resume (bsc#1051510). - usb: musb: fix remote wakeup racing with suspend (bsc#1051510). - usb: musb: gadget: misplaced out of bounds check (bsc#1051510). - usb: musb: host: fix potential NULL pointer dereference (bsc#1051510). - usb: musb: trace: fix NULL pointer dereference in musb_g_tx() (bsc#1051510). - usb: option: Add support for FS040U modem (bsc#1087092). - usb: quirks: add delay quirks for Corsair Strafe (bsc#1051510). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bsc#1051510). - usb: serial: cp210x: add CESINEL device ids (bsc#1051510). - usb: serial: cp210x: add ELDAT Easywave RX09 id (bsc#1051510). - usb: serial: cp210x: add ID for NI usb serial console (bsc#1051510). - usb: serial: cp210x: add Silicon Labs IDs for Windows Update (bsc#1051510). - usb: serial: cp210x: add another usb ID for Qivicon ZigBee stick (bsc#1051510). - usb: serial: ftdi_sio: add RT Systems VX-8 cable (bsc#1051510). - usb: serial: ftdi_sio: add support for Harman FirmwareHubEmulator (bsc#1051510). - usb: serial: ftdi_sio: use jtag quirk for Arrow usb Blaster (bsc#1051510). - usb: serial: keyspan_pda: fix modem-status error handling (bsc#1100132). - usb: serial: mos7840: fix status-register error handling (bsc#1051510). - usb: serial: option: Add support for Quectel EP06 (bsc#1051510). - usb: serial: option: adding support for ublox R410M (bsc#1051510). - usb: serial: option: reimplement interface masking (bsc#1051510). - usb: serial: simple: add libtransistor console (bsc#1051510). - usb: serial: visor: handle potential invalid device configuration (bsc#1051510). - usb: yurex: fix out-of-bounds uaccess in read handler (bsc#1100132). - usbip: Correct maximum value of CONFIG_usbIP_VHCI_HC_PORTS (bsc#1051510). - usbip: usbip_event: fix to not print kernel pointer address (bsc#1051510). - usbip: usbip_host: refine probe and disconnect debug msgs to be useful (bsc#1051510). - usbip: vhci_hcd: Fix usb device and sockfd leaks (bsc#1051510). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1051510). - vfio/pci: Fix potential Spectre v1 (bsc#1051510). - vfio/spapr: Use IOMMU pageshift rather than pagesize (bsc#1077761, git-fixes). - vhost: synchronize IOTLB message with dev cleanup (networking-stable-18_06_08). - video/omap: add module license tags (bsc#1090888). - video: remove unused kconfig SH_LCD_MIPI_DSI (bsc#1087092). - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS (bsc#1051510). - virtio-net: correctly transmit XDP buff after linearizing (networking-stable-18_06_08). - virtio-net: fix leaking page for gso packet during mergeable XDP (networking-stable-18_06_08). - virtio-net: fix module unloading (bsc#1051510). - virtio_net: Disable interrupts if napi_complete_done rescheduled napi (bsc#1051510). - virtio_net: fix XDP code path in receive_small() (bsc#1051510). - vmcore: add API to collect hardware dump in second kernel (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - vrf: check the original netdevice for generating redirect (networking-stable-18_06_08). - wlcore: add missing nvs file name info for wilink8 (bsc#1051510). - x.509: unpack RSA signatureValue field from BIT STRING (bsc#1051510). - x86/efi: Access EFI MMIO data as unencrypted when SEV is active (bsc#1099193). - xen/grant-table: log the lack of grants (bnc#1085042). - xhci: Fix kernel oops in trace_xhci_free_virt_device (bsc#1100132). - xhci: Fix usb3 NULL pointer dereference at logical disconnect (bsc#1090888). - xhci: Fix use-after-free in xhci_free_virt_device (bsc#1100132). - xhci: revert "xhci: plat: Register shutdown for xhci_plat" (bsc#1090888). - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bsc#1100132). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-1504=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-1504=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-1504=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1504=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1504=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-1504=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.6.1 kernel-default-debugsource-4.12.14-25.6.1 kernel-default-extra-4.12.14-25.6.1 kernel-default-extra-debuginfo-4.12.14-25.6.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-25.6.1 kernel-default-debugsource-4.12.14-25.6.1 kernel-default-livepatch-4.12.14-25.6.1 kernel-livepatch-4_12_14-25_6-default-1-1.3.1 kernel-livepatch-4_12_14-25_6-default-debuginfo-1-1.3.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.6.1 kernel-default-debugsource-4.12.14-25.6.1 reiserfs-kmp-default-4.12.14-25.6.1 reiserfs-kmp-default-debuginfo-4.12.14-25.6.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.6.1 kernel-obs-build-debugsource-4.12.14-25.6.1 kernel-syms-4.12.14-25.6.1 kernel-vanilla-base-4.12.14-25.6.1 kernel-vanilla-base-debuginfo-4.12.14-25.6.1 kernel-vanilla-debuginfo-4.12.14-25.6.1 kernel-vanilla-debugsource-4.12.14-25.6.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.6.1 kernel-source-4.12.14-25.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.6.1 kernel-default-debuginfo-4.12.14-25.6.1 kernel-default-debugsource-4.12.14-25.6.1 kernel-default-devel-4.12.14-25.6.1 kernel-default-devel-debuginfo-4.12.14-25.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.6.1 kernel-macros-4.12.14-25.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.6.1 kernel-zfcpdump-4.12.14-25.6.1 kernel-zfcpdump-debuginfo-4.12.14-25.6.1 kernel-zfcpdump-debugsource-4.12.14-25.6.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.6.1 cluster-md-kmp-default-debuginfo-4.12.14-25.6.1 dlm-kmp-default-4.12.14-25.6.1 dlm-kmp-default-debuginfo-4.12.14-25.6.1 gfs2-kmp-default-4.12.14-25.6.1 gfs2-kmp-default-debuginfo-4.12.14-25.6.1 kernel-default-debuginfo-4.12.14-25.6.1 kernel-default-debugsource-4.12.14-25.6.1 ocfs2-kmp-default-4.12.14-25.6.1 ocfs2-kmp-default-debuginfo-4.12.14-25.6.1 References: https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1037697 https://bugzilla.suse.com/1046299 https://bugzilla.suse.com/1046300 https://bugzilla.suse.com/1046302 https://bugzilla.suse.com/1046303 https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1046307 https://bugzilla.suse.com/1046533 https://bugzilla.suse.com/1046543 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050538 https://bugzilla.suse.com/1050540 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054245 https://bugzilla.suse.com/1056651 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1058169 https://bugzilla.suse.com/1058659 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1075087 https://bugzilla.suse.com/1075360 https://bugzilla.suse.com/1077338 https://bugzilla.suse.com/1077761 https://bugzilla.suse.com/1077989 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086301 https://bugzilla.suse.com/1086313 https://bugzilla.suse.com/1086314 https://bugzilla.suse.com/1086324 https://bugzilla.suse.com/1086457 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1087202 https://bugzilla.suse.com/1087217 https://bugzilla.suse.com/1087233 https://bugzilla.suse.com/1090098 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091041 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1093148 https://bugzilla.suse.com/1093666 https://bugzilla.suse.com/1094119 https://bugzilla.suse.com/1096330 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1099193 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1100884 https://bugzilla.suse.com/1101143 https://bugzilla.suse.com/1101337 https://bugzilla.suse.com/1101352 https://bugzilla.suse.com/1101564 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1101674 https://bugzilla.suse.com/1101789 https://bugzilla.suse.com/1101813 https://bugzilla.suse.com/1101816 https://bugzilla.suse.com/1102088 https://bugzilla.suse.com/1102097 https://bugzilla.suse.com/1102147 https://bugzilla.suse.com/1102340 https://bugzilla.suse.com/1102512 https://bugzilla.suse.com/1102851 https://bugzilla.suse.com/1103216 https://bugzilla.suse.com/1103220 https://bugzilla.suse.com/1103230 https://bugzilla.suse.com/1103421 From sle-security-updates at lists.suse.com Tue Aug 7 07:08:39 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Aug 2018 15:08:39 +0200 (CEST) Subject: SUSE-SU-2018:2230-1: moderate: Security update for clamav Message-ID: <20180807130839.BB2A0FD83@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2230-1 Rating: moderate References: #1101410 #1101412 #1101654 #1103040 Cross-References: CVE-2018-0360 CVE-2018-0361 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - Buffer over-read in unRAR code due to missing max value checks in table initialization - Libmspack heap buffer over-read in CHM parser (bsc#1103040) - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1509=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): clamav-0.100.1-3.3.1 clamav-debuginfo-0.100.1-3.3.1 clamav-debugsource-0.100.1-3.3.1 clamav-devel-0.100.1-3.3.1 libclamav7-0.100.1-3.3.1 libclamav7-debuginfo-0.100.1-3.3.1 libclammspack0-0.100.1-3.3.1 libclammspack0-debuginfo-0.100.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-0360.html https://www.suse.com/security/cve/CVE-2018-0361.html https://bugzilla.suse.com/1101410 https://bugzilla.suse.com/1101412 https://bugzilla.suse.com/1101654 https://bugzilla.suse.com/1103040 From sle-security-updates at lists.suse.com Tue Aug 7 07:10:08 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Aug 2018 15:10:08 +0200 (CEST) Subject: SUSE-SU-2018:2232-1: moderate: Security update for clamav Message-ID: <20180807131008.01668FD83@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2232-1 Rating: moderate References: #1101410 #1101412 #1101654 #1103040 Cross-References: CVE-2018-0360 CVE-2018-0361 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - Buffer over-read in unRAR code due to missing max value checks in table initialization - Libmspack heap buffer over-read in CHM parser (bsc#1103040) - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-clamav-13716=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-clamav-13716=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-13716=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-13716=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-13716=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-0.100.1-0.20.15.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): clamav-0.100.1-0.20.15.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): clamav-0.100.1-0.20.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-debuginfo-0.100.1-0.20.15.1 clamav-debugsource-0.100.1-0.20.15.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): clamav-debuginfo-0.100.1-0.20.15.1 clamav-debugsource-0.100.1-0.20.15.1 References: https://www.suse.com/security/cve/CVE-2018-0360.html https://www.suse.com/security/cve/CVE-2018-0361.html https://bugzilla.suse.com/1101410 https://bugzilla.suse.com/1101412 https://bugzilla.suse.com/1101654 https://bugzilla.suse.com/1103040 From sle-security-updates at lists.suse.com Tue Aug 7 10:07:37 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Aug 2018 18:07:37 +0200 (CEST) Subject: SUSE-SU-2018:2233-1: moderate: Security update for cups Message-ID: <20180807160737.73453FD35@maintenance.suse.de> SUSE Security Update: Security update for cups ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2233-1 Rating: moderate References: #1096405 #1096406 #1096407 #1096408 Cross-References: CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for cups fixes the following issues: Security issues fixed: - CVE-2018-4180: Fix local privilege escalation to root in dnssd backend (bsc#1096405). - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406). - CVE-2018-4182: Fix cups-exec sandbox bypass due to insecure error handling (bsc#1096407). - CVE-2018-4183: Fix cups-exec sandbox bypass due to profile misconfiguration (bsc#1096408). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-cups-13718=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-cups-13718=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-cups-13718=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): cups-devel-1.3.9-8.46.56.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): cups-1.3.9-8.46.56.3.1 cups-client-1.3.9-8.46.56.3.1 cups-libs-1.3.9-8.46.56.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): cups-libs-32bit-1.3.9-8.46.56.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): cups-libs-x86-1.3.9-8.46.56.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): cups-debuginfo-1.3.9-8.46.56.3.1 cups-debugsource-1.3.9-8.46.56.3.1 References: https://www.suse.com/security/cve/CVE-2018-4180.html https://www.suse.com/security/cve/CVE-2018-4181.html https://www.suse.com/security/cve/CVE-2018-4182.html https://www.suse.com/security/cve/CVE-2018-4183.html https://bugzilla.suse.com/1096405 https://bugzilla.suse.com/1096406 https://bugzilla.suse.com/1096407 https://bugzilla.suse.com/1096408 From sle-security-updates at lists.suse.com Tue Aug 7 10:14:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Aug 2018 18:14:56 +0200 (CEST) Subject: SUSE-SU-2018:2235-1: moderate: Security update for pidgin Message-ID: <20180807161456.B8C09FD35@maintenance.suse.de> SUSE Security Update: Security update for pidgin ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2235-1 Rating: moderate References: #1028835 Cross-References: CVE-2017-2640 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pidgin fixes the following issues: The following security vulnerability was fixed: - CVE-2017-2640: Fixed an out of bound write in purple_markup_unescape_entity, which could be triggered by a server controlled by an attacker and could lead to crashes or, in some extreme cases, to remote code execution on the client side (bsc#1028835). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-pidgin-13717=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-pidgin-13717=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): finch-2.6.6-0.30.3.1 finch-devel-2.6.6-0.30.3.1 libpurple-2.6.6-0.30.3.1 libpurple-devel-2.6.6-0.30.3.1 libpurple-lang-2.6.6-0.30.3.1 pidgin-2.6.6-0.30.3.1 pidgin-devel-2.6.6-0.30.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): pidgin-debuginfo-2.6.6-0.30.3.1 pidgin-debugsource-2.6.6-0.30.3.1 References: https://www.suse.com/security/cve/CVE-2017-2640.html https://bugzilla.suse.com/1028835 From sle-security-updates at lists.suse.com Tue Aug 7 10:15:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Aug 2018 18:15:29 +0200 (CEST) Subject: SUSE-SU-2018:2236-1: Security update for libcdio Message-ID: <20180807161529.8655CFD35@maintenance.suse.de> SUSE Security Update: Security update for libcdio ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2236-1 Rating: low References: #1082821 #1082877 Cross-References: CVE-2017-18199 CVE-2017-18201 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libcdio fixes the following issues: The following security vulnerabilities were addressed: - CVE-2017-18199: Fixed a NULL pointer dereference in realloc_symlink in rock.c (bsc#1082821) - CVE-2017-18201: Fixed a double free vulnerability in get_cdtext_generic() in _cdio_generic.c (bsc#1082877) - Fixed several memory leaks (bsc#1082821) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1512=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libcdio++0-0.94-6.3.1 libcdio++0-debuginfo-0.94-6.3.1 libcdio-debugsource-0.94-6.3.1 libcdio-devel-0.94-6.3.1 libcdio16-0.94-6.3.1 libcdio16-debuginfo-0.94-6.3.1 libiso9660-10-0.94-6.3.1 libiso9660-10-debuginfo-0.94-6.3.1 libudf0-0.94-6.3.1 libudf0-debuginfo-0.94-6.3.1 References: https://www.suse.com/security/cve/CVE-2017-18199.html https://www.suse.com/security/cve/CVE-2017-18201.html https://bugzilla.suse.com/1082821 https://bugzilla.suse.com/1082877 From sle-security-updates at lists.suse.com Tue Aug 7 13:25:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Aug 2018 21:25:48 +0200 (CEST) Subject: SUSE-SU-2018:2243-1: moderate: Security update for enigmail Message-ID: <20180807192548.56908FD35@maintenance.suse.de> SUSE Security Update: Security update for enigmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2243-1 Rating: moderate References: #1094781 #1096745 #1097525 Cross-References: CVE-2018-12019 CVE-2018-12020 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for enigmail to 2.0.7 fixes the following issues: These security issues were fixed: - CVE-2018-12020: Mitigation against GnuPG signature spoofing: Email signatures could be spoofed via an embedded "--filename" parameter in OpenPGP literal data packets. This update prevents this issue from being exploited if GnuPG was not updated (boo#1096745) - CVE-2018-12019: The signature verification routine interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids (boo#1097525) - Disallow plaintext (literal packets) outside of encrpyted packets - Replies to a partially encrypted message may have revealed protected information - no longer display PGP/MIME message part followed by unencrypted data (bsc#1094781) - Fix signature Spoofing via Inline-PGP in HTML Mails These non-security issues were fixed: - Fix filter actions forgetting selected mail folder names - Fix compatibility issue with Thunderbird 60b7 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-1514=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): enigmail-2.0.7-3.7.2 References: https://www.suse.com/security/cve/CVE-2018-12019.html https://www.suse.com/security/cve/CVE-2018-12020.html https://bugzilla.suse.com/1094781 https://bugzilla.suse.com/1096745 https://bugzilla.suse.com/1097525 From sle-security-updates at lists.suse.com Wed Aug 8 16:09:05 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 00:09:05 +0200 (CEST) Subject: SUSE-SU-2018:2248-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP3) Message-ID: <20180808220905.C4E86FD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2248-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.92-6_30 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1520=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_92-6_30-default-7-2.5 kgraft-patch-4_4_92-6_30-default-debuginfo-7-2.5 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-security-updates at lists.suse.com Wed Aug 8 16:14:53 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 00:14:53 +0200 (CEST) Subject: SUSE-SU-2018:2250-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 12 SP3) Message-ID: <20180808221453.6A600FD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2250-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.82-6_3 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1523=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_3-default-10-2.5 kgraft-patch-4_4_82-6_3-default-debuginfo-10-2.5 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-security-updates at lists.suse.com Wed Aug 8 16:17:11 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 00:17:11 +0200 (CEST) Subject: SUSE-SU-2018:2254-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) Message-ID: <20180808221711.95D74FD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2254-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.82-6_9 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1522=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_9-default-9-2.5 kgraft-patch-4_4_82-6_9-default-debuginfo-9-2.5 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-security-updates at lists.suse.com Wed Aug 8 16:18:03 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 00:18:03 +0200 (CEST) Subject: SUSE-SU-2018:2255-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP3) Message-ID: <20180808221803.DE07FFD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2255-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.103-6_38 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1519=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_38-default-7-2.5 kgraft-patch-4_4_103-6_38-default-debuginfo-7-2.5 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-security-updates at lists.suse.com Wed Aug 8 16:28:05 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 00:28:05 +0200 (CEST) Subject: SUSE-SU-2018:2262-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP3) Message-ID: <20180808222805.445ABFD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2262-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.103-6_33 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1517=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_33-default-7-2.5 kgraft-patch-4_4_103-6_33-default-debuginfo-7-2.5 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-security-updates at lists.suse.com Wed Aug 8 16:28:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 00:28:45 +0200 (CEST) Subject: SUSE-SU-2018:2263-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3) Message-ID: <20180808222845.4A2D0FD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2263-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.82-6_6 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1521=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_6-default-9-2.5 kgraft-patch-4_4_82-6_6-default-debuginfo-9-2.5 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-security-updates at lists.suse.com Wed Aug 8 16:29:24 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 00:29:24 +0200 (CEST) Subject: SUSE-SU-2018:2264-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3) Message-ID: <20180808222924.79BDCFD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2264-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.114-94_11 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1518=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_114-94_11-default-5-2.5 kgraft-patch-4_4_114-94_11-default-debuginfo-5-2.5 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-security-updates at lists.suse.com Thu Aug 9 04:10:54 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 12:10:54 +0200 (CEST) Subject: SUSE-SU-2018:2266-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3) Message-ID: <20180809101054.CDF24FD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2266-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.120-94_17 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1526=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_120-94_17-default-4-2.5 kgraft-patch-4_4_120-94_17-default-debuginfo-4-2.5 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-security-updates at lists.suse.com Thu Aug 9 04:11:35 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 12:11:35 +0200 (CEST) Subject: SUSE-SU-2018:2267-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP3) Message-ID: <20180809101135.36529FD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2267-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.131-94_29 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1529=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_131-94_29-default-2-2.5 kgraft-patch-4_4_131-94_29-default-debuginfo-2-2.5 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-security-updates at lists.suse.com Thu Aug 9 04:12:14 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 12:12:14 +0200 (CEST) Subject: SUSE-SU-2018:2268-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3) Message-ID: <20180809101215.00735FD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2268-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.114-94_14 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1527=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_114-94_14-default-5-2.5 kgraft-patch-4_4_114-94_14-default-debuginfo-5-2.5 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-security-updates at lists.suse.com Thu Aug 9 04:12:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 12:12:56 +0200 (CEST) Subject: SUSE-SU-2018:2269-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP3) Message-ID: <20180809101256.4204CFD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2269-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.132-94_33 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1524=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_132-94_33-default-2-2.5 kgraft-patch-4_4_132-94_33-default-debuginfo-2-2.5 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-security-updates at lists.suse.com Thu Aug 9 04:13:36 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 12:13:36 +0200 (CEST) Subject: SUSE-SU-2018:2270-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3) Message-ID: <20180809101336.4EAB7FD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2270-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.92-6_18 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1528=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_92-6_18-default-8-2.5 kgraft-patch-4_4_92-6_18-default-debuginfo-8-2.5 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-security-updates at lists.suse.com Thu Aug 9 04:14:22 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 12:14:22 +0200 (CEST) Subject: SUSE-SU-2018:2271-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP3) Message-ID: <20180809101422.BFF57FD35@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2271-1 Rating: important References: #1083125 #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for the Linux Kernel 4.4.126-94_22 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1525=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_126-94_22-default-4-2.5 kgraft-patch-4_4_126-94_22-default-debuginfo-4-2.5 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1083125 https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 From sle-security-updates at lists.suse.com Thu Aug 9 13:09:07 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2018 21:09:07 +0200 (CEST) Subject: SUSE-SU-2018:2275-1: moderate: Security update for openssh Message-ID: <20180809190907.96DF0FD41@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2275-1 Rating: moderate References: #1016370 #1017099 #1023275 #1053972 #1065000 #1069509 #1076957 Cross-References: CVE-2008-1483 CVE-2016-10012 CVE-2016-10708 CVE-2017-15906 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-10012: Fix pre-auth compression checks that could be optimized away (bsc#1016370). - CVE-2016-10708: Fix remote denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYSmessage (bsc#1076957). - CVE-2017-15906: Fix r/o sftp-server zero byte file creation (bsc#1065000). - CVE-2008-1483: Fix accidental re-introduction of CVE-2008-1483 (bsc#1069509). Bug fixes: - bsc#1017099: Match conditions with uppercase hostnames fail (bsc#1017099) - bsc#1053972: supportedKeyExchanges diffie-hellman-group1-sha1 is duplicated (bsc#1053972) - bsc#1023275: Messages suppressed after upgrade from SLES 11 SP3 to SP4 (bsc#1023275) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssh-13719=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-13719=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-6.6p1-36.3.1 openssh-askpass-gnome-6.6p1-36.3.1 openssh-fips-6.6p1-36.3.1 openssh-helpers-6.6p1-36.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-36.3.1 openssh-debuginfo-6.6p1-36.3.1 openssh-debugsource-6.6p1-36.3.1 References: https://www.suse.com/security/cve/CVE-2008-1483.html https://www.suse.com/security/cve/CVE-2016-10012.html https://www.suse.com/security/cve/CVE-2016-10708.html https://www.suse.com/security/cve/CVE-2017-15906.html https://bugzilla.suse.com/1016370 https://bugzilla.suse.com/1017099 https://bugzilla.suse.com/1023275 https://bugzilla.suse.com/1053972 https://bugzilla.suse.com/1065000 https://bugzilla.suse.com/1069509 https://bugzilla.suse.com/1076957 From sle-security-updates at lists.suse.com Fri Aug 10 07:07:36 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Aug 2018 15:07:36 +0200 (CEST) Subject: SUSE-SU-2018:2297-1: moderate: Recommended update for NetworkManager-vpnc Message-ID: <20180810130736.5058BFD35@maintenance.suse.de> SUSE Security Update: Recommended update for NetworkManager-vpnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2297-1 Rating: moderate References: #1101147 Cross-References: CVE-2018-10900 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for NetworkManager-vpnc fixes the following issues: Security issue fixed: - CVE-2018-10900: Check configurations that contain newline characters and invalidate them to avoid security attacks (bsc#1101147). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1538=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1538=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): NetworkManager-vpnc-lang-1.0.8-8.4.2 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): NetworkManager-vpnc-1.0.8-8.4.2 NetworkManager-vpnc-debuginfo-1.0.8-8.4.2 NetworkManager-vpnc-debugsource-1.0.8-8.4.2 NetworkManager-vpnc-gnome-1.0.8-8.4.2 NetworkManager-vpnc-gnome-debuginfo-1.0.8-8.4.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): NetworkManager-vpnc-lang-1.0.8-8.4.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): NetworkManager-vpnc-1.0.8-8.4.2 NetworkManager-vpnc-debuginfo-1.0.8-8.4.2 NetworkManager-vpnc-debugsource-1.0.8-8.4.2 NetworkManager-vpnc-gnome-1.0.8-8.4.2 NetworkManager-vpnc-gnome-debuginfo-1.0.8-8.4.2 References: https://www.suse.com/security/cve/CVE-2018-10900.html https://bugzilla.suse.com/1101147 From sle-security-updates at lists.suse.com Fri Aug 10 07:08:05 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Aug 2018 15:08:05 +0200 (CEST) Subject: SUSE-SU-2018:2298-1: important: Security update for MozillaFirefox Message-ID: <20180810130805.31F15FD35@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2298-1 Rating: important References: #1092548 #1096449 #1098998 Cross-References: CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5156 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178 CVE-2018-5183 CVE-2018-5188 CVE-2018-6126 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for MozillaFirefox to the 52.9 ESR release fixes the following issues: These security issues were fixed: - Firefox ESR 52.9: - CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 (bsc#1098998). - CVE-2018-12368 No warning when opening executable SettingContent-ms files (bsc#1098998). - CVE-2018-12366 Invalid data handling during QCMS transformations (bsc#1098998). - CVE-2018-12365 Compromised IPC child process can list local filenames (bsc#1098998). - CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998). - CVE-2018-12363 Use-after-free when appending DOM nodes (bsc#1098998). - CVE-2018-12362 Integer overflow in SSSE3 scaler (bsc#1098998). - CVE-2018-12360 Use-after-free when using focus() (bsc#1098998). - CVE-2018-5156 Media recorder segmentation fault when track type is changed during capture (bsc#1098998). - CVE-2018-12359 Buffer overflow using computed size of canvas element (bsc#1098998). - Firefox ESR 52.8: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). - CVE-2018-5183: Backport critical security fixes in Skia (bsc#1092548). - CVE-2018-5154: Use-after-free with SVG animations and clip paths (bsc#1092548). - CVE-2018-5155: Use-after-free with SVG animations and text paths (bsc#1092548). - CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files (bsc#1092548). - CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer (bsc#1092548). - CVE-2018-5159: Integer overflow and out-of-bounds write in Skia (bsc#1092548). - CVE-2018-5168: Lightweight themes can be installed without user interaction (bsc#1092548). - CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (bsc#1092548). - CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (bsc#1092548). These non-security issues were fixed: - Various stability and regression fixes - Performance improvements to the Safe Browsing service to avoid slowdowns while updating site classification data Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1536=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-52.9.0esr-3.7.12 MozillaFirefox-debuginfo-52.9.0esr-3.7.12 MozillaFirefox-debugsource-52.9.0esr-3.7.12 MozillaFirefox-translations-common-52.9.0esr-3.7.12 MozillaFirefox-translations-other-52.9.0esr-3.7.12 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le x86_64): MozillaFirefox-devel-52.9.0esr-3.7.12 References: https://www.suse.com/security/cve/CVE-2018-12359.html https://www.suse.com/security/cve/CVE-2018-12360.html https://www.suse.com/security/cve/CVE-2018-12362.html https://www.suse.com/security/cve/CVE-2018-12363.html https://www.suse.com/security/cve/CVE-2018-12364.html https://www.suse.com/security/cve/CVE-2018-12365.html https://www.suse.com/security/cve/CVE-2018-12366.html https://www.suse.com/security/cve/CVE-2018-12368.html https://www.suse.com/security/cve/CVE-2018-5150.html https://www.suse.com/security/cve/CVE-2018-5154.html https://www.suse.com/security/cve/CVE-2018-5155.html https://www.suse.com/security/cve/CVE-2018-5156.html https://www.suse.com/security/cve/CVE-2018-5157.html https://www.suse.com/security/cve/CVE-2018-5158.html https://www.suse.com/security/cve/CVE-2018-5159.html https://www.suse.com/security/cve/CVE-2018-5168.html https://www.suse.com/security/cve/CVE-2018-5178.html https://www.suse.com/security/cve/CVE-2018-5183.html https://www.suse.com/security/cve/CVE-2018-5188.html https://www.suse.com/security/cve/CVE-2018-6126.html https://bugzilla.suse.com/1092548 https://bugzilla.suse.com/1096449 https://bugzilla.suse.com/1098998 From sle-security-updates at lists.suse.com Fri Aug 10 07:08:59 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Aug 2018 15:08:59 +0200 (CEST) Subject: SUSE-SU-2018:2299-1: important: Security update for ceph Message-ID: <20180810130859.712CAFD35@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2299-1 Rating: important References: #1072512 #1080112 #1081379 #1086340 #1096748 #1099162 Cross-References: CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 CVE-2018-7262 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-10861: Fix ceph-mon authorization on OSD pool ops (bsc#1099162). - CVE-2018-1128: Fix cephx signature check bypass (bsc#1096748). - CVE-2018-1129: Fix cephx protocol vulnerability to replay attack (bsc#1096748). - CVE-2018-7262: Fix malformed http headers that can crash rgw (bsc#1081379). Bug fixes: - bsc#1072512: multipart uploads are broken if the bucket has been resharded - bsc#1080112: rgw: user stats increased after bucket reshard - bsc#1086340: SES5: XFS metadata corruption on rbd-nbd mapped image with journaling feature enabled Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1537=1 Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): ceph-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-base-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-base-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-common-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-common-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-debugsource-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-fuse-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-fuse-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-mds-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-mds-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-mon-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-mon-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-osd-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-osd-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-radosgw-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-radosgw-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-test-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-test-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-test-debugsource-10.2.11+git.1531487710.3a12911a2e-12.14.2 libcephfs1-10.2.11+git.1531487710.3a12911a2e-12.14.2 libcephfs1-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 librados2-10.2.11+git.1531487710.3a12911a2e-12.14.2 librados2-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 libradosstriper1-10.2.11+git.1531487710.3a12911a2e-12.14.2 libradosstriper1-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 librbd1-10.2.11+git.1531487710.3a12911a2e-12.14.2 librbd1-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 librgw2-10.2.11+git.1531487710.3a12911a2e-12.14.2 librgw2-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-ceph-compat-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-cephfs-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-cephfs-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-rados-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-rados-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-rbd-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-rbd-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 rbd-fuse-10.2.11+git.1531487710.3a12911a2e-12.14.2 rbd-fuse-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 rbd-mirror-10.2.11+git.1531487710.3a12911a2e-12.14.2 rbd-mirror-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 rbd-nbd-10.2.11+git.1531487710.3a12911a2e-12.14.2 rbd-nbd-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 References: https://www.suse.com/security/cve/CVE-2018-10861.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://www.suse.com/security/cve/CVE-2018-7262.html https://bugzilla.suse.com/1072512 https://bugzilla.suse.com/1080112 https://bugzilla.suse.com/1081379 https://bugzilla.suse.com/1086340 https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1099162 From sle-security-updates at lists.suse.com Fri Aug 10 07:13:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Aug 2018 15:13:06 +0200 (CEST) Subject: SUSE-SU-2018:2301-1: moderate: Security update for wireshark Message-ID: <20180810131306.677A8FD35@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2301-1 Rating: moderate References: #1101776 #1101777 #1101786 #1101788 #1101791 #1101794 #1101800 #1101802 #1101804 #1101810 Cross-References: CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Security issues fixed: - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) Bug fixes: - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.8.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1539=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1539=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.8-3.6.1 wireshark-debugsource-2.4.8-3.6.1 wireshark-devel-2.4.8-3.6.1 wireshark-ui-qt-2.4.8-3.6.1 wireshark-ui-qt-debuginfo-2.4.8-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.8-3.6.1 libwireshark9-debuginfo-2.4.8-3.6.1 libwiretap7-2.4.8-3.6.1 libwiretap7-debuginfo-2.4.8-3.6.1 libwscodecs1-2.4.8-3.6.1 libwscodecs1-debuginfo-2.4.8-3.6.1 libwsutil8-2.4.8-3.6.1 libwsutil8-debuginfo-2.4.8-3.6.1 wireshark-2.4.8-3.6.1 wireshark-debuginfo-2.4.8-3.6.1 wireshark-debugsource-2.4.8-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-14339.html https://www.suse.com/security/cve/CVE-2018-14340.html https://www.suse.com/security/cve/CVE-2018-14341.html https://www.suse.com/security/cve/CVE-2018-14342.html https://www.suse.com/security/cve/CVE-2018-14343.html https://www.suse.com/security/cve/CVE-2018-14344.html https://www.suse.com/security/cve/CVE-2018-14367.html https://www.suse.com/security/cve/CVE-2018-14368.html https://www.suse.com/security/cve/CVE-2018-14369.html https://www.suse.com/security/cve/CVE-2018-14370.html https://bugzilla.suse.com/1101776 https://bugzilla.suse.com/1101777 https://bugzilla.suse.com/1101786 https://bugzilla.suse.com/1101788 https://bugzilla.suse.com/1101791 https://bugzilla.suse.com/1101794 https://bugzilla.suse.com/1101800 https://bugzilla.suse.com/1101802 https://bugzilla.suse.com/1101804 https://bugzilla.suse.com/1101810 From sle-security-updates at lists.suse.com Fri Aug 10 13:07:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Aug 2018 21:07:28 +0200 (CEST) Subject: SUSE-SU-2018:2302-1: important: Security update for glibc Message-ID: <20180810190728.B6838FD84@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2302-1 Rating: important References: #1077763 #1079625 #1086690 #1094161 Cross-References: CVE-2018-11236 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161). Bug fixes: - bsc#1086690: Fix crash in resolver on memory allocation failure. - bsc#1077763: Fix allocation in in6ailist_add. - bsc#1079625: Fix allocation in nss_compat for large number of memberships to a group. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-13721=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-13721=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-glibc-13721=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-glibc-13721=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-13721=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-13721=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.110.14.1 glibc-info-2.11.3-17.110.14.1 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.110.14.1 glibc-devel-2.11.3-17.110.14.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.110.14.1 glibc-i18ndata-2.11.3-17.110.14.1 glibc-info-2.11.3-17.110.14.1 glibc-locale-2.11.3-17.110.14.1 glibc-profile-2.11.3-17.110.14.1 nscd-2.11.3-17.110.14.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.110.14.1 glibc-devel-32bit-2.11.3-17.110.14.1 glibc-locale-32bit-2.11.3-17.110.14.1 glibc-profile-32bit-2.11.3-17.110.14.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.110.14.1 glibc-profile-x86-2.11.3-17.110.14.1 glibc-x86-2.11.3-17.110.14.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.110.14.1 glibc-devel-2.11.3-17.110.14.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.110.14.1 glibc-i18ndata-2.11.3-17.110.14.1 glibc-info-2.11.3-17.110.14.1 glibc-locale-2.11.3-17.110.14.1 glibc-profile-2.11.3-17.110.14.1 nscd-2.11.3-17.110.14.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): glibc-32bit-2.11.3-17.110.14.1 glibc-devel-32bit-2.11.3-17.110.14.1 glibc-locale-32bit-2.11.3-17.110.14.1 glibc-profile-32bit-2.11.3-17.110.14.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 i686): glibc-2.11.3-17.110.14.1 glibc-devel-2.11.3-17.110.14.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): glibc-html-2.11.3-17.110.14.1 glibc-i18ndata-2.11.3-17.110.14.1 glibc-info-2.11.3-17.110.14.1 glibc-locale-2.11.3-17.110.14.1 glibc-profile-2.11.3-17.110.14.1 nscd-2.11.3-17.110.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.110.14.1 glibc-debugsource-2.11.3-17.110.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): glibc-debuginfo-x86-2.11.3-17.110.14.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 s390x x86_64): glibc-debuginfo-2.11.3-17.110.14.1 glibc-debugsource-2.11.3-17.110.14.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.14.1 References: https://www.suse.com/security/cve/CVE-2018-11236.html https://bugzilla.suse.com/1077763 https://bugzilla.suse.com/1079625 https://bugzilla.suse.com/1086690 https://bugzilla.suse.com/1094161 From sle-security-updates at lists.suse.com Fri Aug 10 19:07:27 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 11 Aug 2018 03:07:27 +0200 (CEST) Subject: SUSE-SU-2018:2304-1: moderate: Security update for libvirt Message-ID: <20180811010727.4DB02FD35@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2304-1 Rating: moderate References: #1074014 #1076861 #1079150 #1087416 #1092885 #1094325 #1094480 #1094725 #1095556 #959329 Cross-References: CVE-2018-3639 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: This update for libvirt fixes the following issues: Security issue fixed: - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka "Memory Disambiguation" (bsc#1092885). Bug fixes: - bsc#1094325: Enable virsh blockresize for XEN guests (FATE#325467). - bsc#1095556: Fix qemu VM creating with --boot uefi due to missing AppArmor profile. - bsc#1094725: Fix `virsh blockresize` to work with Xen qdisks. - bsc#1094480: Fix `virsh list` to list domains with `xl list`. - bsc#1087416: Fix missing video device within guest with default installation by virt-mamanger. - bsc#1079150: Fix libvirt-guests start dependency. - bsc#1076861: Fix locking of lockspace resource '/devcfs/disks/uatidmsvn1-xvda'. - bsc#1074014: Fix KVM live migration when shutting down cluster node. - bsc#959329: Fix wrong state of VMs in virtual manager. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1545=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1545=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1545=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-3.3.0-5.22.1 libvirt-devel-3.3.0-5.22.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-3.3.0-5.22.1 libvirt-admin-3.3.0-5.22.1 libvirt-admin-debuginfo-3.3.0-5.22.1 libvirt-client-3.3.0-5.22.1 libvirt-client-debuginfo-3.3.0-5.22.1 libvirt-daemon-3.3.0-5.22.1 libvirt-daemon-config-network-3.3.0-5.22.1 libvirt-daemon-config-nwfilter-3.3.0-5.22.1 libvirt-daemon-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-interface-3.3.0-5.22.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-lxc-3.3.0-5.22.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-network-3.3.0-5.22.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-nodedev-3.3.0-5.22.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-nwfilter-3.3.0-5.22.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-qemu-3.3.0-5.22.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-secret-3.3.0-5.22.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-storage-3.3.0-5.22.1 libvirt-daemon-driver-storage-core-3.3.0-5.22.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-storage-disk-3.3.0-5.22.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.22.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-storage-logical-3.3.0-5.22.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.22.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.22.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.22.1 libvirt-daemon-hooks-3.3.0-5.22.1 libvirt-daemon-lxc-3.3.0-5.22.1 libvirt-daemon-qemu-3.3.0-5.22.1 libvirt-debugsource-3.3.0-5.22.1 libvirt-doc-3.3.0-5.22.1 libvirt-libs-3.3.0-5.22.1 libvirt-libs-debuginfo-3.3.0-5.22.1 libvirt-lock-sanlock-3.3.0-5.22.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.22.1 libvirt-nss-3.3.0-5.22.1 libvirt-nss-debuginfo-3.3.0-5.22.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-3.3.0-5.22.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.22.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.22.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.22.1 libvirt-daemon-xen-3.3.0-5.22.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvirt-3.3.0-5.22.1 libvirt-admin-3.3.0-5.22.1 libvirt-admin-debuginfo-3.3.0-5.22.1 libvirt-client-3.3.0-5.22.1 libvirt-client-debuginfo-3.3.0-5.22.1 libvirt-daemon-3.3.0-5.22.1 libvirt-daemon-config-network-3.3.0-5.22.1 libvirt-daemon-config-nwfilter-3.3.0-5.22.1 libvirt-daemon-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-interface-3.3.0-5.22.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-libxl-3.3.0-5.22.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-lxc-3.3.0-5.22.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-network-3.3.0-5.22.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-nodedev-3.3.0-5.22.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-nwfilter-3.3.0-5.22.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-qemu-3.3.0-5.22.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-secret-3.3.0-5.22.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-storage-3.3.0-5.22.1 libvirt-daemon-driver-storage-core-3.3.0-5.22.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-storage-disk-3.3.0-5.22.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.22.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-storage-logical-3.3.0-5.22.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.22.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.22.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.22.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.22.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.22.1 libvirt-daemon-lxc-3.3.0-5.22.1 libvirt-daemon-qemu-3.3.0-5.22.1 libvirt-daemon-xen-3.3.0-5.22.1 libvirt-debugsource-3.3.0-5.22.1 libvirt-doc-3.3.0-5.22.1 libvirt-libs-3.3.0-5.22.1 libvirt-libs-debuginfo-3.3.0-5.22.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1074014 https://bugzilla.suse.com/1076861 https://bugzilla.suse.com/1079150 https://bugzilla.suse.com/1087416 https://bugzilla.suse.com/1092885 https://bugzilla.suse.com/1094325 https://bugzilla.suse.com/1094480 https://bugzilla.suse.com/1094725 https://bugzilla.suse.com/1095556 https://bugzilla.suse.com/959329 From sle-security-updates at lists.suse.com Fri Aug 10 19:09:47 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 11 Aug 2018 03:09:47 +0200 (CEST) Subject: SUSE-SU-2018:2305-1: moderate: Security update for ffmpeg Message-ID: <20180811010947.C1FA3FD35@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2305-1 Rating: moderate References: #1100356 #1102687 #1102688 #1102689 #1102899 Cross-References: CVE-2018-13302 CVE-2018-1999010 CVE-2018-1999011 CVE-2018-1999012 CVE-2018-1999013 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for ffmpeg fixes the following issues: Security issues fixed: - CVE-2018-13302: Fixed out of array access issue (bsc#1100356). - CVE-2018-1999010: Fixed multiple out of array access vulnerabilities in the mms protocol that could result in accessing out of bound data via specially crafted input files (bnc#1102899) - CVE-2018-1999011: Fixed a heap buffer overflow in asf_o format demuxer that could result in remote code execution (bnc#1102689) - CVE-2018-1999012: Fixed an infinite loop vulnerability in pva format demuxer that could result in excessive amount of ressource allocation like CPU an RAM (CVE-2018-1999012 bnc#1102688). - CVE-2018-1999013: Fixed an use-after-free vulnerability in the realmedia demuxer that could allow remote attackers to read heap memory (bnc#1102687) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-1544=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1544=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): ffmpeg-debuginfo-3.4.2-4.5.1 ffmpeg-debugsource-3.4.2-4.5.1 libavcodec-devel-3.4.2-4.5.1 libavformat-devel-3.4.2-4.5.1 libavformat57-3.4.2-4.5.1 libavformat57-debuginfo-3.4.2-4.5.1 libavresample-devel-3.4.2-4.5.1 libavresample3-3.4.2-4.5.1 libavresample3-debuginfo-3.4.2-4.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ffmpeg-debuginfo-3.4.2-4.5.1 ffmpeg-debugsource-3.4.2-4.5.1 libavcodec57-3.4.2-4.5.1 libavcodec57-debuginfo-3.4.2-4.5.1 libavutil-devel-3.4.2-4.5.1 libavutil55-3.4.2-4.5.1 libavutil55-debuginfo-3.4.2-4.5.1 libpostproc-devel-3.4.2-4.5.1 libpostproc54-3.4.2-4.5.1 libpostproc54-debuginfo-3.4.2-4.5.1 libswresample-devel-3.4.2-4.5.1 libswresample2-3.4.2-4.5.1 libswresample2-debuginfo-3.4.2-4.5.1 libswscale-devel-3.4.2-4.5.1 libswscale4-3.4.2-4.5.1 libswscale4-debuginfo-3.4.2-4.5.1 References: https://www.suse.com/security/cve/CVE-2018-13302.html https://www.suse.com/security/cve/CVE-2018-1999010.html https://www.suse.com/security/cve/CVE-2018-1999011.html https://www.suse.com/security/cve/CVE-2018-1999012.html https://www.suse.com/security/cve/CVE-2018-1999013.html https://bugzilla.suse.com/1100356 https://bugzilla.suse.com/1102687 https://bugzilla.suse.com/1102688 https://bugzilla.suse.com/1102689 https://bugzilla.suse.com/1102899 From sle-security-updates at lists.suse.com Tue Aug 14 04:11:01 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Aug 2018 12:11:01 +0200 (CEST) Subject: SUSE-SU-2018:2317-1: moderate: Security update for grafana, kafka, logstash, openstack-monasca-installer Message-ID: <20180814101101.81CE3FD35@maintenance.suse.de> SUSE Security Update: Security update for grafana, kafka, logstash, openstack-monasca-installer ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2317-1 Rating: moderate References: #1090336 #1090849 #1094448 #1095603 #1096985 #1097847 #1101366 Cross-References: CVE-2018-12099 CVE-2018-3817 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has 5 fixes is now available. Description: This update for grafana, kafka, logstash, openstack-monasca-installer fixes the following issues: Security issues fixed: - CVE-2018-12099: grafana: Fix XSS vulnerabilities in dashboard links (bsc#1096985). - CVE-2018-3817: logstash: Fix inadvertently logging of sensitive information (bsc#1090849). Bug fixes: - bsc#1095603: Disable jmxremote debugging. - bsc#1097847: Make time series database schema setup conditional. - bsc#1094448: Set log rotation options. - bsc#1090336: Add complete set of elasticsearch performance tunables. - bsc#1101366: Fix build issues with s390x, ppc64le and aarch64. - Fix various spec errors affecting Leap 15 and Tumbleweed Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1553=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1553=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1553=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-monasca-installer-20180622_15.06-3.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): grafana-4.5.1-4.3.1 grafana-debuginfo-4.5.1-4.3.1 grafana-debugsource-4.5.1-4.3.1 kafka-0.9.0.1-5.3.1 logstash-2.4.1-5.4.1 - SUSE OpenStack Cloud 8 (noarch): openstack-monasca-installer-20180622_15.06-3.6.1 - SUSE OpenStack Cloud 8 (x86_64): grafana-4.5.1-4.3.1 grafana-debuginfo-4.5.1-4.3.1 grafana-debugsource-4.5.1-4.3.1 kafka-0.9.0.1-5.3.1 logstash-2.4.1-5.4.1 - HPE Helion Openstack 8 (noarch): openstack-monasca-installer-20180622_15.06-3.6.1 - HPE Helion Openstack 8 (x86_64): grafana-4.5.1-4.3.1 grafana-debuginfo-4.5.1-4.3.1 grafana-debugsource-4.5.1-4.3.1 kafka-0.9.0.1-5.3.1 logstash-2.4.1-5.4.1 References: https://www.suse.com/security/cve/CVE-2018-12099.html https://www.suse.com/security/cve/CVE-2018-3817.html https://bugzilla.suse.com/1090336 https://bugzilla.suse.com/1090849 https://bugzilla.suse.com/1094448 https://bugzilla.suse.com/1095603 https://bugzilla.suse.com/1096985 https://bugzilla.suse.com/1097847 https://bugzilla.suse.com/1101366 From sle-security-updates at lists.suse.com Tue Aug 14 07:07:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Aug 2018 15:07:45 +0200 (CEST) Subject: SUSE-SU-2018:2318-1: important: Security update for samba Message-ID: <20180814130745.05A5AFD35@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2318-1 Rating: important References: #1095048 #1095056 #1095057 #1103411 #1103414 Cross-References: CVE-2018-10858 CVE-2018-10918 CVE-2018-10919 CVE-2018-1139 CVE-2018-1140 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for samba fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn't allow it; (bsc#1095048) - CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes; (bsc#1095056) - CVE-2018-10919: Confidential attribute disclosure via substring search; (bsc#1095057) - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow; (bsc#1103411) - CVE-2018-10918: Fix NULL ptr dereference in DsCrackNames on a user without a SPN; (bsc#1103414) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1555=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-1555=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc-binding0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc-samr-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc-samr0-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc-samr0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc0-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-krb5pac-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-krb5pac0-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-krb5pac0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-nbt-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-nbt0-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-nbt0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-standard-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-standard0-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-standard0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr0-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libnetapi-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libnetapi0-4.7.8+git.86.94b6d10f7dd-4.15.1 libnetapi0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-credentials-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-credentials0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-credentials0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-errors-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-errors0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-errors0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-hostconfig-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-hostconfig0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-hostconfig0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-passdb-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-passdb0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-passdb0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-policy-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-policy0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-util-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-util0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-util0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamdb-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamdb0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamdb0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbclient-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbclient0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbclient0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbconf-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbconf0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbconf0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbldap-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbldap2-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbldap2-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libtevent-util-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libtevent-util0-4.7.8+git.86.94b6d10f7dd-4.15.1 libtevent-util0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libwbclient-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libwbclient0-4.7.8+git.86.94b6d10f7dd-4.15.1 libwbclient0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-client-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-client-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-core-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-debugsource-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-libs-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-libs-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-winbind-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-winbind-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ctdb-4.7.8+git.86.94b6d10f7dd-4.15.1 ctdb-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-debugsource-4.7.8+git.86.94b6d10f7dd-4.15.1 References: https://www.suse.com/security/cve/CVE-2018-10858.html https://www.suse.com/security/cve/CVE-2018-10918.html https://www.suse.com/security/cve/CVE-2018-10919.html https://www.suse.com/security/cve/CVE-2018-1139.html https://www.suse.com/security/cve/CVE-2018-1140.html https://bugzilla.suse.com/1095048 https://bugzilla.suse.com/1095056 https://bugzilla.suse.com/1095057 https://bugzilla.suse.com/1103411 https://bugzilla.suse.com/1103414 From sle-security-updates at lists.suse.com Tue Aug 14 07:08:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Aug 2018 15:08:58 +0200 (CEST) Subject: SUSE-SU-2018:2319-1: important: Security update for samba Message-ID: <20180814130858.69B17FD35@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2319-1 Rating: important References: #1067700 #1068059 #1087303 #1103411 Cross-References: CVE-2018-10858 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for samba fixes the following issues: The following security vulnerability was fixed: - CVE-2018-10858: Fixed insufficient input validation on client directory listing in libsmbclient; (bsc#1103411); The following other change was made: - s3: winbind: Fix 'winbind normalize names' in wb_getpwsid(); - winbind: honor "winbind use default domain" with empty domain (bsc#1087303) - winbind: do not modify credentials in NTLM passthru (bsc#1068059) - net: fix net ads keytab handling (bsc#1067700) - fix vfs_ceph flock stub Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1554=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1554=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1554=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1554=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-1554=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libndr-devel-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-krb5pac-devel-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-nbt-devel-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-standard-devel-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-util-devel-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbclient-devel-4.6.14+git.157.c2d53c2b191-3.29.1 libwbclient-devel-4.6.14+git.157.c2d53c2b191-3.29.1 samba-core-devel-4.6.14+git.157.c2d53c2b191-3.29.1 samba-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-debugsource-4.6.14+git.157.c2d53c2b191-3.29.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.14+git.157.c2d53c2b191-3.29.1 libdcerpc-binding0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libdcerpc0-4.6.14+git.157.c2d53c2b191-3.29.1 libdcerpc0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-krb5pac0-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-krb5pac0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-nbt0-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-nbt0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-standard0-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-standard0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libndr0-4.6.14+git.157.c2d53c2b191-3.29.1 libndr0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libnetapi0-4.6.14+git.157.c2d53c2b191-3.29.1 libnetapi0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-credentials0-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-credentials0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-errors0-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-errors0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-hostconfig0-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-hostconfig0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-passdb0-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-passdb0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-util0-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-util0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsamdb0-4.6.14+git.157.c2d53c2b191-3.29.1 libsamdb0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbclient0-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbclient0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbconf0-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbconf0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbldap0-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbldap0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libtevent-util0-4.6.14+git.157.c2d53c2b191-3.29.1 libtevent-util0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libwbclient0-4.6.14+git.157.c2d53c2b191-3.29.1 libwbclient0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-4.6.14+git.157.c2d53c2b191-3.29.1 samba-client-4.6.14+git.157.c2d53c2b191-3.29.1 samba-client-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-debugsource-4.6.14+git.157.c2d53c2b191-3.29.1 samba-libs-4.6.14+git.157.c2d53c2b191-3.29.1 samba-libs-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-winbind-4.6.14+git.157.c2d53c2b191-3.29.1 samba-winbind-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libdcerpc-binding0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libdcerpc-binding0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libdcerpc0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libdcerpc0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-krb5pac0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-krb5pac0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-nbt0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-nbt0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-standard0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-standard0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libnetapi0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libnetapi0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-credentials0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-credentials0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-errors0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-errors0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-hostconfig0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-passdb0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-passdb0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-util0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-util0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamdb0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamdb0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbclient0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbclient0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbconf0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbconf0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbldap0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbldap0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libtevent-util0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libtevent-util0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libwbclient0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libwbclient0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 samba-client-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 samba-client-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 samba-libs-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 samba-libs-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 samba-winbind-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 samba-winbind-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): samba-doc-4.6.14+git.157.c2d53c2b191-3.29.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.14+git.157.c2d53c2b191-3.29.1 ctdb-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-debugsource-4.6.14+git.157.c2d53c2b191-3.29.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libdcerpc-binding0-4.6.14+git.157.c2d53c2b191-3.29.1 libdcerpc-binding0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libdcerpc-binding0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libdcerpc0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libdcerpc0-4.6.14+git.157.c2d53c2b191-3.29.1 libdcerpc0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libdcerpc0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-krb5pac0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-krb5pac0-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-krb5pac0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-krb5pac0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-nbt0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-nbt0-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-nbt0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-nbt0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-standard0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-standard0-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-standard0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr-standard0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libndr0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr0-4.6.14+git.157.c2d53c2b191-3.29.1 libndr0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libndr0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libnetapi0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libnetapi0-4.6.14+git.157.c2d53c2b191-3.29.1 libnetapi0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libnetapi0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-credentials0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-credentials0-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-credentials0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-credentials0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-errors0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-errors0-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-errors0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-errors0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-hostconfig0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-hostconfig0-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-hostconfig0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-passdb0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-passdb0-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-passdb0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-passdb0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-util0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-util0-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-util0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamba-util0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsamdb0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamdb0-4.6.14+git.157.c2d53c2b191-3.29.1 libsamdb0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsamdb0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbclient0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbclient0-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbclient0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbclient0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbconf0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbconf0-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbconf0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbconf0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbldap0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbldap0-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbldap0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libsmbldap0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libtevent-util0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libtevent-util0-4.6.14+git.157.c2d53c2b191-3.29.1 libtevent-util0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libtevent-util0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 libwbclient0-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libwbclient0-4.6.14+git.157.c2d53c2b191-3.29.1 libwbclient0-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 libwbclient0-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-4.6.14+git.157.c2d53c2b191-3.29.1 samba-client-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 samba-client-4.6.14+git.157.c2d53c2b191-3.29.1 samba-client-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 samba-client-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-debugsource-4.6.14+git.157.c2d53c2b191-3.29.1 samba-libs-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 samba-libs-4.6.14+git.157.c2d53c2b191-3.29.1 samba-libs-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 samba-libs-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-winbind-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 samba-winbind-4.6.14+git.157.c2d53c2b191-3.29.1 samba-winbind-debuginfo-32bit-4.6.14+git.157.c2d53c2b191-3.29.1 samba-winbind-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): samba-doc-4.6.14+git.157.c2d53c2b191-3.29.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ctdb-4.6.14+git.157.c2d53c2b191-3.29.1 ctdb-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-ceph-4.6.14+git.157.c2d53c2b191-3.29.1 samba-ceph-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-debuginfo-4.6.14+git.157.c2d53c2b191-3.29.1 samba-debugsource-4.6.14+git.157.c2d53c2b191-3.29.1 References: https://www.suse.com/security/cve/CVE-2018-10858.html https://bugzilla.suse.com/1067700 https://bugzilla.suse.com/1068059 https://bugzilla.suse.com/1087303 https://bugzilla.suse.com/1103411 From sle-security-updates at lists.suse.com Tue Aug 14 10:07:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Aug 2018 18:07:48 +0200 (CEST) Subject: SUSE-SU-2018:2320-1: important: Security update for samba Message-ID: <20180814160748.78E29FD48@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2320-1 Rating: important References: #1054849 #1103411 Cross-References: CVE-2018-10858 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise High Availability 12-SP2 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for samba fixes the following issues: The following security vulnerability was fixed: - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) The following other bugs were fixed: - Fix libnss_wins.so.2 link libreplace with rpath (bsc#1054849) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1557=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1557=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1557=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2018-1557=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1557=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.20.1 libdcerpc-binding0-4.4.2-38.20.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.20.1 libdcerpc-binding0-debuginfo-4.4.2-38.20.1 libdcerpc0-32bit-4.4.2-38.20.1 libdcerpc0-4.4.2-38.20.1 libdcerpc0-debuginfo-32bit-4.4.2-38.20.1 libdcerpc0-debuginfo-4.4.2-38.20.1 libndr-krb5pac0-32bit-4.4.2-38.20.1 libndr-krb5pac0-4.4.2-38.20.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.20.1 libndr-krb5pac0-debuginfo-4.4.2-38.20.1 libndr-nbt0-32bit-4.4.2-38.20.1 libndr-nbt0-4.4.2-38.20.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.20.1 libndr-nbt0-debuginfo-4.4.2-38.20.1 libndr-standard0-32bit-4.4.2-38.20.1 libndr-standard0-4.4.2-38.20.1 libndr-standard0-debuginfo-32bit-4.4.2-38.20.1 libndr-standard0-debuginfo-4.4.2-38.20.1 libndr0-32bit-4.4.2-38.20.1 libndr0-4.4.2-38.20.1 libndr0-debuginfo-32bit-4.4.2-38.20.1 libndr0-debuginfo-4.4.2-38.20.1 libnetapi0-32bit-4.4.2-38.20.1 libnetapi0-4.4.2-38.20.1 libnetapi0-debuginfo-32bit-4.4.2-38.20.1 libnetapi0-debuginfo-4.4.2-38.20.1 libsamba-credentials0-32bit-4.4.2-38.20.1 libsamba-credentials0-4.4.2-38.20.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.20.1 libsamba-credentials0-debuginfo-4.4.2-38.20.1 libsamba-errors0-32bit-4.4.2-38.20.1 libsamba-errors0-4.4.2-38.20.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.20.1 libsamba-errors0-debuginfo-4.4.2-38.20.1 libsamba-hostconfig0-32bit-4.4.2-38.20.1 libsamba-hostconfig0-4.4.2-38.20.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.20.1 libsamba-hostconfig0-debuginfo-4.4.2-38.20.1 libsamba-passdb0-32bit-4.4.2-38.20.1 libsamba-passdb0-4.4.2-38.20.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.20.1 libsamba-passdb0-debuginfo-4.4.2-38.20.1 libsamba-util0-32bit-4.4.2-38.20.1 libsamba-util0-4.4.2-38.20.1 libsamba-util0-debuginfo-32bit-4.4.2-38.20.1 libsamba-util0-debuginfo-4.4.2-38.20.1 libsamdb0-32bit-4.4.2-38.20.1 libsamdb0-4.4.2-38.20.1 libsamdb0-debuginfo-32bit-4.4.2-38.20.1 libsamdb0-debuginfo-4.4.2-38.20.1 libsmbclient0-32bit-4.4.2-38.20.1 libsmbclient0-4.4.2-38.20.1 libsmbclient0-debuginfo-32bit-4.4.2-38.20.1 libsmbclient0-debuginfo-4.4.2-38.20.1 libsmbconf0-32bit-4.4.2-38.20.1 libsmbconf0-4.4.2-38.20.1 libsmbconf0-debuginfo-32bit-4.4.2-38.20.1 libsmbconf0-debuginfo-4.4.2-38.20.1 libsmbldap0-32bit-4.4.2-38.20.1 libsmbldap0-4.4.2-38.20.1 libsmbldap0-debuginfo-32bit-4.4.2-38.20.1 libsmbldap0-debuginfo-4.4.2-38.20.1 libtevent-util0-32bit-4.4.2-38.20.1 libtevent-util0-4.4.2-38.20.1 libtevent-util0-debuginfo-32bit-4.4.2-38.20.1 libtevent-util0-debuginfo-4.4.2-38.20.1 libwbclient0-32bit-4.4.2-38.20.1 libwbclient0-4.4.2-38.20.1 libwbclient0-debuginfo-32bit-4.4.2-38.20.1 libwbclient0-debuginfo-4.4.2-38.20.1 samba-4.4.2-38.20.1 samba-client-32bit-4.4.2-38.20.1 samba-client-4.4.2-38.20.1 samba-client-debuginfo-32bit-4.4.2-38.20.1 samba-client-debuginfo-4.4.2-38.20.1 samba-debuginfo-4.4.2-38.20.1 samba-debugsource-4.4.2-38.20.1 samba-libs-32bit-4.4.2-38.20.1 samba-libs-4.4.2-38.20.1 samba-libs-debuginfo-32bit-4.4.2-38.20.1 samba-libs-debuginfo-4.4.2-38.20.1 samba-winbind-32bit-4.4.2-38.20.1 samba-winbind-4.4.2-38.20.1 samba-winbind-debuginfo-32bit-4.4.2-38.20.1 samba-winbind-debuginfo-4.4.2-38.20.1 - SUSE OpenStack Cloud 7 (noarch): samba-doc-4.4.2-38.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libdcerpc-binding0-4.4.2-38.20.1 libdcerpc-binding0-debuginfo-4.4.2-38.20.1 libdcerpc0-4.4.2-38.20.1 libdcerpc0-debuginfo-4.4.2-38.20.1 libndr-krb5pac0-4.4.2-38.20.1 libndr-krb5pac0-debuginfo-4.4.2-38.20.1 libndr-nbt0-4.4.2-38.20.1 libndr-nbt0-debuginfo-4.4.2-38.20.1 libndr-standard0-4.4.2-38.20.1 libndr-standard0-debuginfo-4.4.2-38.20.1 libndr0-4.4.2-38.20.1 libndr0-debuginfo-4.4.2-38.20.1 libnetapi0-4.4.2-38.20.1 libnetapi0-debuginfo-4.4.2-38.20.1 libsamba-credentials0-4.4.2-38.20.1 libsamba-credentials0-debuginfo-4.4.2-38.20.1 libsamba-errors0-4.4.2-38.20.1 libsamba-errors0-debuginfo-4.4.2-38.20.1 libsamba-hostconfig0-4.4.2-38.20.1 libsamba-hostconfig0-debuginfo-4.4.2-38.20.1 libsamba-passdb0-4.4.2-38.20.1 libsamba-passdb0-debuginfo-4.4.2-38.20.1 libsamba-util0-4.4.2-38.20.1 libsamba-util0-debuginfo-4.4.2-38.20.1 libsamdb0-4.4.2-38.20.1 libsamdb0-debuginfo-4.4.2-38.20.1 libsmbclient0-4.4.2-38.20.1 libsmbclient0-debuginfo-4.4.2-38.20.1 libsmbconf0-4.4.2-38.20.1 libsmbconf0-debuginfo-4.4.2-38.20.1 libsmbldap0-4.4.2-38.20.1 libsmbldap0-debuginfo-4.4.2-38.20.1 libtevent-util0-4.4.2-38.20.1 libtevent-util0-debuginfo-4.4.2-38.20.1 libwbclient0-4.4.2-38.20.1 libwbclient0-debuginfo-4.4.2-38.20.1 samba-4.4.2-38.20.1 samba-client-4.4.2-38.20.1 samba-client-debuginfo-4.4.2-38.20.1 samba-debuginfo-4.4.2-38.20.1 samba-debugsource-4.4.2-38.20.1 samba-libs-4.4.2-38.20.1 samba-libs-debuginfo-4.4.2-38.20.1 samba-winbind-4.4.2-38.20.1 samba-winbind-debuginfo-4.4.2-38.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.20.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.20.1 libdcerpc0-32bit-4.4.2-38.20.1 libdcerpc0-debuginfo-32bit-4.4.2-38.20.1 libndr-krb5pac0-32bit-4.4.2-38.20.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.20.1 libndr-nbt0-32bit-4.4.2-38.20.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.20.1 libndr-standard0-32bit-4.4.2-38.20.1 libndr-standard0-debuginfo-32bit-4.4.2-38.20.1 libndr0-32bit-4.4.2-38.20.1 libndr0-debuginfo-32bit-4.4.2-38.20.1 libnetapi0-32bit-4.4.2-38.20.1 libnetapi0-debuginfo-32bit-4.4.2-38.20.1 libsamba-credentials0-32bit-4.4.2-38.20.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.20.1 libsamba-errors0-32bit-4.4.2-38.20.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.20.1 libsamba-hostconfig0-32bit-4.4.2-38.20.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.20.1 libsamba-passdb0-32bit-4.4.2-38.20.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.20.1 libsamba-util0-32bit-4.4.2-38.20.1 libsamba-util0-debuginfo-32bit-4.4.2-38.20.1 libsamdb0-32bit-4.4.2-38.20.1 libsamdb0-debuginfo-32bit-4.4.2-38.20.1 libsmbclient0-32bit-4.4.2-38.20.1 libsmbclient0-debuginfo-32bit-4.4.2-38.20.1 libsmbconf0-32bit-4.4.2-38.20.1 libsmbconf0-debuginfo-32bit-4.4.2-38.20.1 libsmbldap0-32bit-4.4.2-38.20.1 libsmbldap0-debuginfo-32bit-4.4.2-38.20.1 libtevent-util0-32bit-4.4.2-38.20.1 libtevent-util0-debuginfo-32bit-4.4.2-38.20.1 libwbclient0-32bit-4.4.2-38.20.1 libwbclient0-debuginfo-32bit-4.4.2-38.20.1 samba-client-32bit-4.4.2-38.20.1 samba-client-debuginfo-32bit-4.4.2-38.20.1 samba-libs-32bit-4.4.2-38.20.1 samba-libs-debuginfo-32bit-4.4.2-38.20.1 samba-winbind-32bit-4.4.2-38.20.1 samba-winbind-debuginfo-32bit-4.4.2-38.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): samba-doc-4.4.2-38.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libdcerpc-binding0-4.4.2-38.20.1 libdcerpc-binding0-debuginfo-4.4.2-38.20.1 libdcerpc0-4.4.2-38.20.1 libdcerpc0-debuginfo-4.4.2-38.20.1 libndr-krb5pac0-4.4.2-38.20.1 libndr-krb5pac0-debuginfo-4.4.2-38.20.1 libndr-nbt0-4.4.2-38.20.1 libndr-nbt0-debuginfo-4.4.2-38.20.1 libndr-standard0-4.4.2-38.20.1 libndr-standard0-debuginfo-4.4.2-38.20.1 libndr0-4.4.2-38.20.1 libndr0-debuginfo-4.4.2-38.20.1 libnetapi0-4.4.2-38.20.1 libnetapi0-debuginfo-4.4.2-38.20.1 libsamba-credentials0-4.4.2-38.20.1 libsamba-credentials0-debuginfo-4.4.2-38.20.1 libsamba-errors0-4.4.2-38.20.1 libsamba-errors0-debuginfo-4.4.2-38.20.1 libsamba-hostconfig0-4.4.2-38.20.1 libsamba-hostconfig0-debuginfo-4.4.2-38.20.1 libsamba-passdb0-4.4.2-38.20.1 libsamba-passdb0-debuginfo-4.4.2-38.20.1 libsamba-util0-4.4.2-38.20.1 libsamba-util0-debuginfo-4.4.2-38.20.1 libsamdb0-4.4.2-38.20.1 libsamdb0-debuginfo-4.4.2-38.20.1 libsmbclient0-4.4.2-38.20.1 libsmbclient0-debuginfo-4.4.2-38.20.1 libsmbconf0-4.4.2-38.20.1 libsmbconf0-debuginfo-4.4.2-38.20.1 libsmbldap0-4.4.2-38.20.1 libsmbldap0-debuginfo-4.4.2-38.20.1 libtevent-util0-4.4.2-38.20.1 libtevent-util0-debuginfo-4.4.2-38.20.1 libwbclient0-4.4.2-38.20.1 libwbclient0-debuginfo-4.4.2-38.20.1 samba-4.4.2-38.20.1 samba-client-4.4.2-38.20.1 samba-client-debuginfo-4.4.2-38.20.1 samba-debuginfo-4.4.2-38.20.1 samba-debugsource-4.4.2-38.20.1 samba-libs-4.4.2-38.20.1 samba-libs-debuginfo-4.4.2-38.20.1 samba-winbind-4.4.2-38.20.1 samba-winbind-debuginfo-4.4.2-38.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.20.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.20.1 libdcerpc0-32bit-4.4.2-38.20.1 libdcerpc0-debuginfo-32bit-4.4.2-38.20.1 libndr-krb5pac0-32bit-4.4.2-38.20.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.20.1 libndr-nbt0-32bit-4.4.2-38.20.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.20.1 libndr-standard0-32bit-4.4.2-38.20.1 libndr-standard0-debuginfo-32bit-4.4.2-38.20.1 libndr0-32bit-4.4.2-38.20.1 libndr0-debuginfo-32bit-4.4.2-38.20.1 libnetapi0-32bit-4.4.2-38.20.1 libnetapi0-debuginfo-32bit-4.4.2-38.20.1 libsamba-credentials0-32bit-4.4.2-38.20.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.20.1 libsamba-errors0-32bit-4.4.2-38.20.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.20.1 libsamba-hostconfig0-32bit-4.4.2-38.20.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.20.1 libsamba-passdb0-32bit-4.4.2-38.20.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.20.1 libsamba-util0-32bit-4.4.2-38.20.1 libsamba-util0-debuginfo-32bit-4.4.2-38.20.1 libsamdb0-32bit-4.4.2-38.20.1 libsamdb0-debuginfo-32bit-4.4.2-38.20.1 libsmbclient0-32bit-4.4.2-38.20.1 libsmbclient0-debuginfo-32bit-4.4.2-38.20.1 libsmbconf0-32bit-4.4.2-38.20.1 libsmbconf0-debuginfo-32bit-4.4.2-38.20.1 libsmbldap0-32bit-4.4.2-38.20.1 libsmbldap0-debuginfo-32bit-4.4.2-38.20.1 libtevent-util0-32bit-4.4.2-38.20.1 libtevent-util0-debuginfo-32bit-4.4.2-38.20.1 libwbclient0-32bit-4.4.2-38.20.1 libwbclient0-debuginfo-32bit-4.4.2-38.20.1 samba-client-32bit-4.4.2-38.20.1 samba-client-debuginfo-32bit-4.4.2-38.20.1 samba-libs-32bit-4.4.2-38.20.1 samba-libs-debuginfo-32bit-4.4.2-38.20.1 samba-winbind-32bit-4.4.2-38.20.1 samba-winbind-debuginfo-32bit-4.4.2-38.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): samba-doc-4.4.2-38.20.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ctdb-4.4.2-38.20.1 ctdb-debuginfo-4.4.2-38.20.1 samba-debuginfo-4.4.2-38.20.1 samba-debugsource-4.4.2-38.20.1 - SUSE Enterprise Storage 4 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.20.1 libdcerpc-binding0-4.4.2-38.20.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.20.1 libdcerpc-binding0-debuginfo-4.4.2-38.20.1 libdcerpc0-32bit-4.4.2-38.20.1 libdcerpc0-4.4.2-38.20.1 libdcerpc0-debuginfo-32bit-4.4.2-38.20.1 libdcerpc0-debuginfo-4.4.2-38.20.1 libndr-krb5pac0-32bit-4.4.2-38.20.1 libndr-krb5pac0-4.4.2-38.20.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.20.1 libndr-krb5pac0-debuginfo-4.4.2-38.20.1 libndr-nbt0-32bit-4.4.2-38.20.1 libndr-nbt0-4.4.2-38.20.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.20.1 libndr-nbt0-debuginfo-4.4.2-38.20.1 libndr-standard0-32bit-4.4.2-38.20.1 libndr-standard0-4.4.2-38.20.1 libndr-standard0-debuginfo-32bit-4.4.2-38.20.1 libndr-standard0-debuginfo-4.4.2-38.20.1 libndr0-32bit-4.4.2-38.20.1 libndr0-4.4.2-38.20.1 libndr0-debuginfo-32bit-4.4.2-38.20.1 libndr0-debuginfo-4.4.2-38.20.1 libnetapi0-32bit-4.4.2-38.20.1 libnetapi0-4.4.2-38.20.1 libnetapi0-debuginfo-32bit-4.4.2-38.20.1 libnetapi0-debuginfo-4.4.2-38.20.1 libsamba-credentials0-32bit-4.4.2-38.20.1 libsamba-credentials0-4.4.2-38.20.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.20.1 libsamba-credentials0-debuginfo-4.4.2-38.20.1 libsamba-errors0-32bit-4.4.2-38.20.1 libsamba-errors0-4.4.2-38.20.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.20.1 libsamba-errors0-debuginfo-4.4.2-38.20.1 libsamba-hostconfig0-32bit-4.4.2-38.20.1 libsamba-hostconfig0-4.4.2-38.20.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.20.1 libsamba-hostconfig0-debuginfo-4.4.2-38.20.1 libsamba-passdb0-32bit-4.4.2-38.20.1 libsamba-passdb0-4.4.2-38.20.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.20.1 libsamba-passdb0-debuginfo-4.4.2-38.20.1 libsamba-util0-32bit-4.4.2-38.20.1 libsamba-util0-4.4.2-38.20.1 libsamba-util0-debuginfo-32bit-4.4.2-38.20.1 libsamba-util0-debuginfo-4.4.2-38.20.1 libsamdb0-32bit-4.4.2-38.20.1 libsamdb0-4.4.2-38.20.1 libsamdb0-debuginfo-32bit-4.4.2-38.20.1 libsamdb0-debuginfo-4.4.2-38.20.1 libsmbclient0-32bit-4.4.2-38.20.1 libsmbclient0-4.4.2-38.20.1 libsmbclient0-debuginfo-32bit-4.4.2-38.20.1 libsmbclient0-debuginfo-4.4.2-38.20.1 libsmbconf0-32bit-4.4.2-38.20.1 libsmbconf0-4.4.2-38.20.1 libsmbconf0-debuginfo-32bit-4.4.2-38.20.1 libsmbconf0-debuginfo-4.4.2-38.20.1 libsmbldap0-32bit-4.4.2-38.20.1 libsmbldap0-4.4.2-38.20.1 libsmbldap0-debuginfo-32bit-4.4.2-38.20.1 libsmbldap0-debuginfo-4.4.2-38.20.1 libtevent-util0-32bit-4.4.2-38.20.1 libtevent-util0-4.4.2-38.20.1 libtevent-util0-debuginfo-32bit-4.4.2-38.20.1 libtevent-util0-debuginfo-4.4.2-38.20.1 libwbclient0-32bit-4.4.2-38.20.1 libwbclient0-4.4.2-38.20.1 libwbclient0-debuginfo-32bit-4.4.2-38.20.1 libwbclient0-debuginfo-4.4.2-38.20.1 samba-4.4.2-38.20.1 samba-client-32bit-4.4.2-38.20.1 samba-client-4.4.2-38.20.1 samba-client-debuginfo-32bit-4.4.2-38.20.1 samba-client-debuginfo-4.4.2-38.20.1 samba-debuginfo-4.4.2-38.20.1 samba-debugsource-4.4.2-38.20.1 samba-libs-32bit-4.4.2-38.20.1 samba-libs-4.4.2-38.20.1 samba-libs-debuginfo-32bit-4.4.2-38.20.1 samba-libs-debuginfo-4.4.2-38.20.1 samba-winbind-32bit-4.4.2-38.20.1 samba-winbind-4.4.2-38.20.1 samba-winbind-debuginfo-32bit-4.4.2-38.20.1 samba-winbind-debuginfo-4.4.2-38.20.1 - SUSE Enterprise Storage 4 (noarch): samba-doc-4.4.2-38.20.1 References: https://www.suse.com/security/cve/CVE-2018-10858.html https://bugzilla.suse.com/1054849 https://bugzilla.suse.com/1103411 From sle-security-updates at lists.suse.com Tue Aug 14 10:08:36 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Aug 2018 18:08:36 +0200 (CEST) Subject: SUSE-SU-2018:2321-1: important: Security update for samba Message-ID: <20180814160836.6B26AFD48@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2321-1 Rating: important References: #1027593 #1060427 #1063008 #1081741 #1103411 Cross-References: CVE-2017-14746 CVE-2017-15275 CVE-2018-1050 CVE-2018-10858 Affected Products: SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741). - CVE-2017-14746: Fixed use-after-free vulnerability (bsc#1060427). - CVE-2017-15275: Fixed server heap memory information leak (bsc#1063008). - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) Bug fixes: - bsc#1027593: Update 'winbind expand groups' doc in smb.conf man page. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1559=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2018-1559=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ctdb-4.2.4-18.49.1 ctdb-debuginfo-4.2.4-18.49.1 libdcerpc-binding0-4.2.4-18.49.1 libdcerpc-binding0-debuginfo-4.2.4-18.49.1 libdcerpc0-4.2.4-18.49.1 libdcerpc0-debuginfo-4.2.4-18.49.1 libgensec0-4.2.4-18.49.1 libgensec0-debuginfo-4.2.4-18.49.1 libndr-krb5pac0-4.2.4-18.49.1 libndr-krb5pac0-debuginfo-4.2.4-18.49.1 libndr-nbt0-4.2.4-18.49.1 libndr-nbt0-debuginfo-4.2.4-18.49.1 libndr-standard0-4.2.4-18.49.1 libndr-standard0-debuginfo-4.2.4-18.49.1 libndr0-4.2.4-18.49.1 libndr0-debuginfo-4.2.4-18.49.1 libnetapi0-4.2.4-18.49.1 libnetapi0-debuginfo-4.2.4-18.49.1 libregistry0-4.2.4-18.49.1 libregistry0-debuginfo-4.2.4-18.49.1 libsamba-credentials0-4.2.4-18.49.1 libsamba-credentials0-debuginfo-4.2.4-18.49.1 libsamba-hostconfig0-4.2.4-18.49.1 libsamba-hostconfig0-debuginfo-4.2.4-18.49.1 libsamba-passdb0-4.2.4-18.49.1 libsamba-passdb0-debuginfo-4.2.4-18.49.1 libsamba-util0-4.2.4-18.49.1 libsamba-util0-debuginfo-4.2.4-18.49.1 libsamdb0-4.2.4-18.49.1 libsamdb0-debuginfo-4.2.4-18.49.1 libsmbclient-raw0-4.2.4-18.49.1 libsmbclient-raw0-debuginfo-4.2.4-18.49.1 libsmbclient0-4.2.4-18.49.1 libsmbclient0-debuginfo-4.2.4-18.49.1 libsmbconf0-4.2.4-18.49.1 libsmbconf0-debuginfo-4.2.4-18.49.1 libsmbldap0-4.2.4-18.49.1 libsmbldap0-debuginfo-4.2.4-18.49.1 libtevent-util0-4.2.4-18.49.1 libtevent-util0-debuginfo-4.2.4-18.49.1 libwbclient0-4.2.4-18.49.1 libwbclient0-debuginfo-4.2.4-18.49.1 samba-4.2.4-18.49.1 samba-client-4.2.4-18.49.1 samba-client-debuginfo-4.2.4-18.49.1 samba-debuginfo-4.2.4-18.49.1 samba-debugsource-4.2.4-18.49.1 samba-libs-4.2.4-18.49.1 samba-libs-debuginfo-4.2.4-18.49.1 samba-winbind-4.2.4-18.49.1 samba-winbind-debuginfo-4.2.4-18.49.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-18.49.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.49.1 libdcerpc0-32bit-4.2.4-18.49.1 libdcerpc0-debuginfo-32bit-4.2.4-18.49.1 libgensec0-32bit-4.2.4-18.49.1 libgensec0-debuginfo-32bit-4.2.4-18.49.1 libndr-krb5pac0-32bit-4.2.4-18.49.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.49.1 libndr-nbt0-32bit-4.2.4-18.49.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.49.1 libndr-standard0-32bit-4.2.4-18.49.1 libndr-standard0-debuginfo-32bit-4.2.4-18.49.1 libndr0-32bit-4.2.4-18.49.1 libndr0-debuginfo-32bit-4.2.4-18.49.1 libnetapi0-32bit-4.2.4-18.49.1 libnetapi0-debuginfo-32bit-4.2.4-18.49.1 libsamba-credentials0-32bit-4.2.4-18.49.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.49.1 libsamba-hostconfig0-32bit-4.2.4-18.49.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.49.1 libsamba-passdb0-32bit-4.2.4-18.49.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.49.1 libsamba-util0-32bit-4.2.4-18.49.1 libsamba-util0-debuginfo-32bit-4.2.4-18.49.1 libsamdb0-32bit-4.2.4-18.49.1 libsamdb0-debuginfo-32bit-4.2.4-18.49.1 libsmbclient-raw0-32bit-4.2.4-18.49.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.49.1 libsmbclient0-32bit-4.2.4-18.49.1 libsmbclient0-debuginfo-32bit-4.2.4-18.49.1 libsmbconf0-32bit-4.2.4-18.49.1 libsmbconf0-debuginfo-32bit-4.2.4-18.49.1 libsmbldap0-32bit-4.2.4-18.49.1 libsmbldap0-debuginfo-32bit-4.2.4-18.49.1 libtevent-util0-32bit-4.2.4-18.49.1 libtevent-util0-debuginfo-32bit-4.2.4-18.49.1 libwbclient0-32bit-4.2.4-18.49.1 libwbclient0-debuginfo-32bit-4.2.4-18.49.1 samba-32bit-4.2.4-18.49.1 samba-client-32bit-4.2.4-18.49.1 samba-client-debuginfo-32bit-4.2.4-18.49.1 samba-debuginfo-32bit-4.2.4-18.49.1 samba-libs-32bit-4.2.4-18.49.1 samba-libs-debuginfo-32bit-4.2.4-18.49.1 samba-winbind-32bit-4.2.4-18.49.1 samba-winbind-debuginfo-32bit-4.2.4-18.49.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): samba-doc-4.2.4-18.49.1 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): ctdb-4.2.4-18.49.1 ctdb-debuginfo-4.2.4-18.49.1 References: https://www.suse.com/security/cve/CVE-2017-14746.html https://www.suse.com/security/cve/CVE-2017-15275.html https://www.suse.com/security/cve/CVE-2018-1050.html https://www.suse.com/security/cve/CVE-2018-10858.html https://bugzilla.suse.com/1027593 https://bugzilla.suse.com/1060427 https://bugzilla.suse.com/1063008 https://bugzilla.suse.com/1081741 https://bugzilla.suse.com/1103411 From sle-security-updates at lists.suse.com Tue Aug 14 10:09:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Aug 2018 18:09:49 +0200 (CEST) Subject: SUSE-SU-2018:2322-1: important: Security update for MozillaFirefox Message-ID: <20180814160949.73520FD48@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2322-1 Rating: important References: #1098998 Cross-References: CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5156 CVE-2018-5188 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1560=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1560=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1560=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1560=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1560=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1560=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1560=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1560=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1560=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1560=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-52.9.0esr-109.38.2 MozillaFirefox-debuginfo-52.9.0esr-109.38.2 MozillaFirefox-debugsource-52.9.0esr-109.38.2 MozillaFirefox-devel-52.9.0esr-109.38.2 MozillaFirefox-translations-52.9.0esr-109.38.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-52.9.0esr-109.38.2 MozillaFirefox-debugsource-52.9.0esr-109.38.2 MozillaFirefox-devel-52.9.0esr-109.38.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-52.9.0esr-109.38.2 MozillaFirefox-debuginfo-52.9.0esr-109.38.2 MozillaFirefox-debugsource-52.9.0esr-109.38.2 MozillaFirefox-devel-52.9.0esr-109.38.2 MozillaFirefox-translations-52.9.0esr-109.38.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): MozillaFirefox-52.9.0esr-109.38.2 MozillaFirefox-debuginfo-52.9.0esr-109.38.2 MozillaFirefox-debugsource-52.9.0esr-109.38.2 MozillaFirefox-devel-52.9.0esr-109.38.2 MozillaFirefox-translations-52.9.0esr-109.38.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-52.9.0esr-109.38.2 MozillaFirefox-debuginfo-52.9.0esr-109.38.2 MozillaFirefox-debugsource-52.9.0esr-109.38.2 MozillaFirefox-translations-52.9.0esr-109.38.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.9.0esr-109.38.2 MozillaFirefox-debuginfo-52.9.0esr-109.38.2 MozillaFirefox-debugsource-52.9.0esr-109.38.2 MozillaFirefox-devel-52.9.0esr-109.38.2 MozillaFirefox-translations-52.9.0esr-109.38.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.9.0esr-109.38.2 MozillaFirefox-debuginfo-52.9.0esr-109.38.2 MozillaFirefox-debugsource-52.9.0esr-109.38.2 MozillaFirefox-devel-52.9.0esr-109.38.2 MozillaFirefox-translations-52.9.0esr-109.38.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.9.0esr-109.38.2 MozillaFirefox-debuginfo-52.9.0esr-109.38.2 MozillaFirefox-debugsource-52.9.0esr-109.38.2 MozillaFirefox-devel-52.9.0esr-109.38.2 MozillaFirefox-translations-52.9.0esr-109.38.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-52.9.0esr-109.38.2 MozillaFirefox-debuginfo-52.9.0esr-109.38.2 MozillaFirefox-debugsource-52.9.0esr-109.38.2 MozillaFirefox-translations-52.9.0esr-109.38.2 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-52.9.0esr-109.38.2 MozillaFirefox-debuginfo-52.9.0esr-109.38.2 MozillaFirefox-debugsource-52.9.0esr-109.38.2 MozillaFirefox-devel-52.9.0esr-109.38.2 MozillaFirefox-translations-52.9.0esr-109.38.2 References: https://www.suse.com/security/cve/CVE-2018-12359.html https://www.suse.com/security/cve/CVE-2018-12360.html https://www.suse.com/security/cve/CVE-2018-12362.html https://www.suse.com/security/cve/CVE-2018-12363.html https://www.suse.com/security/cve/CVE-2018-12364.html https://www.suse.com/security/cve/CVE-2018-12365.html https://www.suse.com/security/cve/CVE-2018-12366.html https://www.suse.com/security/cve/CVE-2018-12368.html https://www.suse.com/security/cve/CVE-2018-5156.html https://www.suse.com/security/cve/CVE-2018-5188.html https://bugzilla.suse.com/1098998 From sle-security-updates at lists.suse.com Tue Aug 14 10:10:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Aug 2018 18:10:28 +0200 (CEST) Subject: SUSE-SU-2018:2323-1: moderate: Security update for clamav Message-ID: <20180814161028.20CD1FD48@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2323-1 Rating: moderate References: #1082858 #1101410 #1101412 #1101654 #1103040 Cross-References: CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 CVE-2018-14679 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1561=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1561=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1561=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1561=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1561=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1561=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1561=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1561=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1561=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): clamav-0.100.1-33.15.2 clamav-debuginfo-0.100.1-33.15.2 clamav-debugsource-0.100.1-33.15.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): clamav-0.100.1-33.15.2 clamav-debuginfo-0.100.1-33.15.2 clamav-debugsource-0.100.1-33.15.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): clamav-0.100.1-33.15.2 clamav-debuginfo-0.100.1-33.15.2 clamav-debugsource-0.100.1-33.15.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): clamav-0.100.1-33.15.2 clamav-debuginfo-0.100.1-33.15.2 clamav-debugsource-0.100.1-33.15.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): clamav-0.100.1-33.15.2 clamav-debuginfo-0.100.1-33.15.2 clamav-debugsource-0.100.1-33.15.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): clamav-0.100.1-33.15.2 clamav-debuginfo-0.100.1-33.15.2 clamav-debugsource-0.100.1-33.15.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): clamav-0.100.1-33.15.2 clamav-debuginfo-0.100.1-33.15.2 clamav-debugsource-0.100.1-33.15.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): clamav-0.100.1-33.15.2 clamav-debuginfo-0.100.1-33.15.2 clamav-debugsource-0.100.1-33.15.2 - SUSE Enterprise Storage 4 (x86_64): clamav-0.100.1-33.15.2 clamav-debuginfo-0.100.1-33.15.2 clamav-debugsource-0.100.1-33.15.2 References: https://www.suse.com/security/cve/CVE-2018-0360.html https://www.suse.com/security/cve/CVE-2018-0361.html https://www.suse.com/security/cve/CVE-2018-1000085.html https://www.suse.com/security/cve/CVE-2018-14679.html https://bugzilla.suse.com/1082858 https://bugzilla.suse.com/1101410 https://bugzilla.suse.com/1101412 https://bugzilla.suse.com/1101654 https://bugzilla.suse.com/1103040 From sle-security-updates at lists.suse.com Tue Aug 14 13:07:41 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Aug 2018 21:07:41 +0200 (CEST) Subject: SUSE-SU-2018:2325-1: important: Security update for MozillaFirefox Message-ID: <20180814190741.1E4EAFD87@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2325-1 Rating: important References: #1098998 Cross-References: CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5156 CVE-2018-5188 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-13723=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-13723=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-13723=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-13723=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-13723=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-13723=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-52.9.0esr-72.38.6 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-52.9.0esr-72.38.6 MozillaFirefox-translations-52.9.0esr-72.38.6 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-52.9.0esr-72.38.6 MozillaFirefox-translations-52.9.0esr-72.38.6 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-52.9.0esr-72.38.6 MozillaFirefox-translations-52.9.0esr-72.38.6 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-52.9.0esr-72.38.6 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-52.9.0esr-72.38.6 References: https://www.suse.com/security/cve/CVE-2018-12359.html https://www.suse.com/security/cve/CVE-2018-12360.html https://www.suse.com/security/cve/CVE-2018-12362.html https://www.suse.com/security/cve/CVE-2018-12363.html https://www.suse.com/security/cve/CVE-2018-12364.html https://www.suse.com/security/cve/CVE-2018-12365.html https://www.suse.com/security/cve/CVE-2018-12366.html https://www.suse.com/security/cve/CVE-2018-12368.html https://www.suse.com/security/cve/CVE-2018-5156.html https://www.suse.com/security/cve/CVE-2018-5188.html https://bugzilla.suse.com/1098998 From sle-security-updates at lists.suse.com Tue Aug 14 16:07:40 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Aug 2018 00:07:40 +0200 (CEST) Subject: SUSE-SU-2018:2328-1: important: Security update for the Linux Kernel Message-ID: <20180814220740.C8D3CFD48@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2328-1 Rating: important References: #1012382 #1082653 #1085042 #1085536 #1087081 #1089343 #1090123 #1090435 #1092001 #1094244 #1095643 #1096978 #1097771 #1099858 #1100132 #1100930 #1101658 #1101789 #1102188 #1102197 #1102203 #1102205 #1102207 #1102211 #1102214 #1102215 #1102340 #1102394 #1102683 #1102851 #1103119 #1103580 #1103745 #1103884 Cross-References: CVE-2017-18344 CVE-2018-14734 CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 29 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.143 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5390 aka "SegmentSmack": Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-14734: drivers/infiniband/core/ucma.c in the Linux kernel allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580). - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). The following non-security bugs were fixed: - Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978) - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS (bnc#1012382). - arm64: do not open code page table entry creation (bsc#1102197). - arm64: kpti: Use early_param for kpti= command-line option (bsc#1102188). - arm64: Make sure permission updates happen for pmd/pud (bsc#1102197). - atm: zatm: Fix potential Spectre v1 (bnc#1012382). - bcm63xx_enet: correct clock usage (bnc#1012382). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (bnc#1012382). - blacklist 9fb8d5dc4b64 ("stop_machine: Disable preemption when waking two stopper threads") Preemption is already disabled inside cpu_stop_queue_two_works() in SLE12-SP3 because it does not have commit 6a19005157c4 ("stop_machine: Do not disable preemption in stop_two_cpus()") - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - bpf: fix loading of BPF_MAXINSNS sized programs (bsc#1012382). - bpf, x64: fix memleak when not converging after image (bsc#1012382). - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (bsc#1099858). - cachefiles: Fix refcounting bug in backing-file read monitoring (bsc#1099858). - cachefiles: Wait rather than BUG'ing on "Unexpected object collision" (bsc#1099858). - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123). - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled (bnc#1012382). - compiler, clang: properly override 'inline' for clang (bnc#1012382). - compiler, clang: suppress warning for unused static inline functions (bnc#1012382). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (bnc#1012382). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak (bnc#1012382). - crypto: crypto4xx - remove bad list_del (bnc#1012382). - drm/msm: Fix possible null dereference on failure of get_pages() (bsc#1102394). - drm: re-enable error handling (bsc#1103884). - fscache: Allow cancelled operations to be enqueued (bsc#1099858). - fscache: Fix reference overput in fscache_attach_object() error handling (bsc#1099858). - hid: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter (bnc#1012382). - ibmasm: do not write out of bounds in read handler (bnc#1012382). - ibmvnic: Fix error recovery on login failure (bsc#1101789). - iw_cxgb4: correctly enforce the max reg_mr depth (bnc#1012382). - kabi protect includes in include/linux/inet.h (bsc#1095643). - KABI protect net/core/utils.c includes (bsc#1095643). - kABI: protect struct loop_device (kabi). - kABI: reintroduce __static_cpu_has_safe (kabi). - kbuild: fix # escaping in .cmd files for future Make (bnc#1012382). - keys: DNS: fix parsing multiple options (bnc#1012382). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1102215). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1102214). - loop: add recursion validation to LOOP_CHANGE_FD (bnc#1012382). - loop: remember whether sysfs_create_group() was done (bnc#1012382). - mmc: dw_mmc: fix card threshold control configuration (bsc#1102203). - mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing (bsc#1097771). - net: cxgb3_main: fix potential Spectre v1 (bnc#1012382). - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() (bnc#1012382). - net: dccp: switch rx_tstamp_last_feedback to monotonic clock (bnc#1012382). - netfilter: ebtables: reject non-bridge targets (bnc#1012382). - netfilter: nf_queue: augment nfqa_cfg_policy (bnc#1012382). - netfilter: x_tables: initialise match/target check parameter struct (bnc#1012382). - net/mlx5: Fix command interface race in polling mode (bnc#1012382). - net/mlx5: Fix incorrect raw command length parsing (bnc#1012382). - net: mvneta: fix the Rx desc DMA address in the Rx path (bsc#1102207). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bnc#1012382). - net: off by one in inet6_pton() (bsc#1095643). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1102205). - net_sched: blackhole: tell upper qdisc about dropped packets (bnc#1012382). - net: sungem: fix rx checksum support (bnc#1012382). - net/utils: generic inet_pton_with_scope helper (bsc#1095643). - nvme-rdma: Check remotely invalidated rkey matches our expected rkey (bsc#1092001). - nvme-rdma: default MR page size to 4k (bsc#1092001). - nvme-rdma: do not complete requests before a send work request has completed (bsc#1092001). - nvme-rdma: do not suppress send completions (bsc#1092001). - nvme-rdma: Fix command completion race at error recovery (bsc#1090435). - nvme-rdma: make nvme_rdma_[create|destroy]_queue_ib symmetrical (bsc#1092001). - nvme-rdma: use inet_pton_with_scope helper (bsc#1095643). - nvme-rdma: Use mr pool (bsc#1092001). - nvme-rdma: wait for local invalidation before completing a request (bsc#1092001). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bnc#1012382). - pci: ibmphp: Fix use-before-set in get_max_bus_speed() (bsc#1100132). - perf tools: Move syscall number fallbacks from perf-sys.h to tools/arch/x86/include/asm/ (bnc#1012382). - pm / hibernate: Fix oops at snapshot_write() (bnc#1012382). - powerpc/64: Initialise thread_info for emergency stacks (bsc#1094244, bsc#1100930, bsc#1102683). - qed: Limit msix vectors in kdump kernel to the minimum required count (bnc#1012382). - r8152: napi hangup fix after disconnect (bnc#1012382). - rdma/ucm: Mark UCM interface as BROKEN (bnc#1012382). - rds: avoid unenecessary cong_update in loop transport (bnc#1012382). - Revert "sit: reload iphdr in ipip6_rcv" (bnc#1012382). - Revert "x86/cpufeature: Move some of the scattered feature bits to x86_capability" (kabi). - Revert "x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6" (kabi). - rtlwifi: rtl8821ae: fix firmware is not ready to run (bnc#1012382). - s390/qeth: fix error handling in adapter command callbacks (bnc#1103745, LTC#169699). - sched/smt: Update sched_smt_present at runtime (bsc#1089343). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132). - smsc95xx: Configure pause time to 0xffff when tx flow control enabled (bsc#1085536). - tcp: fix Fast Open key endianness (bnc#1012382). - tcp: prevent bogus FRTO undos with non-SACK flows (bnc#1012382). - tools build: fix # escaping in .cmd files for future Make (bnc#1012382). - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() (bnc#1012382). - usb: core: handle hub C_PORT_OVER_CURRENT condition (bsc#1100132). - usb: quirks: add delay quirks for Corsair Strafe (bnc#1012382). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bnc#1012382). - usb: serial: cp210x: add another USB ID for Qivicon ZigBee stick (bnc#1012382). - usb: serial: keyspan_pda: fix modem-status error handling (bnc#1012382). - usb: serial: mos7840: fix status-register error handling (bnc#1012382). - usb: yurex: fix out-of-bounds uaccess in read handler (bnc#1012382). - vfio: platform: Fix reset module leak in error path (bsc#1102211). - vhost_net: validate sock before trying to put its fd (bnc#1012382). - vmw_balloon: fix inflation with batching (bnc#1012382). - x86/alternatives: Add an auxilary section (bnc#1012382). - x86/alternatives: Discard dynamic check after init (bnc#1012382). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/asm: Add _ASM_ARG* constants for argument registers to (bnc#1012382). - x86/boot: Simplify kernel load address alignment check (bnc#1012382). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). Update config files. - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpufeature: Add helper macro for mask check macros (bnc#1012382). - x86/cpufeature: Carve out X86_FEATURE_* (bnc#1012382). - x86/cpufeature: Get rid of the non-asm goto variant (bnc#1012382). - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated (bnc#1012382). - x86/cpufeature: Move some of the scattered feature bits to x86_capability (bnc#1012382). - x86/cpufeature: Replace the old static_cpu_has() with safe variant (bnc#1012382). - x86/cpufeature: Speed up cpu_feature_enabled() (bnc#1012382). - x86/cpufeature: Update cpufeaure macros (bnc#1012382). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (bnc#1012382). - x86/cpu: Provide a config option to disable static_cpu_has (bnc#1012382). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/fpu: Add an XSTATE_OP() macro (bnc#1012382). - x86/fpu: Get rid of xstate_fault() (bnc#1012382). - x86/headers: Do not include asm/processor.h in asm/atomic.h (bnc#1012382). - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits (bnc#1012382). - x86/mm: Simplify p[g4um]d_page() macros (1087081). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - x86/vdso: Use static_cpu_has() (bnc#1012382). - xen/grant-table: log the lack of grants (bnc#1085042). - xen-netfront: Fix mismatched rtnl_unlock (bnc#1101658). - xen-netfront: Update features after registering netdev (bnc#1101658). - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bnc#1012382). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1566=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1566=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1566=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1566=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1566=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1566=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.143-94.47.1 kernel-default-debugsource-4.4.143-94.47.1 kernel-default-extra-4.4.143-94.47.1 kernel-default-extra-debuginfo-4.4.143-94.47.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.143-94.47.1 kernel-obs-build-debugsource-4.4.143-94.47.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le x86_64): dpdk-debuginfo-16.11.6-8.7.2 dpdk-debugsource-16.11.6-8.7.2 dpdk-devel-16.11.6-8.7.2 dpdk-devel-debuginfo-16.11.6-8.7.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64): dpdk-thunderx-debuginfo-16.11.6-8.7.2 dpdk-thunderx-debugsource-16.11.6-8.7.2 dpdk-thunderx-devel-16.11.6-8.7.2 dpdk-thunderx-devel-debuginfo-16.11.6-8.7.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.143-94.47.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.143-94.47.1 kernel-default-base-4.4.143-94.47.1 kernel-default-base-debuginfo-4.4.143-94.47.1 kernel-default-debuginfo-4.4.143-94.47.1 kernel-default-debugsource-4.4.143-94.47.1 kernel-default-devel-4.4.143-94.47.1 kernel-syms-4.4.143-94.47.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le x86_64): dpdk-16.11.6-8.7.2 dpdk-debuginfo-16.11.6-8.7.2 dpdk-debugsource-16.11.6-8.7.2 dpdk-tools-16.11.6-8.7.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64): dpdk-thunderx-16.11.6-8.7.2 dpdk-thunderx-debuginfo-16.11.6-8.7.2 dpdk-thunderx-debugsource-16.11.6-8.7.2 dpdk-thunderx-kmp-default-16.11.6_k4.4.143_94.47-8.7.2 dpdk-thunderx-kmp-default-debuginfo-16.11.6_k4.4.143_94.47-8.7.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.143-94.47.1 kernel-macros-4.4.143-94.47.1 kernel-source-4.4.143-94.47.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): dpdk-kmp-default-16.11.6_k4.4.143_94.47-8.7.2 dpdk-kmp-default-debuginfo-16.11.6_k4.4.143_94.47-8.7.2 lttng-modules-2.7.1-8.4.2 lttng-modules-debugsource-2.7.1-8.4.2 lttng-modules-kmp-default-2.7.1_k4.4.143_94.47-8.4.2 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.143_94.47-8.4.2 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.143-94.47.1 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_143-94_47-default-1-4.5.1 kgraft-patch-4_4_143-94_47-default-debuginfo-1-4.5.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.143-94.47.1 cluster-md-kmp-default-debuginfo-4.4.143-94.47.1 dlm-kmp-default-4.4.143-94.47.1 dlm-kmp-default-debuginfo-4.4.143-94.47.1 gfs2-kmp-default-4.4.143-94.47.1 gfs2-kmp-default-debuginfo-4.4.143-94.47.1 kernel-default-debuginfo-4.4.143-94.47.1 kernel-default-debugsource-4.4.143-94.47.1 ocfs2-kmp-default-4.4.143-94.47.1 ocfs2-kmp-default-debuginfo-4.4.143-94.47.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.143-94.47.1 kernel-default-debuginfo-4.4.143-94.47.1 kernel-default-debugsource-4.4.143-94.47.1 kernel-default-devel-4.4.143-94.47.1 kernel-default-extra-4.4.143-94.47.1 kernel-default-extra-debuginfo-4.4.143-94.47.1 kernel-syms-4.4.143-94.47.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.143-94.47.1 kernel-macros-4.4.143-94.47.1 kernel-source-4.4.143-94.47.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.143-94.47.1 kernel-default-debuginfo-4.4.143-94.47.1 kernel-default-debugsource-4.4.143-94.47.1 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.143-94.47.1 kernel-default-debuginfo-4.4.143-94.47.1 kernel-default-debugsource-4.4.143-94.47.1 References: https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2018-14734.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1082653 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1090123 https://bugzilla.suse.com/1090435 https://bugzilla.suse.com/1092001 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1095643 https://bugzilla.suse.com/1096978 https://bugzilla.suse.com/1097771 https://bugzilla.suse.com/1099858 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1100930 https://bugzilla.suse.com/1101658 https://bugzilla.suse.com/1101789 https://bugzilla.suse.com/1102188 https://bugzilla.suse.com/1102197 https://bugzilla.suse.com/1102203 https://bugzilla.suse.com/1102205 https://bugzilla.suse.com/1102207 https://bugzilla.suse.com/1102211 https://bugzilla.suse.com/1102214 https://bugzilla.suse.com/1102215 https://bugzilla.suse.com/1102340 https://bugzilla.suse.com/1102394 https://bugzilla.suse.com/1102683 https://bugzilla.suse.com/1102851 https://bugzilla.suse.com/1103119 https://bugzilla.suse.com/1103580 https://bugzilla.suse.com/1103745 https://bugzilla.suse.com/1103884 From sle-security-updates at lists.suse.com Tue Aug 14 16:12:37 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Aug 2018 00:12:37 +0200 (CEST) Subject: SUSE-SU-2018:2329-1: important: Security update for samba Message-ID: <20180814221237.9ADA1FD48@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2329-1 Rating: important References: #1079449 #1103411 Cross-References: CVE-2018-10858 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient (bsc#1103411). The following other bugs were fixed: - s3:winbindd: allow a fallback to NTLMSSP for LDAP connections (bsc#1079449) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-samba-13726=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-samba-13726=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-samba-13726=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-samba-13726=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-13726=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-13726=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-94.14.2 libnetapi-devel-3.6.3-94.14.2 libnetapi0-3.6.3-94.14.2 libsmbclient-devel-3.6.3-94.14.2 libsmbsharemodes-devel-3.6.3-94.14.2 libsmbsharemodes0-3.6.3-94.14.2 libtalloc-devel-3.6.3-94.14.2 libtdb-devel-3.6.3-94.14.2 libtevent-devel-3.6.3-94.14.2 libwbclient-devel-3.6.3-94.14.2 samba-devel-3.6.3-94.14.2 samba-test-3.6.3-94.14.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-94.14.2 libldb1-3.6.3-94.14.2 libsmbclient0-3.6.3-94.14.2 libtalloc2-3.6.3-94.14.2 libtdb1-3.6.3-94.14.2 libtevent0-3.6.3-94.14.2 libwbclient0-3.6.3-94.14.2 samba-3.6.3-94.14.2 samba-client-3.6.3-94.14.2 samba-krb-printing-3.6.3-94.14.2 samba-winbind-3.6.3-94.14.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-94.14.2 libtalloc2-32bit-3.6.3-94.14.2 libtdb1-32bit-3.6.3-94.14.2 libtevent0-32bit-3.6.3-94.14.2 libwbclient0-32bit-3.6.3-94.14.2 samba-32bit-3.6.3-94.14.2 samba-client-32bit-3.6.3-94.14.2 samba-winbind-32bit-3.6.3-94.14.2 - SUSE Linux Enterprise Server 11-SP4 (noarch): samba-doc-3.6.3-94.14.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsmbclient0-x86-3.6.3-94.14.2 libtalloc2-x86-3.6.3-94.14.2 libtdb1-x86-3.6.3-94.14.2 libtevent0-x86-3.6.3-94.14.2 libwbclient0-x86-3.6.3-94.14.2 samba-client-x86-3.6.3-94.14.2 samba-winbind-x86-3.6.3-94.14.2 samba-x86-3.6.3-94.14.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ldapsmb-1.34b-94.14.2 libldb1-3.6.3-94.14.2 libsmbclient0-3.6.3-94.14.2 libtalloc2-3.6.3-94.14.2 libtdb1-3.6.3-94.14.2 libtevent0-3.6.3-94.14.2 libwbclient0-3.6.3-94.14.2 samba-3.6.3-94.14.2 samba-client-3.6.3-94.14.2 samba-krb-printing-3.6.3-94.14.2 samba-winbind-3.6.3-94.14.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libsmbclient0-32bit-3.6.3-94.14.2 libtalloc2-32bit-3.6.3-94.14.2 libtdb1-32bit-3.6.3-94.14.2 libtevent0-32bit-3.6.3-94.14.2 libwbclient0-32bit-3.6.3-94.14.2 samba-32bit-3.6.3-94.14.2 samba-client-32bit-3.6.3-94.14.2 samba-winbind-32bit-3.6.3-94.14.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): samba-doc-3.6.3-94.14.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): samba-doc-3.6.3-94.14.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ldapsmb-1.34b-94.14.2 libldb1-3.6.3-94.14.2 libsmbclient0-3.6.3-94.14.2 libtalloc2-3.6.3-94.14.2 libtdb1-3.6.3-94.14.2 libtevent0-3.6.3-94.14.2 libwbclient0-3.6.3-94.14.2 samba-3.6.3-94.14.2 samba-client-3.6.3-94.14.2 samba-krb-printing-3.6.3-94.14.2 samba-winbind-3.6.3-94.14.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): samba-debuginfo-3.6.3-94.14.2 samba-debugsource-3.6.3-94.14.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-94.14.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): samba-debuginfo-x86-3.6.3-94.14.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): samba-debuginfo-3.6.3-94.14.2 samba-debugsource-3.6.3-94.14.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): samba-debuginfo-32bit-3.6.3-94.14.2 References: https://www.suse.com/security/cve/CVE-2018-10858.html https://bugzilla.suse.com/1079449 https://bugzilla.suse.com/1103411 From sle-security-updates at lists.suse.com Wed Aug 15 10:07:42 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Aug 2018 18:07:42 +0200 (CEST) Subject: SUSE-SU-2018:2331-1: important: Security update to ucode-intel Message-ID: <20180815160742.90EBAFD48@maintenance.suse.de> SUSE Security Update: Security update to ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2331-1 Rating: important References: #1087082 #1087083 #1089343 #1104134 Cross-References: CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1573=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1573=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1573=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1573=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1573=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1573=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1573=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1573=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1573=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE Enterprise Storage 4 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 - SUSE CaaS Platform 3.0 (x86_64): ucode-intel-20180807-13.29.1 ucode-intel-debuginfo-20180807-13.29.1 ucode-intel-debugsource-20180807-13.29.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1104134 From sle-security-updates at lists.suse.com Wed Aug 15 10:16:25 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Aug 2018 18:16:25 +0200 (CEST) Subject: SUSE-SU-2018:2332-1: important: Security update for the Linux Kernel Message-ID: <20180815161625.5E974FDF8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2332-1 Rating: important References: #1082962 #1083900 #1085107 #1087081 #1089343 #1092904 #1094353 #1096480 #1096728 #1097234 #1098016 #1099924 #1099942 #1100418 #1104475 #1104684 #909361 Cross-References: CVE-2016-8405 CVE-2017-13305 CVE-2018-1000204 CVE-2018-1068 CVE-2018-1130 CVE-2018-12233 CVE-2018-13053 CVE-2018-13406 CVE-2018-3620 CVE-2018-3646 CVE-2018-5803 CVE-2018-5814 CVE-2018-7492 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could lead to a local kernel information leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 bnc#1100418). - CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. (bnc#1097234). - CVE-2017-13305: A information disclosure vulnerability in the Upstream kernel encrypted-keys. (bnc#1094353). - CVE-2018-1130: A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904). - CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2018-5803: An error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be exploited to cause a kernel crash (bnc#1083900). - CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962). The following non-security bugs were fixed: - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - disable-prot_none_mitigation.patch: disable prot_none native mitigation (bnc#1104684) - fix pgd underflow (bnc#1104475) custom walk_page_range rework was incorrect and could underflow pgd if the given range was below a first vma. - slab: introduce kmalloc_array() (bsc#909361). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/cpu/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343). - xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-201808-13728=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-201808-13728=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-201808-13728=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-201808-13728=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.68.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.68.1 kernel-default-base-3.0.101-108.68.1 kernel-default-devel-3.0.101-108.68.1 kernel-source-3.0.101-108.68.1 kernel-syms-3.0.101-108.68.1 kernel-trace-3.0.101-108.68.1 kernel-trace-base-3.0.101-108.68.1 kernel-trace-devel-3.0.101-108.68.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.68.1 kernel-ec2-base-3.0.101-108.68.1 kernel-ec2-devel-3.0.101-108.68.1 kernel-xen-3.0.101-108.68.1 kernel-xen-base-3.0.101-108.68.1 kernel-xen-devel-3.0.101-108.68.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.68.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.68.1 kernel-bigmem-base-3.0.101-108.68.1 kernel-bigmem-devel-3.0.101-108.68.1 kernel-ppc64-3.0.101-108.68.1 kernel-ppc64-base-3.0.101-108.68.1 kernel-ppc64-devel-3.0.101-108.68.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.68.1 kernel-pae-base-3.0.101-108.68.1 kernel-pae-devel-3.0.101-108.68.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.68.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.68.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.68.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.68.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.68.1 kernel-default-debugsource-3.0.101-108.68.1 kernel-trace-debuginfo-3.0.101-108.68.1 kernel-trace-debugsource-3.0.101-108.68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.68.1 kernel-trace-devel-debuginfo-3.0.101-108.68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.68.1 kernel-ec2-debugsource-3.0.101-108.68.1 kernel-xen-debuginfo-3.0.101-108.68.1 kernel-xen-debugsource-3.0.101-108.68.1 kernel-xen-devel-debuginfo-3.0.101-108.68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.68.1 kernel-bigmem-debugsource-3.0.101-108.68.1 kernel-ppc64-debuginfo-3.0.101-108.68.1 kernel-ppc64-debugsource-3.0.101-108.68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.68.1 kernel-pae-debugsource-3.0.101-108.68.1 kernel-pae-devel-debuginfo-3.0.101-108.68.1 References: https://www.suse.com/security/cve/CVE-2016-8405.html https://www.suse.com/security/cve/CVE-2017-13305.html https://www.suse.com/security/cve/CVE-2018-1000204.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-1130.html https://www.suse.com/security/cve/CVE-2018-12233.html https://www.suse.com/security/cve/CVE-2018-13053.html https://www.suse.com/security/cve/CVE-2018-13406.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5803.html https://www.suse.com/security/cve/CVE-2018-5814.html https://www.suse.com/security/cve/CVE-2018-7492.html https://bugzilla.suse.com/1082962 https://bugzilla.suse.com/1083900 https://bugzilla.suse.com/1085107 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1092904 https://bugzilla.suse.com/1094353 https://bugzilla.suse.com/1096480 https://bugzilla.suse.com/1096728 https://bugzilla.suse.com/1097234 https://bugzilla.suse.com/1098016 https://bugzilla.suse.com/1099924 https://bugzilla.suse.com/1099942 https://bugzilla.suse.com/1100418 https://bugzilla.suse.com/1104475 https://bugzilla.suse.com/1104684 https://bugzilla.suse.com/909361 From sle-security-updates at lists.suse.com Thu Aug 16 01:08:04 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 09:08:04 +0200 (CEST) Subject: SUSE-SU-2018:2333-1: moderate: Security update for php7 Message-ID: <20180816070804.78D94F7C0@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2333-1 Rating: moderate References: #1103659 #1103661 Cross-References: CVE-2017-9120 CVE-2018-14851 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php7 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1571=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-1571=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.44.1 php7-debugsource-7.0.7-50.44.1 php7-devel-7.0.7-50.44.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.44.1 apache2-mod_php7-debuginfo-7.0.7-50.44.1 php7-7.0.7-50.44.1 php7-bcmath-7.0.7-50.44.1 php7-bcmath-debuginfo-7.0.7-50.44.1 php7-bz2-7.0.7-50.44.1 php7-bz2-debuginfo-7.0.7-50.44.1 php7-calendar-7.0.7-50.44.1 php7-calendar-debuginfo-7.0.7-50.44.1 php7-ctype-7.0.7-50.44.1 php7-ctype-debuginfo-7.0.7-50.44.1 php7-curl-7.0.7-50.44.1 php7-curl-debuginfo-7.0.7-50.44.1 php7-dba-7.0.7-50.44.1 php7-dba-debuginfo-7.0.7-50.44.1 php7-debuginfo-7.0.7-50.44.1 php7-debugsource-7.0.7-50.44.1 php7-dom-7.0.7-50.44.1 php7-dom-debuginfo-7.0.7-50.44.1 php7-enchant-7.0.7-50.44.1 php7-enchant-debuginfo-7.0.7-50.44.1 php7-exif-7.0.7-50.44.1 php7-exif-debuginfo-7.0.7-50.44.1 php7-fastcgi-7.0.7-50.44.1 php7-fastcgi-debuginfo-7.0.7-50.44.1 php7-fileinfo-7.0.7-50.44.1 php7-fileinfo-debuginfo-7.0.7-50.44.1 php7-fpm-7.0.7-50.44.1 php7-fpm-debuginfo-7.0.7-50.44.1 php7-ftp-7.0.7-50.44.1 php7-ftp-debuginfo-7.0.7-50.44.1 php7-gd-7.0.7-50.44.1 php7-gd-debuginfo-7.0.7-50.44.1 php7-gettext-7.0.7-50.44.1 php7-gettext-debuginfo-7.0.7-50.44.1 php7-gmp-7.0.7-50.44.1 php7-gmp-debuginfo-7.0.7-50.44.1 php7-iconv-7.0.7-50.44.1 php7-iconv-debuginfo-7.0.7-50.44.1 php7-imap-7.0.7-50.44.1 php7-imap-debuginfo-7.0.7-50.44.1 php7-intl-7.0.7-50.44.1 php7-intl-debuginfo-7.0.7-50.44.1 php7-json-7.0.7-50.44.1 php7-json-debuginfo-7.0.7-50.44.1 php7-ldap-7.0.7-50.44.1 php7-ldap-debuginfo-7.0.7-50.44.1 php7-mbstring-7.0.7-50.44.1 php7-mbstring-debuginfo-7.0.7-50.44.1 php7-mcrypt-7.0.7-50.44.1 php7-mcrypt-debuginfo-7.0.7-50.44.1 php7-mysql-7.0.7-50.44.1 php7-mysql-debuginfo-7.0.7-50.44.1 php7-odbc-7.0.7-50.44.1 php7-odbc-debuginfo-7.0.7-50.44.1 php7-opcache-7.0.7-50.44.1 php7-opcache-debuginfo-7.0.7-50.44.1 php7-openssl-7.0.7-50.44.1 php7-openssl-debuginfo-7.0.7-50.44.1 php7-pcntl-7.0.7-50.44.1 php7-pcntl-debuginfo-7.0.7-50.44.1 php7-pdo-7.0.7-50.44.1 php7-pdo-debuginfo-7.0.7-50.44.1 php7-pgsql-7.0.7-50.44.1 php7-pgsql-debuginfo-7.0.7-50.44.1 php7-phar-7.0.7-50.44.1 php7-phar-debuginfo-7.0.7-50.44.1 php7-posix-7.0.7-50.44.1 php7-posix-debuginfo-7.0.7-50.44.1 php7-pspell-7.0.7-50.44.1 php7-pspell-debuginfo-7.0.7-50.44.1 php7-shmop-7.0.7-50.44.1 php7-shmop-debuginfo-7.0.7-50.44.1 php7-snmp-7.0.7-50.44.1 php7-snmp-debuginfo-7.0.7-50.44.1 php7-soap-7.0.7-50.44.1 php7-soap-debuginfo-7.0.7-50.44.1 php7-sockets-7.0.7-50.44.1 php7-sockets-debuginfo-7.0.7-50.44.1 php7-sqlite-7.0.7-50.44.1 php7-sqlite-debuginfo-7.0.7-50.44.1 php7-sysvmsg-7.0.7-50.44.1 php7-sysvmsg-debuginfo-7.0.7-50.44.1 php7-sysvsem-7.0.7-50.44.1 php7-sysvsem-debuginfo-7.0.7-50.44.1 php7-sysvshm-7.0.7-50.44.1 php7-sysvshm-debuginfo-7.0.7-50.44.1 php7-tokenizer-7.0.7-50.44.1 php7-tokenizer-debuginfo-7.0.7-50.44.1 php7-wddx-7.0.7-50.44.1 php7-wddx-debuginfo-7.0.7-50.44.1 php7-xmlreader-7.0.7-50.44.1 php7-xmlreader-debuginfo-7.0.7-50.44.1 php7-xmlrpc-7.0.7-50.44.1 php7-xmlrpc-debuginfo-7.0.7-50.44.1 php7-xmlwriter-7.0.7-50.44.1 php7-xmlwriter-debuginfo-7.0.7-50.44.1 php7-xsl-7.0.7-50.44.1 php7-xsl-debuginfo-7.0.7-50.44.1 php7-zip-7.0.7-50.44.1 php7-zip-debuginfo-7.0.7-50.44.1 php7-zlib-7.0.7-50.44.1 php7-zlib-debuginfo-7.0.7-50.44.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.44.1 php7-pear-Archive_Tar-7.0.7-50.44.1 References: https://www.suse.com/security/cve/CVE-2017-9120.html https://www.suse.com/security/cve/CVE-2018-14851.html https://bugzilla.suse.com/1103659 https://bugzilla.suse.com/1103661 From sle-security-updates at lists.suse.com Thu Aug 16 01:09:22 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 09:09:22 +0200 (CEST) Subject: SUSE-SU-2018:2335-1: important: Security update to ucode-intel Message-ID: <20180816070922.7DEF2F7C0@maintenance.suse.de> SUSE Security Update: Security update to ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2335-1 Rating: important References: #1087082 #1087083 #1089343 #1104134 Cross-References: CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a), and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal Fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-microcode_ctl-13730=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-microcode_ctl-13730=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-microcode_ctl-13730=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): microcode_ctl-1.17-102.83.27.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): microcode_ctl-1.17-102.83.27.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): microcode_ctl-1.17-102.83.27.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1104134 From sle-security-updates at lists.suse.com Thu Aug 16 01:10:27 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 09:10:27 +0200 (CEST) Subject: SUSE-SU-2018:2336-1: moderate: Security update for apache2 Message-ID: <20180816071027.DD30DF7C0@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2336-1 Rating: moderate References: #1101689 Cross-References: CVE-2018-1333 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2 fixes the following issues: The following security vulnerability were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests (bsc#1101689). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1575=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1575=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.21.1 apache2-debugsource-2.4.23-29.21.1 apache2-devel-2.4.23-29.21.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.21.1 apache2-debuginfo-2.4.23-29.21.1 apache2-debugsource-2.4.23-29.21.1 apache2-example-pages-2.4.23-29.21.1 apache2-prefork-2.4.23-29.21.1 apache2-prefork-debuginfo-2.4.23-29.21.1 apache2-utils-2.4.23-29.21.1 apache2-utils-debuginfo-2.4.23-29.21.1 apache2-worker-2.4.23-29.21.1 apache2-worker-debuginfo-2.4.23-29.21.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): apache2-doc-2.4.23-29.21.1 References: https://www.suse.com/security/cve/CVE-2018-1333.html https://bugzilla.suse.com/1101689 From sle-security-updates at lists.suse.com Thu Aug 16 01:10:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 09:10:58 +0200 (CEST) Subject: SUSE-SU-2018:2337-1: moderate: Security update for php7 Message-ID: <20180816071058.843D4F7C0@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2337-1 Rating: moderate References: #1103659 #1103661 Cross-References: CVE-2017-9120 CVE-2018-14851 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php7 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2018-1570=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.6.1 apache2-mod_php7-debuginfo-7.2.5-4.6.1 php7-7.2.5-4.6.1 php7-bcmath-7.2.5-4.6.1 php7-bcmath-debuginfo-7.2.5-4.6.1 php7-bz2-7.2.5-4.6.1 php7-bz2-debuginfo-7.2.5-4.6.1 php7-calendar-7.2.5-4.6.1 php7-calendar-debuginfo-7.2.5-4.6.1 php7-ctype-7.2.5-4.6.1 php7-ctype-debuginfo-7.2.5-4.6.1 php7-curl-7.2.5-4.6.1 php7-curl-debuginfo-7.2.5-4.6.1 php7-dba-7.2.5-4.6.1 php7-dba-debuginfo-7.2.5-4.6.1 php7-debuginfo-7.2.5-4.6.1 php7-debugsource-7.2.5-4.6.1 php7-devel-7.2.5-4.6.1 php7-dom-7.2.5-4.6.1 php7-dom-debuginfo-7.2.5-4.6.1 php7-enchant-7.2.5-4.6.1 php7-enchant-debuginfo-7.2.5-4.6.1 php7-exif-7.2.5-4.6.1 php7-exif-debuginfo-7.2.5-4.6.1 php7-fastcgi-7.2.5-4.6.1 php7-fastcgi-debuginfo-7.2.5-4.6.1 php7-fileinfo-7.2.5-4.6.1 php7-fileinfo-debuginfo-7.2.5-4.6.1 php7-fpm-7.2.5-4.6.1 php7-fpm-debuginfo-7.2.5-4.6.1 php7-ftp-7.2.5-4.6.1 php7-ftp-debuginfo-7.2.5-4.6.1 php7-gd-7.2.5-4.6.1 php7-gd-debuginfo-7.2.5-4.6.1 php7-gettext-7.2.5-4.6.1 php7-gettext-debuginfo-7.2.5-4.6.1 php7-gmp-7.2.5-4.6.1 php7-gmp-debuginfo-7.2.5-4.6.1 php7-iconv-7.2.5-4.6.1 php7-iconv-debuginfo-7.2.5-4.6.1 php7-intl-7.2.5-4.6.1 php7-intl-debuginfo-7.2.5-4.6.1 php7-json-7.2.5-4.6.1 php7-json-debuginfo-7.2.5-4.6.1 php7-ldap-7.2.5-4.6.1 php7-ldap-debuginfo-7.2.5-4.6.1 php7-mbstring-7.2.5-4.6.1 php7-mbstring-debuginfo-7.2.5-4.6.1 php7-mysql-7.2.5-4.6.1 php7-mysql-debuginfo-7.2.5-4.6.1 php7-odbc-7.2.5-4.6.1 php7-odbc-debuginfo-7.2.5-4.6.1 php7-opcache-7.2.5-4.6.1 php7-opcache-debuginfo-7.2.5-4.6.1 php7-openssl-7.2.5-4.6.1 php7-openssl-debuginfo-7.2.5-4.6.1 php7-pcntl-7.2.5-4.6.1 php7-pcntl-debuginfo-7.2.5-4.6.1 php7-pdo-7.2.5-4.6.1 php7-pdo-debuginfo-7.2.5-4.6.1 php7-pgsql-7.2.5-4.6.1 php7-pgsql-debuginfo-7.2.5-4.6.1 php7-phar-7.2.5-4.6.1 php7-phar-debuginfo-7.2.5-4.6.1 php7-posix-7.2.5-4.6.1 php7-posix-debuginfo-7.2.5-4.6.1 php7-shmop-7.2.5-4.6.1 php7-shmop-debuginfo-7.2.5-4.6.1 php7-snmp-7.2.5-4.6.1 php7-snmp-debuginfo-7.2.5-4.6.1 php7-soap-7.2.5-4.6.1 php7-soap-debuginfo-7.2.5-4.6.1 php7-sockets-7.2.5-4.6.1 php7-sockets-debuginfo-7.2.5-4.6.1 php7-sqlite-7.2.5-4.6.1 php7-sqlite-debuginfo-7.2.5-4.6.1 php7-sysvmsg-7.2.5-4.6.1 php7-sysvmsg-debuginfo-7.2.5-4.6.1 php7-sysvsem-7.2.5-4.6.1 php7-sysvsem-debuginfo-7.2.5-4.6.1 php7-sysvshm-7.2.5-4.6.1 php7-sysvshm-debuginfo-7.2.5-4.6.1 php7-tokenizer-7.2.5-4.6.1 php7-tokenizer-debuginfo-7.2.5-4.6.1 php7-wddx-7.2.5-4.6.1 php7-wddx-debuginfo-7.2.5-4.6.1 php7-xmlreader-7.2.5-4.6.1 php7-xmlreader-debuginfo-7.2.5-4.6.1 php7-xmlrpc-7.2.5-4.6.1 php7-xmlrpc-debuginfo-7.2.5-4.6.1 php7-xmlwriter-7.2.5-4.6.1 php7-xmlwriter-debuginfo-7.2.5-4.6.1 php7-xsl-7.2.5-4.6.1 php7-xsl-debuginfo-7.2.5-4.6.1 php7-zip-7.2.5-4.6.1 php7-zip-debuginfo-7.2.5-4.6.1 php7-zlib-7.2.5-4.6.1 php7-zlib-debuginfo-7.2.5-4.6.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): php7-pear-7.2.5-4.6.1 php7-pear-Archive_Tar-7.2.5-4.6.1 References: https://www.suse.com/security/cve/CVE-2017-9120.html https://www.suse.com/security/cve/CVE-2018-14851.html https://bugzilla.suse.com/1103659 https://bugzilla.suse.com/1103661 From sle-security-updates at lists.suse.com Thu Aug 16 01:11:34 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 09:11:34 +0200 (CEST) Subject: SUSE-SU-2018:2338-1: important: Security update to ucode-intel Message-ID: <20180816071134.06B98F7C0@maintenance.suse.de> SUSE Security Update: Security update to ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2338-1 Rating: important References: #1087082 #1087083 #1089343 #1104134 Cross-References: CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1580=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): ucode-intel-20180807-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3640.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087083 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1104134 From sle-security-updates at lists.suse.com Thu Aug 16 01:12:30 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 09:12:30 +0200 (CEST) Subject: SUSE-SU-2018:2339-1: moderate: Security update for samba Message-ID: <20180816071230.2117AF7C0@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2339-1 Rating: moderate References: #1081741 #1103411 Cross-References: CVE-2018-1050 CVE-2018-10858 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise High Availability 12-SP1 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741). - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1574=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1574=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1574=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1574=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1574=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2018-1574=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1574=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libdcerpc-atsvc0-4.2.4-28.29.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libdcerpc-atsvc0-4.2.4-28.29.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.29.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): ctdb-4.2.4-28.29.1 ctdb-debuginfo-4.2.4-28.29.1 libdcerpc-binding0-4.2.4-28.29.1 libdcerpc-binding0-debuginfo-4.2.4-28.29.1 libdcerpc0-4.2.4-28.29.1 libdcerpc0-debuginfo-4.2.4-28.29.1 libgensec0-4.2.4-28.29.1 libgensec0-debuginfo-4.2.4-28.29.1 libndr-krb5pac0-4.2.4-28.29.1 libndr-krb5pac0-debuginfo-4.2.4-28.29.1 libndr-nbt0-4.2.4-28.29.1 libndr-nbt0-debuginfo-4.2.4-28.29.1 libndr-standard0-4.2.4-28.29.1 libndr-standard0-debuginfo-4.2.4-28.29.1 libndr0-4.2.4-28.29.1 libndr0-debuginfo-4.2.4-28.29.1 libnetapi0-4.2.4-28.29.1 libnetapi0-debuginfo-4.2.4-28.29.1 libregistry0-4.2.4-28.29.1 libregistry0-debuginfo-4.2.4-28.29.1 libsamba-credentials0-4.2.4-28.29.1 libsamba-credentials0-debuginfo-4.2.4-28.29.1 libsamba-hostconfig0-4.2.4-28.29.1 libsamba-hostconfig0-debuginfo-4.2.4-28.29.1 libsamba-passdb0-4.2.4-28.29.1 libsamba-passdb0-debuginfo-4.2.4-28.29.1 libsamba-util0-4.2.4-28.29.1 libsamba-util0-debuginfo-4.2.4-28.29.1 libsamdb0-4.2.4-28.29.1 libsamdb0-debuginfo-4.2.4-28.29.1 libsmbclient-raw0-4.2.4-28.29.1 libsmbclient-raw0-debuginfo-4.2.4-28.29.1 libsmbclient0-4.2.4-28.29.1 libsmbclient0-debuginfo-4.2.4-28.29.1 libsmbconf0-4.2.4-28.29.1 libsmbconf0-debuginfo-4.2.4-28.29.1 libsmbldap0-4.2.4-28.29.1 libsmbldap0-debuginfo-4.2.4-28.29.1 libtevent-util0-4.2.4-28.29.1 libtevent-util0-debuginfo-4.2.4-28.29.1 libwbclient0-4.2.4-28.29.1 libwbclient0-debuginfo-4.2.4-28.29.1 samba-4.2.4-28.29.1 samba-client-4.2.4-28.29.1 samba-client-debuginfo-4.2.4-28.29.1 samba-debuginfo-4.2.4-28.29.1 samba-debugsource-4.2.4-28.29.1 samba-libs-4.2.4-28.29.1 samba-libs-debuginfo-4.2.4-28.29.1 samba-winbind-4.2.4-28.29.1 samba-winbind-debuginfo-4.2.4-28.29.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): samba-doc-4.2.4-28.29.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libdcerpc-binding0-32bit-4.2.4-28.29.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.29.1 libdcerpc0-32bit-4.2.4-28.29.1 libdcerpc0-debuginfo-32bit-4.2.4-28.29.1 libgensec0-32bit-4.2.4-28.29.1 libgensec0-debuginfo-32bit-4.2.4-28.29.1 libndr-krb5pac0-32bit-4.2.4-28.29.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.29.1 libndr-nbt0-32bit-4.2.4-28.29.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.29.1 libndr-standard0-32bit-4.2.4-28.29.1 libndr-standard0-debuginfo-32bit-4.2.4-28.29.1 libndr0-32bit-4.2.4-28.29.1 libndr0-debuginfo-32bit-4.2.4-28.29.1 libnetapi0-32bit-4.2.4-28.29.1 libnetapi0-debuginfo-32bit-4.2.4-28.29.1 libsamba-credentials0-32bit-4.2.4-28.29.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.29.1 libsamba-hostconfig0-32bit-4.2.4-28.29.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.29.1 libsamba-passdb0-32bit-4.2.4-28.29.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.29.1 libsamba-util0-32bit-4.2.4-28.29.1 libsamba-util0-debuginfo-32bit-4.2.4-28.29.1 libsamdb0-32bit-4.2.4-28.29.1 libsamdb0-debuginfo-32bit-4.2.4-28.29.1 libsmbclient-raw0-32bit-4.2.4-28.29.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.29.1 libsmbclient0-32bit-4.2.4-28.29.1 libsmbclient0-debuginfo-32bit-4.2.4-28.29.1 libsmbconf0-32bit-4.2.4-28.29.1 libsmbconf0-debuginfo-32bit-4.2.4-28.29.1 libsmbldap0-32bit-4.2.4-28.29.1 libsmbldap0-debuginfo-32bit-4.2.4-28.29.1 libtevent-util0-32bit-4.2.4-28.29.1 libtevent-util0-debuginfo-32bit-4.2.4-28.29.1 libwbclient0-32bit-4.2.4-28.29.1 libwbclient0-debuginfo-32bit-4.2.4-28.29.1 samba-32bit-4.2.4-28.29.1 samba-client-32bit-4.2.4-28.29.1 samba-client-debuginfo-32bit-4.2.4-28.29.1 samba-debuginfo-32bit-4.2.4-28.29.1 samba-libs-32bit-4.2.4-28.29.1 samba-libs-debuginfo-32bit-4.2.4-28.29.1 samba-winbind-32bit-4.2.4-28.29.1 samba-winbind-debuginfo-32bit-4.2.4-28.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libdcerpc-atsvc0-4.2.4-28.29.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ctdb-4.2.4-28.29.1 ctdb-debuginfo-4.2.4-28.29.1 libdcerpc-binding0-4.2.4-28.29.1 libdcerpc-binding0-debuginfo-4.2.4-28.29.1 libdcerpc0-4.2.4-28.29.1 libdcerpc0-debuginfo-4.2.4-28.29.1 libgensec0-4.2.4-28.29.1 libgensec0-debuginfo-4.2.4-28.29.1 libndr-krb5pac0-4.2.4-28.29.1 libndr-krb5pac0-debuginfo-4.2.4-28.29.1 libndr-nbt0-4.2.4-28.29.1 libndr-nbt0-debuginfo-4.2.4-28.29.1 libndr-standard0-4.2.4-28.29.1 libndr-standard0-debuginfo-4.2.4-28.29.1 libndr0-4.2.4-28.29.1 libndr0-debuginfo-4.2.4-28.29.1 libnetapi0-4.2.4-28.29.1 libnetapi0-debuginfo-4.2.4-28.29.1 libregistry0-4.2.4-28.29.1 libregistry0-debuginfo-4.2.4-28.29.1 libsamba-credentials0-4.2.4-28.29.1 libsamba-credentials0-debuginfo-4.2.4-28.29.1 libsamba-hostconfig0-4.2.4-28.29.1 libsamba-hostconfig0-debuginfo-4.2.4-28.29.1 libsamba-passdb0-4.2.4-28.29.1 libsamba-passdb0-debuginfo-4.2.4-28.29.1 libsamba-util0-4.2.4-28.29.1 libsamba-util0-debuginfo-4.2.4-28.29.1 libsamdb0-4.2.4-28.29.1 libsamdb0-debuginfo-4.2.4-28.29.1 libsmbclient-raw0-4.2.4-28.29.1 libsmbclient-raw0-debuginfo-4.2.4-28.29.1 libsmbclient0-4.2.4-28.29.1 libsmbclient0-debuginfo-4.2.4-28.29.1 libsmbconf0-4.2.4-28.29.1 libsmbconf0-debuginfo-4.2.4-28.29.1 libsmbldap0-4.2.4-28.29.1 libsmbldap0-debuginfo-4.2.4-28.29.1 libtevent-util0-4.2.4-28.29.1 libtevent-util0-debuginfo-4.2.4-28.29.1 libwbclient0-4.2.4-28.29.1 libwbclient0-debuginfo-4.2.4-28.29.1 samba-4.2.4-28.29.1 samba-client-4.2.4-28.29.1 samba-client-debuginfo-4.2.4-28.29.1 samba-debuginfo-4.2.4-28.29.1 samba-debugsource-4.2.4-28.29.1 samba-libs-4.2.4-28.29.1 samba-libs-debuginfo-4.2.4-28.29.1 samba-winbind-4.2.4-28.29.1 samba-winbind-debuginfo-4.2.4-28.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-28.29.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.29.1 libdcerpc0-32bit-4.2.4-28.29.1 libdcerpc0-debuginfo-32bit-4.2.4-28.29.1 libgensec0-32bit-4.2.4-28.29.1 libgensec0-debuginfo-32bit-4.2.4-28.29.1 libndr-krb5pac0-32bit-4.2.4-28.29.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.29.1 libndr-nbt0-32bit-4.2.4-28.29.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.29.1 libndr-standard0-32bit-4.2.4-28.29.1 libndr-standard0-debuginfo-32bit-4.2.4-28.29.1 libndr0-32bit-4.2.4-28.29.1 libndr0-debuginfo-32bit-4.2.4-28.29.1 libnetapi0-32bit-4.2.4-28.29.1 libnetapi0-debuginfo-32bit-4.2.4-28.29.1 libsamba-credentials0-32bit-4.2.4-28.29.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.29.1 libsamba-hostconfig0-32bit-4.2.4-28.29.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.29.1 libsamba-passdb0-32bit-4.2.4-28.29.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.29.1 libsamba-util0-32bit-4.2.4-28.29.1 libsamba-util0-debuginfo-32bit-4.2.4-28.29.1 libsamdb0-32bit-4.2.4-28.29.1 libsamdb0-debuginfo-32bit-4.2.4-28.29.1 libsmbclient-raw0-32bit-4.2.4-28.29.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.29.1 libsmbclient0-32bit-4.2.4-28.29.1 libsmbclient0-debuginfo-32bit-4.2.4-28.29.1 libsmbconf0-32bit-4.2.4-28.29.1 libsmbconf0-debuginfo-32bit-4.2.4-28.29.1 libsmbldap0-32bit-4.2.4-28.29.1 libsmbldap0-debuginfo-32bit-4.2.4-28.29.1 libtevent-util0-32bit-4.2.4-28.29.1 libtevent-util0-debuginfo-32bit-4.2.4-28.29.1 libwbclient0-32bit-4.2.4-28.29.1 libwbclient0-debuginfo-32bit-4.2.4-28.29.1 samba-32bit-4.2.4-28.29.1 samba-client-32bit-4.2.4-28.29.1 samba-client-debuginfo-32bit-4.2.4-28.29.1 samba-debuginfo-32bit-4.2.4-28.29.1 samba-libs-32bit-4.2.4-28.29.1 samba-libs-debuginfo-32bit-4.2.4-28.29.1 samba-winbind-32bit-4.2.4-28.29.1 samba-winbind-debuginfo-32bit-4.2.4-28.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): samba-doc-4.2.4-28.29.1 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): ctdb-4.2.4-28.29.1 ctdb-debuginfo-4.2.4-28.29.1 - SUSE Enterprise Storage 4 (x86_64): libdcerpc-atsvc0-4.2.4-28.29.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.29.1 References: https://www.suse.com/security/cve/CVE-2018-1050.html https://www.suse.com/security/cve/CVE-2018-10858.html https://bugzilla.suse.com/1081741 https://bugzilla.suse.com/1103411 From sle-security-updates at lists.suse.com Thu Aug 16 01:13:13 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 09:13:13 +0200 (CEST) Subject: SUSE-SU-2018:2340-1: moderate: Security update for qemu Message-ID: <20180816071313.9E884F7C0@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2340-1 Rating: moderate References: #1083291 #1087082 #1091695 #1094725 #1094898 #1094913 #1096223 Cross-References: CVE-2018-11806 CVE-2018-3639 CVE-2018-7550 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for qemu to version 2.11.2 fixes the following issues: Security issue fixed: - CVE-2018-11806: Fix heap buffer overflow issue that can happen while reassembling fragmented datagrams (bsc#1096223). - CVE-2018-3639: Mitigation functionality for Speculative Store Bypass issue in x86 (bsc#1087082). - CVE-2018-7550: Fix out of bounds read and write memory access, potentially leading to code execution (bsc#1083291) Bug fixes: - bsc#1091695: SEV guest will not lauchh with qemu-system-x86_64 version 2.11.1. - bsc#1094898: qemu-guest-agent service doesn't work in version Leap 15.0. - bsc#1094725: `virsh blockresize` does not work with Xen qdisks. - bsc#1094913: QEMU crashes when starting a guest with more than 7.999TB. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1577=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1577=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): qemu-2.11.2-9.4.1 qemu-block-curl-2.11.2-9.4.1 qemu-block-curl-debuginfo-2.11.2-9.4.1 qemu-block-iscsi-2.11.2-9.4.1 qemu-block-iscsi-debuginfo-2.11.2-9.4.1 qemu-block-rbd-2.11.2-9.4.1 qemu-block-rbd-debuginfo-2.11.2-9.4.1 qemu-block-ssh-2.11.2-9.4.1 qemu-block-ssh-debuginfo-2.11.2-9.4.1 qemu-debuginfo-2.11.2-9.4.1 qemu-debugsource-2.11.2-9.4.1 qemu-guest-agent-2.11.2-9.4.1 qemu-guest-agent-debuginfo-2.11.2-9.4.1 qemu-lang-2.11.2-9.4.1 - SUSE Linux Enterprise Module for Server Applications 15 (s390x x86_64): qemu-kvm-2.11.2-9.4.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64): qemu-arm-2.11.2-9.4.1 qemu-arm-debuginfo-2.11.2-9.4.1 - SUSE Linux Enterprise Module for Server Applications 15 (ppc64le): qemu-ppc-2.11.2-9.4.1 qemu-ppc-debuginfo-2.11.2-9.4.1 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): qemu-x86-2.11.2-9.4.1 qemu-x86-debuginfo-2.11.2-9.4.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): qemu-ipxe-1.0.0-9.4.1 qemu-seabios-1.11.0-9.4.1 qemu-sgabios-8-9.4.1 qemu-vgabios-1.11.0-9.4.1 - SUSE Linux Enterprise Module for Server Applications 15 (s390x): qemu-s390-2.11.2-9.4.1 qemu-s390-debuginfo-2.11.2-9.4.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-2.11.2-9.4.1 qemu-debugsource-2.11.2-9.4.1 qemu-tools-2.11.2-9.4.1 qemu-tools-debuginfo-2.11.2-9.4.1 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-7550.html https://bugzilla.suse.com/1083291 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1091695 https://bugzilla.suse.com/1094725 https://bugzilla.suse.com/1094898 https://bugzilla.suse.com/1094913 https://bugzilla.suse.com/1096223 From sle-security-updates at lists.suse.com Thu Aug 16 04:11:01 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:11:01 +0200 (CEST) Subject: SUSE-SU-2018:2341-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 12) Message-ID: <20180816101101.E045EFC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2341-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_125 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1583=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_125-default-6-2.1 kgraft-patch-3_12_61-52_125-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:11:42 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:11:42 +0200 (CEST) Subject: SUSE-SU-2018:2342-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 12) Message-ID: <20180816101142.334D4FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 35 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2342-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_133 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1585=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_133-default-3-2.1 kgraft-patch-3_12_61-52_133-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:12:50 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:12:50 +0200 (CEST) Subject: SUSE-SU-2018:2344-1: important: Security update for the Linux Kernel Message-ID: <20180816101250.6EE21FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2344-1 Rating: important References: #1064232 #1076110 #1083635 #1085042 #1086652 #1087081 #1089343 #1090123 #1091171 #1094248 #1096130 #1096480 #1096978 #1097140 #1097551 #1098016 #1098425 #1098435 #1099924 #1100089 #1100416 #1100418 #1100491 #1101557 #1102340 #1102851 #1103097 #1103119 #1103580 Cross-References: CVE-2017-18344 CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-14734 CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 CVE-2018-5814 CVE-2018-9385 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise High Availability 12-SP2 SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 18 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5390 aka "SegmentSmack": The Linux Kernel can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-5391 aka "FragmentSmack": A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580). - CVE-2018-9385: When printing the "driver_override" option from with-in the amba driver, a very long line could expose one additional uninitialized byte (bnc#1100491). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). The following non-security bugs were fixed: - Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978) - bcache: add backing_request_endio() for bi_end_io (bsc#1064232). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232). - bcache: add io_disable to struct cached_dev (bsc#1064232). - bcache: add journal statistic (bsc#1076110). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1064232). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064232). - bcache: Annotate switch fall-through (bsc#1064232). - bcache: closures: move control bits one bit right (bsc#1076110). - bcache: correct flash only vols (check all uuids) (bsc#1064232). - bcache: count backing device I/O error for writeback I/O (bsc#1064232). - bcache: do not attach backing with duplicate UUID (bsc#1076110). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064232). - bcache: fix crashes in duplicate cache device register (bsc#1076110). - bcache: fix error return value in memory shrink (bsc#1064232). - bcache: fix for allocator and register thread race (bsc#1076110). - bcache: fix for data collapse after re-attaching an attached device (bsc#1076110). - bcache: fix high CPU occupancy during journal (bsc#1076110). - bcache: Fix, improve efficiency of closure_sync() (bsc#1076110). - bcache: fix inaccurate io state for detached bcache devices (bsc#1064232). - bcache: fix incorrect sysfs output value of strip size (bsc#1064232). - bcache: Fix indentation (bsc#1064232). - bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1076110). - bcache: Fix kernel-doc warnings (bsc#1064232). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1064232). - bcache: fix using of loop variable in memory shrink (bsc#1064232). - bcache: fix writeback target calc on large devices (bsc#1076110). - bcache: fix wrong return value in bch_debug_init() (bsc#1076110). - bcache: mark closure_sync() __sched (bsc#1076110). - bcache: move closure debug file into debug directory (bsc#1064232). - bcache: properly set task state in bch_writeback_thread() (bsc#1064232). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bsc#1064232). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064232). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232). - bcache: Remove an unused variable (bsc#1064232). - bcache: ret IOERR when read meets metadata error (bsc#1076110). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064232). - bcache: return attach error when no cache set exist (bsc#1076110). - bcache: segregate flash only volume write streams (bsc#1076110). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064232). - bcache: set error_limit correctly (bsc#1064232). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064232). - bcache: stop bcache device when backing device is offline (bsc#1064232). - bcache: stop dc->writeback_rate_update properly (bsc#1064232). - bcache: stop writeback thread after detaching (bsc#1076110). - bcache: store disk name in struct cache and struct cached_dev (bsc#1064232). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064232). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - cifs: Check for timeout on Negotiate stage (bsc#1091171). - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - ext4: fix unsupported feature message formatting (bsc#1098435). - Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248, bsc at 1097140). - ixgbe: fix possible race in reset subtask (bsc#1101557). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - ixgbe: use atomic bitwise operations when handling reset requests (bsc#1101557). - kabi/severities: add PASS to drivers/md/bcache/*, no one uses bcache kernel module. - procfs: add tunable for fd/fdinfo dentry retention (bsc#1086652). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - signals: avoid unnecessary taking of sighand->siglock (bsc#1096130). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). Update config files. - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (1087081). - x86/pti: do not report XenPV as vulnerable (bsc#1097551). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/grant-table: log the lack of grants (bnc#1085042). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1603=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1603=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1603=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2018-1603=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1603=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1603=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.92.1 kernel-default-base-4.4.121-92.92.1 kernel-default-base-debuginfo-4.4.121-92.92.1 kernel-default-debuginfo-4.4.121-92.92.1 kernel-default-debugsource-4.4.121-92.92.1 kernel-default-devel-4.4.121-92.92.1 kernel-syms-4.4.121-92.92.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.92.1 kernel-macros-4.4.121-92.92.1 kernel-source-4.4.121-92.92.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_92-default-1-3.7.1 lttng-modules-2.7.1-9.4.1 lttng-modules-debugsource-2.7.1-9.4.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.92-9.4.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.92-9.4.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.92.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.92.1 kernel-default-base-4.4.121-92.92.1 kernel-default-base-debuginfo-4.4.121-92.92.1 kernel-default-debuginfo-4.4.121-92.92.1 kernel-default-debugsource-4.4.121-92.92.1 kernel-default-devel-4.4.121-92.92.1 kernel-syms-4.4.121-92.92.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.92.1 kernel-macros-4.4.121-92.92.1 kernel-source-4.4.121-92.92.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_92-default-1-3.7.1 lttng-modules-2.7.1-9.4.1 lttng-modules-debugsource-2.7.1-9.4.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.92-9.4.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.92-9.4.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.92.1 kernel-default-base-4.4.121-92.92.1 kernel-default-base-debuginfo-4.4.121-92.92.1 kernel-default-debuginfo-4.4.121-92.92.1 kernel-default-debugsource-4.4.121-92.92.1 kernel-default-devel-4.4.121-92.92.1 kernel-syms-4.4.121-92.92.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_92-default-1-3.7.1 lttng-modules-2.7.1-9.4.1 lttng-modules-debugsource-2.7.1-9.4.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.92-9.4.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.92-9.4.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.92.1 kernel-macros-4.4.121-92.92.1 kernel-source-4.4.121-92.92.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.92.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.92.1 cluster-md-kmp-default-debuginfo-4.4.121-92.92.1 cluster-network-kmp-default-4.4.121-92.92.1 cluster-network-kmp-default-debuginfo-4.4.121-92.92.1 dlm-kmp-default-4.4.121-92.92.1 dlm-kmp-default-debuginfo-4.4.121-92.92.1 gfs2-kmp-default-4.4.121-92.92.1 gfs2-kmp-default-debuginfo-4.4.121-92.92.1 kernel-default-debuginfo-4.4.121-92.92.1 kernel-default-debugsource-4.4.121-92.92.1 ocfs2-kmp-default-4.4.121-92.92.1 ocfs2-kmp-default-debuginfo-4.4.121-92.92.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.92.1 kernel-macros-4.4.121-92.92.1 kernel-source-4.4.121-92.92.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.92.1 kernel-default-base-4.4.121-92.92.1 kernel-default-base-debuginfo-4.4.121-92.92.1 kernel-default-debuginfo-4.4.121-92.92.1 kernel-default-debugsource-4.4.121-92.92.1 kernel-default-devel-4.4.121-92.92.1 kernel-syms-4.4.121-92.92.1 kgraft-patch-4_4_121-92_92-default-1-3.7.1 lttng-modules-2.7.1-9.4.1 lttng-modules-debugsource-2.7.1-9.4.1 lttng-modules-kmp-default-2.7.1_k4.4.121_92.92-9.4.1 lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.92-9.4.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.121-92.92.1 kernel-default-debuginfo-4.4.121-92.92.1 kernel-default-debugsource-4.4.121-92.92.1 References: https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2018-13053.html https://www.suse.com/security/cve/CVE-2018-13405.html https://www.suse.com/security/cve/CVE-2018-13406.html https://www.suse.com/security/cve/CVE-2018-14734.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2018-5391.html https://www.suse.com/security/cve/CVE-2018-5814.html https://www.suse.com/security/cve/CVE-2018-9385.html https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1076110 https://bugzilla.suse.com/1083635 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1086652 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1090123 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1094248 https://bugzilla.suse.com/1096130 https://bugzilla.suse.com/1096480 https://bugzilla.suse.com/1096978 https://bugzilla.suse.com/1097140 https://bugzilla.suse.com/1097551 https://bugzilla.suse.com/1098016 https://bugzilla.suse.com/1098425 https://bugzilla.suse.com/1098435 https://bugzilla.suse.com/1099924 https://bugzilla.suse.com/1100089 https://bugzilla.suse.com/1100416 https://bugzilla.suse.com/1100418 https://bugzilla.suse.com/1100491 https://bugzilla.suse.com/1101557 https://bugzilla.suse.com/1102340 https://bugzilla.suse.com/1102851 https://bugzilla.suse.com/1103097 https://bugzilla.suse.com/1103119 https://bugzilla.suse.com/1103580 From sle-security-updates at lists.suse.com Thu Aug 16 04:19:36 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:19:36 +0200 (CEST) Subject: SUSE-SU-2018:2345-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12) Message-ID: <20180816101936.739C2FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 34 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2345-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_128 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1586=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_128-default-4-2.1 kgraft-patch-3_12_61-52_128-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:20:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:20:17 +0200 (CEST) Subject: SUSE-SU-2018:2346-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12) Message-ID: <20180816102017.81755FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2346-1 Rating: important References: #1096564 #1097108 #1099306 Cross-References: CVE-2017-11600 CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_92 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1589=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_92-default-10-2.1 kgraft-patch-3_12_61-52_92-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1096564 https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:21:30 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:21:30 +0200 (CEST) Subject: SUSE-SU-2018:2347-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12) Message-ID: <20180816102130.DBDFFFC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2347-1 Rating: important References: #1096564 #1097108 #1099306 Cross-References: CVE-2017-11600 CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_106 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1591=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_106-default-8-2.1 kgraft-patch-3_12_61-52_106-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1096564 https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:22:53 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:22:53 +0200 (CEST) Subject: SUSE-SU-2018:2348-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP1) Message-ID: <20180816102253.192B4FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2348-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_88 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1594=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1594=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_88-default-4-2.1 kgraft-patch-3_12_74-60_64_88-xen-4-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_88-default-4-2.1 kgraft-patch-3_12_74-60_64_88-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:23:44 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:23:44 +0200 (CEST) Subject: SUSE-SU-2018:2349-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12) Message-ID: <20180816102344.2F374FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2349-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_122 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1584=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_122-default-7-2.1 kgraft-patch-3_12_61-52_122-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:24:37 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:24:37 +0200 (CEST) Subject: SUSE-SU-2018:2350-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1) Message-ID: <20180816102437.8A796FC9E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2350-1 Rating: important References: #1096564 #1097108 #1099306 Cross-References: CVE-2017-11600 CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_60 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1600=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1600=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_60-default-10-2.1 kgraft-patch-3_12_74-60_64_60-xen-10-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_60-default-10-2.1 kgraft-patch-3_12_74-60_64_60-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1096564 https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:25:42 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:25:42 +0200 (CEST) Subject: SUSE-SU-2018:2351-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12) Message-ID: <20180816102542.D901AFC9F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2351-1 Rating: important References: #1096564 #1097108 #1099306 Cross-References: CVE-2017-11600 CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_101 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1590=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_101-default-8-2.1 kgraft-patch-3_12_61-52_101-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1096564 https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:26:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:26:32 +0200 (CEST) Subject: SUSE-SU-2018:2352-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12) Message-ID: <20180816102632.C376CFC9E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2352-1 Rating: important References: #1096564 #1097108 #1099306 Cross-References: CVE-2017-11600 CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_89 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1588=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_89-default-11-2.1 kgraft-patch-3_12_61-52_89-xen-11-2.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1096564 https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:27:26 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:27:26 +0200 (CEST) Subject: SUSE-SU-2018:2353-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) Message-ID: <20180816102726.6EB07FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2353-1 Rating: important References: #1096564 #1097108 #1099306 Cross-References: CVE-2017-11600 CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_63 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1599=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1599=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_63-default-8-2.1 kgraft-patch-3_12_74-60_64_63-xen-8-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_63-default-8-2.1 kgraft-patch-3_12_74-60_64_63-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1096564 https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:28:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:28:48 +0200 (CEST) Subject: SUSE-SU-2018:2354-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12) Message-ID: <20180816102848.355AEFC9E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2354-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_119 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1581=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_119-default-7-2.1 kgraft-patch-3_12_61-52_119-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:29:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:29:28 +0200 (CEST) Subject: SUSE-SU-2018:2355-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1) Message-ID: <20180816102928.C9E4BFC9E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2355-1 Rating: important References: #1096564 #1097108 #1099306 Cross-References: CVE-2017-11600 CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1601=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1601=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_57-default-11-2.1 kgraft-patch-3_12_74-60_64_57-xen-11-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_57-default-11-2.1 kgraft-patch-3_12_74-60_64_57-xen-11-2.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1096564 https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:30:20 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:30:20 +0200 (CEST) Subject: SUSE-SU-2018:2356-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 12) Message-ID: <20180816103020.66271FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2356-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_111 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1582=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_111-default-7-2.1 kgraft-patch-3_12_61-52_111-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:31:27 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:31:27 +0200 (CEST) Subject: SUSE-SU-2018:2358-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP1) Message-ID: <20180816103127.163A0FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2358-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_96 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1592=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1592=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_96-default-3-2.1 kgraft-patch-3_12_74-60_64_96-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_96-default-3-2.1 kgraft-patch-3_12_74-60_64_96-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:32:10 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:32:10 +0200 (CEST) Subject: SUSE-SU-2018:2359-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP1) Message-ID: <20180816103210.8E3A4FC9E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2359-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_69 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1597=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1597=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_69-default-6-2.1 kgraft-patch-3_12_74-60_64_69-xen-6-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_69-default-6-2.1 kgraft-patch-3_12_74-60_64_69-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:33:33 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:33:33 +0200 (CEST) Subject: SUSE-SU-2018:2362-1: important: Security update for the Linux Kernel Message-ID: <20180816103333.0D83BFC9E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2362-1 Rating: important References: #1012382 #1064232 #1068032 #1087081 #1089343 #1098016 #1099924 #1100416 #1100418 #1103119 Cross-References: CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-14734 CVE-2018-3620 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 bnc#1100418). - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). The following non-security bugs were fixed: - bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232). - bcache: Annotate switch fall-through (bsc#1064232). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232). - bcache: Fix indentation (bsc#1064232). - bcache: Fix kernel-doc warnings (bsc#1064232). - bcache: Fix, improve efficiency of closure_sync() (bsc#1064232). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232). - bcache: Remove an unused variable (bsc#1064232). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1064232). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232). - bcache: add backing_request_endio() for bi_end_io (bsc#1064232). - bcache: add io_disable to struct cached_dev (bsc#1064232). - bcache: add journal statistic (bsc#1064232). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1064232). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064232). - bcache: closures: move control bits one bit right (bsc#1064232). - bcache: correct flash only vols (check all uuids) (bsc#1064232). - bcache: count backing device I/O error for writeback I/O (bsc#1064232). - bcache: do not attach backing with duplicate UUID (bsc#1064232). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064232). - bcache: fix crashes in duplicate cache device register (bsc#1064232). - bcache: fix error return value in memory shrink (bsc#1064232). - bcache: fix for allocator and register thread race (bsc#1064232). - bcache: fix for data collapse after re-attaching an attached device (bsc#1064232). - bcache: fix high CPU occupancy during journal (bsc#1064232). - bcache: fix incorrect sysfs output value of strip size (bsc#1064232). - bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1064232). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1064232). - bcache: fix using of loop variable in memory shrink (bsc#1064232). - bcache: fix writeback target calc on large devices (bsc#1064232). - bcache: fix wrong return value in bch_debug_init() (bsc#1064232). - bcache: mark closure_sync() __sched (bsc#1064232). - bcache: move closure debug file into debug directory (bsc#1064232). - bcache: properly set task state in bch_writeback_thread() (bsc#1064232). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bsc#1064232). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064232). - bcache: ret IOERR when read meets metadata error (bsc#1064232). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064232). - bcache: return attach error when no cache set exist (bsc#1064232). - bcache: segregate flash only volume write streams (bsc#1064232). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064232). - bcache: set error_limit correctly (bsc#1064232). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064232). - bcache: stop bcache device when backing device is offline (bsc#1064232). - bcache: stop dc->writeback_rate_update properly (bsc#1064232). - bcache: stop writeback thread after detaching (bsc#1064232). - bcache: store disk name in struct cache and struct cached_dev (bsc#1064232). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064232). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/Xen: disable IBRS around CPU stopper function invocation (none so far). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382). - x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343). - xen/x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382). - xen/x86/cpufeatures: Make CPU bugs sticky (bnc#1012382). - xen/x86/entry: Add a function to overwrite the RSB (bsc#1068032). - xen/x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - xen/x86/mm: Set IBPB upon context switch (bsc#1068032). - xen/x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1605=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1605=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.141.1 kernel-default-base-3.12.61-52.141.1 kernel-default-base-debuginfo-3.12.61-52.141.1 kernel-default-debuginfo-3.12.61-52.141.1 kernel-default-debugsource-3.12.61-52.141.1 kernel-default-devel-3.12.61-52.141.1 kernel-syms-3.12.61-52.141.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.141.1 kernel-macros-3.12.61-52.141.1 kernel-source-3.12.61-52.141.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.141.1 kernel-xen-base-3.12.61-52.141.1 kernel-xen-base-debuginfo-3.12.61-52.141.1 kernel-xen-debuginfo-3.12.61-52.141.1 kernel-xen-debugsource-3.12.61-52.141.1 kernel-xen-devel-3.12.61-52.141.1 kgraft-patch-3_12_61-52_141-default-1-1.5.1 kgraft-patch-3_12_61-52_141-xen-1-1.5.1 lttng-modules-2.4.1-16.6.1 lttng-modules-debugsource-2.4.1-16.6.1 lttng-modules-kmp-default-2.4.1_k3.12.61_52.141-16.6.1 lttng-modules-kmp-default-debuginfo-2.4.1_k3.12.61_52.141-16.6.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.141.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.141.1 kernel-ec2-debuginfo-3.12.61-52.141.1 kernel-ec2-debugsource-3.12.61-52.141.1 kernel-ec2-devel-3.12.61-52.141.1 kernel-ec2-extra-3.12.61-52.141.1 kernel-ec2-extra-debuginfo-3.12.61-52.141.1 References: https://www.suse.com/security/cve/CVE-2018-13053.html https://www.suse.com/security/cve/CVE-2018-13405.html https://www.suse.com/security/cve/CVE-2018-13406.html https://www.suse.com/security/cve/CVE-2018-14734.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1098016 https://bugzilla.suse.com/1099924 https://bugzilla.suse.com/1100416 https://bugzilla.suse.com/1100418 https://bugzilla.suse.com/1103119 From sle-security-updates at lists.suse.com Thu Aug 16 04:36:01 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:36:01 +0200 (CEST) Subject: SUSE-SU-2018:2363-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) Message-ID: <20180816103601.577AEFC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2363-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_82 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1596=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1596=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_82-default-6-2.1 kgraft-patch-3_12_74-60_64_82-xen-6-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_82-default-6-2.1 kgraft-patch-3_12_74-60_64_82-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:36:41 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:36:41 +0200 (CEST) Subject: SUSE-SU-2018:2364-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP1) Message-ID: <20180816103641.9D4DCFC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2364-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_93 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1593=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1593=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_93-default-3-2.1 kgraft-patch-3_12_74-60_64_93-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_93-default-3-2.1 kgraft-patch-3_12_74-60_64_93-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:37:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:37:45 +0200 (CEST) Subject: SUSE-SU-2018:2366-1: important: Security update for the Linux Kernel Message-ID: <20180816103745.E5336FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2366-1 Rating: important References: #1082962 #1083900 #1085107 #1087081 #1089343 #1092904 #1094353 #1096480 #1096728 #1097234 #1098016 #1099924 #1099942 #1100418 #1104475 #1104684 #909361 Cross-References: CVE-2016-8405 CVE-2017-13305 CVE-2018-1000204 CVE-2018-1068 CVE-2018-1130 CVE-2018-12233 CVE-2018-13053 CVE-2018-13406 CVE-2018-3620 CVE-2018-3646 CVE-2018-5803 CVE-2018-5814 CVE-2018-7492 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942). - CVE-2017-13305: A information disclosure vulnerability existed in the encrypted-keys handling. (bnc#1094353). - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could lead to a local kernel information leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728). - CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2018-1130: A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr (bnc#1097234). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c kernel could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418). - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5803: An error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be exploited to cause a kernel crash (bnc#1083900). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962). The following non-security bugs were fixed: - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - disable-prot_none_mitigation.patch: disable prot_none native mitigation (bnc#1104684) - fix pgd underflow (bnc#1104475) custom walk_page_range rework was incorrect and could underflow pgd if the given range was below a first vma. - slab: introduce kmalloc_array() (bsc#909361). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343). - xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-20180809-13731=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20180809-13731=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-20180809-13731=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-20180809-13731=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.106.43.1 kernel-default-base-3.0.101-0.47.106.43.1 kernel-default-devel-3.0.101-0.47.106.43.1 kernel-source-3.0.101-0.47.106.43.1 kernel-syms-3.0.101-0.47.106.43.1 kernel-trace-3.0.101-0.47.106.43.1 kernel-trace-base-3.0.101-0.47.106.43.1 kernel-trace-devel-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.106.43.1 kernel-ec2-base-3.0.101-0.47.106.43.1 kernel-ec2-devel-3.0.101-0.47.106.43.1 kernel-xen-3.0.101-0.47.106.43.1 kernel-xen-base-3.0.101-0.47.106.43.1 kernel-xen-devel-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.106.43.1 kernel-bigsmp-base-3.0.101-0.47.106.43.1 kernel-bigsmp-devel-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.106.43.1 kernel-pae-base-3.0.101-0.47.106.43.1 kernel-pae-devel-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.106.43.1 kernel-trace-extra-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.106.43.1 kernel-default-base-3.0.101-0.47.106.43.1 kernel-default-devel-3.0.101-0.47.106.43.1 kernel-ec2-3.0.101-0.47.106.43.1 kernel-ec2-base-3.0.101-0.47.106.43.1 kernel-ec2-devel-3.0.101-0.47.106.43.1 kernel-pae-3.0.101-0.47.106.43.1 kernel-pae-base-3.0.101-0.47.106.43.1 kernel-pae-devel-3.0.101-0.47.106.43.1 kernel-source-3.0.101-0.47.106.43.1 kernel-syms-3.0.101-0.47.106.43.1 kernel-trace-3.0.101-0.47.106.43.1 kernel-trace-base-3.0.101-0.47.106.43.1 kernel-trace-devel-3.0.101-0.47.106.43.1 kernel-xen-3.0.101-0.47.106.43.1 kernel-xen-base-3.0.101-0.47.106.43.1 kernel-xen-devel-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.106.43.1 kernel-default-debugsource-3.0.101-0.47.106.43.1 kernel-trace-debuginfo-3.0.101-0.47.106.43.1 kernel-trace-debugsource-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.106.43.1 kernel-ec2-debugsource-3.0.101-0.47.106.43.1 kernel-xen-debuginfo-3.0.101-0.47.106.43.1 kernel-xen-debugsource-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.106.43.1 kernel-bigsmp-debugsource-3.0.101-0.47.106.43.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.106.43.1 kernel-pae-debugsource-3.0.101-0.47.106.43.1 References: https://www.suse.com/security/cve/CVE-2016-8405.html https://www.suse.com/security/cve/CVE-2017-13305.html https://www.suse.com/security/cve/CVE-2018-1000204.html https://www.suse.com/security/cve/CVE-2018-1068.html https://www.suse.com/security/cve/CVE-2018-1130.html https://www.suse.com/security/cve/CVE-2018-12233.html https://www.suse.com/security/cve/CVE-2018-13053.html https://www.suse.com/security/cve/CVE-2018-13406.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5803.html https://www.suse.com/security/cve/CVE-2018-5814.html https://www.suse.com/security/cve/CVE-2018-7492.html https://bugzilla.suse.com/1082962 https://bugzilla.suse.com/1083900 https://bugzilla.suse.com/1085107 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1092904 https://bugzilla.suse.com/1094353 https://bugzilla.suse.com/1096480 https://bugzilla.suse.com/1096728 https://bugzilla.suse.com/1097234 https://bugzilla.suse.com/1098016 https://bugzilla.suse.com/1099924 https://bugzilla.suse.com/1099942 https://bugzilla.suse.com/1100418 https://bugzilla.suse.com/1104475 https://bugzilla.suse.com/1104684 https://bugzilla.suse.com/909361 From sle-security-updates at lists.suse.com Thu Aug 16 04:41:05 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:41:05 +0200 (CEST) Subject: SUSE-SU-2018:2367-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1) Message-ID: <20180816104105.4596CFC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2367-1 Rating: important References: #1096564 #1097108 #1099306 Cross-References: CVE-2017-11600 CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_66 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1598=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1598=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_66-default-7-2.1 kgraft-patch-3_12_74-60_64_66-xen-7-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_66-default-7-2.1 kgraft-patch-3_12_74-60_64_66-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1096564 https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:41:51 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:41:51 +0200 (CEST) Subject: SUSE-SU-2018:2368-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1) Message-ID: <20180816104151.0574EFC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2368-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_85 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1595=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1595=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_85-default-6-2.1 kgraft-patch-3_12_74-60_64_85-xen-6-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_85-default-6-2.1 kgraft-patch-3_12_74-60_64_85-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 04:42:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 12:42:32 +0200 (CEST) Subject: SUSE-SU-2018:2369-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12) Message-ID: <20180816104232.0F356FC98@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2369-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_136 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1587=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_136-default-3-2.1 kgraft-patch-3_12_61-52_136-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 07:09:22 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 15:09:22 +0200 (CEST) Subject: SUSE-SU-2018:2374-1: important: Security update for the Linux Kernel Message-ID: <20180816130922.1BF68F7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2374-1 Rating: important References: #1012382 #1023711 #1064232 #1076110 #1078216 #1082653 #1082979 #1085042 #1085536 #1085657 #1087081 #1087659 #1089343 #1089525 #1090123 #1090340 #1090435 #1090888 #1091107 #1092001 #1092207 #1093777 #1094120 #1094244 #1095453 #1095643 #1096790 #1096978 #1097034 #1097501 #1097771 #1098599 #1099306 #1099713 #1099792 #1099810 #1099858 #1099918 #1099966 #1099993 #1100089 #1100132 #1100340 #1100843 #1100930 #1101296 #1101331 #1101658 #1101789 #1102188 #1102197 #1102203 #1102205 #1102207 #1102211 #1102214 #1102215 #1102340 #1102394 #1102683 #1102851 #1103097 #1103119 #1103580 #1103717 #1103745 #1103884 #1104174 #997935 Cross-References: CVE-2017-18344 CVE-2018-14734 CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 63 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.143 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5391: A flaw in the IP packet reassembly could be used by remote attackers to consume CPU time (bnc#1103097). - CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 1103580). The following non-security bugs were fixed: - 1wire: family module autoload fails because of upper/lower case mismatch (bnc#1012382). - Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978) - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS (bnc#1012382). - alsa: hda - Fix pincfg at resume on Lenovo T470 dock (bsc#1099810). - alsa: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() (bnc#1012382). - alsa: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags (bsc#1099810). - arm64: do not open code page table entry creation (bsc#1102197). - arm64: kpti: Use early_param for kpti= command-line option (bsc#1102188). - arm64: Make sure permission updates happen for pmd/pud (bsc#1102197). - arm: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size (bnc#1012382). - arm: dts: imx6q: Use correct SDMA script for SPI5 core (bnc#1012382). - ASoC: cirrus: i2s: Fix LRCLK configuration (bnc#1012382). - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bnc#1012382). - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it (bnc#1012382). - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode (bnc#1012382). - atm: zatm: fix memcmp casting (bnc#1012382). - atm: zatm: Fix potential Spectre v1 (bnc#1012382). - backlight: as3711_bl: Fix Device Tree node lookup (bnc#1012382). - backlight: max8925_bl: Fix Device Tree node lookup (bnc#1012382). - backlight: tps65217_bl: Fix Device Tree node lookup (bnc#1012382). - bcache: add backing_request_endio() for bi_end_io (bsc#1064232). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232). - bcache: add io_disable to struct cached_dev (bsc#1064232). - bcache: add journal statistic (bsc#1076110). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1064232). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064232). - bcache: Annotate switch fall-through (bsc#1064232). - bcache: closures: move control bits one bit right (bsc#1076110). - bcache: correct flash only vols (check all uuids) (bsc#1064232). - bcache: count backing device I/O error for writeback I/O (bsc#1064232). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064232). - bcache: fix crashes in duplicate cache device register (bsc#1076110). - bcache: fix error return value in memory shrink (bsc#1064232). - bcache: fix high CPU occupancy during journal (bsc#1076110). - bcache: Fix, improve efficiency of closure_sync() (bsc#1076110). - bcache: fix inaccurate io state for detached bcache devices (bsc#1064232). - bcache: fix incorrect sysfs output value of strip size (bsc#1064232). - bcache: Fix indentation (bsc#1064232). - bcache: Fix kernel-doc warnings (bsc#1064232). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1064232). - bcache: fix using of loop variable in memory shrink (bsc#1064232). - bcache: fix writeback target calc on large devices (bsc#1076110). - bcache: fix wrong return value in bch_debug_init() (bsc#1076110). - bcache: mark closure_sync() __sched (bsc#1076110). - bcache: move closure debug file into debug directory (bsc#1064232). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064232). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232). - bcache: Remove an unused variable (bsc#1064232). - bcache: ret IOERR when read meets metadata error (bsc#1076110). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064232). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064232). - bcache: set error_limit correctly (bsc#1064232). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064232). - bcache: stop bcache device when backing device is offline (bsc#1064232). - bcache: stop dc->writeback_rate_update properly (bsc#1064232). - bcache: stop writeback thread after detaching (bsc#1076110). - bcache: store disk name in struct cache and struct cached_dev (bsc#1064232). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064232). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110). - bcm63xx_enet: correct clock usage (bnc#1012382). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (bnc#1012382). - blkcg: simplify statistic accumulation code (bsc#1082979). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: Fix transfer when chunk sectors exceeds max (bnc#1012382). - block/swim: Fix array bounds check (bsc#1082979). - bluetooth: Fix connection if directed advertising and privacy is used (bnc#1012382). - bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader (bnc#1012382). - bonding: re-evaluate force_primary when the primary slave name changes (bnc#1012382). - bpf: fix loading of BPF_MAXINSNS sized programs (bsc#1012382). - bpf, x64: fix memleak when not converging after image (bsc#1012382). - btrfs: fix clone vs chattr NODATASUM race (bnc#1012382). - btrfs: fix unexpected cow in run_delalloc_nocow (bnc#1012382). - btrfs: make raid6 rebuild retry more (bnc#1012382). - btrfs: scrub: Do not use inode pages for device replace (bnc#1012382). - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (bsc#1099858). - cachefiles: Fix refcounting bug in backing-file read monitoring (bsc#1099858). - cachefiles: Wait rather than BUG'ing on "Unexpected object collision" (bsc#1099858). - cdc_ncm: avoid padding beyond end of skb (bnc#1012382). - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123). - cifs: Fix infinite loop when using hard mount option (bnc#1012382). - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled (bnc#1012382). - compiler, clang: properly override 'inline' for clang (bnc#1012382). - compiler, clang: suppress warning for unused static inline functions (bnc#1012382). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (bnc#1012382). - CONFIG_HOTPLUG_SMT=y - cpufreq: Fix new policy initialization during limits updates via sysfs (bnc#1012382). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - cpuidle: powernv: Fix promotion from snooze if next state disabled (bnc#1012382). - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak (bnc#1012382). - crypto: crypto4xx - remove bad list_del (bnc#1012382). - dm: convert DM printk macros to pr_ macros (bsc#1099918). - dm: fix printk() rate limiting code (bsc#1099918). - dm thin: handle running out of data space vs concurrent discard (bnc#1012382). - dm thin metadata: remove needless work from __commit_transaction (bsc#1082979). - drbd: fix access after free (bnc#1012382). - driver core: Do not ignore class_dir_create_and_add() failure (bnc#1012382). - drm/msm: Fix possible null dereference on failure of get_pages() (bsc#1102394). - drm: re-enable error handling (bsc#1103884). - esp6: fix memleak on error path in esp6_input (git-fixes). - ext4: add more inode number paranoia checks (bnc#1012382). - ext4: add more mount time checks of the superblock (bnc#1012382). - ext4: always check block group bounds in ext4_init_block_bitmap() (bnc#1012382). - ext4: check superblock mapped prior to committing (bnc#1012382). - ext4: clear i_data in ext4_inode_info when removing inline data (bnc#1012382). - ext4: fix fencepost error in check for inode count overflow during resize (bnc#1012382). - ext4: include the illegal physical block in the bad map ext4_error msg (bnc#1012382). - ext4: make sure bitmaps and the inode table do not overlap with bg descriptors (bnc#1012382). - ext4: only look at the bg_flags field if it is valid (bnc#1012382). - ext4: update mtime in ext4_punch_hole even if no blocks are released (bnc#1012382). - ext4: verify the depth of extent tree in ext4_find_extent() (bnc#1012382). - fscache: Allow cancelled operations to be enqueued (bsc#1099858). - fscache: Fix reference overput in fscache_attach_object() error handling (bsc#1099858). - fuse: atomic_o_trunc should truncate pagecache (bnc#1012382). - fuse: do not keep dead fuse_conn at fuse_fill_super() (bnc#1012382). - fuse: fix control dir setup and teardown (bnc#1012382). - genirq: Make force irq threading setup more robust (bsc#1082979). - hid: debug: check length before copy_to_user() (bnc#1012382). - hid: hiddev: fix potential Spectre v1 (bnc#1012382). - hid: i2c-hid: Fix "incomplete report" noise (bnc#1012382). - hid: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter (bnc#1012382). - i2c: rcar: fix resume by always initializing registers before transfer (bnc#1012382). - ib/isert: fix T10-pi check mask setting (bsc#1082979). - ibmasm: do not write out of bounds in read handler (bnc#1012382). - ibmvnic: Fix error recovery on login failure (bsc#1101789). - ibmvnic: Remove code to request error information (bsc#1104174). - ibmvnic: Revise RX/TX queue error messages (bsc#1101331). - ibmvnic: Update firmware error reporting with cause string (bsc#1104174). - ib/qib: Fix DMA api warning with debug kernel (bnc#1012382). - iio:buffer: make length types match kfifo types (bnc#1012382). - input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bnc#1012382). - input: elan_i2c_smbus - fix more potential stack buffer overflows (bnc#1012382). - input: elantech - enable middle button of touchpads on ThinkPad P52 (bnc#1012382). - input: elantech - fix V4 report decoding for module with middle key (bnc#1012382). - iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034). - ipmi:bt: Set the timeout before doing a capabilities check (bnc#1012382). - ipv4: Fix error return value in fib_convert_metrics() (bnc#1012382). - ipvs: fix buffer overflow with sync daemon and service (bnc#1012382). - iw_cxgb4: correctly enforce the max reg_mr depth (bnc#1012382). - jbd2: do not mark block as modified if the handle is out of credits (bnc#1012382). - kabi protect net/core/utils.c includes (bsc#1095643). - kABI: protect struct loop_device (kabi). - kABI: reintroduce __static_cpu_has_safe (kabi). - kabi/severities: add 'drivers/md/bcache/* PASS' since no one uses symboles expoted by bcache. - kbuild: fix # escaping in .cmd files for future Make (bnc#1012382). - keys: DNS: fix parsing multiple options (bnc#1012382). - kmod: fix wait on recursive loop (bsc#1099792). - kmod: reduce atomic operations on kmod_concurrent and simplify (bsc#1099792). - kmod: throttle kmod thread limit (bsc#1099792). - kprobes/x86: Do not modify singlestep buffer while resuming (bnc#1012382). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1102215). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1102214). - libata: do not try to pass through NCQ commands to non-NCQ devices (bsc#1082979). - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bnc#1012382). - libata: zpodd: make arrays cdb static, reduces object code size (bnc#1012382). - libata: zpodd: small read overflow in eject_tray() (bnc#1012382). - lib/vsprintf: Remove atomic-unsafe support for %pCr (bnc#1012382). - linvdimm, pmem: Preserve read-only setting for pmem devices (bnc#1012382). - loop: add recursion validation to LOOP_CHANGE_FD (bnc#1012382). - loop: remember whether sysfs_create_group() was done (bnc#1012382). - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() (bnc#1012382). - media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bnc#1012382). - media: cx25840: Use subdev host data for PLL override (bnc#1012382). - media: dvb_frontend: fix locking issues at dvb_frontend_get_event() (bnc#1012382). - media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918). - media: v4l2-compat-ioctl32: prevent go past max size (bnc#1012382). - mfd: intel-lpss: Program REMAP register in PIO mode (bnc#1012382). - mips: ftrace: fix static function graph tracing (bnc#1012382). - mmc: dw_mmc: fix card threshold control configuration (bsc#1102203). - mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing (bsc#1097771). - mm: hugetlb: yield when prepping struct pages (bnc#1012382). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bnc#1012382). - mtd: cfi_cmdset_0002: Change definition naming to retry write operation (bnc#1012382). - mtd: cfi_cmdset_0002: Change erase functions to check chip good only (bnc#1012382). - mtd: cfi_cmdset_0002: Change erase functions to retry for error (bnc#1012382). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bnc#1012382). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bnc#1012382). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bnc#1012382). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bnc#1012382). - mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS (bsc#1099918). - mtd: partitions: add helper for deleting partition (bsc#1099918). - mtd: partitions: remove sysfs files when deleting all master's partitions (bsc#1099918). - mtd: rawnand: mxc: set spare area size register explicitly (bnc#1012382). - net: cxgb3_main: fix potential Spectre v1 (bnc#1012382). - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() (bnc#1012382). - net: dccp: switch rx_tstamp_last_feedback to monotonic clock (bnc#1012382). - netfilter: ebtables: handle string from userspace with care (bnc#1012382). - netfilter: ebtables: reject non-bridge targets (bnc#1012382). - netfilter: nf_log: do not hold nf_log_mutex during user access (bnc#1012382). - netfilter: nf_queue: augment nfqa_cfg_policy (bnc#1012382). - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() (bnc#1012382). - netfilter: x_tables: initialise match/target check parameter struct (bnc#1012382). - net/mlx5: Fix command interface race in polling mode (bnc#1012382). - net/mlx5: Fix incorrect raw command length parsing (bnc#1012382). - net: mvneta: fix the Rx desc DMA address in the Rx path (bsc#1102207). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bnc#1012382). - net: off by one in inet6_pton() (bsc#1095643). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1102205). - net: qmi_wwan: Add Netgear Aircard 779S (bnc#1012382). - net_sched: blackhole: tell upper qdisc about dropped packets (bnc#1012382). - net/sonic: Use dma_mapping_error() (bnc#1012382). - net: sungem: fix rx checksum support (bnc#1012382). - net/utils: generic inet_pton_with_scope helper (bsc#1095643). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (bnc#1012382). - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message (bnc#1012382). - n_tty: Access echo_* variables carefully (bnc#1012382). - n_tty: Fix stall at n_tty_receive_char_special() (bnc#1012382). - null_blk: use sector_div instead of do_div (bsc#1082979). - nvme-pci: initialize queue memory before interrupts (bnc#1012382). - nvme-rdma: Check remotely invalidated rkey matches our expected rkey (bsc#1092001). - nvme-rdma: default MR page size to 4k (bsc#1092001). - nvme-rdma: do not complete requests before a send work request has completed (bsc#1092001). - nvme-rdma: do not suppress send completions (bsc#1092001). - nvme-rdma: Fix command completion race at error recovery (bsc#1090435). - nvme-rdma: make nvme_rdma_[create|destroy]_queue_ib symmetrical (bsc#1092001). - nvme-rdma: use inet_pton_with_scope helper (bsc#1095643). - nvme-rdma: Use mr pool (bsc#1092001). - nvme-rdma: wait for local invalidation before completing a request (bsc#1092001). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bnc#1012382). - of: unittest: for strings, account for trailing \0 in property length field (bnc#1012382). - ovl: fix random return value on mount (bsc#1099993). - ovl: fix uid/gid when creating over whiteout (bsc#1099993). - ovl: override creds with the ones from the superblock mounter (bsc#1099993). - pci: ibmphp: Fix use-before-set in get_max_bus_speed() (bsc#1100132). - pci: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume (bnc#1012382). - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP (bnc#1012382). - perf intel-pt: Fix MTC timing after overflow (bnc#1012382). - perf intel-pt: Fix packet decoding of CYC packets (bnc#1012382). - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING (bnc#1012382). - perf intel-pt: Fix "Unexpected indirect branch" error (bnc#1012382). - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 (bnc#1012382). - perf tools: Move syscall number fallbacks from perf-sys.h to tools/arch/x86/include/asm/ (bnc#1012382). - PM / hibernate: Fix oops at snapshot_write() (bnc#1012382). - powerpc/64: Initialise thread_info for emergency stacks (bsc#1094244, bsc#1100930, bsc#1102683). - powerpc/64s: Exception macro for stack frame and initial register save (bsc#1094244). - powerpc/64s: Fix mce accounting for powernv (bsc#1094244). - powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382). - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bnc#1012382). - powerpc/ptrace: Fix enforcement of DAWR constraints (bnc#1012382). - powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG (bnc#1012382). - qed: Limit msix vectors in kdump kernel to the minimum required count (bnc#1012382). - qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1085657). - qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1085657). - qla2xxx: Fix NULL pointer derefrence for fcport search (bsc#1085657). - r8152: napi hangup fix after disconnect (bnc#1012382). - RDMA/mlx4: Discard unknown SQP work requests (bnc#1012382). - RDMA/ocrdma: Fix an error code in ocrdma_alloc_pd() (bsc#1082979). - RDMA/ocrdma: Fix error codes in ocrdma_create_srq() (bsc#1082979). - RDMA/ucm: Mark UCM interface as BROKEN (bnc#1012382). - rds: avoid unenecessary cong_update in loop transport (bnc#1012382). - restore cond_resched() in shrink_dcache_parent() (bsc#1098599). - Revert 'block-cancel-workqueue-entries-on-blk_mq_freeze_queue' (bsc#1103717 - Revert "Btrfs: fix scrub to repair raid6 corruption" (bnc#1012382). - Revert "sit: reload iphdr in ipip6_rcv" (bnc#1012382). - Revert "x86/cpufeature: Move some of the scattered feature bits to x86_capability" (kabi). - Revert "x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6" (kabi). - rmdir(),rename(): do shrink_dcache_parent() only on success (bsc#1100340). - rpm/config.sh: Add support for non-default upstream URL Currently the scripts assume Linus' tree as the upstream URL where to pull things from. One may want to package test kernels from other upstream repos. Add support to add an URL to config.sh. - rtlwifi: rtl8821ae: fix firmware is not ready to run (bnc#1012382). - run_oldconfig.sh: Add --olddefconfig as an alias to --yes On later kernels there is the make target 'olddefconfig'. This is equvalent to what the '--yes' option does. Therefore, add the option '--olddefconfig' as an alias. - s390: Correct register corruption in critical section cleanup (bnc#1012382). - s390/qeth: fix error handling in adapter command callbacks (bnc#1103745, LTC#169699). - sched/smt: Update sched_smt_present at runtime (bsc#1089343). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - scsi: lpfc: Change IO submit return to EBUSY if remote port is recovering (bsc#1092207). - scsi: lpfc: correct oversubscription of nvme io requests for an adapter (bsc#1095453). - scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt (bsc#1092207). - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525). - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1095453). - scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc (bsc#1095453). - scsi: lpfc: Fix MDS diagnostics failure (Rx < Tx) (bsc#1095453). - scsi: lpfc: Fix port initialization failure (bsc#1095453). - scsi: lpfc: Fix up log messages and stats counters in IO submit code path (bsc#1092207). - scsi: lpfc: Handle new link fault code returned by adapter firmware (bsc#1092207). - scsi: lpfc: update driver version to 11.4.0.7-3 (bsc#1092207). - scsi: lpfc: update driver version to 11.4.0.7-4 (bsc#1095453). - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails (bnc#1012382). - scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1097501) - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1082979). - scsi: sg: fix minor memory leak in error path (bsc#1082979). - scsi: sg: mitigate read/write abuse (bsc#1101296). - scsi: target: fix crash with iscsi target and dvd (bsc#1082979). - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (LTC#168765 bnc#1012382 bnc#1099713). - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version (bnc#1012382). - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user (bnc#1012382). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132). - smsc95xx: Configure pause time to 0xffff when tx flow control enabled (bsc#1085536). - spi: Fix scatterlist elements size in spi_map_buf (bnc#1012382). - staging: android: ion: Return an ERR_PTR in ion_map_kernel (bnc#1012382). - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write() (bnc#1012382). - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() (bnc#1012382). - tcp: fix Fast Open key endianness (bnc#1012382). - tcp: prevent bogus FRTO undos with non-SACK flows (bnc#1012382). - tcp: verify the checksum of the first data segment in a new connection (bnc#1012382). - time: Make sure jiffies_to_msecs() preserves non-zero time periods (bnc#1012382). - tracing: Fix missing return symbol in function_graph output (bnc#1012382). - ubi: fastmap: Cancel work upon detach (bnc#1012382). - ubi: fastmap: Correctly handle interrupted erasures in EBA (bnc#1012382). - ubifs: Fix potential integer overflow in allocation (bnc#1012382). - udf: Detect incorrect directory size (bnc#1012382). - Update config files. CONFIG_X86_FAST_FEATURE_TESTS=y - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() (bnc#1012382). - usb: cdc_acm: Add quirk for Uniden UBC125 scanner (bnc#1012382). - usb: core: handle hub C_PORT_OVER_CURRENT condition (bsc#1100132). - usb: do not reset if a low-speed or full-speed device timed out (bnc#1012382). - usb: musb: fix remote wakeup racing with suspend (bnc#1012382). - usb: quirks: add delay quirks for Corsair Strafe (bnc#1012382). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bnc#1012382). - usb: serial: cp210x: add another USB ID for Qivicon ZigBee stick (bnc#1012382). - usb: serial: cp210x: add CESINEL device ids (bnc#1012382). - usb: serial: cp210x: add Silicon Labs IDs for Windows Update (bnc#1012382). - usb: serial: keyspan_pda: fix modem-status error handling (bnc#1012382). - usb: serial: mos7840: fix status-register error handling (bnc#1012382). - usb: yurex: fix out-of-bounds uaccess in read handler (bnc#1012382). - vfio: platform: Fix reset module leak in error path (bsc#1102211). - vhost_net: validate sock before trying to put its fd (bnc#1012382). - video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bsc#1090888 bsc#1099966). - video: uvesafb: Fix integer overflow in allocation (bnc#1012382). - vmw_balloon: fix inflation with batching (bnc#1012382). - w1: mxc_w1: Enable clock before calling clk_get_rate() on it (bnc#1012382). - wait: add wait_event_killable_timeout() (bsc#1099792). - watchdog: da9063: Fix setting/changing timeout (bsc#1100843). - watchdog: da9063: Fix timeout handling during probe (bsc#1100843). - watchdog: da9063: Fix updating timeout value (bsc#1100843). - x86/alternatives: Add an auxilary section (bnc#1012382). - x86/alternatives: Discard dynamic check after init (bnc#1012382). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/asm: Add _ASM_ARG* constants for argument registers to (bnc#1012382). - x86/boot: Simplify kernel load address alignment check (bnc#1012382). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). Update config files. - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpufeature: Add helper macro for mask check macros (bnc#1012382). - x86/cpufeature: Carve out X86_FEATURE_* (bnc#1012382). - x86/cpufeature: Get rid of the non-asm goto variant (bnc#1012382). - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated (bnc#1012382). - x86/cpufeature: Move some of the scattered feature bits to x86_capability (bnc#1012382). - x86/cpufeature: Replace the old static_cpu_has() with safe variant (bnc#1012382). - x86/cpufeature: Speed up cpu_feature_enabled() (bnc#1012382). - x86/cpufeature: Update cpufeaure macros (bnc#1012382). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (bnc#1012382). - x86/cpu: Provide a config option to disable static_cpu_has (bnc#1012382). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/fpu: Add an XSTATE_OP() macro (bnc#1012382). - x86/fpu: Get rid of xstate_fault() (bnc#1012382). - x86/headers: Do not include asm/processor.h in asm/atomic.h (bnc#1012382). - x86/mce: Fix incorrect "Machine check from unknown source" message (bnc#1012382). - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits (bnc#1012382). - x86/mm: Simplify p[g4um]d_page() macros (1087081). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - x86/vdso: Use static_cpu_has() (bnc#1012382). - xen/grant-table: log the lack of grants (bnc#1085042). - xen-netfront: Fix mismatched rtnl_unlock (bnc#1101658). - xen-netfront: Update features after registering netdev (bnc#1101658). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1012382). - xfrm6: avoid potential infinite loop in _decode_session6() (bnc#1012382). - xfrm: Ignore socket policies when rebuilding hash tables (bnc#1012382). - xfrm: skip policies marked as dead while rehashing (bnc#1012382). - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bnc#1012382). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1606=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1606=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-azure-4.4.143-4.13.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-azure-4.4.143-4.13.1 kernel-source-azure-4.4.143-4.13.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): kernel-azure-4.4.143-4.13.1 kernel-azure-base-4.4.143-4.13.1 kernel-azure-base-debuginfo-4.4.143-4.13.1 kernel-azure-debuginfo-4.4.143-4.13.1 kernel-azure-debugsource-4.4.143-4.13.1 kernel-azure-devel-4.4.143-4.13.1 References: https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2018-14734.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2018-5391.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1023711 https://bugzilla.suse.com/1064232 https://bugzilla.suse.com/1076110 https://bugzilla.suse.com/1078216 https://bugzilla.suse.com/1082653 https://bugzilla.suse.com/1082979 https://bugzilla.suse.com/1085042 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085657 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1087659 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1089525 https://bugzilla.suse.com/1090123 https://bugzilla.suse.com/1090340 https://bugzilla.suse.com/1090435 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091107 https://bugzilla.suse.com/1092001 https://bugzilla.suse.com/1092207 https://bugzilla.suse.com/1093777 https://bugzilla.suse.com/1094120 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1095453 https://bugzilla.suse.com/1095643 https://bugzilla.suse.com/1096790 https://bugzilla.suse.com/1096978 https://bugzilla.suse.com/1097034 https://bugzilla.suse.com/1097501 https://bugzilla.suse.com/1097771 https://bugzilla.suse.com/1098599 https://bugzilla.suse.com/1099306 https://bugzilla.suse.com/1099713 https://bugzilla.suse.com/1099792 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1099858 https://bugzilla.suse.com/1099918 https://bugzilla.suse.com/1099966 https://bugzilla.suse.com/1099993 https://bugzilla.suse.com/1100089 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1100340 https://bugzilla.suse.com/1100843 https://bugzilla.suse.com/1100930 https://bugzilla.suse.com/1101296 https://bugzilla.suse.com/1101331 https://bugzilla.suse.com/1101658 https://bugzilla.suse.com/1101789 https://bugzilla.suse.com/1102188 https://bugzilla.suse.com/1102197 https://bugzilla.suse.com/1102203 https://bugzilla.suse.com/1102205 https://bugzilla.suse.com/1102207 https://bugzilla.suse.com/1102211 https://bugzilla.suse.com/1102214 https://bugzilla.suse.com/1102215 https://bugzilla.suse.com/1102340 https://bugzilla.suse.com/1102394 https://bugzilla.suse.com/1102683 https://bugzilla.suse.com/1102851 https://bugzilla.suse.com/1103097 https://bugzilla.suse.com/1103119 https://bugzilla.suse.com/1103580 https://bugzilla.suse.com/1103717 https://bugzilla.suse.com/1103745 https://bugzilla.suse.com/1103884 https://bugzilla.suse.com/1104174 https://bugzilla.suse.com/997935 From sle-security-updates at lists.suse.com Thu Aug 16 10:09:51 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 18:09:51 +0200 (CEST) Subject: SUSE-SU-2018:2380-1: important: Security update for the Linux Kernel Message-ID: <20180816160951.D7A78F7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2380-1 Rating: important References: #1051510 #1051979 #1066110 #1077761 #1086274 #1086314 #1087081 #1089343 #1099811 #1099813 #1099844 #1099845 #1099846 #1099849 #1099858 #1099863 #1099864 #1100132 #1101116 #1101331 #1101669 #1101828 #1101832 #1101833 #1101837 #1101839 #1101841 #1101843 #1101844 #1101845 #1101847 #1101852 #1101853 #1101867 #1101872 #1101874 #1101875 #1101882 #1101883 #1101885 #1101887 #1101890 #1101891 #1101893 #1101895 #1101896 #1101900 #1101902 #1101903 #1102633 #1102658 #1103097 #1103356 #1103421 #1103517 #1103723 #1103724 #1103725 #1103726 #1103727 #1103728 #1103729 #1103730 #1103917 #1103920 #1103948 #1103949 #1104066 #1104111 #1104174 #1104211 #1104319 Cross-References: CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-3620 CVE-2018-3646 CVE-2018-5391 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 61 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5391 aka "FragmentSmack": A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). - CVE-2018-10876: A flaw was found in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811) - CVE-2018-10877: The ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846) - CVE-2018-10878: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (bnc#1099813) - CVE-2018-10879: A flaw was found in the ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (bnc#1099844) - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. (bnc#1099845) - CVE-2018-10881: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099864) - CVE-2018-10882: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. (bnc#1099849) - CVE-2018-10883: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099863) The following non-security bugs were fixed: - acpi / lpss: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2 (bsc#1051510). - af_key: Always verify length of provided sadb_key (bsc#1051510). - af_key: fix buffer overread in parse_exthdrs() (bsc#1051510). - af_key: fix buffer overread in verify_address_len() (bsc#1051510). - afs: Fix directory permissions check (bsc#1101828). - agp: uninorth: make two functions static (bsc#1051510). - alsa: emu10k1: add error handling for snd_ctl_add (bsc#1051510). - alsa: emu10k1: Rate-limit error messages about page errors (bsc#1051510). - alsa: fm801: add error handling for snd_ctl_add (bsc#1051510). - alsa: usb-audio: Apply rate limit to warning messages in URB complete callback (bsc#1051510). - arm64: Correct type for PUD macros (bsc#1103723). - arm64: Disable unhandled signal log messages by default (bsc#1103724). - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1103725). - arm64: mm: Fix set_memory_valid() declaration (bsc#1103726). - arm64: perf: correct PMUVer probing (bsc#1103727). - arm64: ptrace: Avoid setting compat FPR to garbage if get_user fails (bsc#1103728). - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics (bsc#1103729). - arm64: vdso: fix clock_getres for 4GiB-aligned res (bsc#1103730). - arm: 8715/1: add a private asm/unaligned.h (bsc#1051510). - arm: 8720/1: ensure dump_instr() checks addr_limit (bsc#1051510). - arm: 8721/1: mm: dump: check hardware RO bit for LPAE (bsc#1051510). - arm: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE (bsc#1051510). - arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch (bsc#1051510). - arm: 8743/1: bL_switcher: add MODULE_LICENSE tag (bsc#1051510). - arm: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] (bsc#1051510). - arm: 8748/1: mm: Define vdso_start, vdso_end as array (bsc#1051510). - arm: 8753/1: decompressor: add a missing parameter to the addruart macro (bsc#1051510). - arm: 8758/1: decompressor: restore r1 and r2 just before jumping to the kernel (bsc#1051510). - arm: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size (bsc#1051510). - arm: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed (bsc#1051510). - arm: 8770/1: kprobes: Prohibit probing on optimized_callback (bsc#1051510). - arm: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bsc#1051510). - arm: 8772/1: kprobes: Prohibit kprobes on get_user functions (bsc#1051510). - arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function (bsc#1051510). - arm: amba: Fix race condition with driver_override (bsc#1051510). - arm: amba: Fix wrong indentation in driver_override_store() (bsc#1051510). - arm: amba: Make driver_override output consistent with other buses (bsc#1051510). - arm: at91: do not select CONFIG_ARM_CPU_SUSPEND for old platforms (bsc#1051510). - arm: avoid faulting on qemu (bsc#1051510). - arm: BUG if jumping to usermode address in kernel mode (bsc#1051510). - arm-ccn: perf: Prevent module unload while PMU is in use (bsc#1051510). - arm: davinci: Add dma_mask to dm365's eDMA device (bsc#1051510). - arm: davinci: board-da830-evm: fix GPIO lookup for MMC/SD (bsc#1051510). - arm: davinci: board-da850-evm: fix GPIO lookup for MMC/SD (bsc#1051510). - arm: davinci: board-da850-evm: fix WP pin polarity for MMC/SD (bsc#1051510). - arm: davinci: board-dm355-evm: fix broken networking (bsc#1051510). - arm: davinci: board-dm646x-evm: pass correct I2C adapter id for VPIF (bsc#1051510). - arm: davinci: board-dm646x-evm: set VPIF capture card name (bsc#1051510). - arm: davinci: board-omapl138-hawk: fix GPIO numbers for MMC/SD lookup (bsc#1051510). - arm: davinci: dm646x: fix timer interrupt generation (bsc#1051510). - arm: davinci: fix mmc entries in dm365's dma_slave_map (bsc#1051510). - arm: davinci: fix the GPIO lookup for omapl138-hawk (bsc#1051510). - arm: davinci: Use platform_device_register_full() to create pdev for dm365's eDMA (bsc#1051510). - arm: DRA722: remove redundant definition of 1.0 device (bsc#1051510). - arm: fix return value of parse_cpu_capacity (bsc#1051510). - arm: kexec: fix failure to boot crash kernel (bsc#1051510). - arm: kexec: fix kdump register saving on panic() (bsc#1051510). - arm: keystone: fix platform_domain_notifier array overrun (bsc#1051510). - arm: kvm: fix building with gcc-8 (bsc#1051510). - arm: multi_v7_defconfig: Replace DRM_RCAR_HDMI by generic bridge options (bsc#1051510). - arm: multi_v7_defconfig: Replace SND_SOC_RSRC_CARD by SND_SIMPLE_SCU_CARD (bsc#1051510). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bsc#1051510). - arm: OMAP1: clock: Fix debugfs_create_*() usage (bsc#1051510). - arm: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context (bsc#1051510). - arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (bsc#1051510). - arm: OMAP2+: omap_device: drop broken RPM status update from suspend_noirq (bsc#1051510). - arm: OMAP2+: powerdomain: use raw_smp_processor_id() for trace (bsc#1051510). - arm: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt (bsc#1051510). - arm: OMAP3: Fix prm wake interrupt for resume (bsc#1051510). - arm: OMAP3: hwmod_data: add missing module_offs for MMC3 (bsc#1051510). - arm: OMAP3+: PRM: fix of_irq_get() result check (bsc#1051510). - arm: OMAP4+: PRM: fix of_irq_get() result checks (bsc#1051510). - arm: OMAP: Fix dmtimer init for omap1 (bsc#1051510). - arm: OMAP: Fix SRAM W+X mapping (bsc#1051510). - arm: orion5x: Revert commit 4904dbda41c8 (bsc#1051510). - arm: orion: fix orion_ge00_switch_board_info initialization (bsc#1051510). - arm: pxa: select both FB and FB_W100 for eseries (bsc#1051510). - arm: pxa/tosa-bt: add MODULE_LICENSE tag (bsc#1051510). - arm: remove wrong CONFIG_PROC_SYSCTL ifdef (bsc#1051510). - arm: s3c24xx: Fix NAND ECC mode for mini2440 board (bsc#1051510). - arm: shmobile: defconfig: Enable missing PCIE_RCAR dependency (bsc#1051510). - arm: shmobile: defconfig: Replace DRM_RCAR_HDMI by generic bridge options (bsc#1051510). - arm: shmobile: defconfig: Replace SND_SOC_RSRC_CARD by SND_SIMPLE_SCU_CARD (bsc#1051510). - arm: shmobile: defconfig: Replace USB_XHCI_RCAR by USB_XHCI_PLATFORM (bsc#1051510). - arm: shmobile: rcar-gen2: Fix deadlock in regulator quirk (bsc#1051510). - arm: socfpga_defconfig: Remove QSPI Sector 4K size force (bsc#1051510). - arm: spear13xx: Fix dmas cells (bsc#1051510). - arm: sunxi_defconfig: Enable CMA (bsc#1051510). - arm: sunxi: fix the core number of V3s in sunxi README (bsc#1051510). - asoc: dpcm: fix BE dai not hw_free and shutdown (bsc#1051510). - asoc: topology: Add missing clock gating parameter when parsing hw_configs (bsc#1051510). - asoc: topology: Fix bclk and fsync inversion in set_link_hw_format() (bsc#1051510). - ata: do not schedule hot plug if it is a sas host (). - ath: Add regulatory mapping for APL13_WORLD (bsc#1051510). - ath: Add regulatory mapping for APL2_FCCA (bsc#1051510). - ath: Add regulatory mapping for Bahamas (bsc#1051510). - ath: Add regulatory mapping for Bermuda (bsc#1051510). - ath: Add regulatory mapping for ETSI8_WORLD (bsc#1051510). - ath: Add regulatory mapping for FCC3_ETSIC (bsc#1051510). - ath: Add regulatory mapping for Serbia (bsc#1051510). - ath: Add regulatory mapping for Tanzania (bsc#1051510). - ath: Add regulatory mapping for Uganda (bsc#1051510). - audit: fix potential null dereference 'context->module.name' (bsc#1051510). - backlight: pwm_bl: Do not use GPIOF_* with gpiod_get_direction (bsc#1051510). - bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue (bsc#1101867). - befs_lookup(): use d_splice_alias() (bsc#1101844). - block: Fix transfer when chunk sectors exceeds max (bsc#1101874). - bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bsc#1051510). - bluetooth: btusb: add ID for LiteOn 04ca:301a (bsc#1051510). - bluetooth: hci_qca: Fix "Sleep inside atomic section" warning (bsc#1051510). - branch-check: fix long->int truncation when profiling branches (bsc#1101116,). - brcmfmac: Add support for bcm43364 wireless chipset (bsc#1051510). - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (bsc#1099858). - cachefiles: Fix refcounting bug in backing-file read monitoring (bsc#1099858). - cachefiles: Wait rather than BUG'ing on "Unexpected object collision" (bsc#1099858). - can: dev: increase bus-off message severity (bsc#1051510). - can: ems_usb: Fix memory leak on ems_usb_disconnect() (bsc#1051510). - can: m_can: change comparison to bitshift when dealing with a mask (bsc#1051510). - cdrom: do not call check_disk_change() inside cdrom_open() (bsc#1101872). - clk: at91: fix clk-generated compilation (bsc#1051510). - clk: renesas: cpg-mssr: Stop using printk format %pCr (bsc#1051510). - coccinelle: fix parallel build with CHECK=scripts/coccicheck (bsc#1051510). - compiler.h: enable builtin overflow checkers and add fallback code (bsc#1101116,). - cpufreq: intel_pstate: Limit the scope of HWP dynamic boost platforms (bsc#1066110). - cpu/hotplug: Make bringup/teardown of smp threads symmetric (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - crypto: authenc - do not leak pointers to authenc keys (bsc#1051510). - crypto: authencesn - do not leak pointers to authenc keys (bsc#1051510). - crypto: padlock-aes - Fix Nano workaround data corruption (bsc#1051510). - delayacct: fix crash in delayacct_blkio_end() after delayacct init failure (bsc#1104066). - dm: add writecache target (bsc#1101116,). - dm: prevent DAX mounts if not supported (bsc#1103917). - dm writecache: support optional offset for start of device (bsc#1101116,). - dm writecache: use 2-factor allocator arguments (bsc#1101116,). - doc: Add vendor prefix for Kieback & Peter GmbH (bsc#1051510). - drivers: soc: sunxi: fix error processing on base address when claiming (bsc#1051510). - drm: Add DP PSR2 sink enable bit (bsc#1051510). - drm/amdgpu: Remove VRAM from shared bo domains (bsc#1051510). - drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() (bsc#1051510). - drm/atomic: Handling the case when setting old crtc for plane (bsc#1051510). - drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown() (bsc#1051510). - drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy (bsc#1051510). - drm/atomic: Make async plane update checks work as intended, v2 (bsc#1051510). - drm/atomic: Make atomic helper track newly assigned planes correctly, v2 (bsc#1051510). - drm/atomic: Make atomic iterators less surprising (bsc#1051510). - drm/dp/mst: Fix off-by-one typo when dump payload table (bsc#1051510). - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bsc#1051510). - drm/nouveau/fifo/gk104-: poll for runlist update completion (bsc#1051510). - drm/radeon: fix mode_valid's return type (bsc#1051510). - drm: re-enable error handling (bsc#1051510). - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats (bsc#1051510). - Enable / support pinctrl-lewisburg () - ext2: fix a block leak (bsc#1101875). - ext4: add more mount time checks of the superblock (bsc#1101900). - ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget() (bsc#1101896). - ext4: check superblock mapped prior to committing (bsc#1101902). - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841). - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix fencepost error in check for inode count overflow during resize (bsc#1101853). - ext4: include the illegal physical block in the bad map ext4_error msg (bsc#1101903). - ext4: report delalloc reserve as non-free in statfs for project quota (bsc#1101843). - ext4: update mtime in ext4_punch_hole even if no blocks are released (bsc#1101895). - f2fs: call unlock_new_inode() before d_instantiate() (bsc#1101837). - fix io_destroy()/aio_complete() race (bsc#1101852). - Force log to disk before reading the AGF during a fstrim (bsc#1101893). - fs: allow per-device dax status checking for filesystems (bsc#1103917). - fscache: Allow cancelled operations to be enqueued (bsc#1099858). - fscache: Fix hanging wait on page discarded by writeback (bsc#1101885). - fscache: Fix reference overput in fscache_attach_object() error handling (bsc#1099858). - fs: clear writeback errors in inode_init_always (bsc#1101882). - fs: do not scan the inode cache before SB_BORN is set (bsc#1101883). - genirq: Check __free_irq() return value for NULL (bsc#1103517). - hid: hid-plantronics: Re-resend Update to map button for PTT products (bsc#1051510). - hid: i2c-hid: check if device is there before really probing (bsc#1051510). - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close (bsc#1051510). - hv_netvsc: Ensure correct teardown message sequence order (). - hv/netvsc: fix handling of fallback to single queue mode (). - hv_netvsc: Fix net device attach on older Windows hosts (). - hv_netvsc: set master device (bsc#1051979). - hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl() (). - hv_netvsc: split sub-channel setup into async and sync (). - hv_netvsc: Use Windows version instead of NVSP version on GPAD teardown (). - ibmasm: do not write out of bounds in read handler (bsc#1051510). - ibmvnic: Remove code to request error information (bsc#1104174). - ibmvnic: Revise RX/TX queue error messages (bsc#1101331). - ibmvnic: Update firmware error reporting with cause string (bsc#1104174). - input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bsc#1051510). - input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST (bsc#1051510). - input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bsc#1051510). - irqchip: brcmstb-l2: Define an irq_pm_shutdown function (bsc#1051510). - irqchip/gic: Take lock when updating irq type (bsc#1051510). - irqchip/gic-v3: Change pr_debug message to pr_devel (bsc#1051510). - irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry (bsc#1051510). - irqchip/gic-v3: Ignore disabled ITS nodes (bsc#1051510). - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() (bsc#1051510). - irqchip/qcom: Fix check for spurious interrupts (bsc#1051510). - irqchip/qcom: Fix u32 comparison with value less than zero (bsc#1051510). - isofs: fix potential memory leak in mount option parsing (bsc#1101887). - iwlwifi: add more card IDs for 9000 series (bsc#1051510). - iwlwifi: pcie: fix race in Rx buffer allocator (bsc#1051510). - jump_label: Fix concurrent static_key_enable/disable() (bsc#1089343). - jump_label: Provide hotplug context variants (bsc#1089343). - jump_label: Reorder hotplug lock and jump_label_lock (bsc#1089343). - kabi protect bdev_dax_supported (bsc#1103917). - kabi protect struct ccw_device_private (bsc#1103421). - kabi/severities: do not complain on hisi_sas internal changes (). - kabi/severities: ignore x86_kvm_ops; lttng-modules would have to be adjusted in case they depend on this particular change - kbuild: add '-fno-stack-check' to kernel build options (bsc#1051510). - kbuild: Handle builtin dtb file names containing hyphens (bsc#1051510). - kbuild: pkg: use --transform option to prefix paths in tar (bsc#1051510). - kconfig: display recursive dependency resolution hint just once (bsc#1051510). - kmemleak: add scheduling point to kmemleak_scan() (bsc#1051510). - kvm: SVM: Add pause filter threshold (). - kvm: SVM: Implement pause loop exit logic in SVM (). - kvm: VMX: Bring the common code to header file (). - kvm: VMX: Fix the module parameters for vmx (). - kvm: VMX: Remove ple_window_actual_max (). - libata: add refcounting to ata_host (git-fixes). - libata: ensure host is free'd on error exit paths (git-fixes). - libnvdimm, dimm: fix dpa reservation vs uninitialized label area (git-fixes). - linvdimm, pmem: Preserve read-only setting for pmem devices (git-fixes). - media: media-device: fix ioctl function types (bsc#1051510). - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() (bsc#1051510). - media: saa7164: Fix driver name in debug output (bsc#1051510). - media: si470x: fix __be16 annotations (bsc#1051510). - media: siano: get rid of __le32/__le16 cast warnings (bsc#1051510). - media: tw686x: Fix incorrect vb2_mem_ops GFP flags (bsc#1051510). - mfd: cros_ec: Fail early if we cannot identify the EC (bsc#1051510). - mfd: fsl-imx25: Clean up irq settings during removal (bsc#1051510). - mfd: mxs-lradc: Fix error handling in mxs_lradc_probe() (bsc#1051510). - misc: pci_endpoint_test: Avoid triggering a BUG() (bsc#1051510). - mmc: dw_mmc: update actual clock for mmc debugfs (bsc#1051510). - mmc: pwrseq: Use kmalloc_array instead of stack VLA (bsc#1051510). - mm: fix __gup_device_huge vs unmap (bsc#1101839). - mm/kmemleak.c: make cond_resched() rate-limiting more efficient (bsc#1051510). - mwifiex: correct histogram data with appropriate index (bsc#1051510). - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - nohz: Fix local_timer_softirq_pending() (bsc#1051510). - nvme: ensure forward progress during Admin passthru (git-fixes). - nvme-fabrics: Ignore nr_io_queues option for discovery controllers (bsc#1102633). - nvme: fixup crash on failed discovery (bsc#1103920). - nvme.h: fixup ANA group descriptor format (bsc#1104111). - nvme: use hw qid in trace events (bsc#1102633). - orangefs: report attributes_mask and attributes for statx (bsc#1101832). - orangefs: set i_size on new symlink (bsc#1101845). - overflow.h: Add allocation size calculation helpers (bsc#1101116,). - pci: pciehp: Assume NoCompl+ for Thunderbolt ports (bsc#1051510). - pci: pciehp: Request control of native hotplug only if supported (bsc#1051510). - pci: Prevent sysfs disable of device while driver is attached (bsc#1051510). - pinctrl: at91-pio4: add missing of_node_put (bsc#1051510). - pinctrl: intel: Add Intel Lewisburg GPIO support (). - pinctrl: nand: meson-gxl: fix missing data pins (bsc#1051510). - pmem: only set QUEUE_FLAG_DAX for fsdax mode (bsc#1103917). - qed*: Add link change count value to ethtool statistics display (bsc#1086314). - qed: Add qed APIs for PHY module query (bsc#1086314 ). - qed: Add srq core support for RoCE and iWARP (bsc#1086314 ). - qede: Add driver callbacks for eeprom module query (bsc#1086314 ). - qed: fix spelling mistake "successffuly" -> "successfully" (bsc#1086314). - qed: Make some functions static (bsc#1086314). - qed: remove redundant functions qed_get_cm_pq_idx_rl (bsc#1086314). - qed: remove redundant functions qed_set_gft_event_id_cm_hdr (bsc#1086314). - qed: remove redundant pointer 'name' (bsc#1086314). - qed: use dma_zalloc_coherent instead of allocator/memset (bsc#1086314). - qed*: Utilize FW 8.37.2.0 (bsc#1086314). - RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM (bsc#1086314). - RDMA/qedr: fix spelling mistake: "adrresses" -> "addresses" (bsc#1086314). - RDMA/qedr: fix spelling mistake: "failes" -> "fails" (bsc#1086314). - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops (bsc#1051510). - reiserfs: fix buffer overflow with long warning messages (bsc#1101847). - Revert "drm/nouveau/drm/therm/fan: add a fallback if no fan control is specified in the vbios" (bsc#1103356). - s390/cio: clear timer when terminating driver I/O (bsc#1103421). - s390/cio: fix return code after missing interrupt (bsc#1103421). - s390/dasd: fix handling of internal requests (bsc#1103421). - s390/dasd: fix wrongly assigned configuration data (bsc#1103421). - s390/dasd: prevent prefix I/O error (bsc#1103421). - s390/eadm: fix CONFIG_BLOCK include dependency (bsc#1103421). - s390/ipl: ensure loadparm valid flag is set (bsc#1103421). - s390/pci: do not require AIS facility (bsc#1103421). - s390/qdio: do not release memory in qdio_setup_irq() (bsc#1103421). - sc16is7xx: Check for an error when the clock is enabled (bsc#1051510). - sched/fair: Consider RT/IRQ pressure in capacity_spare_wake() (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix find_idlest_group() when local group is not allowed (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix usage of find_idlest_group() when no groups are allowed (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix usage of find_idlest_group() when the local group is idlest (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Move select_task_rq_fair() slow-path into its own function (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Remove impossible condition from find_idlest_group_cpu() (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Remove unnecessary comparison with -1 (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Spare idle load balancing on nohz_full CPUs (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Use 'unsigned long' for utilization, consistently (bnc#1101669 optimise numa balancing for fast migrate). - sched/smt: Update sched_smt_present at runtime (bsc#1089343). - scsi: ata: enhance the definition of SET MAX feature field value (). - scsi: hisi_sas: add an mechanism to do reset work synchronously (). - scsi: hisi_sas: add check of device in hisi_sas_task_exec() (). - scsi: hisi_sas: add internal abort dev in some places (). - scsi: hisi_sas: Add LED feature for v3 hw (). - scsi: hisi_sas: add RAS feature for v3 hw (). - scsi: hisi_sas: add readl poll timeout helper wrappers (). - scsi: hisi_sas: Add some checks to avoid free'ing a sas_task twice (). - scsi: hisi_sas: add some print to enhance debugging (). - scsi: hisi_sas: Add v2 hw force PHY function for internal ATA command (). - scsi: hisi_sas: add v2 hw port AXI error handling support (). - scsi: hisi_sas: add v3 hw MODULE_DEVICE_TABLE() (). - scsi: hisi_sas: add v3 hw suspend and resume (). - scsi: hisi_sas: allocate slot buffer earlier (). - scsi: hisi_sas: Change common allocation mode of device id (). - scsi: hisi_sas: Change frame type for SET MAX commands (). - scsi: hisi_sas: change ncq process for v3 hw (). - scsi: hisi_sas: change slot index allocation mode (). - scsi: hisi_sas: check host frozen before calling "done" function (). - scsi: hisi_sas: check IPTT is valid before using it for v3 hw (). - scsi: hisi_sas: check sas_dev gone earlier in hisi_sas_abort_task() (). - scsi: hisi_sas: Code cleanup and minor bug fixes (). - scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw (). - scsi: hisi_sas: consolidate command check in hisi_sas_get_ata_protocol() (). - scsi: hisi_sas: Create a scsi_host_template per HW module (). - scsi: hisi_sas: delete timer when removing hisi_sas driver (). - scsi: hisi_sas: do link reset for some CHL_INT2 ints (). - scsi: hisi_sas: Do not lock DQ for complete task sending (). - scsi: hisi_sas: dt-bindings: add an property of signal attenuation (). - scsi: hisi_sas: fix a bug in hisi_sas_dev_gone() (). - scsi: hisi_sas: fix a typo in hisi_sas_task_prep() (). - scsi: hisi_sas: fix dma_unmap_sg() parameter (). - scsi: hisi_sas: fix PI memory size (). - scsi: hisi_sas: fix return value of hisi_sas_task_prep() (). - scsi: hisi_sas: Fix return value when get_free_slot() failed (). - scsi: hisi_sas: fix SAS_QUEUE_FULL problem while running IO (). - scsi: hisi_sas: fix the issue of link rate inconsistency (). - scsi: hisi_sas: fix the issue of setting linkrate register (). - scsi: hisi_sas: improve int_chnl_int_v2_hw() consistency with v3 hw (). - scsi: hisi_sas: Include TMF elements in struct hisi_sas_slot (). - scsi: hisi_sas: increase timer expire of internal abort task (). - scsi: hisi_sas: Init disks after controller reset (). - scsi: hisi_sas: initialize dq spinlock before use (). - scsi: hisi_sas: Introduce hisi_sas_phy_set_linkrate() (). - scsi: hisi_sas: judge result of internal abort (). - scsi: hisi_sas: make local symbol host_attrs static (). - scsi: hisi_sas: make return type of prep functions void (). - scsi: hisi_sas: make SAS address of SATA disks unique (). - scsi: hisi_sas: Mark PHY as in reset for nexus reset (). - scsi: hisi_sas: modify hisi_sas_dev_gone() for reset (). - scsi: hisi_sas: modify some register config for hip08 (). - scsi: hisi_sas: optimise port id refresh function (). - scsi: hisi_sas: optimise the usage of DQ locking (). - scsi: hisi_sas: print device id for errors (). - scsi: hisi_sas: re-add the lldd_port_deformed() (). - scsi: hisi_sas: relocate clearing ITCT and freeing device (). - scsi: hisi_sas: relocate smp sg map (). - scsi: hisi_sas: Remove depends on HAS_DMA in case of platform dependency (). - scsi: hisi_sas: remove redundant handling to event95 for v3 (). - scsi: hisi_sas: remove some unneeded structure members (). - scsi: hisi_sas: remove unused variable hisi_sas_devices.running_req (). - scsi: hisi_sas: Reset disks when discovered (). - scsi: hisi_sas: some optimizations of host controller reset (). - scsi: hisi_sas: stop controller timer for reset (). - scsi: hisi_sas: support the property of signal attenuation for v2 hw (). - scsi: hisi_sas: Terminate STP reject quickly for v2 hw (). - scsi: hisi_sas: Try wait commands before before controller reset (). - scsi: hisi_sas: update PHY linkrate after a controller reset (). - scsi: hisi_sas: update RAS feature for later revision of v3 HW (). - scsi: hisi_sas: use an general way to delay PHY work (). - scsi: hisi_sas: Use device lock to protect slot alloc/free (). - scsi: hisi_sas: use dma_zalloc_coherent() (). - scsi: hisi_sas: workaround a v3 hw hilink bug (). - scsi: libsas: defer ata device eh commands to libata (). - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (bsc#1102658). - scsi: lpfc: Correct LCB ACCept payload (bsc#1102658). - scsi: lpfc: devloss timeout race condition caused null pointer reference (bsc#1102658). - scsi: lpfc: Fix abort error path for NVMET (bsc#1102658). - scsi: lpfc: Fix driver crash when re-registering NVME rports (bsc#1102658). - scsi: lpfc: Fix driver not setting dpp bits correctly in doorbell word (bsc#1102658). - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102658). - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102658). - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102658). - scsi: lpfc: Fix panic if driver unloaded when port is offline (bsc#1102658). - scsi: lpfc: Fix sysfs Speed value on CNA ports (bsc#1102658). - scsi: lpfc: Limit tracking of tgt queue depth in fast path (bsc#1102658). - scsi: lpfc: Make PBDE optimizations configurable (bsc#1102658). - scsi: lpfc: Remove lpfc_enable_pbde as module parameter (bsc#1102658). - scsi: lpfc: Revise copyright for new company language (bsc#1102658). - scsi: lpfc: Support duration field in Link Cable Beacon V1 command (bsc#1102658). - scsi: lpfc: update driver version to 12.0.0.5 (bsc#1102658). - scsi: lpfc: update driver version to 12.0.0.6 (bsc#1102658). - scsi: qla2xxx: Avoid double completion of abort command (git-fixes). - scsi: qla2xxx: Fix driver unload by shutting down chip (git-fixes). - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion (git-fixes). - scsi: qla2xxx: Fix NULL pointer dereference for fcport search (git-fixes). - scsi: qla2xxx: Fix unintialized List head crash (git-fixes). - scsi: qla2xxx: Return error when TMF returns (git-fixes). - scsi: smartpqi: add in new supported controllers (bsc#1086274). - scsi: smartpqi: add inspur advantech ids (bsc#1086274). - scsi: smartpqi: bump driver version to 1.1.4-130 (bsc#1086274). - scsi: smartpqi: fix critical ARM issue reading PQI index registers (bsc#1086274). - scsi: smartpqi: improve error checking for sync requests (bsc#1086274). - scsi: smartpqi: improve handling for sync requests (bsc#1086274). - scsi: smartpqi: update driver version (bsc#1086274). - scsi: smartpqi: workaround fw bug for oq deletion (bsc#1086274). - sctp: fix the issue that pathmtu may be set lower than MINSEGMENT (git-fixes). - sctp: introduce sctp_dst_mtu (git-fixes). - soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure (bsc#1051510). - soc: bcm: raspberrypi-power: Fix use of __packed (bsc#1051510). - soc: imx: gpc: de-register power domains only if initialized (bsc#1051510). - soc: imx: gpc: restrict register range for regmap access (bsc#1051510). - soc: imx: gpcv2: correct PGC offset (bsc#1051510). - soc: imx: gpcv2: Do not pass static memory as platform data (bsc#1051510). - soc: imx: gpcv2: fix regulator deferred probe (bsc#1051510). - soc: mediatek: pwrap: fix compiler errors (bsc#1051510). - soc: qcom: wcnss_ctrl: Fix increment in NV upload (bsc#1051510). - soc: rockchip: power-domain: Fix wrong value when power up pd with writemask (bsc#1051510). - soc/tegra: Fix bad of_node_put() in powergate init (bsc#1051510). - soc/tegra: flowctrl: Fix error handling (bsc#1051510). - soc: ti: ti_sci_pm_domains: Populate name for genpd (bsc#1051510). - soc: zte: Restrict SOC_ZTE to ARCH_ZX or COMPILE_TEST (bsc#1051510). - spi: bcm2835aux: ensure interrupts are enabled for shared handler (bsc#1051510). - spi/bcm63xx-hspi: Enable the clock before calling clk_get_rate() (bsc#1051510). - spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL (bsc#1051510). - spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master (bsc#1051510). - spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo() (bsc#1051510). - spi: pxa2xx: Allow 64-bit DMA (bsc#1051510). - spi: pxa2xx: check clk_prepare_enable() return value (bsc#1051510). - sr: pass down correctly sized SCSI sense buffer (git-fixes). - staging: ks7010: Use constants from ieee80211_eid instead of literal ints (bsc#1051510). - staging: speakup: fix wraparound in uaccess length check (bsc#1051510). - supported.conf: add drivers/md/dm-writecache - sysrq : fix Show Regs call trace on ARM (bsc#1051510). - thermal: exynos: fix setting rising_threshold for Exynos5433 (bsc#1051510). - tty: Fix data race in tty_insert_flip_string_fixed_flag (bsc#1051510). - typec: tcpm: Fix a msecs vs jiffies bug (bsc#1100132). - udf: Detect incorrect directory size (bsc#1101891). - udf: Provide saner default for invalid uid / gid (bsc#1101890). - Update config files to add CONFIG_DM_WRITECACHE=m - Update patches.arch/KVM-PPC-Check-if-IOMMU-page-is-contained-in-the-pinn.patch (bsc#1077761, git-fixes, bsc#1103948, bsc#1103949). - usb: hub: Do not wait for connect state at resume for powered-off ports (bsc#1051510). - usbip: usbip_detach: Fix memory, udev context and udev leak (bsc#1051510). - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841). - virtio_balloon: fix another race between migration and ballooning (bsc#1051510). - wlcore: sdio: check for valid platform device data before suspend (bsc#1051510). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/KVM/VMX: Add module argument for L1TF mitigation. - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (binutils_2.31). - xfs: catch inode allocation state mismatch corruption (bsc#1104211). - xfs: prevent creating negative-sized file via INSERT_RANGE (bsc#1101833). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-1614=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-1614=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1614=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1614=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-1614=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.13.1 kernel-default-debugsource-4.12.14-25.13.1 kernel-default-extra-4.12.14-25.13.1 kernel-default-extra-debuginfo-4.12.14-25.13.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.13.1 kernel-default-debugsource-4.12.14-25.13.1 reiserfs-kmp-default-4.12.14-25.13.1 reiserfs-kmp-default-debuginfo-4.12.14-25.13.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.13.1 kernel-obs-build-debugsource-4.12.14-25.13.1 kernel-syms-4.12.14-25.13.1 kernel-vanilla-base-4.12.14-25.13.1 kernel-vanilla-base-debuginfo-4.12.14-25.13.1 kernel-vanilla-debuginfo-4.12.14-25.13.1 kernel-vanilla-debugsource-4.12.14-25.13.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.13.1 kernel-source-4.12.14-25.13.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): lttng-modules-2.10.0-5.4.2 lttng-modules-debugsource-2.10.0-5.4.2 lttng-modules-kmp-default-2.10.0_k4.12.14_25.13-5.4.2 lttng-modules-kmp-default-debuginfo-2.10.0_k4.12.14_25.13-5.4.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.13.1 kernel-default-debuginfo-4.12.14-25.13.1 kernel-default-debugsource-4.12.14-25.13.1 kernel-default-devel-4.12.14-25.13.1 kernel-default-devel-debuginfo-4.12.14-25.13.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.13.1 kernel-macros-4.12.14-25.13.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.13.1 kernel-zfcpdump-4.12.14-25.13.1 kernel-zfcpdump-debuginfo-4.12.14-25.13.1 kernel-zfcpdump-debugsource-4.12.14-25.13.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.13.1 cluster-md-kmp-default-debuginfo-4.12.14-25.13.1 dlm-kmp-default-4.12.14-25.13.1 dlm-kmp-default-debuginfo-4.12.14-25.13.1 gfs2-kmp-default-4.12.14-25.13.1 gfs2-kmp-default-debuginfo-4.12.14-25.13.1 kernel-default-debuginfo-4.12.14-25.13.1 kernel-default-debugsource-4.12.14-25.13.1 ocfs2-kmp-default-4.12.14-25.13.1 ocfs2-kmp-default-debuginfo-4.12.14-25.13.1 References: https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5391.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1051979 https://bugzilla.suse.com/1066110 https://bugzilla.suse.com/1077761 https://bugzilla.suse.com/1086274 https://bugzilla.suse.com/1086314 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099858 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1101116 https://bugzilla.suse.com/1101331 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1101828 https://bugzilla.suse.com/1101832 https://bugzilla.suse.com/1101833 https://bugzilla.suse.com/1101837 https://bugzilla.suse.com/1101839 https://bugzilla.suse.com/1101841 https://bugzilla.suse.com/1101843 https://bugzilla.suse.com/1101844 https://bugzilla.suse.com/1101845 https://bugzilla.suse.com/1101847 https://bugzilla.suse.com/1101852 https://bugzilla.suse.com/1101853 https://bugzilla.suse.com/1101867 https://bugzilla.suse.com/1101872 https://bugzilla.suse.com/1101874 https://bugzilla.suse.com/1101875 https://bugzilla.suse.com/1101882 https://bugzilla.suse.com/1101883 https://bugzilla.suse.com/1101885 https://bugzilla.suse.com/1101887 https://bugzilla.suse.com/1101890 https://bugzilla.suse.com/1101891 https://bugzilla.suse.com/1101893 https://bugzilla.suse.com/1101895 https://bugzilla.suse.com/1101896 https://bugzilla.suse.com/1101900 https://bugzilla.suse.com/1101902 https://bugzilla.suse.com/1101903 https://bugzilla.suse.com/1102633 https://bugzilla.suse.com/1102658 https://bugzilla.suse.com/1103097 https://bugzilla.suse.com/1103356 https://bugzilla.suse.com/1103421 https://bugzilla.suse.com/1103517 https://bugzilla.suse.com/1103723 https://bugzilla.suse.com/1103724 https://bugzilla.suse.com/1103725 https://bugzilla.suse.com/1103726 https://bugzilla.suse.com/1103727 https://bugzilla.suse.com/1103728 https://bugzilla.suse.com/1103729 https://bugzilla.suse.com/1103730 https://bugzilla.suse.com/1103917 https://bugzilla.suse.com/1103920 https://bugzilla.suse.com/1103948 https://bugzilla.suse.com/1103949 https://bugzilla.suse.com/1104066 https://bugzilla.suse.com/1104111 https://bugzilla.suse.com/1104174 https://bugzilla.suse.com/1104211 https://bugzilla.suse.com/1104319 From sle-security-updates at lists.suse.com Thu Aug 16 10:21:18 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 18:21:18 +0200 (CEST) Subject: SUSE-SU-2018:2381-1: important: Security update for the Linux Kernel Message-ID: <20180816162118.4C24AF7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2381-1 Rating: important References: #1051510 #1051979 #1066110 #1077761 #1086274 #1086314 #1087081 #1089343 #1099811 #1099813 #1099844 #1099845 #1099846 #1099849 #1099858 #1099863 #1099864 #1100132 #1101116 #1101331 #1101669 #1101828 #1101832 #1101833 #1101837 #1101839 #1101841 #1101843 #1101844 #1101845 #1101847 #1101852 #1101853 #1101867 #1101872 #1101874 #1101875 #1101882 #1101883 #1101885 #1101887 #1101890 #1101891 #1101893 #1101895 #1101896 #1101900 #1101902 #1101903 #1102633 #1102658 #1103097 #1103356 #1103421 #1103517 #1103723 #1103724 #1103725 #1103726 #1103727 #1103728 #1103729 #1103730 #1103917 #1103920 #1103948 #1103949 #1104066 #1104111 #1104174 #1104211 #1104319 Cross-References: CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-3620 CVE-2018-3646 CVE-2018-5391 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 61 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5391 aka "FragmentSmack": A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). - CVE-2018-10876: A flaw was found in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811) - CVE-2018-10877: The ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846) - CVE-2018-10878: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (bnc#1099813) - CVE-2018-10879: A flaw was found in the ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (bnc#1099844) - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. (bnc#1099845) - CVE-2018-10881: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099864) - CVE-2018-10882: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. (bnc#1099849) - CVE-2018-10883: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099863) The following non-security bugs were fixed: - acpi / lpss: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2 (bsc#1051510). - af_key: Always verify length of provided sadb_key (bsc#1051510). - af_key: fix buffer overread in parse_exthdrs() (bsc#1051510). - af_key: fix buffer overread in verify_address_len() (bsc#1051510). - afs: Fix directory permissions check (bsc#1101828). - agp: uninorth: make two functions static (bsc#1051510). - alsa: emu10k1: add error handling for snd_ctl_add (bsc#1051510). - alsa: emu10k1: Rate-limit error messages about page errors (bsc#1051510). - alsa: fm801: add error handling for snd_ctl_add (bsc#1051510). - alsa: usb-audio: Apply rate limit to warning messages in URB complete callback (bsc#1051510). - arm64: Correct type for PUD macros (bsc#1103723). - arm64: Disable unhandled signal log messages by default (bsc#1103724). - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1103725). - arm64: mm: Fix set_memory_valid() declaration (bsc#1103726). - arm64: perf: correct PMUVer probing (bsc#1103727). - arm64: ptrace: Avoid setting compat FPR to garbage if get_user fails (bsc#1103728). - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics (bsc#1103729). - arm64: vdso: fix clock_getres for 4GiB-aligned res (bsc#1103730). - arm: 8715/1: add a private asm/unaligned.h (bsc#1051510). - arm: 8720/1: ensure dump_instr() checks addr_limit (bsc#1051510). - arm: 8721/1: mm: dump: check hardware RO bit for LPAE (bsc#1051510). - arm: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE (bsc#1051510). - arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch (bsc#1051510). - arm: 8743/1: bL_switcher: add MODULE_LICENSE tag (bsc#1051510). - arm: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] (bsc#1051510). - arm: 8748/1: mm: Define vdso_start, vdso_end as array (bsc#1051510). - arm: 8753/1: decompressor: add a missing parameter to the addruart macro (bsc#1051510). - arm: 8758/1: decompressor: restore r1 and r2 just before jumping to the kernel (bsc#1051510). - arm: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size (bsc#1051510). - arm: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed (bsc#1051510). - arm: 8770/1: kprobes: Prohibit probing on optimized_callback (bsc#1051510). - arm: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bsc#1051510). - arm: 8772/1: kprobes: Prohibit kprobes on get_user functions (bsc#1051510). - arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function (bsc#1051510). - arm: amba: Fix race condition with driver_override (bsc#1051510). - arm: amba: Fix wrong indentation in driver_override_store() (bsc#1051510). - arm: amba: Make driver_override output consistent with other buses (bsc#1051510). - arm: at91: do not select CONFIG_ARM_CPU_SUSPEND for old platforms (bsc#1051510). - arm: avoid faulting on qemu (bsc#1051510). - arm: BUG if jumping to usermode address in kernel mode (bsc#1051510). - arm-ccn: perf: Prevent module unload while PMU is in use (bsc#1051510). - arm: davinci: Add dma_mask to dm365's eDMA device (bsc#1051510). - arm: davinci: board-da830-evm: fix GPIO lookup for MMC/SD (bsc#1051510). - arm: davinci: board-da850-evm: fix GPIO lookup for MMC/SD (bsc#1051510). - arm: davinci: board-da850-evm: fix WP pin polarity for MMC/SD (bsc#1051510). - arm: davinci: board-dm355-evm: fix broken networking (bsc#1051510). - arm: davinci: board-dm646x-evm: pass correct I2C adapter id for VPIF (bsc#1051510). - arm: davinci: board-dm646x-evm: set VPIF capture card name (bsc#1051510). - arm: davinci: board-omapl138-hawk: fix GPIO numbers for MMC/SD lookup (bsc#1051510). - arm: davinci: dm646x: fix timer interrupt generation (bsc#1051510). - arm: davinci: fix mmc entries in dm365's dma_slave_map (bsc#1051510). - arm: davinci: fix the GPIO lookup for omapl138-hawk (bsc#1051510). - arm: davinci: Use platform_device_register_full() to create pdev for dm365's eDMA (bsc#1051510). - arm: DRA722: remove redundant definition of 1.0 device (bsc#1051510). - arm: fix return value of parse_cpu_capacity (bsc#1051510). - arm: kexec: fix failure to boot crash kernel (bsc#1051510). - arm: kexec: fix kdump register saving on panic() (bsc#1051510). - arm: keystone: fix platform_domain_notifier array overrun (bsc#1051510). - arm: kvm: fix building with gcc-8 (bsc#1051510). - arm: multi_v7_defconfig: Replace DRM_RCAR_HDMI by generic bridge options (bsc#1051510). - arm: multi_v7_defconfig: Replace SND_SOC_RSRC_CARD by SND_SIMPLE_SCU_CARD (bsc#1051510). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bsc#1051510). - arm: OMAP1: clock: Fix debugfs_create_*() usage (bsc#1051510). - arm: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context (bsc#1051510). - arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (bsc#1051510). - arm: OMAP2+: omap_device: drop broken RPM status update from suspend_noirq (bsc#1051510). - arm: OMAP2+: powerdomain: use raw_smp_processor_id() for trace (bsc#1051510). - arm: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt (bsc#1051510). - arm: OMAP3: Fix prm wake interrupt for resume (bsc#1051510). - arm: OMAP3: hwmod_data: add missing module_offs for MMC3 (bsc#1051510). - arm: OMAP3+: PRM: fix of_irq_get() result check (bsc#1051510). - arm: OMAP4+: PRM: fix of_irq_get() result checks (bsc#1051510). - arm: OMAP: Fix dmtimer init for omap1 (bsc#1051510). - arm: OMAP: Fix SRAM W+X mapping (bsc#1051510). - arm: orion5x: Revert commit 4904dbda41c8 (bsc#1051510). - arm: orion: fix orion_ge00_switch_board_info initialization (bsc#1051510). - arm: pxa: select both FB and FB_W100 for eseries (bsc#1051510). - arm: pxa/tosa-bt: add MODULE_LICENSE tag (bsc#1051510). - arm: remove wrong CONFIG_PROC_SYSCTL ifdef (bsc#1051510). - arm: s3c24xx: Fix NAND ECC mode for mini2440 board (bsc#1051510). - arm: shmobile: defconfig: Enable missing PCIE_RCAR dependency (bsc#1051510). - arm: shmobile: defconfig: Replace DRM_RCAR_HDMI by generic bridge options (bsc#1051510). - arm: shmobile: defconfig: Replace SND_SOC_RSRC_CARD by SND_SIMPLE_SCU_CARD (bsc#1051510). - arm: shmobile: defconfig: Replace USB_XHCI_RCAR by USB_XHCI_PLATFORM (bsc#1051510). - arm: shmobile: rcar-gen2: Fix deadlock in regulator quirk (bsc#1051510). - arm: socfpga_defconfig: Remove QSPI Sector 4K size force (bsc#1051510). - arm: spear13xx: Fix dmas cells (bsc#1051510). - arm: sunxi_defconfig: Enable CMA (bsc#1051510). - arm: sunxi: fix the core number of V3s in sunxi README (bsc#1051510). - asoc: dpcm: fix BE dai not hw_free and shutdown (bsc#1051510). - asoc: topology: Add missing clock gating parameter when parsing hw_configs (bsc#1051510). - asoc: topology: Fix bclk and fsync inversion in set_link_hw_format() (bsc#1051510). - ata: do not schedule hot plug if it is a sas host (). - ath: Add regulatory mapping for APL13_WORLD (bsc#1051510). - ath: Add regulatory mapping for APL2_FCCA (bsc#1051510). - ath: Add regulatory mapping for Bahamas (bsc#1051510). - ath: Add regulatory mapping for Bermuda (bsc#1051510). - ath: Add regulatory mapping for ETSI8_WORLD (bsc#1051510). - ath: Add regulatory mapping for FCC3_ETSIC (bsc#1051510). - ath: Add regulatory mapping for Serbia (bsc#1051510). - ath: Add regulatory mapping for Tanzania (bsc#1051510). - ath: Add regulatory mapping for Uganda (bsc#1051510). - audit: fix potential null dereference 'context->module.name' (bsc#1051510). - backlight: pwm_bl: Do not use GPIOF_* with gpiod_get_direction (bsc#1051510). - bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue (bsc#1101867). - befs_lookup(): use d_splice_alias() (bsc#1101844). - block: Fix transfer when chunk sectors exceeds max (bsc#1101874). - bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bsc#1051510). - bluetooth: btusb: add ID for LiteOn 04ca:301a (bsc#1051510). - bluetooth: hci_qca: Fix "Sleep inside atomic section" warning (bsc#1051510). - branch-check: fix long->int truncation when profiling branches (bsc#1101116,). - brcmfmac: Add support for bcm43364 wireless chipset (bsc#1051510). - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (bsc#1099858). - cachefiles: Fix refcounting bug in backing-file read monitoring (bsc#1099858). - cachefiles: Wait rather than BUG'ing on "Unexpected object collision" (bsc#1099858). - can: dev: increase bus-off message severity (bsc#1051510). - can: ems_usb: Fix memory leak on ems_usb_disconnect() (bsc#1051510). - can: m_can: change comparison to bitshift when dealing with a mask (bsc#1051510). - cdrom: do not call check_disk_change() inside cdrom_open() (bsc#1101872). - clk: at91: fix clk-generated compilation (bsc#1051510). - clk: renesas: cpg-mssr: Stop using printk format %pCr (bsc#1051510). - coccinelle: fix parallel build with CHECK=scripts/coccicheck (bsc#1051510). - compiler.h: enable builtin overflow checkers and add fallback code (bsc#1101116,). - cpufreq: intel_pstate: Limit the scope of HWP dynamic boost platforms (bsc#1066110). - cpu/hotplug: Make bringup/teardown of smp threads symmetric (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - crypto: authenc - do not leak pointers to authenc keys (bsc#1051510). - crypto: authencesn - do not leak pointers to authenc keys (bsc#1051510). - crypto: padlock-aes - Fix Nano workaround data corruption (bsc#1051510). - delayacct: fix crash in delayacct_blkio_end() after delayacct init failure (bsc#1104066). - dm: add writecache target (bsc#1101116,). - dm: prevent DAX mounts if not supported (bsc#1103917). - dm writecache: support optional offset for start of device (bsc#1101116,). - dm writecache: use 2-factor allocator arguments (bsc#1101116,). - doc: Add vendor prefix for Kieback & Peter GmbH (bsc#1051510). - drivers: soc: sunxi: fix error processing on base address when claiming (bsc#1051510). - drm: Add DP PSR2 sink enable bit (bsc#1051510). - drm/amdgpu: Remove VRAM from shared bo domains (bsc#1051510). - drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() (bsc#1051510). - drm/atomic: Handling the case when setting old crtc for plane (bsc#1051510). - drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown() (bsc#1051510). - drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy (bsc#1051510). - drm/atomic: Make async plane update checks work as intended, v2 (bsc#1051510). - drm/atomic: Make atomic helper track newly assigned planes correctly, v2 (bsc#1051510). - drm/atomic: Make atomic iterators less surprising (bsc#1051510). - drm/dp/mst: Fix off-by-one typo when dump payload table (bsc#1051510). - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bsc#1051510). - drm/nouveau/fifo/gk104-: poll for runlist update completion (bsc#1051510). - drm/radeon: fix mode_valid's return type (bsc#1051510). - drm: re-enable error handling (bsc#1051510). - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats (bsc#1051510). - Enable / support pinctrl-lewisburg () - ext2: fix a block leak (bsc#1101875). - ext4: add more mount time checks of the superblock (bsc#1101900). - ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget() (bsc#1101896). - ext4: check superblock mapped prior to committing (bsc#1101902). - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841). - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix fencepost error in check for inode count overflow during resize (bsc#1101853). - ext4: include the illegal physical block in the bad map ext4_error msg (bsc#1101903). - ext4: report delalloc reserve as non-free in statfs for project quota (bsc#1101843). - ext4: update mtime in ext4_punch_hole even if no blocks are released (bsc#1101895). - f2fs: call unlock_new_inode() before d_instantiate() (bsc#1101837). - fix io_destroy()/aio_complete() race (bsc#1101852). - Force log to disk before reading the AGF during a fstrim (bsc#1101893). - fs: allow per-device dax status checking for filesystems (bsc#1103917). - fscache: Allow cancelled operations to be enqueued (bsc#1099858). - fscache: Fix hanging wait on page discarded by writeback (bsc#1101885). - fscache: Fix reference overput in fscache_attach_object() error handling (bsc#1099858). - fs: clear writeback errors in inode_init_always (bsc#1101882). - fs: do not scan the inode cache before SB_BORN is set (bsc#1101883). - genirq: Check __free_irq() return value for NULL (bsc#1103517). - hid: hid-plantronics: Re-resend Update to map button for PTT products (bsc#1051510). - hid: i2c-hid: check if device is there before really probing (bsc#1051510). - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close (bsc#1051510). - hv_netvsc: Ensure correct teardown message sequence order (). - hv/netvsc: fix handling of fallback to single queue mode (). - hv_netvsc: Fix net device attach on older Windows hosts (). - hv_netvsc: set master device (bsc#1051979). - hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl() (). - hv_netvsc: split sub-channel setup into async and sync (). - hv_netvsc: Use Windows version instead of NVSP version on GPAD teardown (). - ibmasm: do not write out of bounds in read handler (bsc#1051510). - ibmvnic: Remove code to request error information (bsc#1104174). - ibmvnic: Revise RX/TX queue error messages (bsc#1101331). - ibmvnic: Update firmware error reporting with cause string (bsc#1104174). - input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bsc#1051510). - input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST (bsc#1051510). - input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bsc#1051510). - irqchip: brcmstb-l2: Define an irq_pm_shutdown function (bsc#1051510). - irqchip/gic: Take lock when updating irq type (bsc#1051510). - irqchip/gic-v3: Change pr_debug message to pr_devel (bsc#1051510). - irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry (bsc#1051510). - irqchip/gic-v3: Ignore disabled ITS nodes (bsc#1051510). - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() (bsc#1051510). - irqchip/qcom: Fix check for spurious interrupts (bsc#1051510). - irqchip/qcom: Fix u32 comparison with value less than zero (bsc#1051510). - isofs: fix potential memory leak in mount option parsing (bsc#1101887). - iwlwifi: add more card IDs for 9000 series (bsc#1051510). - iwlwifi: pcie: fix race in Rx buffer allocator (bsc#1051510). - jump_label: Fix concurrent static_key_enable/disable() (bsc#1089343). - jump_label: Provide hotplug context variants (bsc#1089343). - jump_label: Reorder hotplug lock and jump_label_lock (bsc#1089343). - kabi protect bdev_dax_supported (bsc#1103917). - kabi protect struct ccw_device_private (bsc#1103421). - kabi/severities: do not complain on hisi_sas internal changes (). - kabi/severities: ignore x86_kvm_ops; lttng-modules would have to be adjusted in case they depend on this particular change - kbuild: add '-fno-stack-check' to kernel build options (bsc#1051510). - kbuild: Handle builtin dtb file names containing hyphens (bsc#1051510). - kbuild: pkg: use --transform option to prefix paths in tar (bsc#1051510). - kconfig: display recursive dependency resolution hint just once (bsc#1051510). - kmemleak: add scheduling point to kmemleak_scan() (bsc#1051510). - kvm: SVM: Add pause filter threshold (). - kvm: SVM: Implement pause loop exit logic in SVM (). - kvm: VMX: Bring the common code to header file (). - kvm: VMX: Fix the module parameters for vmx (). - kvm: VMX: Remove ple_window_actual_max (). - libata: add refcounting to ata_host (git-fixes). - libata: ensure host is free'd on error exit paths (git-fixes). - libnvdimm, dimm: fix dpa reservation vs uninitialized label area (git-fixes). - linvdimm, pmem: Preserve read-only setting for pmem devices (git-fixes). - media: media-device: fix ioctl function types (bsc#1051510). - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() (bsc#1051510). - media: saa7164: Fix driver name in debug output (bsc#1051510). - media: si470x: fix __be16 annotations (bsc#1051510). - media: siano: get rid of __le32/__le16 cast warnings (bsc#1051510). - media: tw686x: Fix incorrect vb2_mem_ops GFP flags (bsc#1051510). - mfd: cros_ec: Fail early if we cannot identify the EC (bsc#1051510). - mfd: fsl-imx25: Clean up irq settings during removal (bsc#1051510). - mfd: mxs-lradc: Fix error handling in mxs_lradc_probe() (bsc#1051510). - misc: pci_endpoint_test: Avoid triggering a BUG() (bsc#1051510). - mmc: dw_mmc: update actual clock for mmc debugfs (bsc#1051510). - mmc: pwrseq: Use kmalloc_array instead of stack VLA (bsc#1051510). - mm: fix __gup_device_huge vs unmap (bsc#1101839). - mm/kmemleak.c: make cond_resched() rate-limiting more efficient (bsc#1051510). - mwifiex: correct histogram data with appropriate index (bsc#1051510). - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - nohz: Fix local_timer_softirq_pending() (bsc#1051510). - nvme: ensure forward progress during Admin passthru (git-fixes). - nvme-fabrics: Ignore nr_io_queues option for discovery controllers (bsc#1102633). - nvme: fixup crash on failed discovery (bsc#1103920). - nvme.h: fixup ANA group descriptor format (bsc#1104111). - nvme: use hw qid in trace events (bsc#1102633). - orangefs: report attributes_mask and attributes for statx (bsc#1101832). - orangefs: set i_size on new symlink (bsc#1101845). - overflow.h: Add allocation size calculation helpers (bsc#1101116,). - pci: pciehp: Assume NoCompl+ for Thunderbolt ports (bsc#1051510). - pci: pciehp: Request control of native hotplug only if supported (bsc#1051510). - pci: Prevent sysfs disable of device while driver is attached (bsc#1051510). - pinctrl: at91-pio4: add missing of_node_put (bsc#1051510). - pinctrl: intel: Add Intel Lewisburg GPIO support (). - pinctrl: nand: meson-gxl: fix missing data pins (bsc#1051510). - pmem: only set QUEUE_FLAG_DAX for fsdax mode (bsc#1103917). - qed*: Add link change count value to ethtool statistics display (bsc#1086314). - qed: Add qed APIs for PHY module query (bsc#1086314 ). - qed: Add srq core support for RoCE and iWARP (bsc#1086314 ). - qede: Add driver callbacks for eeprom module query (bsc#1086314 ). - qed: fix spelling mistake "successffuly" -> "successfully" (bsc#1086314). - qed: Make some functions static (bsc#1086314). - qed: remove redundant functions qed_get_cm_pq_idx_rl (bsc#1086314). - qed: remove redundant functions qed_set_gft_event_id_cm_hdr (bsc#1086314). - qed: remove redundant pointer 'name' (bsc#1086314). - qed: use dma_zalloc_coherent instead of allocator/memset (bsc#1086314). - qed*: Utilize FW 8.37.2.0 (bsc#1086314). - RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM (bsc#1086314). - RDMA/qedr: fix spelling mistake: "adrresses" -> "addresses" (bsc#1086314). - RDMA/qedr: fix spelling mistake: "failes" -> "fails" (bsc#1086314). - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops (bsc#1051510). - reiserfs: fix buffer overflow with long warning messages (bsc#1101847). - Revert "drm/nouveau/drm/therm/fan: add a fallback if no fan control is specified in the vbios" (bsc#1103356). - s390/cio: clear timer when terminating driver I/O (bsc#1103421). - s390/cio: fix return code after missing interrupt (bsc#1103421). - s390/dasd: fix handling of internal requests (bsc#1103421). - s390/dasd: fix wrongly assigned configuration data (bsc#1103421). - s390/dasd: prevent prefix I/O error (bsc#1103421). - s390/eadm: fix CONFIG_BLOCK include dependency (bsc#1103421). - s390/ipl: ensure loadparm valid flag is set (bsc#1103421). - s390/pci: do not require AIS facility (bsc#1103421). - s390/qdio: do not release memory in qdio_setup_irq() (bsc#1103421). - sc16is7xx: Check for an error when the clock is enabled (bsc#1051510). - sched/fair: Consider RT/IRQ pressure in capacity_spare_wake() (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix find_idlest_group() when local group is not allowed (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix usage of find_idlest_group() when no groups are allowed (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix usage of find_idlest_group() when the local group is idlest (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Move select_task_rq_fair() slow-path into its own function (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Remove impossible condition from find_idlest_group_cpu() (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Remove unnecessary comparison with -1 (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Spare idle load balancing on nohz_full CPUs (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Use 'unsigned long' for utilization, consistently (bnc#1101669 optimise numa balancing for fast migrate). - sched/smt: Update sched_smt_present at runtime (bsc#1089343). - scsi: ata: enhance the definition of SET MAX feature field value (). - scsi: hisi_sas: add an mechanism to do reset work synchronously (). - scsi: hisi_sas: add check of device in hisi_sas_task_exec() (). - scsi: hisi_sas: add internal abort dev in some places (). - scsi: hisi_sas: Add LED feature for v3 hw (). - scsi: hisi_sas: add RAS feature for v3 hw (). - scsi: hisi_sas: add readl poll timeout helper wrappers (). - scsi: hisi_sas: Add some checks to avoid free'ing a sas_task twice (). - scsi: hisi_sas: add some print to enhance debugging (). - scsi: hisi_sas: Add v2 hw force PHY function for internal ATA command (). - scsi: hisi_sas: add v2 hw port AXI error handling support (). - scsi: hisi_sas: add v3 hw MODULE_DEVICE_TABLE() (). - scsi: hisi_sas: add v3 hw suspend and resume (). - scsi: hisi_sas: allocate slot buffer earlier (). - scsi: hisi_sas: Change common allocation mode of device id (). - scsi: hisi_sas: Change frame type for SET MAX commands (). - scsi: hisi_sas: change ncq process for v3 hw (). - scsi: hisi_sas: change slot index allocation mode (). - scsi: hisi_sas: check host frozen before calling "done" function (). - scsi: hisi_sas: check IPTT is valid before using it for v3 hw (). - scsi: hisi_sas: check sas_dev gone earlier in hisi_sas_abort_task() (). - scsi: hisi_sas: Code cleanup and minor bug fixes (). - scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw (). - scsi: hisi_sas: consolidate command check in hisi_sas_get_ata_protocol() (). - scsi: hisi_sas: Create a scsi_host_template per HW module (). - scsi: hisi_sas: delete timer when removing hisi_sas driver (). - scsi: hisi_sas: do link reset for some CHL_INT2 ints (). - scsi: hisi_sas: Do not lock DQ for complete task sending (). - scsi: hisi_sas: dt-bindings: add an property of signal attenuation (). - scsi: hisi_sas: fix a bug in hisi_sas_dev_gone() (). - scsi: hisi_sas: fix a typo in hisi_sas_task_prep() (). - scsi: hisi_sas: fix dma_unmap_sg() parameter (). - scsi: hisi_sas: fix PI memory size (). - scsi: hisi_sas: fix return value of hisi_sas_task_prep() (). - scsi: hisi_sas: Fix return value when get_free_slot() failed (). - scsi: hisi_sas: fix SAS_QUEUE_FULL problem while running IO (). - scsi: hisi_sas: fix the issue of link rate inconsistency (). - scsi: hisi_sas: fix the issue of setting linkrate register (). - scsi: hisi_sas: improve int_chnl_int_v2_hw() consistency with v3 hw (). - scsi: hisi_sas: Include TMF elements in struct hisi_sas_slot (). - scsi: hisi_sas: increase timer expire of internal abort task (). - scsi: hisi_sas: Init disks after controller reset (). - scsi: hisi_sas: initialize dq spinlock before use (). - scsi: hisi_sas: Introduce hisi_sas_phy_set_linkrate() (). - scsi: hisi_sas: judge result of internal abort (). - scsi: hisi_sas: make local symbol host_attrs static (). - scsi: hisi_sas: make return type of prep functions void (). - scsi: hisi_sas: make SAS address of SATA disks unique (). - scsi: hisi_sas: Mark PHY as in reset for nexus reset (). - scsi: hisi_sas: modify hisi_sas_dev_gone() for reset (). - scsi: hisi_sas: modify some register config for hip08 (). - scsi: hisi_sas: optimise port id refresh function (). - scsi: hisi_sas: optimise the usage of DQ locking (). - scsi: hisi_sas: print device id for errors (). - scsi: hisi_sas: re-add the lldd_port_deformed() (). - scsi: hisi_sas: relocate clearing ITCT and freeing device (). - scsi: hisi_sas: relocate smp sg map (). - scsi: hisi_sas: Remove depends on HAS_DMA in case of platform dependency (). - scsi: hisi_sas: remove redundant handling to event95 for v3 (). - scsi: hisi_sas: remove some unneeded structure members (). - scsi: hisi_sas: remove unused variable hisi_sas_devices.running_req (). - scsi: hisi_sas: Reset disks when discovered (). - scsi: hisi_sas: some optimizations of host controller reset (). - scsi: hisi_sas: stop controller timer for reset (). - scsi: hisi_sas: support the property of signal attenuation for v2 hw (). - scsi: hisi_sas: Terminate STP reject quickly for v2 hw (). - scsi: hisi_sas: Try wait commands before before controller reset (). - scsi: hisi_sas: update PHY linkrate after a controller reset (). - scsi: hisi_sas: update RAS feature for later revision of v3 HW (). - scsi: hisi_sas: use an general way to delay PHY work (). - scsi: hisi_sas: Use device lock to protect slot alloc/free (). - scsi: hisi_sas: use dma_zalloc_coherent() (). - scsi: hisi_sas: workaround a v3 hw hilink bug (). - scsi: libsas: defer ata device eh commands to libata (). - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (bsc#1102658). - scsi: lpfc: Correct LCB ACCept payload (bsc#1102658). - scsi: lpfc: devloss timeout race condition caused null pointer reference (bsc#1102658). - scsi: lpfc: Fix abort error path for NVMET (bsc#1102658). - scsi: lpfc: Fix driver crash when re-registering NVME rports (bsc#1102658). - scsi: lpfc: Fix driver not setting dpp bits correctly in doorbell word (bsc#1102658). - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102658). - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102658). - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102658). - scsi: lpfc: Fix panic if driver unloaded when port is offline (bsc#1102658). - scsi: lpfc: Fix sysfs Speed value on CNA ports (bsc#1102658). - scsi: lpfc: Limit tracking of tgt queue depth in fast path (bsc#1102658). - scsi: lpfc: Make PBDE optimizations configurable (bsc#1102658). - scsi: lpfc: Remove lpfc_enable_pbde as module parameter (bsc#1102658). - scsi: lpfc: Revise copyright for new company language (bsc#1102658). - scsi: lpfc: Support duration field in Link Cable Beacon V1 command (bsc#1102658). - scsi: lpfc: update driver version to 12.0.0.5 (bsc#1102658). - scsi: lpfc: update driver version to 12.0.0.6 (bsc#1102658). - scsi: qla2xxx: Avoid double completion of abort command (git-fixes). - scsi: qla2xxx: Fix driver unload by shutting down chip (git-fixes). - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion (git-fixes). - scsi: qla2xxx: Fix NULL pointer dereference for fcport search (git-fixes). - scsi: qla2xxx: Fix unintialized List head crash (git-fixes). - scsi: qla2xxx: Return error when TMF returns (git-fixes). - scsi: smartpqi: add in new supported controllers (bsc#1086274). - scsi: smartpqi: add inspur advantech ids (bsc#1086274). - scsi: smartpqi: bump driver version to 1.1.4-130 (bsc#1086274). - scsi: smartpqi: fix critical ARM issue reading PQI index registers (bsc#1086274). - scsi: smartpqi: improve error checking for sync requests (bsc#1086274). - scsi: smartpqi: improve handling for sync requests (bsc#1086274). - scsi: smartpqi: update driver version (bsc#1086274). - scsi: smartpqi: workaround fw bug for oq deletion (bsc#1086274). - sctp: fix the issue that pathmtu may be set lower than MINSEGMENT (git-fixes). - sctp: introduce sctp_dst_mtu (git-fixes). - soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure (bsc#1051510). - soc: bcm: raspberrypi-power: Fix use of __packed (bsc#1051510). - soc: imx: gpc: de-register power domains only if initialized (bsc#1051510). - soc: imx: gpc: restrict register range for regmap access (bsc#1051510). - soc: imx: gpcv2: correct PGC offset (bsc#1051510). - soc: imx: gpcv2: Do not pass static memory as platform data (bsc#1051510). - soc: imx: gpcv2: fix regulator deferred probe (bsc#1051510). - soc: mediatek: pwrap: fix compiler errors (bsc#1051510). - soc: qcom: wcnss_ctrl: Fix increment in NV upload (bsc#1051510). - soc: rockchip: power-domain: Fix wrong value when power up pd with writemask (bsc#1051510). - soc/tegra: Fix bad of_node_put() in powergate init (bsc#1051510). - soc/tegra: flowctrl: Fix error handling (bsc#1051510). - soc: ti: ti_sci_pm_domains: Populate name for genpd (bsc#1051510). - soc: zte: Restrict SOC_ZTE to ARCH_ZX or COMPILE_TEST (bsc#1051510). - spi: bcm2835aux: ensure interrupts are enabled for shared handler (bsc#1051510). - spi/bcm63xx-hspi: Enable the clock before calling clk_get_rate() (bsc#1051510). - spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL (bsc#1051510). - spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master (bsc#1051510). - spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo() (bsc#1051510). - spi: pxa2xx: Allow 64-bit DMA (bsc#1051510). - spi: pxa2xx: check clk_prepare_enable() return value (bsc#1051510). - sr: pass down correctly sized SCSI sense buffer (git-fixes). - staging: ks7010: Use constants from ieee80211_eid instead of literal ints (bsc#1051510). - staging: speakup: fix wraparound in uaccess length check (bsc#1051510). - supported.conf: add drivers/md/dm-writecache - sysrq : fix Show Regs call trace on ARM (bsc#1051510). - thermal: exynos: fix setting rising_threshold for Exynos5433 (bsc#1051510). - tty: Fix data race in tty_insert_flip_string_fixed_flag (bsc#1051510). - typec: tcpm: Fix a msecs vs jiffies bug (bsc#1100132). - udf: Detect incorrect directory size (bsc#1101891). - udf: Provide saner default for invalid uid / gid (bsc#1101890). - Update config files to add CONFIG_DM_WRITECACHE=m - Update patches.arch/KVM-PPC-Check-if-IOMMU-page-is-contained-in-the-pinn.patch (bsc#1077761, git-fixes, bsc#1103948, bsc#1103949). - usb: hub: Do not wait for connect state at resume for powered-off ports (bsc#1051510). - usbip: usbip_detach: Fix memory, udev context and udev leak (bsc#1051510). - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841). - virtio_balloon: fix another race between migration and ballooning (bsc#1051510). - wlcore: sdio: check for valid platform device data before suspend (bsc#1051510). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/KVM/VMX: Add module argument for L1TF mitigation. - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (binutils_2.31). - xfs: catch inode allocation state mismatch corruption (bsc#1104211). - xfs: prevent creating negative-sized file via INSERT_RANGE (bsc#1101833). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-1614=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-25.13.1 kernel-default-debugsource-4.12.14-25.13.1 kernel-default-livepatch-4.12.14-25.13.1 References: https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5391.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1051979 https://bugzilla.suse.com/1066110 https://bugzilla.suse.com/1077761 https://bugzilla.suse.com/1086274 https://bugzilla.suse.com/1086314 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099858 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1101116 https://bugzilla.suse.com/1101331 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1101828 https://bugzilla.suse.com/1101832 https://bugzilla.suse.com/1101833 https://bugzilla.suse.com/1101837 https://bugzilla.suse.com/1101839 https://bugzilla.suse.com/1101841 https://bugzilla.suse.com/1101843 https://bugzilla.suse.com/1101844 https://bugzilla.suse.com/1101845 https://bugzilla.suse.com/1101847 https://bugzilla.suse.com/1101852 https://bugzilla.suse.com/1101853 https://bugzilla.suse.com/1101867 https://bugzilla.suse.com/1101872 https://bugzilla.suse.com/1101874 https://bugzilla.suse.com/1101875 https://bugzilla.suse.com/1101882 https://bugzilla.suse.com/1101883 https://bugzilla.suse.com/1101885 https://bugzilla.suse.com/1101887 https://bugzilla.suse.com/1101890 https://bugzilla.suse.com/1101891 https://bugzilla.suse.com/1101893 https://bugzilla.suse.com/1101895 https://bugzilla.suse.com/1101896 https://bugzilla.suse.com/1101900 https://bugzilla.suse.com/1101902 https://bugzilla.suse.com/1101903 https://bugzilla.suse.com/1102633 https://bugzilla.suse.com/1102658 https://bugzilla.suse.com/1103097 https://bugzilla.suse.com/1103356 https://bugzilla.suse.com/1103421 https://bugzilla.suse.com/1103517 https://bugzilla.suse.com/1103723 https://bugzilla.suse.com/1103724 https://bugzilla.suse.com/1103725 https://bugzilla.suse.com/1103726 https://bugzilla.suse.com/1103727 https://bugzilla.suse.com/1103728 https://bugzilla.suse.com/1103729 https://bugzilla.suse.com/1103730 https://bugzilla.suse.com/1103917 https://bugzilla.suse.com/1103920 https://bugzilla.suse.com/1103948 https://bugzilla.suse.com/1103949 https://bugzilla.suse.com/1104066 https://bugzilla.suse.com/1104111 https://bugzilla.suse.com/1104174 https://bugzilla.suse.com/1104211 https://bugzilla.suse.com/1104319 From sle-security-updates at lists.suse.com Thu Aug 16 13:07:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 21:07:48 +0200 (CEST) Subject: SUSE-SU-2018:2384-1: important: Security update for the Linux Kernel Message-ID: <20180816190748.21F32F7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2384-1 Rating: important References: #1012382 #1064233 #1068032 #1076110 #1083635 #1086654 #1087081 #1089343 #1098016 #1099592 #1099924 #1100089 #1100416 #1100418 #1103119 #1104365 Cross-References: CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-14734 CVE-2018-3620 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 10 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 bnc#1100418). The following non-security bugs were fixed: - bcache: add backing_request_endio() for bi_end_io (bsc#1064233). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064233). - bcache: add io_disable to struct cached_dev (bsc#1064233). - bcache: add journal statistic (bsc#1076110). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1076110). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1064233). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064233). - bcache: Annotate switch fall-through (bsc#1076110). - bcache: closures: move control bits one bit right (bsc#1076110). - bcache: correct flash only vols (check all uuids) (bsc#1064233). - bcache: count backing device I/O error for writeback I/O (bsc#1064233). - bcache: do not attach backing with duplicate UUID (bsc#1076110). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1076110). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064233). - bcache: fix crashes in duplicate cache device register (bsc#1076110). - bcache: fix error return value in memory shrink (bsc#1076110). - bcache: fix for allocator and register thread race (bsc#1076110). - bcache: fix for data collapse after re-attaching an attached device (bsc#1076110). - bcache: fix high CPU occupancy during journal (bsc#1076110). - bcache: Fix, improve efficiency of closure_sync() (bsc#1076110). - bcache: fix incorrect sysfs output value of strip size (bsc#1076110). - bcache: Fix indentation (bsc#1076110). - bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1076110). - bcache: Fix kernel-doc warnings (bsc#1076110). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1064233). - bcache: fix using of loop variable in memory shrink (bsc#1076110). - bcache: fix writeback target calc on large devices (bsc#1076110). - bcache: fix wrong return value in bch_debug_init() (bsc#1076110). - bcache: mark closure_sync() __sched (bsc#1076110). - bcache: move closure debug file into debug directory (bsc#1076110). - bcache: properly set task state in bch_writeback_thread() (bsc#1064233). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bsc#1064233). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064233). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1076110). - bcache: Remove an unused variable (bsc#1076110). - bcache: ret IOERR when read meets metadata error (bsc#1076110). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064233). - bcache: return attach error when no cache set exist (bsc#1076110). - bcache: segregate flash only volume write streams (bsc#1076110). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064233). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064233). - bcache: set error_limit correctly (bsc#1064233). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064233). - bcache: stop bcache device when backing device is offline (bsc#1064233). - bcache: stop dc->writeback_rate_update properly (bsc#1064233). - bcache: stop writeback thread after detaching (bsc#1076110). - bcache: store disk name in struct cache and struct cached_dev (bsc#1064233). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1076110). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064233). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - drivers: hv: vmbus: avoid infinite loop in init_vp_index() (bsc#1099592). - procfs: add tunable for fd/fdinfo dentry retention (bsc#10866542). - Revert "KVM: Fix stack-out-of-bounds read in write_mmio" (bnc#1083635). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081). - x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - x86/Xen: disable IBRS around CPU stopper function invocation (none so far). - xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - xen/x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382). - xen/x86/cpufeatures: Make CPU bugs sticky (bnc#1012382). - xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343). - xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - xen/x86/entry: Add a function to overwrite the RSB (bsc#1068032). - xen/x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - xen/x86/mm: Set IBPB upon context switch (bsc#1068032). - xen/x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1644=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1644=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1644=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.99.1 kernel-default-base-3.12.74-60.64.99.1 kernel-default-base-debuginfo-3.12.74-60.64.99.1 kernel-default-debuginfo-3.12.74-60.64.99.1 kernel-default-debugsource-3.12.74-60.64.99.1 kernel-default-devel-3.12.74-60.64.99.1 kernel-syms-3.12.74-60.64.99.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.99.1 kernel-macros-3.12.74-60.64.99.1 kernel-source-3.12.74-60.64.99.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.99.1 kernel-xen-base-3.12.74-60.64.99.1 kernel-xen-base-debuginfo-3.12.74-60.64.99.1 kernel-xen-debuginfo-3.12.74-60.64.99.1 kernel-xen-debugsource-3.12.74-60.64.99.1 kernel-xen-devel-3.12.74-60.64.99.1 kgraft-patch-3_12_74-60_64_99-default-1-2.3.1 kgraft-patch-3_12_74-60_64_99-xen-1-2.3.1 lttng-modules-2.7.0-4.2.1 lttng-modules-debugsource-2.7.0-4.2.1 lttng-modules-kmp-default-2.7.0_k3.12.74_60.64.99-4.2.1 lttng-modules-kmp-default-debuginfo-2.7.0_k3.12.74_60.64.99-4.2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.99.1 kernel-default-base-3.12.74-60.64.99.1 kernel-default-base-debuginfo-3.12.74-60.64.99.1 kernel-default-debuginfo-3.12.74-60.64.99.1 kernel-default-debugsource-3.12.74-60.64.99.1 kernel-default-devel-3.12.74-60.64.99.1 kernel-syms-3.12.74-60.64.99.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.99.1 kernel-xen-base-3.12.74-60.64.99.1 kernel-xen-base-debuginfo-3.12.74-60.64.99.1 kernel-xen-debuginfo-3.12.74-60.64.99.1 kernel-xen-debugsource-3.12.74-60.64.99.1 kernel-xen-devel-3.12.74-60.64.99.1 kgraft-patch-3_12_74-60_64_99-default-1-2.3.1 kgraft-patch-3_12_74-60_64_99-xen-1-2.3.1 lttng-modules-2.7.0-4.2.1 lttng-modules-debugsource-2.7.0-4.2.1 lttng-modules-kmp-default-2.7.0_k3.12.74_60.64.99-4.2.1 lttng-modules-kmp-default-debuginfo-2.7.0_k3.12.74_60.64.99-4.2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.99.1 kernel-macros-3.12.74-60.64.99.1 kernel-source-3.12.74-60.64.99.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.99.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.99.1 kernel-ec2-debuginfo-3.12.74-60.64.99.1 kernel-ec2-debugsource-3.12.74-60.64.99.1 kernel-ec2-devel-3.12.74-60.64.99.1 kernel-ec2-extra-3.12.74-60.64.99.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.99.1 References: https://www.suse.com/security/cve/CVE-2018-13053.html https://www.suse.com/security/cve/CVE-2018-13405.html https://www.suse.com/security/cve/CVE-2018-13406.html https://www.suse.com/security/cve/CVE-2018-14734.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1064233 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1076110 https://bugzilla.suse.com/1083635 https://bugzilla.suse.com/1086654 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1098016 https://bugzilla.suse.com/1099592 https://bugzilla.suse.com/1099924 https://bugzilla.suse.com/1100089 https://bugzilla.suse.com/1100416 https://bugzilla.suse.com/1100418 https://bugzilla.suse.com/1103119 https://bugzilla.suse.com/1104365 From sle-security-updates at lists.suse.com Thu Aug 16 13:11:57 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 21:11:57 +0200 (CEST) Subject: SUSE-SU-2018:2385-1: moderate: Security update for perl-Archive-Zip Message-ID: <20180816191157.9D649F7C0@maintenance.suse.de> SUSE Security Update: Security update for perl-Archive-Zip ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2385-1 Rating: moderate References: #1099497 Cross-References: CVE-2018-10860 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-Archive-Zip fixes the following security issue: - CVE-2018-10860: Prevent directory traversal caused by not properly sanitizing paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could have used this flaw to write or overwrite arbitrary files in the context of the perl interpreter (bsc#1099497) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1641=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1641=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): perl-Archive-Zip-1.34-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): perl-Archive-Zip-1.34-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10860.html https://bugzilla.suse.com/1099497 From sle-security-updates at lists.suse.com Thu Aug 16 13:12:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 21:12:32 +0200 (CEST) Subject: SUSE-SU-2018:2386-1: moderate: Security update for perl-Archive-Zip Message-ID: <20180816191232.A2156F7C0@maintenance.suse.de> SUSE Security Update: Security update for perl-Archive-Zip ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2386-1 Rating: moderate References: #1099497 Cross-References: CVE-2018-10860 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-Archive-Zip fixes the following security issue: - CVE-2018-10860: Prevent directory traversal caused by not properly sanitizing paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could have used this flaw to write or overwrite arbitrary files in the context of the perl interpreter (bsc#1099497) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1642=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): perl-Archive-Zip-1.60-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10860.html https://bugzilla.suse.com/1099497 From sle-security-updates at lists.suse.com Thu Aug 16 13:13:05 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 21:13:05 +0200 (CEST) Subject: SUSE-SU-2018:2387-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) Message-ID: <20180816191305.300E0F7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2387-1 Rating: important References: #1096564 #1097108 #1099306 #1103203 Cross-References: CVE-2017-11600 CVE-2017-18344 CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1651=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1651=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_74-92_38-default-11-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_74-92_38-default-11-2.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1096564 https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 https://bugzilla.suse.com/1103203 From sle-security-updates at lists.suse.com Thu Aug 16 13:14:01 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 21:14:01 +0200 (CEST) Subject: SUSE-SU-2018:2388-1: moderate: Security update for perl-Archive-Zip Message-ID: <20180816191401.3E33FF7C0@maintenance.suse.de> SUSE Security Update: Security update for perl-Archive-Zip ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2388-1 Rating: moderate References: #1099497 Cross-References: CVE-2018-10860 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-Archive-Zip fixes the following security issue: - CVE-2018-10860: Prevent directory traversal caused by not properly sanitizing paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could have used this flaw to write or overwrite arbitrary files in the context of the perl interpreter (bsc#1099497). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-perl-Archive-Zip-13734=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-Archive-Zip-1.24-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-10860.html https://bugzilla.suse.com/1099497 From sle-security-updates at lists.suse.com Thu Aug 16 13:14:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 21:14:32 +0200 (CEST) Subject: SUSE-SU-2018:2389-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) Message-ID: <20180816191432.09EBEF7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2389-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.120-92_70 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1645=1 SUSE-SLE-SAP-12-SP2-2018-1646=1 SUSE-SLE-SAP-12-SP2-2018-1647=1 SUSE-SLE-SAP-12-SP2-2018-1648=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1645=1 SUSE-SLE-SERVER-12-SP2-2018-1646=1 SUSE-SLE-SERVER-12-SP2-2018-1647=1 SUSE-SLE-SERVER-12-SP2-2018-1648=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_120-92_70-default-5-2.1 kgraft-patch-4_4_121-92_73-default-4-2.1 kgraft-patch-4_4_121-92_80-default-4-2.1 kgraft-patch-4_4_121-92_85-default-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_120-92_70-default-5-2.1 kgraft-patch-4_4_121-92_73-default-4-2.1 kgraft-patch-4_4_121-92_80-default-4-2.1 kgraft-patch-4_4_121-92_85-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Thu Aug 16 13:15:12 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 21:15:12 +0200 (CEST) Subject: SUSE-SU-2018:2390-1: moderate: Security update for GraphicsMagick Message-ID: <20180816191512.167C6F7C0@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2390-1 Rating: moderate References: #1056277 #1094204 #1095812 #1102007 Cross-References: CVE-2017-13758 CVE-2017-18271 CVE-2018-10805 CVE-2018-14435 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: The following security issues were addressed: - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204) - CVE-2017-13758: Heap-based buffer overflow in theTracePoint() function in MagickCore/draw.c, which allows attackers to cause a denial of service (bsc#1056277) - CVE-2018-10805: Fixed several memory leaks in rgb.c, cmyk.c, and gray.c (bsc#1095812) - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13733=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13733=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13733=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-78.61.1 libGraphicsMagick2-1.2.5-78.61.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-78.61.1 libGraphicsMagick2-1.2.5-78.61.1 perl-GraphicsMagick-1.2.5-78.61.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-78.61.1 GraphicsMagick-debugsource-1.2.5-78.61.1 References: https://www.suse.com/security/cve/CVE-2017-13758.html https://www.suse.com/security/cve/CVE-2017-18271.html https://www.suse.com/security/cve/CVE-2018-10805.html https://www.suse.com/security/cve/CVE-2018-14435.html https://bugzilla.suse.com/1056277 https://bugzilla.suse.com/1094204 https://bugzilla.suse.com/1095812 https://bugzilla.suse.com/1102007 From sle-security-updates at lists.suse.com Thu Aug 16 13:16:12 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 21:16:12 +0200 (CEST) Subject: SUSE-SU-2018:2391-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) Message-ID: <20180816191612.AD72EF7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2391-1 Rating: important References: #1097108 #1099306 #1103203 Cross-References: CVE-2017-18344 CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.114-92_67 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1649=1 SUSE-SLE-SAP-12-SP2-2018-1650=1 SUSE-SLE-SAP-12-SP2-2018-1652=1 SUSE-SLE-SAP-12-SP2-2018-1653=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1649=1 SUSE-SLE-SERVER-12-SP2-2018-1650=1 SUSE-SLE-SERVER-12-SP2-2018-1652=1 SUSE-SLE-SERVER-12-SP2-2018-1653=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_114-92_64-default-6-2.1 kgraft-patch-4_4_114-92_67-default-6-2.1 kgraft-patch-4_4_90-92_45-default-9-2.1 kgraft-patch-4_4_90-92_50-default-9-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_114-92_64-default-6-2.1 kgraft-patch-4_4_114-92_67-default-6-2.1 kgraft-patch-4_4_90-92_45-default-9-2.1 kgraft-patch-4_4_90-92_50-default-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 https://bugzilla.suse.com/1103203 From sle-security-updates at lists.suse.com Thu Aug 16 13:18:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2018 21:18:49 +0200 (CEST) Subject: SUSE-SU-2018:2394-1: important: Security update for kgraft Message-ID: <20180816191849.18442F7C0@maintenance.suse.de> SUSE Security Update: Security update for kgraft ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2394-1 Rating: important References: #1099306 Cross-References: CVE-2018-3646 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kgraft fixes the following issues: Add script for disabling SMT to help with the mitigation of the "L1 Terminal Fault" issue (CVE-2018-3646 bsc#1099306) The script is called "klp-kvm-l1tf-ctrl-smt" and is used for enabling or disabling SMT to mitigate the issue when this administrative decision is taken. Disabling SMT: klp-kvm-l1tf-ctrl-smt -d Enabling SMT: klp-kvm-l1tf-ctrl-smt -e Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1637=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2018-1637=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-1.0-23.9.1 - SUSE Linux Enterprise Live Patching 12 (ppc64le s390x x86_64): kgraft-1.0-23.9.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-devel-1.0-23.9.1 References: https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Fri Aug 17 04:14:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2018 12:14:02 +0200 (CEST) Subject: SUSE-SU-2018:2401-1: important: Security update for xen Message-ID: <20180817101402.4C6E9F7C0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2401-1 Rating: important References: #1027519 #1091107 #1103276 Cross-References: CVE-2018-3646 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a malicious or buggy guest administrator can lock up the entire host (bsc#1103276) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1656=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1656=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1656=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): xen-debugsource-4.9.2_10-3.41.1 xen-devel-4.9.2_10-3.41.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): xen-4.9.2_10-3.41.1 xen-debugsource-4.9.2_10-3.41.1 xen-doc-html-4.9.2_10-3.41.1 xen-libs-32bit-4.9.2_10-3.41.1 xen-libs-4.9.2_10-3.41.1 xen-libs-debuginfo-32bit-4.9.2_10-3.41.1 xen-libs-debuginfo-4.9.2_10-3.41.1 xen-tools-4.9.2_10-3.41.1 xen-tools-debuginfo-4.9.2_10-3.41.1 xen-tools-domU-4.9.2_10-3.41.1 xen-tools-domU-debuginfo-4.9.2_10-3.41.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xen-4.9.2_10-3.41.1 xen-debugsource-4.9.2_10-3.41.1 xen-libs-32bit-4.9.2_10-3.41.1 xen-libs-4.9.2_10-3.41.1 xen-libs-debuginfo-32bit-4.9.2_10-3.41.1 xen-libs-debuginfo-4.9.2_10-3.41.1 - SUSE CaaS Platform ALL (x86_64): xen-debugsource-4.9.2_10-3.41.1 xen-libs-4.9.2_10-3.41.1 xen-libs-debuginfo-4.9.2_10-3.41.1 xen-tools-domU-4.9.2_10-3.41.1 xen-tools-domU-debuginfo-4.9.2_10-3.41.1 - SUSE CaaS Platform 3.0 (x86_64): xen-debugsource-4.9.2_10-3.41.1 xen-libs-4.9.2_10-3.41.1 xen-libs-debuginfo-4.9.2_10-3.41.1 xen-tools-domU-4.9.2_10-3.41.1 xen-tools-domU-debuginfo-4.9.2_10-3.41.1 References: https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1091107 https://bugzilla.suse.com/1103276 From sle-security-updates at lists.suse.com Fri Aug 17 04:17:51 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2018 12:17:51 +0200 (CEST) Subject: SUSE-SU-2018:2403-1: important: Security update for mutt Message-ID: <20180817101751.44931F7C0@maintenance.suse.de> SUSE Security Update: Security update for mutt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2403-1 Rating: important References: #1101567 #1101570 #1101571 #1101573 #1101576 #1101577 #1101578 #1101581 #1101582 #1101588 #1101589 #936807 Cross-References: CVE-2018-14349 CVE-2018-14350 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14362 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has one errata is now available. Description: This update for mutt fixes the following issues: Security issues fixed: - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles ".." directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). Bug fixes: - bsc#936807: On entering a 70 character subject line in mutt, a tab is added to the text after 67 characters. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mutt-13736=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-mutt-13736=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mutt-13736=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mutt-13736=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mutt-13736=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): mutt-1.5.17-42.43.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): mutt-1.5.17-42.43.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): mutt-1.5.17-42.43.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mutt-debuginfo-1.5.17-42.43.1 mutt-debugsource-1.5.17-42.43.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mutt-debuginfo-1.5.17-42.43.1 mutt-debugsource-1.5.17-42.43.1 References: https://www.suse.com/security/cve/CVE-2018-14349.html https://www.suse.com/security/cve/CVE-2018-14350.html https://www.suse.com/security/cve/CVE-2018-14352.html https://www.suse.com/security/cve/CVE-2018-14353.html https://www.suse.com/security/cve/CVE-2018-14354.html https://www.suse.com/security/cve/CVE-2018-14355.html https://www.suse.com/security/cve/CVE-2018-14356.html https://www.suse.com/security/cve/CVE-2018-14357.html https://www.suse.com/security/cve/CVE-2018-14358.html https://www.suse.com/security/cve/CVE-2018-14359.html https://www.suse.com/security/cve/CVE-2018-14362.html https://bugzilla.suse.com/1101567 https://bugzilla.suse.com/1101570 https://bugzilla.suse.com/1101571 https://bugzilla.suse.com/1101573 https://bugzilla.suse.com/1101576 https://bugzilla.suse.com/1101577 https://bugzilla.suse.com/1101578 https://bugzilla.suse.com/1101581 https://bugzilla.suse.com/1101582 https://bugzilla.suse.com/1101588 https://bugzilla.suse.com/1101589 https://bugzilla.suse.com/936807 From sle-security-updates at lists.suse.com Fri Aug 17 07:07:52 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2018 15:07:52 +0200 (CEST) Subject: SUSE-SU-2018:2408-1: important: Security update for python Message-ID: <20180817130752.431B6F7C0@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2408-1 Rating: important References: #1086001 #1088004 #1088009 #985177 Cross-References: CVE-2016-5636 CVE-2018-1060 CVE-2018-1061 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for python-base fixes the following issues: Security issues fixed: - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). - CVE-2016-5636: Fixed heap overflow in zipimporter module (bsc#985177) Bug fixes: - bsc#1086001: python tarfile uses random order. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-python-13737=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-python-13737=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-python-13737=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-python-13737=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-python-13737=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-python-13737=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-devel-2.6.9-40.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): python-demo-2.6.9-40.15.1 python-gdbm-2.6.9-40.15.1 python-idle-2.6.9-40.15.1 python-tk-2.6.9-40.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): python-doc-2.6-8.40.15.1 python-doc-pdf-2.6-8.40.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): python-32bit-2.6.9-40.15.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpython2_6-1_0-2.6.9-40.15.1 python-2.6.9-40.15.1 python-base-2.6.9-40.15.1 python-curses-2.6.9-40.15.1 python-demo-2.6.9-40.15.1 python-gdbm-2.6.9-40.15.1 python-idle-2.6.9-40.15.1 python-tk-2.6.9-40.15.1 python-xml-2.6.9-40.15.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpython2_6-1_0-32bit-2.6.9-40.15.1 python-32bit-2.6.9-40.15.1 python-base-32bit-2.6.9-40.15.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): python-doc-2.6-8.40.15.1 python-doc-pdf-2.6-8.40.15.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libpython2_6-1_0-x86-2.6.9-40.15.1 python-base-x86-2.6.9-40.15.1 python-x86-2.6.9-40.15.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libpython2_6-1_0-2.6.9-40.15.1 python-2.6.9-40.15.1 python-base-2.6.9-40.15.1 python-curses-2.6.9-40.15.1 python-demo-2.6.9-40.15.1 python-gdbm-2.6.9-40.15.1 python-idle-2.6.9-40.15.1 python-tk-2.6.9-40.15.1 python-xml-2.6.9-40.15.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libpython2_6-1_0-32bit-2.6.9-40.15.1 python-32bit-2.6.9-40.15.1 python-base-32bit-2.6.9-40.15.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): python-doc-2.6-8.40.15.1 python-doc-pdf-2.6-8.40.15.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): python-doc-2.6-8.40.15.1 python-doc-pdf-2.6-8.40.15.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libpython2_6-1_0-2.6.9-40.15.1 python-2.6.9-40.15.1 python-base-2.6.9-40.15.1 python-curses-2.6.9-40.15.1 python-demo-2.6.9-40.15.1 python-gdbm-2.6.9-40.15.1 python-idle-2.6.9-40.15.1 python-tk-2.6.9-40.15.1 python-xml-2.6.9-40.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-base-debuginfo-2.6.9-40.15.1 python-base-debugsource-2.6.9-40.15.1 python-debuginfo-2.6.9-40.15.1 python-debugsource-2.6.9-40.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): python-base-debuginfo-32bit-2.6.9-40.15.1 python-debuginfo-32bit-2.6.9-40.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): python-base-debuginfo-x86-2.6.9-40.15.1 python-debuginfo-x86-2.6.9-40.15.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): python-base-debuginfo-2.6.9-40.15.1 python-base-debugsource-2.6.9-40.15.1 python-debuginfo-2.6.9-40.15.1 python-debugsource-2.6.9-40.15.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): python-base-debuginfo-32bit-2.6.9-40.15.1 python-debuginfo-32bit-2.6.9-40.15.1 References: https://www.suse.com/security/cve/CVE-2016-5636.html https://www.suse.com/security/cve/CVE-2018-1060.html https://www.suse.com/security/cve/CVE-2018-1061.html https://bugzilla.suse.com/1086001 https://bugzilla.suse.com/1088004 https://bugzilla.suse.com/1088009 https://bugzilla.suse.com/985177 From sle-security-updates at lists.suse.com Fri Aug 17 10:07:47 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2018 18:07:47 +0200 (CEST) Subject: SUSE-SU-2018:2409-1: important: Security update for xen Message-ID: <20180817160747.5967CF7C0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2409-1 Rating: important References: #1027519 #1091107 #1103276 Cross-References: CVE-2018-3646 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a malicious or buggy guest administrator can lock up the entire host (bsc#1103276) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1663=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1663=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): xen-4.10.1_08-3.6.1 xen-debugsource-4.10.1_08-3.6.1 xen-devel-4.10.1_08-3.6.1 xen-tools-4.10.1_08-3.6.1 xen-tools-debuginfo-4.10.1_08-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): xen-debugsource-4.10.1_08-3.6.1 xen-libs-4.10.1_08-3.6.1 xen-libs-debuginfo-4.10.1_08-3.6.1 xen-tools-domU-4.10.1_08-3.6.1 xen-tools-domU-debuginfo-4.10.1_08-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1091107 https://bugzilla.suse.com/1103276 From sle-security-updates at lists.suse.com Fri Aug 17 10:08:39 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2018 18:08:39 +0200 (CEST) Subject: SUSE-SU-2018:2410-1: important: Security update for xen Message-ID: <20180817160839.69C5AF7C0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2410-1 Rating: important References: #1027519 #1091107 #1103276 Cross-References: CVE-2018-3646 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a malicious or buggy guest administrator can lock up the entire host (bsc#1103276) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1664=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1664=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1664=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1664=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_04-43.39.1 xen-debugsource-4.7.6_04-43.39.1 xen-doc-html-4.7.6_04-43.39.1 xen-libs-32bit-4.7.6_04-43.39.1 xen-libs-4.7.6_04-43.39.1 xen-libs-debuginfo-32bit-4.7.6_04-43.39.1 xen-libs-debuginfo-4.7.6_04-43.39.1 xen-tools-4.7.6_04-43.39.1 xen-tools-debuginfo-4.7.6_04-43.39.1 xen-tools-domU-4.7.6_04-43.39.1 xen-tools-domU-debuginfo-4.7.6_04-43.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.6_04-43.39.1 xen-debugsource-4.7.6_04-43.39.1 xen-doc-html-4.7.6_04-43.39.1 xen-libs-32bit-4.7.6_04-43.39.1 xen-libs-4.7.6_04-43.39.1 xen-libs-debuginfo-32bit-4.7.6_04-43.39.1 xen-libs-debuginfo-4.7.6_04-43.39.1 xen-tools-4.7.6_04-43.39.1 xen-tools-debuginfo-4.7.6_04-43.39.1 xen-tools-domU-4.7.6_04-43.39.1 xen-tools-domU-debuginfo-4.7.6_04-43.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.6_04-43.39.1 xen-debugsource-4.7.6_04-43.39.1 xen-doc-html-4.7.6_04-43.39.1 xen-libs-32bit-4.7.6_04-43.39.1 xen-libs-4.7.6_04-43.39.1 xen-libs-debuginfo-32bit-4.7.6_04-43.39.1 xen-libs-debuginfo-4.7.6_04-43.39.1 xen-tools-4.7.6_04-43.39.1 xen-tools-debuginfo-4.7.6_04-43.39.1 xen-tools-domU-4.7.6_04-43.39.1 xen-tools-domU-debuginfo-4.7.6_04-43.39.1 - SUSE Enterprise Storage 4 (x86_64): xen-4.7.6_04-43.39.1 xen-debugsource-4.7.6_04-43.39.1 xen-doc-html-4.7.6_04-43.39.1 xen-libs-32bit-4.7.6_04-43.39.1 xen-libs-4.7.6_04-43.39.1 xen-libs-debuginfo-32bit-4.7.6_04-43.39.1 xen-libs-debuginfo-4.7.6_04-43.39.1 xen-tools-4.7.6_04-43.39.1 xen-tools-debuginfo-4.7.6_04-43.39.1 xen-tools-domU-4.7.6_04-43.39.1 xen-tools-domU-debuginfo-4.7.6_04-43.39.1 References: https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1091107 https://bugzilla.suse.com/1103276 From sle-security-updates at lists.suse.com Fri Aug 17 10:09:24 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2018 18:09:24 +0200 (CEST) Subject: SUSE-SU-2018:2411-1: moderate: Security update for mysql Message-ID: <20180817160924.AE955F7C0@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2411-1 Rating: moderate References: #1101676 #1101677 #1101678 #1101679 #1101680 Cross-References: CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3070 CVE-2018-3081 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for mysql to version 5.5.61 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-3066: Fixed a difficult to exploit vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. (bsc#1101678) - CVE-2018-3070: Fixed an easily exploitable vulnerability that allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (bsc#1101679) - CVE-2018-3081: Fixed a difficult to exploit vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. (bsc#1101680) - CVE-2018-3058: Fixed an easily exploitable vulnerability that allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (bsc#1101676) - CVE-2018-3063: Fixed an easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (bsc#1101677) You can find more detailed information about this update in the [release notes](http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-13739=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-13739=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-13739=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.61-0.39.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.61-0.39.15.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.61-0.39.15.1 libmysql55client_r18-5.5.61-0.39.15.1 mysql-5.5.61-0.39.15.1 mysql-client-5.5.61-0.39.15.1 mysql-tools-5.5.61-0.39.15.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.61-0.39.15.1 libmysql55client_r18-32bit-5.5.61-0.39.15.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.61-0.39.15.1 libmysql55client_r18-x86-5.5.61-0.39.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.61-0.39.15.1 mysql-debugsource-5.5.61-0.39.15.1 References: https://www.suse.com/security/cve/CVE-2018-3058.html https://www.suse.com/security/cve/CVE-2018-3063.html https://www.suse.com/security/cve/CVE-2018-3066.html https://www.suse.com/security/cve/CVE-2018-3070.html https://www.suse.com/security/cve/CVE-2018-3081.html https://bugzilla.suse.com/1101676 https://bugzilla.suse.com/1101677 https://bugzilla.suse.com/1101678 https://bugzilla.suse.com/1101679 https://bugzilla.suse.com/1101680 From sle-security-updates at lists.suse.com Fri Aug 17 13:07:54 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2018 21:07:54 +0200 (CEST) Subject: SUSE-SU-2018:2412-1: moderate: Security update for wireshark Message-ID: <20180817190754.9BD22F7C0@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2412-1 Rating: moderate References: #1094301 #1101776 #1101777 #1101786 #1101788 #1101791 #1101794 #1101800 #1101802 #1101804 #1101810 Cross-References: CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Security issues fixed: - bsc#1094301: Wireshark security update to 2.6.1, 2.4.7, 2.2.15 - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-13740=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-13740=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-13740=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-2.2.16-40.28.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libwireshark8-2.2.16-40.28.1 libwiretap6-2.2.16-40.28.1 libwscodecs1-2.2.16-40.28.1 libwsutil7-2.2.16-40.28.1 wireshark-2.2.16-40.28.1 wireshark-gtk-2.2.16-40.28.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libwireshark8-2.2.16-40.28.1 libwiretap6-2.2.16-40.28.1 libwscodecs1-2.2.16-40.28.1 libwsutil7-2.2.16-40.28.1 wireshark-2.2.16-40.28.1 wireshark-gtk-2.2.16-40.28.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-2.2.16-40.28.1 wireshark-debugsource-2.2.16-40.28.1 References: https://www.suse.com/security/cve/CVE-2018-11354.html https://www.suse.com/security/cve/CVE-2018-11355.html https://www.suse.com/security/cve/CVE-2018-11356.html https://www.suse.com/security/cve/CVE-2018-11357.html https://www.suse.com/security/cve/CVE-2018-11358.html https://www.suse.com/security/cve/CVE-2018-11359.html https://www.suse.com/security/cve/CVE-2018-11360.html https://www.suse.com/security/cve/CVE-2018-11361.html https://www.suse.com/security/cve/CVE-2018-11362.html https://www.suse.com/security/cve/CVE-2018-14339.html https://www.suse.com/security/cve/CVE-2018-14340.html https://www.suse.com/security/cve/CVE-2018-14341.html https://www.suse.com/security/cve/CVE-2018-14342.html https://www.suse.com/security/cve/CVE-2018-14343.html https://www.suse.com/security/cve/CVE-2018-14344.html https://www.suse.com/security/cve/CVE-2018-14367.html https://www.suse.com/security/cve/CVE-2018-14368.html https://www.suse.com/security/cve/CVE-2018-14369.html https://www.suse.com/security/cve/CVE-2018-14370.html https://bugzilla.suse.com/1094301 https://bugzilla.suse.com/1101776 https://bugzilla.suse.com/1101777 https://bugzilla.suse.com/1101786 https://bugzilla.suse.com/1101788 https://bugzilla.suse.com/1101791 https://bugzilla.suse.com/1101794 https://bugzilla.suse.com/1101800 https://bugzilla.suse.com/1101802 https://bugzilla.suse.com/1101804 https://bugzilla.suse.com/1101810 From sle-security-updates at lists.suse.com Fri Aug 17 13:09:35 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2018 21:09:35 +0200 (CEST) Subject: SUSE-SU-2018:2413-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) Message-ID: <20180817190935.9A2AFF7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2413-1 Rating: important References: #1096564 #1096679 #1097108 #1099306 #1103203 Cross-References: CVE-2017-11600 CVE-2017-17053 CVE-2017-18344 CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.82-6_9 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2017-17053: The init_new_context function in arch/x86/include/asm/mmu_context.h did not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y (bsc#1096679). - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1669=1 SUSE-SLE-Live-Patching-12-SP3-2018-1670=1 SUSE-SLE-Live-Patching-12-SP3-2018-1671=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_3-default-11-2.1 kgraft-patch-4_4_82-6_3-default-debuginfo-11-2.1 kgraft-patch-4_4_82-6_6-default-10-2.1 kgraft-patch-4_4_82-6_6-default-debuginfo-10-2.1 kgraft-patch-4_4_82-6_9-default-10-2.1 kgraft-patch-4_4_82-6_9-default-debuginfo-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2017-17053.html https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1096564 https://bugzilla.suse.com/1096679 https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 https://bugzilla.suse.com/1103203 From sle-security-updates at lists.suse.com Fri Aug 17 13:10:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2018 21:10:38 +0200 (CEST) Subject: SUSE-SU-2018:2414-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3) Message-ID: <20180817191038.13EC2F7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2414-1 Rating: important References: #1097108 #1099306 Cross-References: CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.120-94_17 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1678=1 SUSE-SLE-Live-Patching-12-SP3-2018-1679=1 SUSE-SLE-Live-Patching-12-SP3-2018-1680=1 SUSE-SLE-Live-Patching-12-SP3-2018-1681=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_120-94_17-default-5-2.1 kgraft-patch-4_4_120-94_17-default-debuginfo-5-2.1 kgraft-patch-4_4_126-94_22-default-5-2.1 kgraft-patch-4_4_126-94_22-default-debuginfo-5-2.1 kgraft-patch-4_4_131-94_29-default-3-2.1 kgraft-patch-4_4_131-94_29-default-debuginfo-3-2.1 kgraft-patch-4_4_132-94_33-default-3-2.1 kgraft-patch-4_4_132-94_33-default-debuginfo-3-2.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Fri Aug 17 13:11:46 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2018 21:11:46 +0200 (CEST) Subject: SUSE-SU-2018:2416-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3) Message-ID: <20180817191146.75D5AF7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2416-1 Rating: important References: #1097108 #1099306 #1103203 Cross-References: CVE-2017-18344 CVE-2018-10853 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.114-94_14 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1667=1 SUSE-SLE-SAP-12-SP2-2018-1668=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1667=1 SUSE-SLE-SERVER-12-SP2-2018-1668=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1672=1 SUSE-SLE-Live-Patching-12-SP3-2018-1673=1 SUSE-SLE-Live-Patching-12-SP3-2018-1674=1 SUSE-SLE-Live-Patching-12-SP3-2018-1675=1 SUSE-SLE-Live-Patching-12-SP3-2018-1676=1 SUSE-SLE-Live-Patching-12-SP3-2018-1677=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_103-92_53-default-8-2.1 kgraft-patch-4_4_103-92_56-default-8-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_103-92_53-default-8-2.1 kgraft-patch-4_4_103-92_56-default-8-2.1 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_33-default-8-2.1 kgraft-patch-4_4_103-6_33-default-debuginfo-8-2.1 kgraft-patch-4_4_103-6_38-default-8-2.1 kgraft-patch-4_4_103-6_38-default-debuginfo-8-2.1 kgraft-patch-4_4_114-94_11-default-6-2.1 kgraft-patch-4_4_114-94_11-default-debuginfo-6-2.1 kgraft-patch-4_4_114-94_14-default-6-2.1 kgraft-patch-4_4_114-94_14-default-debuginfo-6-2.1 kgraft-patch-4_4_92-6_30-default-8-2.1 kgraft-patch-4_4_92-6_30-default-debuginfo-8-2.1 - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_92-6_18-default-9-2.1 kgraft-patch-4_4_92-6_18-default-debuginfo-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 https://bugzilla.suse.com/1103203 From sle-security-updates at lists.suse.com Fri Aug 17 16:10:30 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Aug 2018 00:10:30 +0200 (CEST) Subject: SUSE-SU-2018:2423-1: moderate: Security update for curl Message-ID: <20180817221030.B04A7F7C0@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2423-1 Rating: moderate References: #1099793 Cross-References: CVE-2018-0500 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2018-0500: Fix a SMTP send heap buffer overflow (bsc#1099793). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1685=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.6.4 curl-debuginfo-7.60.0-3.6.4 curl-debugsource-7.60.0-3.6.4 libcurl-devel-7.60.0-3.6.4 libcurl4-7.60.0-3.6.4 libcurl4-debuginfo-7.60.0-3.6.4 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libcurl4-32bit-7.60.0-3.6.4 libcurl4-32bit-debuginfo-7.60.0-3.6.4 References: https://www.suse.com/security/cve/CVE-2018-0500.html https://bugzilla.suse.com/1099793 From sle-security-updates at lists.suse.com Fri Aug 17 16:11:00 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Aug 2018 00:11:00 +0200 (CEST) Subject: SUSE-SU-2018:2424-1: moderate: Security update for apache2 Message-ID: <20180817221100.D54C8F7C0@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2424-1 Rating: moderate References: #1101688 #1101689 Cross-References: CVE-2018-1333 CVE-2018-8011 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache2 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests (bsc#1101689). - CVE-2018-8011: Fixed a null pointer dereference in mod_md, which could have lead to a denial of service via specially crafted HTTP requests (bsc#1101688). Note: We are currently not shipping this modules, since it is still considered experimental, but we might start to ship it with future releases. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1686=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.3.1 apache2-debuginfo-2.4.33-3.3.1 apache2-debugsource-2.4.33-3.3.1 apache2-devel-2.4.33-3.3.1 apache2-prefork-2.4.33-3.3.1 apache2-prefork-debuginfo-2.4.33-3.3.1 apache2-utils-2.4.33-3.3.1 apache2-utils-debuginfo-2.4.33-3.3.1 apache2-worker-2.4.33-3.3.1 apache2-worker-debuginfo-2.4.33-3.3.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): apache2-doc-2.4.33-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-1333.html https://www.suse.com/security/cve/CVE-2018-8011.html https://bugzilla.suse.com/1101688 https://bugzilla.suse.com/1101689 From sle-security-updates at lists.suse.com Fri Aug 17 16:11:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 18 Aug 2018 00:11:56 +0200 (CEST) Subject: SUSE-SU-2018:2426-1: important: Security update for kernel-livepatch-tools Message-ID: <20180817221156.03B23F7C0@maintenance.suse.de> SUSE Security Update: Security update for kernel-livepatch-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2426-1 Rating: important References: #1099306 Cross-References: CVE-2018-3646 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-livepatch-tools fixes the following issues: Add script for disabling SMT to help with the mitigation of the "L1 Terminal Fault" issue (CVE-2018-3646 bsc#1099306) The script is called "klp-kvm-l1tf-ctrl-smt" and is used for enabling or disabling SMT to mitigate the issue when this administrative decision is taken. Disabling SMT: klp-kvm-l1tf-ctrl-smt -d Enabling SMT: klp-kvm-l1tf-ctrl-smt -e Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-1687=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1682=1 SUSE-SLE-Live-Patching-12-SP3-2018-1683=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le s390x x86_64): kernel-livepatch-tools-1.1-5.3.1 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_138-94_39-default-2-2.1 kgraft-patch-4_4_138-94_39-default-debuginfo-2-2.1 kgraft-patch-4_4_140-94_42-default-2-2.1 kgraft-patch-4_4_140-94_42-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Mon Aug 20 07:07:36 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Aug 2018 15:07:36 +0200 (CEST) Subject: SUSE-SU-2018:2447-1: important: Security update for perl Message-ID: <20180820130736.0F279F7C0@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2447-1 Rating: important References: #1068565 #1082216 #1082233 #1082234 #1096718 Cross-References: CVE-2018-12015 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for perl fixes the following issues: These security issue were fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). - CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This non-security issue was fixed: - fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): perl-5.18.2-12.17.1 perl-base-5.18.2-12.17.1 perl-base-debuginfo-5.18.2-12.17.1 perl-debuginfo-5.18.2-12.17.1 perl-debugsource-5.18.2-12.17.1 References: https://www.suse.com/security/cve/CVE-2018-12015.html https://www.suse.com/security/cve/CVE-2018-6797.html https://www.suse.com/security/cve/CVE-2018-6798.html https://www.suse.com/security/cve/CVE-2018-6913.html https://bugzilla.suse.com/1068565 https://bugzilla.suse.com/1082216 https://bugzilla.suse.com/1082233 https://bugzilla.suse.com/1082234 https://bugzilla.suse.com/1096718 From sle-security-updates at lists.suse.com Mon Aug 20 07:08:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Aug 2018 15:08:38 +0200 (CEST) Subject: SUSE-SU-2018:2448-1: important: Security update for shadow Message-ID: <20180820130838.A013AF7C0@maintenance.suse.de> SUSE Security Update: Security update for shadow ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2448-1 Rating: important References: #1099310 Cross-References: CVE-2016-6252 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): shadow-4.2.1-27.16.1 shadow-debuginfo-4.2.1-27.16.1 shadow-debugsource-4.2.1-27.16.1 References: https://www.suse.com/security/cve/CVE-2016-6252.html https://bugzilla.suse.com/1099310 From sle-security-updates at lists.suse.com Mon Aug 20 07:09:07 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Aug 2018 15:09:07 +0200 (CEST) Subject: SUSE-SU-2018:2449-1: moderate: Security update for openssl Message-ID: <20180820130907.092E3F7C0@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2449-1 Rating: moderate References: #1097158 #1097624 #1098592 Cross-References: CVE-2018-0732 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): libopenssl1_0_0-1.0.2j-60.34.1 libopenssl1_0_0-debuginfo-1.0.2j-60.34.1 openssl-1.0.2j-60.34.1 openssl-debuginfo-1.0.2j-60.34.1 openssl-debugsource-1.0.2j-60.34.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097624 https://bugzilla.suse.com/1098592 From sle-security-updates at lists.suse.com Mon Aug 20 07:09:51 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Aug 2018 15:09:51 +0200 (CEST) Subject: SUSE-SU-2018:2450-1: important: Security update for the Linux Kernel Message-ID: <20180820130951.D27E8F7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2450-1 Rating: important References: #1051510 #1051979 #1065600 #1066110 #1077761 #1081917 #1083647 #1086274 #1086288 #1086314 #1086315 #1086317 #1086327 #1086331 #1086906 #1087081 #1087092 #1089343 #1090888 #1097104 #1097577 #1097808 #1099811 #1099813 #1099844 #1099845 #1099846 #1099849 #1099858 #1099863 #1099864 #1100132 #1101116 #1101331 #1101669 #1101822 #1101828 #1101832 #1101833 #1101837 #1101839 #1101841 #1101843 #1101844 #1101845 #1101847 #1101852 #1101853 #1101867 #1101872 #1101874 #1101875 #1101882 #1101883 #1101885 #1101887 #1101890 #1101891 #1101893 #1101895 #1101896 #1101900 #1101902 #1101903 #1102633 #1102658 #1103097 #1103269 #1103277 #1103356 #1103363 #1103421 #1103445 #1103517 #1103723 #1103724 #1103725 #1103726 #1103727 #1103728 #1103729 #1103730 #1103886 #1103917 #1103920 #1103948 #1103949 #1104066 #1104111 #1104174 #1104211 #1104319 #1104353 #1104365 #1104427 #1104494 #1104495 #1104708 #1104777 #1104897 Cross-References: CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-3620 CVE-2018-3646 CVE-2018-5391 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 88 fixes is now available. Description: The SUSE Linux Enterprise 15 azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5391: A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during fragment reassembly (bsc#1103097) - CVE-2018-3620, CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343, bsc#1087081). - CVE-2018-10882: A local user could have caused an out-of-bound write, leading to denial of service and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849). - CVE-2018-10880: Prevent a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing crafted ext4 images. An attacker could have used this to cause a system crash and a denial of service (bsc#1099845). - CVE-2018-10881: A local user could have caused an out-of-bound access and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864). - CVE-2018-10877: Prevent an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846). - CVE-2018-10876: Prevent use-after-free in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811). - CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service by mounting and operating a crafted ext4 filesystem image (bsc#1099813). - CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863). - CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image (bsc#1099844). - CVE-2018-10853: A flaw was found in Linux Kernel KVM. In which certain instructions such as sgdt/sidt call segmented_write_std doesn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bnc#1097104). The following non-security bugs were fixed: - apci / lpss: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2 (bsc#1051510). - acpi / pci: Bail early in acpi_pci_add_bus() if there is no ACPI handle (bsc#1051510). - af_key: Always verify length of provided sadb_key (bsc#1051510). - af_key: fix buffer overread in parse_exthdrs() (bsc#1051510). - af_key: fix buffer overread in verify_address_len() (bsc#1051510). - afs: Fix directory permissions check (bsc#1101828). - agp: uninorth: make two functions static (bsc#1051510). - alsa: emu10k1: add error handling for snd_ctl_add (bsc#1051510). - alsa: emu10k1: Rate-limit error messages about page errors (bsc#1051510). - alsa: fm801: add error handling for snd_ctl_add (bsc#1051510). - alsa: snd-aoa: add of_node_put() in error path (bsc#1051510). - alsa: usb-audio: Apply rate limit to warning messages in URB complete callback (bsc#1051510). - arm64: Correct type for PUD macros (bsc#1103723). - arm64: Disable unhandled signal log messages by default (bsc#1103724). - arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1103725). - arm64: mm: Fix set_memory_valid() declaration (bsc#1103726). - arm64: perf: correct PMUVer probing (bsc#1103727). - arm64: ptrace: Avoid setting compat FPR to garbage if get_user fails (bsc#1103728). - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics (bsc#1103729). - arm64: vdso: fix clock_getres for 4GiB-aligned res (bsc#1103730). - arm: 8715/1: add a private asm/unaligned.h (bsc#1051510). - arm: 8720/1: ensure dump_instr() checks addr_limit (bsc#1051510). - arm: 8721/1: mm: dump: check hardware RO bit for LPAE (bsc#1051510). - arm: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE (bsc#1051510). - arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch (bsc#1051510). - arm: 8743/1: bL_switcher: add MODULE_LICENSE tag (bsc#1051510). - arm: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] (bsc#1051510). - arm: 8748/1: mm: Define vdso_start, vdso_end as array (bsc#1051510). - arm: 8753/1: decompressor: add a missing parameter to the addruart macro (bsc#1051510). - arm: 8758/1: decompressor: restore r1 and r2 just before jumping to the kernel (bsc#1051510). - arm: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size (bsc#1051510). - arm: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed (bsc#1051510). - arm: 8770/1: kprobes: Prohibit probing on optimized_callback (bsc#1051510). - arm: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bsc#1051510). - arm: 8772/1: kprobes: Prohibit kprobes on get_user functions (bsc#1051510). - arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function (bsc#1051510). - arm: amba: Fix race condition with driver_override (bsc#1051510). - arm: amba: Fix wrong indentation in driver_override_store() (bsc#1051510). - arm: amba: Make driver_override output consistent with other buses (bsc#1051510). - arm: at91: do not select CONFIG_ARM_CPU_SUSPEND for old platforms (bsc#1051510). - arm: avoid faulting on qemu (bsc#1051510). - arm: BUG if jumping to usermode address in kernel mode (bsc#1051510). - arm-ccn: perf: Prevent module unload while PMU is in use (bsc#1051510). - arm: davinci: Add dma_mask to dm365's eDMA device (bsc#1051510). - arm: davinci: board-da830-evm: fix GPIO lookup for MMC/SD (bsc#1051510). - arm: davinci: board-da850-evm: fix GPIO lookup for MMC/SD (bsc#1051510). - arm: davinci: board-da850-evm: fix WP pin polarity for MMC/SD (bsc#1051510). - arm: davinci: board-dm355-evm: fix broken networking (bsc#1051510). - arm: davinci: board-dm646x-evm: pass correct I2C adapter id for VPIF (bsc#1051510). - arm: davinci: board-dm646x-evm: set VPIF capture card name (bsc#1051510). - arm: davinci: board-omapl138-hawk: fix GPIO numbers for MMC/SD lookup (bsc#1051510). - arm: davinci: dm646x: fix timer interrupt generation (bsc#1051510). - arm: davinci: fix mmc entries in dm365's dma_slave_map (bsc#1051510). - arm: davinci: fix the GPIO lookup for omapl138-hawk (bsc#1051510). - arm: davinci: Use platform_device_register_full() to create pdev for dm365's eDMA (bsc#1051510). - arm: DRA722: remove redundant definition of 1.0 device (bsc#1051510). - arm: fix return value of parse_cpu_capacity (bsc#1051510). - arm: kexec: fix failure to boot crash kernel (bsc#1051510). - arm: kexec: fix kdump register saving on panic() (bsc#1051510). - arm: keystone: fix platform_domain_notifier array overrun (bsc#1051510). - arm: kvm: fix building with gcc-8 (bsc#1051510). - arm: multi_v7_defconfig: Replace DRM_RCAR_HDMI by generic bridge options (bsc#1051510). - arm: multi_v7_defconfig: Replace SND_SOC_RSRC_CARD by SND_SIMPLE_SCU_CARD (bsc#1051510). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bsc#1051510). - arm: OMAP1: clock: Fix debugfs_create_*() usage (bsc#1051510). - arm: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context (bsc#1051510). - arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (bsc#1051510). - arm: OMAP2+: omap_device: drop broken RPM status update from suspend_noirq (bsc#1051510). - arm: OMAP2+: powerdomain: use raw_smp_processor_id() for trace (bsc#1051510). - arm: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt (bsc#1051510). - arm: OMAP3: Fix prm wake interrupt for resume (bsc#1051510). - arm: OMAP3: hwmod_data: add missing module_offs for MMC3 (bsc#1051510). - arm: OMAP3+: PRM: fix of_irq_get() result check (bsc#1051510). - arm: OMAP4+: PRM: fix of_irq_get() result checks (bsc#1051510). - arm: OMAP: Fix dmtimer init for omap1 (bsc#1051510). - arm: OMAP: Fix SRAM W+X mapping (bsc#1051510). - arm: orion5x: Revert commit 4904dbda41c8 (bsc#1051510). - arm: orion: fix orion_ge00_switch_board_info initialization (bsc#1051510). - arm: pxa: select both FB and FB_W100 for eseries (bsc#1051510). - arm: pxa/tosa-bt: add MODULE_LICENSE tag (bsc#1051510). - arm: remove wrong CONFIG_PROC_SYSCTL ifdef (bsc#1051510). - arm: s3c24xx: Fix NAND ECC mode for mini2440 board (bsc#1051510). - arm: shmobile: defconfig: Enable missing PCIE_RCAR dependency (bsc#1051510). - arm: shmobile: defconfig: Replace DRM_RCAR_HDMI by generic bridge options (bsc#1051510). - arm: shmobile: defconfig: Replace SND_SOC_RSRC_CARD by SND_SIMPLE_SCU_CARD (bsc#1051510). - arm: shmobile: defconfig: Replace USB_XHCI_RCAR by USB_XHCI_PLATFORM (bsc#1051510). - arm: shmobile: rcar-gen2: Fix deadlock in regulator quirk (bsc#1051510). - arm: socfpga_defconfig: Remove QSPI Sector 4K size force (bsc#1051510). - arm: spear13xx: Fix dmas cells (bsc#1051510). - arm: sunxi_defconfig: Enable CMA (bsc#1051510). - arm: sunxi: fix the core number of V3s in sunxi README (bsc#1051510). - asoc: dpcm: do not merge format from invalid codec dai (bsc#1051510). - ASoC: dpcm: fix BE dai not hw_free and shutdown (bsc#1051510). - asoc: es7134: remove 64kHz rate from the supported rates (bsc#1051510). - asoc: rsnd: cmd: Add missing newline to debug message (bsc#1051510). - asoc: sirf: Fix potential NULL pointer dereference (bsc#1051510). - asoc: topology: Add missing clock gating parameter when parsing hw_configs (bsc#1051510). - asoc: topology: Fix bclk and fsync inversion in set_link_hw_format() (bsc#1051510). - asoc: zte: Fix incorrect PCM format bit usages (bsc#1051510). - ata: do not schedule hot plug if it is a sas host (). - ath: Add regulatory mapping for APL13_WORLD (bsc#1051510). - ath: Add regulatory mapping for APL2_FCCA (bsc#1051510). - ath: Add regulatory mapping for Bahamas (bsc#1051510). - ath: Add regulatory mapping for Bermuda (bsc#1051510). - ath: Add regulatory mapping for ETSI8_WORLD (bsc#1051510). - ath: Add regulatory mapping for FCC3_ETSIC (bsc#1051510). - ath: Add regulatory mapping for Serbia (bsc#1051510). - ath: Add regulatory mapping for Tanzania (bsc#1051510). - ath: Add regulatory mapping for Uganda (bsc#1051510). - audit: fix potential null dereference 'context->module.name' (bsc#1051510). - backlight: pwm_bl: Do not use GPIOF_* with gpiod_get_direction (bsc#1051510). - bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue (bsc#1101867). - be2net: gather debug info and reset adapter (only for Lancer) on a tx-timeout (bsc#1086288). - be2net: Update the driver version to 12.0.0.0 (bsc#1086288 ). - befs_lookup(): use d_splice_alias() (bsc#1101844). - block: Fix transfer when chunk sectors exceeds max (bsc#1101874). - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bsc#1051510). - Bluetooth: btusb: add ID for LiteOn 04ca:301a (bsc#1051510). - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning (bsc#1051510). - bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd (bsc#1083647). - branch-check: fix long->int truncation when profiling branches (bsc#1101116,). - brcmfmac: Add support for bcm43364 wireless chipset (bsc#1051510). - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (bsc#1099858). - cachefiles: Fix refcounting bug in backing-file read monitoring (bsc#1099858). - cachefiles: Wait rather than BUG'ing on "Unexpected object collision" (bsc#1099858). - can: dev: increase bus-off message severity (bsc#1051510). - can: ems_usb: Fix memory leak on ems_usb_disconnect() (bsc#1051510). - can: m_can: change comparison to bitshift when dealing with a mask (bsc#1051510). - cdrom: do not call check_disk_change() inside cdrom_open() (bsc#1101872). - clk: at91: fix clk-generated compilation (bsc#1051510). - clk: renesas: cpg-mssr: Stop using printk format %pCr (bsc#1051510). - coccinelle: fix parallel build with CHECK=scripts/coccicheck (bsc#1051510). - compiler.h: enable builtin overflow checkers and add fallback code (bsc#1101116,). - cpufreq: intel_pstate: Limit the scope of HWP dynamic boost platforms (bsc#1066110). - cpu/hotplug: Make bringup/teardown of smp threads symmetric (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - crypto: authenc - do not leak pointers to authenc keys (bsc#1051510). - crypto: authencesn - do not leak pointers to authenc keys (bsc#1051510). - crypto: padlock-aes - Fix Nano workaround data corruption (bsc#1051510). - delayacct: fix crash in delayacct_blkio_end() after delayacct init failure (bsc#1104066). - Delete patches.suse/0201-dax-dm-allow-device-mapper-to-operate-without-dax-su.patc h (bsc#1103917). - disable PINCTRL_LEWISBURG - dm: add writecache target (bsc#1101116,). - dm: prevent DAX mounts if not supported (bsc#1103917). - dm writecache: support optional offset for start of device (bsc#1101116,). - dm writecache: use 2-factor allocator arguments (bsc#1101116,). - doc: Add vendor prefix for Kieback and Peter GmbH (bsc#1051510). - docs: zh_CN: fix location of oops-tracing.txt (bsc#1051510). - drivers: soc: sunxi: fix error processing on base address when claiming (bsc#1051510). - drm: Add DP PSR2 sink enable bit (bsc#1051510). - drm/amdgpu: Remove VRAM from shared bo domains (bsc#1051510). - drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() (bsc#1051510). - drm/atomic: Handling the case when setting old crtc for plane (bsc#1051510). - drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown() (bsc#1051510). - drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy (bsc#1051510). - drm/atomic: Make async plane update checks work as intended, v2 (bsc#1051510). - drm/atomic: Make atomic helper track newly assigned planes correctly, v2 (bsc#1051510). - drm/atomic: Make atomic iterators less surprising (bsc#1051510). - drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up (bsc#1101822). - drm/dp/mst: Fix off-by-one typo when dump payload table (bsc#1051510). - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bsc#1051510). - drm/nouveau/fifo/gk104-: poll for runlist update completion (bsc#1051510). - drm/radeon: fix mode_valid's return type (bsc#1051510). - drm: re-enable error handling (bsc#1051510). - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats (bsc#1051510). - edac: Add missing MEM_LRDDR4 entry in edac_mem_types[] (bsc#1103886). - edac, altera: Fix ARM64 build warning (bsc#1051510). - edac: Drop duplicated array of strings for memory type names (bsc#1103886). - edac, mv64x60: Fix an error handling path (bsc#1051510). - edac, octeon: Fix an uninitialized variable warning (bsc#1051510). - edac, sb_edac: Fix missing break in switch (bsc#1051510). - ext2: fix a block leak (bsc#1101875). - ext4: add more mount time checks of the superblock (bsc#1101900). - ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget() (bsc#1101896). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: check superblock mapped prior to committing (bsc#1101902). - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841). - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ext4: fix fencepost error in check for inode count overflow during resize (bsc#1101853). - ext4: fix inline data updates with checksums enabled (bsc#1104494). - ext4: include the illegal physical block in the bad map ext4_error msg (bsc#1101903). - ext4: report delalloc reserve as non-free in statfs for project quota (bsc#1101843). - ext4: update mtime in ext4_punch_hole even if no blocks are released (bsc#1101895). - f2fs: call unlock_new_inode() before d_instantiate() (bsc#1101837). - fix io_destroy()/aio_complete() race (bsc#1101852). - Force log to disk before reading the AGF during a fstrim (bsc#1101893). - fs: allow per-device dax status checking for filesystems (bsc#1103917). - fscache: Allow cancelled operations to be enqueued (bsc#1099858). - fscache: Fix hanging wait on page discarded by writeback (bsc#1101885). - fscache: Fix reference overput in fscache_attach_object() error handling (bsc#1099858). - fs: clear writeback errors in inode_init_always (bsc#1101882). - fs: do not scan the inode cache before SB_BORN is set (bsc#1101883). - geneve: update skb dst pmtu on tx path (bsc#1051510). - genirq: Check __free_irq() return value for NULL (bsc#1103517). - genirq: Fix editing error in a comment (bsc#1051510). - genirq: Make force irq threading setup more robust (bsc#1051510). - gtp: Initialize 64-bit per-cpu stats correctly (bsc#1051510). - HID: hid-plantronics: Re-resend Update to map button for PTT products (bsc#1051510). - HID: i2c-hid: check if device is there before really probing (bsc#1051510). - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close (bsc#1051510). - hns3: fix unused function warning (bsc#1104353). - hns3pf: do not check handle during mqprio offload (bsc#1104353 ). - hns3pf: fix hns3_del_tunnel_port() (bsc#1104353). - hns3pf: Fix some harmless copy and paste bugs (bsc#1104353 ). - hv_netvsc: Ensure correct teardown message sequence order (). - hv/netvsc: fix handling of fallback to single queue mode (). - hv_netvsc: Fix napi reschedule while receive completion is busy. - hv_netvsc: Fix net device attach on older Windows hosts (). - hv/netvsc: Fix NULL dereference at single queue mode fallback (bsc#1104708). - hv_netvsc: set master device (bsc#1051979). - hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl() (). - hv_netvsc: split sub-channel setup into async and sync (). - hv_netvsc: Use Windows version instead of NVSP version on GPAD teardown (). - hwmon: (asus_atk0110) Replace deprecated device register call (bsc#1103363). - i2c: imx: Fix reinit_completion() use (bsc#1051510). - IB/hns: Annotate iomem pointers correctly (bsc#1104427 ). - IB/hns: Avoid compile test under non 64bit environments (bsc#1104427). - IB/hns: Declare local functions 'static' (bsc#1104427 ). - IB/hns: fix boolreturn.cocci warnings (bsc#1104427). - IB/hns: Fix for checkpatch.pl comment style warnings (bsc#1104427). - IB/hns: fix memory leak on ah on error return path (bsc#1104427 ). - IB/hns: fix returnvar.cocci warnings (bsc#1104427). - IB/hns: fix semicolon.cocci warnings (bsc#1104427). - IB/hns: Fix the bug of polling cq failed for loopback Qps (bsc#1104427). - IB/hns: Fix the bug with modifying the MAC address without removing the driver (bsc#1104427). - IB/hns: Fix the bug with rdma operation (bsc#1104427 ). - IB/hns: Fix the bug with wild pointer when destroy rc qp (bsc#1104427). - IB/hns: include linux/interrupt.h (bsc#1104427). - IB/hns: Support compile test for hns RoCE driver (bsc#1104427 ). - IB/hns: Use zeroing memory allocator instead of allocator/memset (bsc#1104427). - ibmasm: do not write out of bounds in read handler (bsc#1051510). - ibmvnic: Remove code to request error information (bsc#1104174). - ibmvnic: Revise RX/TX queue error messages (bsc#1101331). - ibmvnic: Update firmware error reporting with cause string (bsc#1104174). - init: rename and re-order boot_cpu_state_init() (bsc#1104365). - Input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bsc#1051510). - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST (bsc#1051510). - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bsc#1051510). - irqchip: brcmstb-l2: Define an irq_pm_shutdown function (bsc#1051510). - irqchip/gic: Take lock when updating irq type (bsc#1051510). - irqchip/gic-v3: Change pr_debug message to pr_devel (bsc#1051510). - irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry (bsc#1051510). - irqchip/gic-v3: Ignore disabled ITS nodes (bsc#1051510). - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() (bsc#1051510). - irqchip/qcom: Fix check for spurious interrupts (bsc#1051510). - irqchip/qcom: Fix u32 comparison with value less than zero (bsc#1051510). - isofs: fix potential memory leak in mount option parsing (bsc#1101887). - iwlwifi: add more card IDs for 9000 series (bsc#1051510). - iwlwifi: pcie: fix race in Rx buffer allocator (bsc#1051510). - jump_label: Fix concurrent static_key_enable/disable() (bsc#1089343). - jump_label: Provide hotplug context variants (bsc#1089343). - jump_label: Reorder hotplug lock and jump_label_lock (bsc#1089343). - kabi protect bdev_dax_supported (bsc#1103917). - kabi protect struct ccw_device_private (bsc#1103421). - KABI protect structy ata_host (git-fixes). - kabi/severities: Allow kABI changes for kvm/x86 (except for kvm_x86_ops) - kabi/severities: do not complain on hisi_sas internal changes (). - kabi/severities: ignore qla2xxx as all symbols are internal - kabi/severities: ignore x86_kvm_ops; lttng-modules would have to be adjusted in case they depend on this particular change - kbuild: add '-fno-stack-check' to kernel build options (bsc#1051510). - kbuild: Handle builtin dtb file names containing hyphens (bsc#1051510). - kbuild: pkg: use --transform option to prefix paths in tar (bsc#1051510). - kconfig: display recursive dependency resolution hint just once (bsc#1051510). - kmemleak: add scheduling point to kmemleak_scan() (bsc#1051510). - kthread, tracing: Do not expose half-written comm when creating kthreads (bsc#1104897). - KVM: SVM: Add pause filter threshold (). - KVM: SVM: Implement pause loop exit logic in SVM (). - KVM: VMX: Bring the common code to header file (). - KVM: VMX: Fix the module parameters for vmx (). - KVM: VMX: Remove ple_window_actual_max (). - libata: add refcounting to ata_host (git-fixes). - libata: ensure host is free'd on error exit paths (git-fixes). - libnvdimm, dimm: fix dpa reservation vs uninitialized label area (git-fixes). - linvdimm, pmem: Preserve read-only setting for pmem devices (git-fixes). - MAINTAINERS: review Renesas DT bindings as well (bsc#1051510). - media: media-device: fix ioctl function types (bsc#1051510). - media: omap3isp: fix unbalanced dma_iommu_mapping (bsc#1051510). - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() (bsc#1051510). - media: rc: oops in ir_timer_keyup after device unplug (bsc#1090888). - media: saa7164: Fix driver name in debug output (bsc#1051510). - media: si470x: fix __be16 annotations (bsc#1051510). - media: siano: get rid of __le32/__le16 cast warnings (bsc#1051510). - media: tw686x: Fix incorrect vb2_mem_ops GFP flags (bsc#1051510). - media: videobuf2-core: do not call memop 'finish' when queueing (bsc#1051510). - mfd: cros_ec: Fail early if we cannot identify the EC (bsc#1051510). - mfd: fsl-imx25: Clean up irq settings during removal (bsc#1051510). - mfd: mxs-lradc: Fix error handling in mxs_lradc_probe() (bsc#1051510). - misc: pci_endpoint_test: Avoid triggering a BUG() (bsc#1051510). - mmc: dw_mmc: update actual clock for mmc debugfs (bsc#1051510). - mmc: pwrseq: Use kmalloc_array instead of stack VLA (bsc#1051510). - mm: fix __gup_device_huge vs unmap (bsc#1101839). - mm/kmemleak.c: make cond_resched() rate-limiting more efficient (bsc#1051510). - mwifiex: correct histogram data with appropriate index (bsc#1051510). - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - net: hns3: Add a check for client instance init state (bsc#1104353). - net: hns3: add a mask initialization for mac_vlan table (bsc#1104353). - net: hns3: Add *Asserting Reset* mailbox message and handling in VF (bsc#1104353). - net: hns3: add Asym Pause support to phy default features (bsc#1104353). - net: hns3: Add dcb netlink interface for the support of DCB feature (bsc#1104353). - net: hns3: Add DCB support when interacting with network stack (bsc#1104353). - net: hns3: Add ethtool interface for vlan filter (bsc#1104353 ). - net: hns3: add ethtool_ops.get_channels support for VF (bsc#1104353). - net: hns3: add ethtool_ops.get_coalesce support to PF (bsc#1104353). - net: hns3: add ethtool_ops.set_coalesce support to PF (bsc#1104353). - net: hns3: add ethtool -p support for fiber port (bsc#1104353 ). - net: hns3: add ethtool related offload command (bsc#1104353 ). - net: hns3: Add Ethtool support to HNS3 driver (bsc#1104353 ). - net: hns3: add existence checking before adding unicast mac address (bsc#1104353). - net: hns3: add existence check when remove old uc mac address (bsc#1104353). - net: hns3: add feature check when feature changed (bsc#1104353 ). - net: hns3: add get_link support to VF (bsc#1104353). - net: hns3: add get/set_coalesce support to VF (bsc#1104353 ). - net: hns3: add handling vlan tag offload in bd (bsc#1104353 ). - net: hns3: Add hclge_dcb module for the support of DCB feature (bsc#1104353). - net: hns3: Add HNS3 Acceleration Engine and Compatibility Layer Support (bsc#1104353). - net: hns3: Add HNS3 driver to kernel build framework and MAINTAINERS (bsc#1104353). - net: hns3: Add hns3_get_handle macro in hns3 driver (bsc#1104353 ). - net: hns3: Add HNS3 IMP(Integrated Mgmt Proc) Cmd Interface Support (bsc#1104353). - net: hns3: Add HNS3 VF driver to kernel build framework (bsc#1104353). - net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support (bsc#1104353). - net: hns3: Add HNS3 VF IMP(Integrated Management Proc) cmd interface (bsc#1104353). - net: hns3: add int_gl_idx setup for TX and RX queues (bsc#1104353). - net: hns3: add int_gl_idx setup for VF (bsc#1104353 ). - net: hns3: Add mac loopback selftest support in hns3 driver (bsc#1104353). - net: hns3: Add mailbox interrupt handling to PF driver (bsc#1104353). - net: hns3: Add mailbox support to PF driver (bsc#1104353 ). - net: hns3: Add mailbox support to VF driver (bsc#1104353 ). - net: hns3: add manager table initialization for hardware (bsc#1104353). - net: hns3: Add MDIO support to HNS3 Ethernet driver for hip08 SoC (bsc#1104353). - net: hns3: Add missing break in misc_irq_handle (bsc#1104353 ). - net: hns3: Add more packet size statisctics (bsc#1104353 ). - net: hns3: add MTU initialization for hardware (bsc#1104353 ). - net: hns3: add net status led support for fiber port (bsc#1104353). - net: hns3: add nic_client check when initialize roce base information (bsc#1104353). - net: hns3: add querying speed and duplex support to VF (bsc#1104353). - net: hns3: Add repeat address checking for setting mac address (bsc#1104353). - net: hns3: Add reset interface implementation in client (bsc#1104353). - net: hns3: Add reset process in hclge_main (bsc#1104353 ). - net: hns3: Add reset service task for handling reset requests (bsc#1104353). - net: hns3: add result checking for VF when modify unicast mac address (bsc#1104353). - net: hns3: Add some interface for the support of DCB feature (bsc#1104353). - net: hns3: Adds support for led locate command for copper port (bsc#1104353). - net: hns3: Add STRP_TAGP field support for hardware revision 0x21 (bsc#1104353). - net: hns3: Add support for dynamically buffer reallocation (bsc#1104353). - net: hns3: add support for ETHTOOL_GRXFH (bsc#1104353 ). - net: hns3: add support for get_regs (bsc#1104353). - net: hns3: Add support for IFF_ALLMULTI flag (bsc#1104353 ). - net: hns3: Add support for misc interrupt (bsc#1104353 ). - net: hns3: add support for nway_reset (bsc#1104353). - net: hns3: Add support for PFC setting in TM module (bsc#1104353 ). - net: hns3: Add support for port shaper setting in TM module (bsc#1104353). - net: hns3: add support for querying advertised pause frame by ethtool ethx (bsc#1104353). - net: hns3: add support for querying pfc puase packets statistic (bsc#1104353). - net: hns3: add support for set_link_ksettings (bsc#1104353 ). - net: hns3: add support for set_pauseparam (bsc#1104353 ). - net: hns3: add support for set_ringparam (bsc#1104353 ). - net: hns3: add support for set_rxnfc (bsc#1104353). - net: hns3: Add support for tx_accept_tag2 and tx_accept_untag2 config (bsc#1104353). - net: hns3: add support for VF driver inner interface hclgevf_ops.get_tqps_and_rss_info (bsc#1104353). - net: hns3: Add support of hardware rx-vlan-offload to HNS3 VF driver (bsc#1104353). - net: hns3: Add support of HNS3 Ethernet Driver for hip08 SoC (bsc#1104353). - net: hns3: Add support of .sriov_configure in HNS3 driver (bsc#1104353). - net: hns3: Add support of the HNAE3 framework (bsc#1104353 ). - net: hns3: Add support of TX Scheduler and Shaper to HNS3 driver (bsc#1104353). - net: hns3: Add support to change MTU in HNS3 hardware (bsc#1104353). - net: hns3: Add support to enable TX/RX promisc mode for H/W rev(0x21) (bsc#1104353). - net: hns3: add support to modify tqps number (bsc#1104353 ). - net: hns3: add support to query tqps number (bsc#1104353 ). - net: hns3: Add support to re-initialize the hclge device (bsc#1104353). - net: hns3: Add support to request VF Reset to PF (bsc#1104353 ). - net: hns3: Add support to reset the enet/ring mgmt layer (bsc#1104353). - net: hns3: add support to update flow control settings after autoneg (bsc#1104353). - net: hns3: Add tc-based TM support for sriov enabled port (bsc#1104353). - net: hns3: Add timeout process in hns3_enet (bsc#1104353 ). - net: hns3: Add VF Reset device state and its handling (bsc#1104353). - net: hns3: Add VF Reset Service Task to support event handling (bsc#1104353). - net: hns3: add vlan offload config command (bsc#1104353 ). - net: hns3: change GL update rate (bsc#1104353). - net: hns3: Change PF to add ring-vect binding and resetQ to mailbox (bsc#1104353). - net: hns3: Change return type of hnae3_register_ae_algo (bsc#1104353). - net: hns3: Change return type of hnae3_register_ae_dev (bsc#1104353). - net: hns3: Change return value in hnae3_register_client (bsc#1104353). - net: hns3: Changes required in PF mailbox to support VF reset (bsc#1104353). - net: hns3: Changes to make enet watchdog timeout func common for PF/VF (bsc#1104353). - net: hns3: Changes to support ARQ(Asynchronous Receive Queue) (bsc#1104353). - net: hns3: change the returned tqp number by ethtool -x (bsc#1104353). - net: hns3: change the time interval of int_gl calculating (bsc#1104353). - net: hns3: change the unit of GL value macro (bsc#1104353 ). - net: hns3: change TM sched mode to TC-based mode when SRIOV enabled (bsc#1104353). - net: hns3: check for NULL function pointer in hns3_nic_set_features (bsc#1104353). - net: hns3: Cleanup for endian issue in hns3 driver (bsc#1104353 ). - net: hns3: Cleanup for non-static function in hns3 driver (bsc#1104353). - net: hns3: Cleanup for ROCE capability flag in ae_dev (bsc#1104353). - net: hns3: Cleanup for shifting true in hns3 driver (bsc#1104353 ). - net: hns3: Cleanup for struct that used to send cmd to firmware (bsc#1104353). - net: hns3: Cleanup indentation for Kconfig in the the hisilicon folder (bsc#1104353). - net: hns3: cleanup mac auto-negotiation state query (bsc#1104353 ). - net: hns3: cleanup mac auto-negotiation state query in hclge_update_speed_duplex (bsc#1104353). - net: hns3: cleanup of return values in hclge_init_client_instance() (bsc#1104353). - net: hns3: Clear TX/RX rings when stopping port and un-initializing client (bsc#1104353). - net: hns3: Consistently using GENMASK in hns3 driver (bsc#1104353). - net: hns3: converting spaces into tabs to avoid checkpatch.pl warning (bsc#1104353). - net: hns3: Disable VFs change rxvlan offload status (bsc#1104353 ). - net: hns3: Disable vf vlan filter when vf vlan table is full (bsc#1104353). - net: hns3: ensure media_type is unitialized (bsc#1104353 ). - net: hns3: export pci table of hclge and hclgevf to userspace (bsc#1104353). - net: hns3: fix a bug about hns3_clean_tx_ring (bsc#1104353 ). - net: hns3: fix a bug for phy supported feature initialization (bsc#1104353). - net: hns3: fix a bug in hclge_uninit_client_instance (bsc#1104353). - net: hns3: fix a bug in hns3_driv_to_eth_caps (bsc#1104353 ). - net: hns3: fix a bug when alloc new buffer (bsc#1104353 ). - net: hns3: fix a bug when getting phy address from NCL_config file (bsc#1104353). - net: hns3: fix a dead loop in hclge_cmd_csq_clean (bsc#1104353 ). - net: hns3: fix a handful of spelling mistakes (bsc#1104353 ). - net: hns3: Fix a loop index error of tqp statistics query (bsc#1104353). - net: hns3: Fix a misuse to devm_free_irq (bsc#1104353 ). - net: hns3: Fix an error handling path in 'hclge_rss_init_hw()' (bsc#1104353). - net: hns3: Fix an error macro definition of HNS3_TQP_STAT (bsc#1104353). - net: hns3: Fix an error of total drop packet statistics (bsc#1104353). - net: hns3: Fix a response data read error of tqp statistics query (bsc#1104353). - net: hns3: fix endian issue when PF get mbx message flag (bsc#1104353). - net: hns3: fix error type definition of return value (bsc#1104353). - net: hns3: Fixes API to fetch ethernet header length with kernel default (bsc#1104353). - net: hns3: Fixes error reported by Kbuild and internal review (bsc#1104353). - net: hns3: Fixes initalization of RoCE handle and makes it conditional (bsc#1104353). - net: hns3: Fixes initialization of phy address from firmware (bsc#1104353). - net: hns3: Fixes kernel panic issue during rmmod hns3 driver (bsc#1104353). - net: hns3: Fixes ring-to-vector map-and-unmap command (bsc#1104353). - net: hns3: Fixes the back pressure setting when sriov is enabled (bsc#1104353). - net: hns3: Fixes the command used to unmap ring from vector (bsc#1104353). - net: hns3: Fixes the default VLAN-id of PF (bsc#1104353 ). - net: hns3: Fixes the error legs in hclge_init_ae_dev function (bsc#1104353). - net: hns3: Fixes the ether address copy with appropriate API (bsc#1104353). - net: hns3: Fixes the initialization of MAC address in hardware (bsc#1104353). - net: hns3: Fixes the init of the VALID BD info in the descriptor (bsc#1104353). - net: hns3: Fixes the missing PCI iounmap for various legs (bsc#1104353). - net: hns3: Fixes the missing u64_stats_fetch_begin_irq in 64-bit stats fetch (bsc#1104353). - net: hns3: Fixes the out of bounds access in hclge_map_tqp (bsc#1104353). - net: hns3: Fixes the premature exit of loop when matching clients (bsc#1104353). - net: hns3: fixes the ring index in hns3_fini_ring (bsc#1104353 ). - net: hns3: Fixes the state to indicate client-type initialization (bsc#1104353). - net: hns3: Fixes the static checker error warning in hns3_get_link_ksettings() (bsc#1104353). - net: hns3: Fixes the static check warning due to missing unsupp L3 proto check (bsc#1104353). - net: hns3: Fixes the wrong IS_ERR check on the returned phydev value (bsc#1104353). - net: hns3: fix for buffer overflow smatch warning (bsc#1104353 ). - net: hns3: fix for changing MTU (bsc#1104353). - net: hns3: fix for cleaning ring problem (bsc#1104353 ). - net: hns3: Fix for CMDQ and Misc. interrupt init order problem (bsc#1104353). - net: hns3: fix for coal configuation lost when setting the channel (bsc#1104353). - net: hns3: fix for coalesce configuration lost during reset (bsc#1104353). - net: hns3: Fix for deadlock problem occurring when unregistering ae_algo (bsc#1104353). - net: hns3: Fix for DEFAULT_DV when dev does not support DCB (bsc#1104353). - net: hns3: Fix for fiber link up problem (bsc#1104353 ). - net: hns3: fix for getting advertised_caps in hns3_get_link_ksettings (bsc#1104353). - net: hns3: fix for getting autoneg in hns3_get_link_ksettings (bsc#1104353). - net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg (bsc#1104353). - net: hns3: fix for getting wrong link mode problem (bsc#1104353 ). - net: hns3: Fix for hclge_reset running repeatly problem (bsc#1104353). - net: hns3: Fix for hns3 module is loaded multiple times problem (bsc#1104353). - net: hns3: fix for ipv6 address loss problem after setting channels (bsc#1104353). - net: hns3: fix for loopback failure when vlan filter is enable (bsc#1104353). - net: hns3: fix for netdev not running problem after calling net_stop and net_open (bsc#1104353). - net: hns3: Fix for netdev not running problem after calling net_stop and net_open (bsc#1104353). - net: hns3: fix for not initializing VF rss_hash_key problem (bsc#1104353). - net: hns3: fix for not returning problem in get_link_ksettings when phy exists (bsc#1104353). - net: hns3: fix for not setting pause parameters (bsc#1104353 ). - net: hns3: Fix for not setting rx private buffer size to zero (bsc#1104353). - net: hns3: Fix for packet loss due wrong filter config in VLAN tbls (bsc#1104353). - net: hns3: fix for pause configuration lost during reset (bsc#1104353). - net: hns3: Fix for PF mailbox receving unknown message (bsc#1104353). - net: hns3: fix for phy_addr error in hclge_mac_mdio_config (bsc#1104353). - net: hns3: Fix for phy not link up problem after resetting (bsc#1104353). - net: hns3: Fix for pri to tc mapping in TM (bsc#1104353 ). - net: hns3: fix for returning wrong value problem in hns3_get_rss_indir_size (bsc#1104353). - net: hns3: fix for returning wrong value problem in hns3_get_rss_key_size (bsc#1104353). - net: hns3: fix for RSS configuration loss problem during reset (bsc#1104353). - net: hns3: Fix for rx priv buf allocation when DCB is not supported (bsc#1104353). - net: hns3: Fix for rx_priv_buf_alloc not setting rx shared buffer (bsc#1104353). - net: hns3: Fix for service_task not running problem after resetting (bsc#1104353). - net: hns3: Fix for setting mac address when resetting (bsc#1104353). - net: hns3: fix for setting MTU (bsc#1104353). - net: hns3: Fix for setting rss_size incorrectly (bsc#1104353 ). - net: hns3: Fix for the null pointer problem occurring when initializing ae_dev failed (bsc#1104353). - net: hns3: fix for the wrong shift problem in hns3_set_txbd_baseinfo (bsc#1104353). - net: hns3: fix for updating fc_mode_last_time (bsc#1104353 ). - net: hns3: fix for use-after-free when setting ring parameter (bsc#1104353). - net: hns3: Fix for VF mailbox cannot receiving PF response (bsc#1104353). - net: hns3: Fix for VF mailbox receiving unknown message (bsc#1104353). - net: hns3: fix for vlan table lost problem when resetting (bsc#1104353). - net: hns3: Fix for vxlan tx checksum bug (bsc#1104353 ). - net: hns3: Fix initialization when cmd is not supported (bsc#1104353). - net: hns3: fix length overflow when CONFIG_ARM64_64K_PAGES (bsc#1104353). - net: hns3: fix null pointer dereference before null check (bsc#1104353). - net: hns3: fix return value error of hclge_get_mac_vlan_cmd_status() (bsc#1104353). - net: hns3: fix rx path skb->truesize reporting bug (bsc#1104353 ). - net: hns3: Fix setting mac address error (bsc#1104353 ). - net: hns3: Fix spelling errors (bsc#1104353). - net: hns3: fix spelling mistake: "capabilty" -> "capability" (bsc#1104353). - net: hns3: fix the bug of hns3_set_txbd_baseinfo (bsc#1104353 ). - net: hns3: fix the bug when map buffer fail (bsc#1104353 ). - net: hns3: fix the bug when reuse command description in hclge_add_mac_vlan_tbl (bsc#1104353). - net: hns3: Fix the missing client list node initialization (bsc#1104353). - net: hns3: fix the ops check in hns3_get_rxnfc (bsc#1104353 ). - net: hns3: fix the queue id for tqp enable and reset (bsc#1104353 ). - net: hns3: fix the ring count for ETHTOOL_GRXRINGS (bsc#1104353 ). - net: hns3: fix the TX/RX ring.queue_index in hns3_ring_get_cfg (bsc#1104353). - net: hns3: fix the VF queue reset flow error (bsc#1104353 ). - net: hns3: fix to correctly fetch l4 protocol outer header (bsc#1104353). - net: hns3: Fix to support autoneg only for port attached with phy (bsc#1104353). - net: hns3: Fix typo error for feild in hclge_tm (bsc#1104353 ). - net: hns3: free the ring_data structrue when change tqps (bsc#1104353). - net: hns3: get rss_size_max from configuration but not hardcode (bsc#1104353). - net: hns3: get vf count by pci_sriov_get_totalvfs (bsc#1104353 ). - net: hns3: hclge_inform_reset_assert_to_vf() can be static (bsc#1104353). - net: hns3: hns3:fix a bug about statistic counter in reset process (bsc#1104353). - net: hns3: hns3_get_channels() can be static (bsc#1104353 ). - net: hns3: Increase the default depth of bucket for TM shaper (bsc#1104353). - net: hns3: increase the max time for IMP handle command (bsc#1104353). - net: hns3: make local functions static (bsc#1104353 ). - net: hns3: Mask the packet statistics query when NIC is down (bsc#1104353). - net: hns3: Modify the update period of packet statistics (bsc#1104353). - net: hns3: never send command queue message to IMP when reset (bsc#1104353). - net: hns3: Optimize PF CMDQ interrupt switching process (bsc#1104353). - net: hns3: Optimize the PF's process of updating multicast MAC (bsc#1104353). - net: hns3: Optimize the VF's process of updating multicast MAC (bsc#1104353). - net: hns3: reallocate tx/rx buffer after changing mtu (bsc#1104353). - net: hns3: refactor GL update function (bsc#1104353 ). - net: hns3: refactor interrupt coalescing init function (bsc#1104353). - net: hns3: Refactor mac_init function (bsc#1104353). - net: hns3: Refactor of the reset interrupt handling logic (bsc#1104353). - net: hns3: Refactors the requested reset and pending reset handling code (bsc#1104353). - net: hns3: refactor the coalesce related struct (bsc#1104353 ). - net: hns3: refactor the get/put_vector function (bsc#1104353 ). - net: hns3: refactor the hclge_get/set_rss function (bsc#1104353 ). - net: hns3: refactor the hclge_get/set_rss_tuple function (bsc#1104353). - net: hns3: Refactor the initialization of command queue (bsc#1104353). - net: hns3: refactor the loopback related function (bsc#1104353 ). - net: hns3: Refactor the mapping of tqp to vport (bsc#1104353 ). - net: hns3: Refactor the skb receiving and transmitting function (bsc#1104353). - net: hns3: remove a couple of redundant assignments (bsc#1104353 ). - net: hns3: remove add/del_tunnel_udp in hns3_enet module (bsc#1104353). - net: hns3: Remove a useless member of struct hns3_stats (bsc#1104353). - net: hns3: Remove error log when getting pfc stats fails (bsc#1104353). - net: hns3: Remove packet statistics in the range of 8192~12287 (bsc#1104353). - net: hns3: remove redundant memset when alloc buffer (bsc#1104353). - net: hns3: remove redundant semicolon (bsc#1104353). - net: hns3: Remove repeat statistic of rx_errors (bsc#1104353 ). - net: hns3: Removes unnecessary check when clearing TX/RX rings (bsc#1104353). - net: hns3: remove TSO config command from VF driver (bsc#1104353 ). - net: hns3: remove unnecessary pci_set_drvdata() and devm_kfree() (bsc#1104353). - net: hns3: remove unused GL setup function (bsc#1104353 ). - net: hns3: remove unused hclgevf_cfg_func_mta_filter (bsc#1104353). - net: hns3: Remove unused led control code (bsc#1104353 ). - net: hns3: report the function type the same line with hns3_nic_get_stats64 (bsc#1104353). - net: hns3: set the cmdq out_vld bit to 0 after used (bsc#1104353 ). - net: hns3: set the max ring num when alloc netdev (bsc#1104353 ). - net: hns3: Setting for fc_mode and dcb enable flag in TM module (bsc#1104353). - net: hns3: Support for dynamically assigning tx buffer to TC (bsc#1104353). - net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC (bsc#1104353). - net: hns3: unify the pause params setup function (bsc#1104353 ). - net: hns3: Unify the strings display of packet statistics (bsc#1104353). - net: hns3: Updates MSI/MSI-X alloc/free APIs(depricated) to new APIs (bsc#1104353). - net: hns3: Updates RX packet info fetch in case of multi BD (bsc#1104353). - net: hns3: Use enums instead of magic number in hclge_is_special_opcode (bsc#1104353). - net: hns3: VF should get the real rss_size instead of rss_size_max (bsc#1104353). - net: lan78xx: Fix race in tx pending skb size calculation (bsc#1100132). - net: lan78xx: fix rx handling before first packet is send (bsc#1100132). - net: qmi_wwan: add BroadMobi BM806U 2020:2033 (bsc#1087092). - net: qmi_wwan: Add Netgear Aircard 779S (bsc#1090888). - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 (bsc#1087092). - net: usb: asix: replace mii_nway_restart in resume path (bsc#1100132). - nohz: Fix local_timer_softirq_pending() (bsc#1051510). - nvme: ensure forward progress during Admin passthru (git-fixes). - nvme-fabrics: Ignore nr_io_queues option for discovery controllers (bsc#1102633). - nvme: fixup crash on failed discovery (bsc#1103920). - nvme.h: fixup ANA group descriptor format (bsc#1104111). - nvme: use hw qid in trace events (bsc#1102633). - orangefs: report attributes_mask and attributes for statx (bsc#1101832). - orangefs: set i_size on new symlink (bsc#1101845). - overflow.h: Add allocation size calculation helpers (bsc#1101116,). - PCI: pciehp: Assume NoCompl+ for Thunderbolt ports (bsc#1051510). - PCI: pciehp: Request control of native hotplug only if supported (bsc#1051510). - PCI: Prevent sysfs disable of device while driver is attached (bsc#1051510). - pinctrl: at91-pio4: add missing of_node_put (bsc#1051510). - pinctrl: cannonlake: Fix community ordering for H variant (bsc#1051510). - pinctrl: core: Return selector to the pinctrl driver (bsc#1051510). - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() (bsc#1051510). - pinctrl: imx: off by one in imx_pinconf_group_dbg_show() (bsc#1051510). - pinctrl: intel: Add Intel Lewisburg GPIO support (). - pinctrl: nand: meson-gxl: fix missing data pins (bsc#1051510). - pinctrl: pinmux: Return selector to the pinctrl driver (bsc#1051510). - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant (bsc#1051510). - pinctrl: single: Fix group and function selector use (bsc#1051510). - PM / devfreq: rk3399_dmc: Fix duplicated opp table on reload (bsc#1051510). - pmem: only set QUEUE_FLAG_DAX for fsdax mode (bsc#1103917). - powerpc/64: Add GENERIC_CPU support for little endian (). - powerpc/fadump: handle crash memory ranges array index overflow (bsc#1103269). - powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements (bsc#1103269). - powerpc/pkeys: Deny read/write/execute by default (bsc#1097577). - powerpc/pkeys: Fix calculation of total pkeys (bsc#1097577). - powerpc/pkeys: Give all threads control of their key permissions (bsc#1097577). - powerpc/pkeys: key allocation/deallocation must not change pkey registers (bsc#1097577). - powerpc/pkeys: make protection key 0 less special (bsc#1097577). - powerpc/pkeys: Preallocate execute-only key (bsc#1097577). - powerpc/pkeys: Save the pkey registers before fork (bsc#1097577). - qed*: Add link change count value to ethtool statistics display (bsc#1086314). - qed: Add qed APIs for PHY module query (bsc#1086314 ). - qed: Add srq core support for RoCE and iWARP (bsc#1086314 ). - qede: Add driver callbacks for eeprom module query (bsc#1086314 ). - qedf: Add get_generic_tlv_data handler (bsc#1086317). - qedf: Add support for populating ethernet TLVs (bsc#1086317). - qed: fix spelling mistake "successffuly" -> "successfully" (bsc#1086314). - qedi: Add get_generic_tlv_data handler (bsc#1086315). - qedi: Add support for populating ethernet TLVs (bsc#1086315). - qed: Make some functions static (bsc#1086314). - qed: remove redundant functions qed_get_cm_pq_idx_rl (bsc#1086314). - qed: remove redundant functions qed_set_gft_event_id_cm_hdr (bsc#1086314). - qed: remove redundant pointer 'name' (bsc#1086314). - qed: use dma_zalloc_coherent instead of allocator/memset (bsc#1086314). - qed*: Utilize FW 8.37.2.0 (bsc#1086314). - RDMA/hns: Add 64KB page size support for hip08 (bsc#1104427 ). - RDMA/hns: Add command queue support for hip08 RoCE driver (bsc#1104427). - RDMA/hns: Add CQ operations support for hip08 RoCE driver (bsc#1104427). - RDMA/hns: Add detailed comments for mb() call (bsc#1104427 ). - RDMA/hns: Add eq support of hip08 (bsc#1104427). - RDMA/hns: Add gsi qp support for modifying qp in hip08 (bsc#1104427). - RDMA/hns: Add mailbox's implementation for hip08 RoCE driver (bsc#1104427). - RDMA/hns: Add modify CQ support for hip08 (bsc#1104427 ). - RDMA/hns: Add names to function arguments in function pointers (bsc#1104427). - RDMA/hns: Add profile support for hip08 driver (bsc#1104427 ). - RDMA/hns: Add QP operations support for hip08 SoC (bsc#1104427 ). - RDMA/hns: Add releasing resource operation in error branch (bsc#1104427). - RDMA/hns: Add rereg mr support for hip08 (bsc#1104427 ). - RDMA/hns: Add reset process for RoCE in hip08 (bsc#1104427 ). - RDMA/hns: Add return operation when configured global param fail (bsc#1104427). - RDMA/hns: Add rq inline data support for hip08 RoCE (bsc#1104427 ). - RDMA/hns: Add rq inline flags judgement (bsc#1104427 ). - RDMA/hns: Add sq_invld_flg field in QP context (bsc#1104427 ). - RDMA/hns: Add support for processing send wr and receive wr (bsc#1104427). - RDMA/hns: Add the interfaces to support multi hop addressing for the contexts in hip08 (bsc#1104427). - RDMA/hns: Adjust the order of cleanup hem table (bsc#1104427 ). - RDMA/hns: Assign dest_qp when deregistering mr (bsc#1104427 ). - RDMA/hns: Assign the correct value for tx_cqn (bsc#1104427 ). - RDMA/hns: Assign zero for pkey_index of wc in hip08 (bsc#1104427 ). - RDMA/hns: Avoid NULL pointer exception (bsc#1104427 ). - RDMA/hns: Bugfix for cq record db for kernel (bsc#1104427 ). - RDMA/hns: Bugfix for init hem table (bsc#1104427). - RDMA/hns: Bugfix for rq record db for kernel (bsc#1104427 ). - RDMA/hns: Check return value of kzalloc (bsc#1104427 ). - RDMA/hns: Configure BT BA and BT attribute for the contexts in hip08 (bsc#1104427). - RDMA/hns: Configure fence attribute in hip08 RoCE (bsc#1104427 ). - RDMA/hns: Configure mac and gid and user access region for hip08 RoCE driver (bsc#1104427). - RDMA/hns: Configure sgid type for hip08 RoCE (bsc#1104427 ). - RDMA/hns: Configure the MTPT in hip08 (bsc#1104427). - RDMA/hns: Configure TRRL field in hip08 RoCE device (bsc#1104427 ). - RDMA/hns: Create gsi qp in hip08 (bsc#1104427). - RDMA/hns: Delete the unnecessary initializing enum to zero (bsc#1104427). - RDMA/hns: Do not unregister a callback we didn't register (bsc#1104427). - RDMA/hns: Drop local zgid in favor of core defined variable (bsc#1104427). - RDMA/hns: Enable inner_pa_vld filed of mpt (bsc#1104427 ). - RDMA/hns: Enable the cqe field of sqwqe of RC (bsc#1104427 ). - RDMA/hns: ensure for-loop actually iterates and free's buffers (bsc#1104427). - RDMA/hns: Fill sq wqe context of ud type in hip08 (bsc#1104427 ). - RDMA/hns: Filter for zero length of sge in hip08 kernel mode (bsc#1104427). - RDMA/hns: Fix a bug with modifying mac address (bsc#1104427 ). - RDMA/hns: Fix a couple misspellings (bsc#1104427). - RDMA/hns: Fix calltrace for sleeping in atomic (bsc#1104427 ). - RDMA/hns: Fix cqn type and init resp (bsc#1104427). - RDMA/hns: Fix cq record doorbell enable in kernel (bsc#1104427 ). - RDMA/hns: Fix endian problems around imm_data and rkey (bsc#1104427). - RDMA/hns: Fix inconsistent warning (bsc#1104427). - RDMA/hns: Fix init resp when alloc ucontext (bsc#1104427 ). - RDMA/hns: Fix misplaced call to hns_roce_cleanup_hem_table (bsc#1104427). - RDMA/hns: Fix QP state judgement before receiving work requests (bsc#1104427). - RDMA/hns: Fix QP state judgement before sending work requests (bsc#1104427). - RDMA/hns: fix spelling mistake: "Reseved" -> "Reserved" (bsc#1104427). - RDMA/hns: Fix the bug with NULL pointer (bsc#1104427 ). - RDMA/hns: Fix the bug with rq sge (bsc#1104427). - RDMA/hns: Fix the endian problem for hns (bsc#1104427 ). - RDMA/hns: Fix the illegal memory operation when cross page (bsc#1104427). - RDMA/hns: Fix the issue of IOVA not page continuous in hip08 (bsc#1104427). - RDMA/hns: Fix the qp context state diagram (bsc#1104427 ). - RDMA/hns: Generate gid type of RoCEv2 (bsc#1104427). - RDMA/hns: Get rid of page operation after dma_alloc_coherent (bsc#1104427). - RDMA/hns: Get rid of virt_to_page and vmap calls after dma_alloc_coherent (bsc#1104427). - RDMA/hns: Implement the disassociate_ucontext API (bsc#1104427 ). - RDMA/hns: Increase checking CMQ status timeout value (bsc#1104427). - RDMA/hns: Initialize the PCI device for hip08 RoCE (bsc#1104427 ). - RDMA/hns: Intercept illegal RDMA operation when use inline data (bsc#1104427). - RDMA/hns: Load the RoCE dirver automatically (bsc#1104427 ). - RDMA/hns: make various function static, fixes warnings (bsc#1104427). - RDMA/hns: Modify assignment device variable to support both PCI device and platform device (bsc#1104427). - RDMA/hns: Modify the usage of cmd_sn in hip08 (bsc#1104427 ). - RDMA/hns: Modify the value with rd dest_rd of qp_attr (bsc#1104427). - RDMA/hns: Modify uar allocation algorithm to avoid bitmap exhaust (bsc#1104427). - RDMA/hns: Move priv in order to add multiple hns_roce support (bsc#1104427). - RDMA/hns: Move the location for initializing tmp_len (bsc#1104427). - RDMA/hns: Not support qp transition from reset to reset for hip06 (bsc#1104427). - RDMA/hns: Only assign dest_qp if IB_QP_DEST_QPN bit is set (bsc#1104427). - RDMA/hns: Only assign dqpn if IB_QP_PATH_DEST_QPN bit is set (bsc#1104427). - RDMA/hns: Only assign mtu if IB_QP_PATH_MTU bit is set (bsc#1104427). - RDMA/hns: Refactor code for readability (bsc#1104427 ). - RDMA/hns: Refactor eq code for hip06 (bsc#1104427). - RDMA/hns: remove redundant assignment to variable j (bsc#1104427 ). - RDMA/hns: Remove some unnecessary attr_mask judgement (bsc#1104427). - RDMA/hns: Remove unnecessary operator (bsc#1104427). - RDMA/hns: Remove unnecessary platform_get_resource() error check (bsc#1104427). - RDMA/hns: Rename the idx field of db (bsc#1104427). - RDMA/hns: Replace condition statement using hardware version information (bsc#1104427). - RDMA/hns: Replace __raw_write*(cpu_to_le*()) with LE write*() (bsc#1104427). - RDMA/hns: return 0 rather than return a garbage status value (bsc#1104427). - RDMA/hns_roce: Do not check return value of zap_vma_ptes() (bsc#1104427). - RDMA/hns: Set access flags of hip08 RoCE (bsc#1104427 ). - RDMA/hns: Set desc_dma_addr for zero when free cmq desc (bsc#1104427). - RDMA/hns: Set NULL for __internal_mr (bsc#1104427). - RDMA/hns: Set rdma_ah_attr type for querying qp (bsc#1104427 ). - RDMA/hns: Set se attribute of sqwqe in hip08 (bsc#1104427 ). - RDMA/hns: Set sq_cur_sge_blk_addr field in QPC in hip08 (bsc#1104427). - RDMA/hns: Set the guid for hip08 RoCE device (bsc#1104427 ). - RDMA/hns: Set the owner field of SQWQE in hip08 RoCE (bsc#1104427). - RDMA/hns: Split CQE from MTT in hip08 (bsc#1104427). - RDMA/hns: Split hw v1 driver from hns roce driver (bsc#1104427 ). - RDMA/hns: Submit bad wr (bsc#1104427). - RDMA/hns: Support cq record doorbell for kernel space (bsc#1104427). - RDMA/hns: Support cq record doorbell for the user space (bsc#1104427). - RDMA/hns: Support multi hop addressing for PBL in hip08 (bsc#1104427). - RDMA/hns: Support rq record doorbell for kernel space (bsc#1104427). - RDMA/hns: Support rq record doorbell for the user space (bsc#1104427). - RDMA/hns: Support WQE/CQE/PBL page size configurable feature in hip08 (bsc#1104427). - RDMA/hns: Unify the calculation for hem index in hip08 (bsc#1104427). - RDMA/hns: Update assignment method for owner field of send wqe (bsc#1104427). - RDMA/hns: Update calculation of irrl_ba field for hip08 (bsc#1104427). - RDMA/hns: Update convert function of endian format (bsc#1104427 ). - RDMA/hns: Update the interfaces for MTT/CQE multi hop addressing in hip08 (bsc#1104427). - RDMA/hns: Update the IRRL table chunk size in hip08 (bsc#1104427 ). - RDMA/hns: Update the PD CQE MTT specification in hip08 (bsc#1104427). - RDMA/hns: Update the usage of ack timeout in hip08 (bsc#1104427 ). - RDMA/hns: Update the usage of sr_max and rr_max field (bsc#1104427). - RDMA/hns: Update the verbs of polling for completion (bsc#1104427). - RDMA/hns: Use free_pages function instead of free_page (bsc#1104427). - RDMA/hns: Use structs to describe the uABI instead of opencoding (bsc#1104427). - RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM (bsc#1086314). - RDMA/qedr: fix spelling mistake: "adrresses" -> "addresses" (bsc#1086314). - RDMA/qedr: fix spelling mistake: "failes" -> "fails" (bsc#1086314). - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops (bsc#1051510). - reiserfs: fix buffer overflow with long warning messages (bsc#1101847). - Revert "drm/nouveau/drm/therm/fan: add a fallback if no fan control is specified in the vbios" (bsc#1103356). - rtc: ensure rtc_set_alarm fails when alarms are not supported (bsc#1051510). - s390/cio: clear timer when terminating driver I/O (bsc#1103421). - s390/cio: fix return code after missing interrupt (bsc#1103421). - s390/dasd: configurable IFCC handling (bsc#1097808). - s390/dasd: fix handling of internal requests (bsc#1103421). - s390/dasd: fix wrongly assigned configuration data (bsc#1103421). - s390/dasd: prevent prefix I/O error (bsc#1103421). - s390/eadm: fix CONFIG_BLOCK include dependency (bsc#1103421). - s390/ipl: ensure loadparm valid flag is set (bsc#1103421). - s390/pci: do not require AIS facility (bsc#1103421). - s390/qdio: do not release memory in qdio_setup_irq() (bsc#1103421). - sc16is7xx: Check for an error when the clock is enabled (bsc#1051510). - sched/debug: Reverse the order of printing faults (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Consider RT/IRQ pressure in capacity_spare_wake() (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix find_idlest_group() when local group is not allowed (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix usage of find_idlest_group() when no groups are allowed (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix usage of find_idlest_group() when the local group is idlest (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Move select_task_rq_fair() slow-path into its own function (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Remove impossible condition from find_idlest_group_cpu() (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Remove unnecessary comparison with -1 (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Spare idle load balancing on nohz_full CPUs (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Use 'unsigned long' for utilization, consistently (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Evaluate move once per node (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Modify migrate_swap() to accept additional parameters (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Move task_numa_placement() closer to numa_migrate_preferred() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove redundant field (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove redundant field -kabi (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove unused task_capacity from 'struct numa_stats' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Set preferred_node based on best_cpu (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Simplify load_too_imbalanced() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Skip nodes that are at 'hoplimit' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Update the scan period without holding the numa_group lock (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Use group_weights to identify if migration degrades locality (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Use task faults only if numa_group is not yet set up (bnc#1101669 optimise numa balancing for fast migrate). - sched/smt: Update sched_smt_present at runtime (bsc#1089343). - scsi: ata: enhance the definition of SET MAX feature field value (). - scsi: hisi_sas: add an mechanism to do reset work synchronously (). - scsi: hisi_sas: add check of device in hisi_sas_task_exec() (). - scsi: hisi_sas: add internal abort dev in some places (). - scsi: hisi_sas: Add LED feature for v3 hw (). - scsi: hisi_sas: add RAS feature for v3 hw (). - scsi: hisi_sas: add readl poll timeout helper wrappers (). - scsi: hisi_sas: Add some checks to avoid free'ing a sas_task twice (). - scsi: hisi_sas: add some print to enhance debugging (). - scsi: hisi_sas: Add v2 hw force PHY function for internal ATA command (). - scsi: hisi_sas: add v2 hw port AXI error handling support (). - scsi: hisi_sas: add v3 hw MODULE_DEVICE_TABLE() (). - scsi: hisi_sas: add v3 hw suspend and resume (). - scsi: hisi_sas: allocate slot buffer earlier (). - scsi: hisi_sas: Change common allocation mode of device id (). - scsi: hisi_sas: Change frame type for SET MAX commands (). - scsi: hisi_sas: change ncq process for v3 hw (). - scsi: hisi_sas: change slot index allocation mode (). - scsi: hisi_sas: check host frozen before calling "done" function (). - scsi: hisi_sas: check IPTT is valid before using it for v3 hw (). - scsi: hisi_sas: check sas_dev gone earlier in hisi_sas_abort_task() (). - scsi: hisi_sas: Code cleanup and minor bug fixes (). - scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw (). - scsi: hisi_sas: consolidate command check in hisi_sas_get_ata_protocol() (). - scsi: hisi_sas: Create a scsi_host_template per HW module (). - scsi: hisi_sas: delete timer when removing hisi_sas driver (). - scsi: hisi_sas: do link reset for some CHL_INT2 ints (). - scsi: hisi_sas: Do not lock DQ for complete task sending (). - scsi: hisi_sas: dt-bindings: add an property of signal attenuation (). - scsi: hisi_sas: fix a bug in hisi_sas_dev_gone() (). - scsi: hisi_sas: fix a typo in hisi_sas_task_prep() (). - scsi: hisi_sas: fix dma_unmap_sg() parameter (). - scsi: hisi_sas: fix PI memory size (). - scsi: hisi_sas: fix return value of hisi_sas_task_prep() (). - scsi: hisi_sas: Fix return value when get_free_slot() failed (). - scsi: hisi_sas: fix SAS_QUEUE_FULL problem while running IO (). - scsi: hisi_sas: fix the issue of link rate inconsistency (). - scsi: hisi_sas: fix the issue of setting linkrate register (). - scsi: hisi_sas: improve int_chnl_int_v2_hw() consistency with v3 hw (). - scsi: hisi_sas: Include TMF elements in struct hisi_sas_slot (). - scsi: hisi_sas: increase timer expire of internal abort task (). - scsi: hisi_sas: Init disks after controller reset (). - scsi: hisi_sas: initialize dq spinlock before use (). - scsi: hisi_sas: Introduce hisi_sas_phy_set_linkrate() (). - scsi: hisi_sas: judge result of internal abort (). - scsi: hisi_sas: make local symbol host_attrs static (). - scsi: hisi_sas: make return type of prep functions void (). - scsi: hisi_sas: make SAS address of SATA disks unique (). - scsi: hisi_sas: Mark PHY as in reset for nexus reset (). - scsi: hisi_sas: modify hisi_sas_dev_gone() for reset (). - scsi: hisi_sas: modify some register config for hip08 (). - scsi: hisi_sas: optimise port id refresh function (). - scsi: hisi_sas: optimise the usage of DQ locking (). - scsi: hisi_sas: print device id for errors (). - scsi: hisi_sas: re-add the lldd_port_deformed() (). - scsi: hisi_sas: relocate clearing ITCT and freeing device (). - scsi: hisi_sas: relocate smp sg map (). - scsi: hisi_sas: Remove depends on HAS_DMA in case of platform dependency (). - scsi: hisi_sas: remove redundant handling to event95 for v3 (). - scsi: hisi_sas: remove some unneeded structure members (). - scsi: hisi_sas: remove unused variable hisi_sas_devices.running_req (). - scsi: hisi_sas: Reset disks when discovered (). - scsi: hisi_sas: some optimizations of host controller reset (). - scsi: hisi_sas: stop controller timer for reset (). - scsi: hisi_sas: support the property of signal attenuation for v2 hw (). - scsi: hisi_sas: Terminate STP reject quickly for v2 hw (). - scsi: hisi_sas: Try wait commands before before controller reset (). - scsi: hisi_sas: update PHY linkrate after a controller reset (). - scsi: hisi_sas: update RAS feature for later revision of v3 HW (). - scsi: hisi_sas: use an general way to delay PHY work (). - scsi: hisi_sas: Use device lock to protect slot alloc/free (). - scsi: hisi_sas: use dma_zalloc_coherent() (). - scsi: hisi_sas: workaround a v3 hw hilink bug (). - scsi: libsas: defer ata device eh commands to libata (). - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (bsc#1102658). - scsi: lpfc: Correct LCB ACCept payload (bsc#1102658). - scsi: lpfc: devloss timeout race condition caused null pointer reference (bsc#1102658). - scsi: lpfc: Fix abort error path for NVMET (bsc#1102658). - scsi: lpfc: Fix driver crash when re-registering NVME rports (bsc#1102658). - scsi: lpfc: Fix driver not setting dpp bits correctly in doorbell word (bsc#1102658). - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102658). - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102658). - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102658). - scsi: lpfc: Fix panic if driver unloaded when port is offline (bsc#1102658). - scsi: lpfc: Fix sysfs Speed value on CNA ports (bsc#1102658). - scsi: lpfc: Limit tracking of tgt queue depth in fast path (bsc#1102658). - scsi: lpfc: Make PBDE optimizations configurable (bsc#1102658). - scsi: lpfc: Remove lpfc_enable_pbde as module parameter (bsc#1102658). - scsi: lpfc: Revise copyright for new company language (bsc#1102658). - scsi: lpfc: Support duration field in Link Cable Beacon V1 command (bsc#1102658). - scsi: lpfc: update driver version to 12.0.0.5 (bsc#1102658). - scsi: lpfc: update driver version to 12.0.0.6 (bsc#1102658). - scsi: mpt3sas: Add an I/O barrier (bsc#1086906,). - scsi: mpt3sas: Added support for SAS Device Discovery Error Event (bsc#1086906,). - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1086906,). - scsi: mpt3sas: Allow processing of events during driver unload (bsc#1086906,). - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (bsc#1086906,). - scsi: mpt3sas: Bug fix for big endian systems (bsc#1086906,). - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1086906,). - scsi: mpt3sas: clarify mmio pointer types (bsc#1086906,). - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize (bsc#1086906,). - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing Async Broadcast primitive event (bsc#1086906,). - scsi: mpt3sas: Do not access the structure after decrementing it's instance reference count (bsc#1086906,). - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1086906,). - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1086906,). - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal commands during controller reset (bsc#1086906,). - scsi: mpt3sas: fix possible memory leak (bsc#1086906,). - scsi: mpt3sas: fix spelling mistake: "disbale" -> "disable" (bsc#1086906,). - scsi: mpt3sas: For NVME device, issue a protocol level reset (bsc#1086906,). - scsi: mpt3sas: Incorrect command status was set/marked as not used (bsc#1086906,). - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's (bsc#1086906,). - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address (bsc#1086906,). - scsi: mpt3sas: Introduce Base function for cloning (bsc#1086906,). - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1086906,). - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1086906,). - scsi: mpt3sas: Lockless access for chain buffers (bsc#1086906,). - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1086906,). - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1086906,). - scsi: mpt3sas: Replace PCI pool old API (bsc#1081917). - scsi: mpt3sas: Report Firmware Package Version from HBA Driver (bsc#1086906,). - scsi: mpt3sas: Update driver version "25.100.00.00" (bsc#1086906,). - scsi: mpt3sas: Update driver version "26.100.00.00" (bsc#1086906,). - scsi: mpt3sas: Update MPI Headers (bsc#1086906,). - scsi: qedf: Add additional checks when restarting an rport due to ABTS timeout (bsc#1086317). - scsi: qedf: Add check for offload before flushing I/Os for target (bsc#1086317). - scsi: qedf: Add dcbx_not_wait module parameter so we won't wait for DCBX convergence to start discovery (bsc#1086317). - scsi: qedf: Add missing skb frees in error path (bsc#1086317). - scsi: qedf: Add more defensive checks for concurrent error conditions (bsc#1086317). - scsi: qedf: Add task id to kref_get_unless_zero() debug messages when flushing requests (bsc#1086317). - scsi: qedf: Check if link is already up when receiving a link up event from qed (bsc#1086317). - scsi: qedf: fix LTO-enabled build (bsc#1086317). - scsi: qedf: Fix VLAN display when printing sent FIP frames (bsc#1086317). - scsi: qedf: Honor default_prio module parameter even if DCBX does not converge (bsc#1086317). - scsi: qedf: Honor priority from DCBX FCoE App tag (bsc#1086317). - scsi: qedf: If qed fails to enable MSI-X fail PCI probe (bsc#1086317). - scsi: qedf: Improve firmware debug dump handling (bsc#1086317). - scsi: qedf: Increase the number of default FIP VLAN request retries to 60 (bsc#1086317). - scsi: qedf: Release RRQ reference correctly when RRQ command times out (bsc#1086317). - scsi: qedf: remove redundant initialization of 'fcport' (bsc#1086317). - scsi: qedf: Remove setting DCBX pending during soft context reset (bsc#1086317). - scsi: qedf: Return request as DID_NO_CONNECT if MSI-X is not enabled (bsc#1086317). - scsi: qedf: Sanity check FCoE/FIP priority value to make sure it's between 0 and 7 (bsc#1086317). - scsi: qedf: Send the driver state to MFW (bsc#1086317). - scsi: qedf: Set the UNLOADING flag when removing a vport (bsc#1086317). - scsi: qedf: Synchronize rport restarts when multiple ELS commands time out (bsc#1086317). - scsi: qedf: Update copyright for 2018 (bsc#1086317). - scsi: qedf: Update version number to 8.33.16.20 (bsc#1086317). - scsi: qedf: use correct strncpy() size (bsc#1086317). - scsi: qedi: fix building with LTO (bsc#1086315). - scsi: qedi: fix build regression (bsc#1086315). - scsi: qedi: Fix kernel crash during port toggle (bsc#1086315). - scsi: qedi: Send driver state to MFW (bsc#1086315). - scsi: qla2xxx: Avoid double completion of abort command (git-fixes). - scsi: qla2xxx: correctly shift host byte (bsc#1086327,). - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1086327,). - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1086327,). - scsi: qla2xxx: Fix driver unload by shutting down chip (git-fixes). - scsi: qla2xxx: Fix Inquiry command being dropped in Target mode (bsc#1086327,). - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion (git-fixes). - scsi: qla2xxx: Fix NULL pointer dereference for fcport search (git-fixes). - scsi: qla2xxx: Fix race condition between iocb timeout and initialisation (bsc#1086327,). - scsi: qla2xxx: Fix Rport and session state getting out of sync (bsc#1086327,). - scsi: qla2xxx: Fix sending ADISC command for login (bsc#1086327,). - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails (bsc#1086327,). - scsi: qla2xxx: Fix TMF and Multi-Queue config (bsc#1086327,). - scsi: qla2xxx: Fix unintialized List head crash (git-fixes). - scsi: qla2xxx: Move GPSC and GFPNID out of session management (bsc#1086327,). - scsi: qla2xxx: Prevent relogin loop by removing stale code (bsc#1086327,). - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (bsc#1086327,). - scsi: qla2xxx: remove irq save in qla2x00_poll() (bsc#1086327,). - scsi: qla2xxx: Remove stale debug value for login_retry flag (bsc#1086327,). - scsi: qla2xxx: Return error when TMF returns (git-fixes). - scsi: qla2xxx: Update driver version to 10.00.00.07-k (bsc#1086327,). - scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function (bsc#1086327,). - scsi: qla4xxx: Move an array from a .h into a .c file (bsc#1086331). - scsi: qla4xxx: Remove unused symbols (bsc#1086331). - scsi: qla4xxx: skip error recovery in case of register disconnect (bsc#1086331). - scsi: qla4xxx: Use dma_pool_zalloc() (bsc#1086331). - scsi: qla4xxx: Use zeroing allocator rather than allocator/memset (bsc#1086331). - scsi: smartpqi: add in new supported controllers (bsc#1086274). - scsi: smartpqi: add inspur advantech ids (bsc#1086274). - scsi: smartpqi: bump driver version to 1.1.4-130 (bsc#1086274). - scsi: smartpqi: fix critical ARM issue reading PQI index registers (bsc#1086274). - scsi: smartpqi: improve error checking for sync requests (bsc#1086274). - scsi: smartpqi: improve handling for sync requests (bsc#1086274). - scsi: smartpqi: update driver version (bsc#1086274). - scsi: smartpqi: workaround fw bug for oq deletion (bsc#1086274). - sctp: fix the issue that pathmtu may be set lower than MINSEGMENT (git-fixes). - sctp: introduce sctp_dst_mtu (git-fixes). - selftests/powerpc: Fix core-pkey for default execute permission change (bsc#1097577). - selftests/powerpc: Fix ptrace-pkey for default execute permission change (bsc#1097577). - series.conf: Sort automatic NUMA balancing related patch - soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure (bsc#1051510). - soc: bcm: raspberrypi-power: Fix use of __packed (bsc#1051510). - soc: imx: gpc: de-register power domains only if initialized (bsc#1051510). - soc: imx: gpc: restrict register range for regmap access (bsc#1051510). - soc: imx: gpcv2: correct PGC offset (bsc#1051510). - soc: imx: gpcv2: Do not pass static memory as platform data (bsc#1051510). - soc: imx: gpcv2: fix regulator deferred probe (bsc#1051510). - soc: mediatek: pwrap: fix compiler errors (bsc#1051510). - soc: qcom: wcnss_ctrl: Fix increment in NV upload (bsc#1051510). - soc: rockchip: power-domain: Fix wrong value when power up pd with writemask (bsc#1051510). - soc/tegra: Fix bad of_node_put() in powergate init (bsc#1051510). - soc/tegra: flowctrl: Fix error handling (bsc#1051510). - soc: ti: ti_sci_pm_domains: Populate name for genpd (bsc#1051510). - soc: zte: Restrict SOC_ZTE to ARCH_ZX or COMPILE_TEST (bsc#1051510). - spi: bcm2835aux: ensure interrupts are enabled for shared handler (bsc#1051510). - spi/bcm63xx-hspi: Enable the clock before calling clk_get_rate() (bsc#1051510). - spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL (bsc#1051510). - spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master (bsc#1051510). - spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo() (bsc#1051510). - spi: pxa2xx: Allow 64-bit DMA (bsc#1051510). - spi: pxa2xx: check clk_prepare_enable() return value (bsc#1051510). - spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe (bsc#1051510). - sr: pass down correctly sized SCSI sense buffer (git-fixes). - staging: ks7010: Use constants from ieee80211_eid instead of literal ints (bsc#1051510). - staging: speakup: fix wraparound in uaccess length check (bsc#1051510). - supported.conf: add drivers/md/dm-writecache - supported.conf: added hns3 modules - supported.conf: added hns-roce-hw-v1 and hns-roce-hw-v2 - supported.conf: Enable HiSi v3 SAS adapter () - sysrq : fix Show Regs call trace on ARM (bsc#1051510). - TCM_RBD depends on BLK_DEV_RBD (). - thermal: exynos: fix setting rising_threshold for Exynos5433 (bsc#1051510). - tty: Fix data race in tty_insert_flip_string_fixed_flag (bsc#1051510). - typec: tcpm: Fix a msecs vs jiffies bug (bsc#1100132). - typec: tcpm: fusb302: Resolve out of order messaging events (bsc#1087092). - udf: Detect incorrect directory size (bsc#1101891). - udf: Provide saner default for invalid uid / gid (bsc#1101890). - Update patches.arch/KVM-PPC-Check-if-IOMMU-page-is-contained-in-the-pinn.patch (bsc#1077761, git-fixes, bsc#1103948, bsc#1103949). - usb: hub: Do not wait for connect state at resume for powered-off ports (bsc#1051510). - usbip: usbip_detach: Fix memory, udev context and udev leak (bsc#1051510). - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841). - virtio_balloon: fix another race between migration and ballooning (bsc#1051510). - wlcore: sdio: check for valid platform device data before suspend (bsc#1051510). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/KVM/VMX: Add module argument for L1TF mitigation. - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (binutils_2.31). - x86/xen: init %gs very early to avoid page faults with stack protector (bnc#1104777). - xen-netback: fix input validation in xenvif_set_hash_mapping() (bnc#1103277). - xen/netfront: do not cache skb_shinfo() (bnc#1065600). - xfs: catch inode allocation state mismatch corruption (bsc#1104211). - xfs: prevent creating negative-sized file via INSERT_RANGE (bsc#1101833). - xhci: Fix perceived dead host due to runtime suspend race with event handler (bsc#1051510). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2018-1701=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): kernel-devel-azure-4.12.14-5.13.1 kernel-source-azure-4.12.14-5.13.1 - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): kernel-azure-4.12.14-5.13.1 kernel-azure-base-4.12.14-5.13.1 kernel-azure-base-debuginfo-4.12.14-5.13.1 kernel-azure-debuginfo-4.12.14-5.13.1 kernel-azure-devel-4.12.14-5.13.1 kernel-syms-azure-4.12.14-5.13.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-3620.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5391.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1051979 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066110 https://bugzilla.suse.com/1077761 https://bugzilla.suse.com/1081917 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1086274 https://bugzilla.suse.com/1086288 https://bugzilla.suse.com/1086314 https://bugzilla.suse.com/1086315 https://bugzilla.suse.com/1086317 https://bugzilla.suse.com/1086327 https://bugzilla.suse.com/1086331 https://bugzilla.suse.com/1086906 https://bugzilla.suse.com/1087081 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1089343 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1097104 https://bugzilla.suse.com/1097577 https://bugzilla.suse.com/1097808 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099858 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1101116 https://bugzilla.suse.com/1101331 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1101822 https://bugzilla.suse.com/1101828 https://bugzilla.suse.com/1101832 https://bugzilla.suse.com/1101833 https://bugzilla.suse.com/1101837 https://bugzilla.suse.com/1101839 https://bugzilla.suse.com/1101841 https://bugzilla.suse.com/1101843 https://bugzilla.suse.com/1101844 https://bugzilla.suse.com/1101845 https://bugzilla.suse.com/1101847 https://bugzilla.suse.com/1101852 https://bugzilla.suse.com/1101853 https://bugzilla.suse.com/1101867 https://bugzilla.suse.com/1101872 https://bugzilla.suse.com/1101874 https://bugzilla.suse.com/1101875 https://bugzilla.suse.com/1101882 https://bugzilla.suse.com/1101883 https://bugzilla.suse.com/1101885 https://bugzilla.suse.com/1101887 https://bugzilla.suse.com/1101890 https://bugzilla.suse.com/1101891 https://bugzilla.suse.com/1101893 https://bugzilla.suse.com/1101895 https://bugzilla.suse.com/1101896 https://bugzilla.suse.com/1101900 https://bugzilla.suse.com/1101902 https://bugzilla.suse.com/1101903 https://bugzilla.suse.com/1102633 https://bugzilla.suse.com/1102658 https://bugzilla.suse.com/1103097 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1103277 https://bugzilla.suse.com/1103356 https://bugzilla.suse.com/1103363 https://bugzilla.suse.com/1103421 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1103517 https://bugzilla.suse.com/1103723 https://bugzilla.suse.com/1103724 https://bugzilla.suse.com/1103725 https://bugzilla.suse.com/1103726 https://bugzilla.suse.com/1103727 https://bugzilla.suse.com/1103728 https://bugzilla.suse.com/1103729 https://bugzilla.suse.com/1103730 https://bugzilla.suse.com/1103886 https://bugzilla.suse.com/1103917 https://bugzilla.suse.com/1103920 https://bugzilla.suse.com/1103948 https://bugzilla.suse.com/1103949 https://bugzilla.suse.com/1104066 https://bugzilla.suse.com/1104111 https://bugzilla.suse.com/1104174 https://bugzilla.suse.com/1104211 https://bugzilla.suse.com/1104319 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104365 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104494 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1104708 https://bugzilla.suse.com/1104777 https://bugzilla.suse.com/1104897 From sle-security-updates at lists.suse.com Mon Aug 20 07:25:47 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Aug 2018 15:25:47 +0200 (CEST) Subject: SUSE-SU-2018:2451-1: moderate: Security update for procps Message-ID: <20180820132547.D942FF7C0@maintenance.suse.de> SUSE Security Update: Security update for procps ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2451-1 Rating: moderate References: #1092100 Cross-References: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): libprocps3-3.3.9-11.14.1 libprocps3-debuginfo-3.3.9-11.14.1 procps-3.3.9-11.14.1 procps-debuginfo-3.3.9-11.14.1 procps-debugsource-3.3.9-11.14.1 References: https://www.suse.com/security/cve/CVE-2018-1122.html https://www.suse.com/security/cve/CVE-2018-1123.html https://www.suse.com/security/cve/CVE-2018-1124.html https://www.suse.com/security/cve/CVE-2018-1125.html https://www.suse.com/security/cve/CVE-2018-1126.html https://bugzilla.suse.com/1092100 From sle-security-updates at lists.suse.com Mon Aug 20 07:26:24 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Aug 2018 15:26:24 +0200 (CEST) Subject: SUSE-SU-2018:2452-1: moderate: Security update for libgcrypt Message-ID: <20180820132624.7187BF7C0@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2452-1 Rating: moderate References: #1064455 #1090766 #1097410 Cross-References: CVE-2018-0495 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libgcrypt fixes the following issues: The following security vulnerability was addressed: - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures (bsc#1097410). The following other issues were fixed: - Extended the fipsdrv dsa-sign and dsa-verify commands with the --algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455). - Ensure libgcrypt20-hmac and libgcrypt20 are installed in the correct order. (bsc#1090766) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): libgcrypt-debugsource-1.6.1-16.61.1 libgcrypt20-1.6.1-16.61.1 libgcrypt20-debuginfo-1.6.1-16.61.1 References: https://www.suse.com/security/cve/CVE-2018-0495.html https://bugzilla.suse.com/1064455 https://bugzilla.suse.com/1090766 https://bugzilla.suse.com/1097410 From sle-security-updates at lists.suse.com Mon Aug 20 07:27:12 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Aug 2018 15:27:12 +0200 (CEST) Subject: SUSE-SU-2018:2453-1: moderate: Security update for rsyslog Message-ID: <20180820132712.03EF8F7C0@maintenance.suse.de> SUSE Security Update: Security update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2453-1 Rating: moderate References: #935393 Cross-References: CVE-2015-3243 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsyslog fixes the following issues: The following security vulnerability was addressed: CVE-2015-3243: Make sure that log files are not created world-readable (bsc#935393) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): rsyslog-8.24.0-3.11.1 rsyslog-debuginfo-8.24.0-3.11.1 rsyslog-debugsource-8.24.0-3.11.1 References: https://www.suse.com/security/cve/CVE-2015-3243.html https://bugzilla.suse.com/935393 From sle-security-updates at lists.suse.com Tue Aug 21 04:12:15 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Aug 2018 12:12:15 +0200 (CEST) Subject: SUSE-SU-2018:2465-1: moderate: Security update for ImageMagick Message-ID: <20180821101215.38065FCCF@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2465-1 Rating: moderate References: #1056277 #1094204 #1094237 #1095812 #1098545 #1098546 #1102003 #1102004 #1102005 #1102007 Cross-References: CVE-2017-13758 CVE-2017-18271 CVE-2018-10805 CVE-2018-11251 CVE-2018-12599 CVE-2018-12600 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237) - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204) - CVE-2017-13758: Heap-based buffer overflow in the TracePoint() in MagickCore/draw.c, which allows attackers to cause a denial of service(bsc#1056277) - CVE-2018-10805: Fixed several memory leaks in rgb.c, cmyk.c, gray.c, and ycbcr.c (bsc#1095812) - CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098545) - CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098546) - CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage in coders/mpc.c (bsc#1102003) - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007) - CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c (bsc#1102005) - CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c (bsc#1102004) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13747=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13747=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13747=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-78.56.1 ImageMagick-devel-6.4.3.6-78.56.1 libMagick++-devel-6.4.3.6-78.56.1 libMagick++1-6.4.3.6-78.56.1 libMagickWand1-6.4.3.6-78.56.1 perl-PerlMagick-6.4.3.6-78.56.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-78.56.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-78.56.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-78.56.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-78.56.1 ImageMagick-debugsource-6.4.3.6-78.56.1 References: https://www.suse.com/security/cve/CVE-2017-13758.html https://www.suse.com/security/cve/CVE-2017-18271.html https://www.suse.com/security/cve/CVE-2018-10805.html https://www.suse.com/security/cve/CVE-2018-11251.html https://www.suse.com/security/cve/CVE-2018-12599.html https://www.suse.com/security/cve/CVE-2018-12600.html https://www.suse.com/security/cve/CVE-2018-14434.html https://www.suse.com/security/cve/CVE-2018-14435.html https://www.suse.com/security/cve/CVE-2018-14436.html https://www.suse.com/security/cve/CVE-2018-14437.html https://bugzilla.suse.com/1056277 https://bugzilla.suse.com/1094204 https://bugzilla.suse.com/1094237 https://bugzilla.suse.com/1095812 https://bugzilla.suse.com/1098545 https://bugzilla.suse.com/1098546 https://bugzilla.suse.com/1102003 https://bugzilla.suse.com/1102004 https://bugzilla.suse.com/1102005 https://bugzilla.suse.com/1102007 From sle-security-updates at lists.suse.com Tue Aug 21 10:08:26 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Aug 2018 18:08:26 +0200 (CEST) Subject: SUSE-SU-2018:2468-1: moderate: Security update for libcgroup Message-ID: <20180821160826.04454FCCF@maintenance.suse.de> SUSE Security Update: Security update for libcgroup ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2468-1 Rating: moderate References: #1100365 Cross-References: CVE-2018-14348 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcgroup fixes the following issues: Security issue fixed: - CVE-2018-14348: Fix daemon that creates /var/log/cgred with mode 0666 (bsc#1100365). This updates also sets the permissions of already existing log files to proper values. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1732=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1732=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1732=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libcgroup-debugsource-0.41.rc1-10.9.1 libcgroup-devel-0.41.rc1-10.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libcgroup-debugsource-0.41.rc1-10.9.1 libcgroup-tools-0.41.rc1-10.9.1 libcgroup-tools-debuginfo-0.41.rc1-10.9.1 libcgroup1-0.41.rc1-10.9.1 libcgroup1-debuginfo-0.41.rc1-10.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libcgroup-debugsource-0.41.rc1-10.9.1 libcgroup1-0.41.rc1-10.9.1 libcgroup1-debuginfo-0.41.rc1-10.9.1 References: https://www.suse.com/security/cve/CVE-2018-14348.html https://bugzilla.suse.com/1100365 From sle-security-updates at lists.suse.com Tue Aug 21 10:08:57 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Aug 2018 18:08:57 +0200 (CEST) Subject: SUSE-SU-2018:2469-1: important: Security update for libgit2 Message-ID: <20180821160857.3664EFCCF@maintenance.suse.de> SUSE Security Update: Security update for libgit2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2469-1 Rating: important References: #1095219 #1100612 #1100613 #1104641 Cross-References: CVE-2018-10887 CVE-2018-10888 CVE-2018-11235 CVE-2018-15501 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libgit2 to version 0.26.5 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause denial of service (DoS) (bsc#1100613). - CVE-2018-10888: Fixed an out-of-bound read while reading a binary delta file, which could be exploited by an attacker t ocause a denial of service (DoS) (bsc#1100612). - CVE-2018-11235: Fixed a remote code execution, which could occur with a crafted .gitmodules file (bsc#1095219) - CVE-2018-15501: Prevent out-of-bounds reads when processing smart-protocol "ng" packets (bsc#1104641) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1731=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): libgit2-26-0.26.6-3.5.2 libgit2-26-debuginfo-0.26.6-3.5.2 libgit2-debugsource-0.26.6-3.5.2 libgit2-devel-0.26.6-3.5.2 References: https://www.suse.com/security/cve/CVE-2018-10887.html https://www.suse.com/security/cve/CVE-2018-10888.html https://www.suse.com/security/cve/CVE-2018-11235.html https://www.suse.com/security/cve/CVE-2018-15501.html https://bugzilla.suse.com/1095219 https://bugzilla.suse.com/1100612 https://bugzilla.suse.com/1100613 https://bugzilla.suse.com/1104641 From sle-security-updates at lists.suse.com Tue Aug 21 10:09:54 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Aug 2018 18:09:54 +0200 (CEST) Subject: SUSE-SU-2018:2470-1: moderate: Security update for gtk2 Message-ID: <20180821160954.B54E9FCD2@maintenance.suse.de> SUSE Security Update: Security update for gtk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2470-1 Rating: moderate References: #1027024 #1027025 #1027026 #1039465 #1048289 #1048544 Cross-References: CVE-2017-2862 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for gtk2 provides the following fixes: These security issues were fixed: - CVE-2017-6312: Prevent integer overflow that allowed context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file (bsc#1027026). - CVE-2017-6314: The make_available_at_least function allowed context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file (bsc#1027025). - CVE-2017-6313: Prevent integer underflow in the load_resources function that allowed context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file (bsc#1027024). - CVE-2017-2862: Prevent heap overflow in the gdk_pixbuf__jpeg_image_load_increment function. A specially crafted jpeg file could have caused a heap overflow resulting in remote code execution (bsc#1048289) - CVE-2017-2870: Prevent integer overflow in the tiff_image_parse functionality. A specially crafted tiff file could have caused a heap-overflow resulting in remote code execution (bsc#1048544). This non-security issue was fixed: - Prevent an infinite loop when a window is destroyed while traversed (bsc#1039465). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gtk2-13748=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gtk2-13748=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gtk2-13748=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-devel-2.18.9-0.45.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): gtk2-devel-32bit-2.18.9-0.45.8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-2.18.9-0.45.8.1 gtk2-doc-2.18.9-0.45.8.1 gtk2-lang-2.18.9-0.45.8.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): gtk2-32bit-2.18.9-0.45.8.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): gtk2-x86-2.18.9-0.45.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-debuginfo-2.18.9-0.45.8.1 gtk2-debugsource-2.18.9-0.45.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): gtk2-debuginfo-32bit-2.18.9-0.45.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): gtk2-debuginfo-x86-2.18.9-0.45.8.1 References: https://www.suse.com/security/cve/CVE-2017-2862.html https://www.suse.com/security/cve/CVE-2017-2870.html https://www.suse.com/security/cve/CVE-2017-6312.html https://www.suse.com/security/cve/CVE-2017-6313.html https://www.suse.com/security/cve/CVE-2017-6314.html https://bugzilla.suse.com/1027024 https://bugzilla.suse.com/1027025 https://bugzilla.suse.com/1027026 https://bugzilla.suse.com/1039465 https://bugzilla.suse.com/1048289 https://bugzilla.suse.com/1048544 From sle-security-updates at lists.suse.com Tue Aug 21 13:07:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Aug 2018 21:07:32 +0200 (CEST) Subject: SUSE-SU-2018:2472-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15) Message-ID: <20180821190732.0F9E4FCCF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2472-1 Rating: important References: #1097108 #1099306 #1102682 #1103203 Cross-References: CVE-2017-18344 CVE-2018-10853 CVE-2018-3646 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-25_3 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-1737=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-25_3-default-2-2.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099306 https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1103203 From sle-security-updates at lists.suse.com Tue Aug 21 13:08:23 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Aug 2018 21:08:23 +0200 (CEST) Subject: SUSE-SU-2018:2473-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15) Message-ID: <20180821190823.A0FF2FCCF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2473-1 Rating: important References: #1099306 Cross-References: CVE-2018-3646 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-25_6 fixes one issue. The following security issue was fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-1738=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-25_6-default-2-2.1 kernel-livepatch-4_12_14-25_6-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1099306 From sle-security-updates at lists.suse.com Tue Aug 21 13:08:52 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Aug 2018 21:08:52 +0200 (CEST) Subject: SUSE-SU-2018:2474-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15) Message-ID: <20180821190852.80E2CFCCF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2474-1 Rating: important References: #1097108 #1099258 #1099306 #1102682 #1103203 Cross-References: CVE-2017-18344 CVE-2018-10853 CVE-2018-12904 CVE-2018-3646 CVE-2018-5390 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-23 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2018-12904: In arch/x86/kvm/vmx.c local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL (bsc#1099258). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-1739=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-23-default-2-4.1 kernel-livepatch-4_12_14-23-default-debuginfo-2-4.1 kernel-livepatch-SLE15_Update_0-debugsource-2-4.1 References: https://www.suse.com/security/cve/CVE-2017-18344.html https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-12904.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099258 https://bugzilla.suse.com/1099306 https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1103203 From sle-security-updates at lists.suse.com Wed Aug 22 04:11:41 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Aug 2018 12:11:41 +0200 (CEST) Subject: SUSE-SU-2018:2475-1: moderate: Security update for ImageMagick Message-ID: <20180822101141.85F02FCD2@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2475-1 Rating: moderate References: #1094741 #1102003 #1102004 #1102005 #1102007 Cross-References: CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: * CVE-2018-14434: A memory leak for a colormap in WriteMPCImage incoders/mpc.c was fixed. (bsc#1102003) * CVE-2018-14435: A memory leak in DecodeImage in coders/pcd.c was fixed. (bsc#1102007) * CVE-2018-14436: A memory leak in ReadMIFFImage in coders/miff.c was fixed. (bsc#1102005) * CVE-2018-14437: A memory leak in parse8BIM in coders/meta.c was fixed. (bsc#1102004) Bug fix: - bsc#1094741: Fix unexpected result with `convert -compose`. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1740=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1740=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.14.1 ImageMagick-debugsource-7.0.7.34-3.14.1 perl-PerlMagick-7.0.7.34-3.14.1 perl-PerlMagick-debuginfo-7.0.7.34-3.14.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.14.1 ImageMagick-debuginfo-7.0.7.34-3.14.1 ImageMagick-debugsource-7.0.7.34-3.14.1 ImageMagick-devel-7.0.7.34-3.14.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.14.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.14.1 libMagick++-devel-7.0.7.34-3.14.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.14.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.14.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.14.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.14.1 References: https://www.suse.com/security/cve/CVE-2018-14434.html https://www.suse.com/security/cve/CVE-2018-14435.html https://www.suse.com/security/cve/CVE-2018-14436.html https://www.suse.com/security/cve/CVE-2018-14437.html https://bugzilla.suse.com/1094741 https://bugzilla.suse.com/1102003 https://bugzilla.suse.com/1102004 https://bugzilla.suse.com/1102005 https://bugzilla.suse.com/1102007 From sle-security-updates at lists.suse.com Wed Aug 22 07:39:54 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Aug 2018 15:39:54 +0200 (CEST) Subject: SUSE-SU-2018:2478-1: important: Security update for ceph Message-ID: <20180822133954.51341FCCF@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2478-1 Rating: important References: #1092874 #1094932 #1096748 #1099162 Cross-References: CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for ceph fixes the following issues: - Update to version 12.2.7-420-gc0ef85b854: * https://ceph.com/releases/12-2-7-luminous-released/ * luminous: osd: eternal stuck PG in 'unfound_recovery' (bsc#1094932) * bluestore: db.slow used when db is not full (bsc#1092874) * CVE-2018-10861: Ensure that ceph-mon does perform authorization on all OSD pool ops (bsc#1099162). * CVE-2018-1129: cephx signature check bypass (bsc#1096748). * CVE-2018-1128: cephx protocol was vulnerable to replay attack (bsc#1096748). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1494=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1494=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1494=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.7+git.1531910353.c0ef85b854-2.12.1 libcephfs-devel-12.2.7+git.1531910353.c0ef85b854-2.12.1 librados-devel-12.2.7+git.1531910353.c0ef85b854-2.12.1 librados-devel-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 librbd-devel-12.2.7+git.1531910353.c0ef85b854-2.12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.7+git.1531910353.c0ef85b854-2.12.1 ceph-common-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 ceph-debugsource-12.2.7+git.1531910353.c0ef85b854-2.12.1 libcephfs2-12.2.7+git.1531910353.c0ef85b854-2.12.1 libcephfs2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 librados2-12.2.7+git.1531910353.c0ef85b854-2.12.1 librados2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 libradosstriper1-12.2.7+git.1531910353.c0ef85b854-2.12.1 libradosstriper1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 librbd1-12.2.7+git.1531910353.c0ef85b854-2.12.1 librbd1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 librgw2-12.2.7+git.1531910353.c0ef85b854-2.12.1 librgw2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-cephfs-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-cephfs-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rados-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rados-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rbd-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rbd-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rgw-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rgw-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ceph-common-12.2.7+git.1531910353.c0ef85b854-2.12.1 ceph-common-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 ceph-debugsource-12.2.7+git.1531910353.c0ef85b854-2.12.1 libcephfs2-12.2.7+git.1531910353.c0ef85b854-2.12.1 libcephfs2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 librados2-12.2.7+git.1531910353.c0ef85b854-2.12.1 librados2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 libradosstriper1-12.2.7+git.1531910353.c0ef85b854-2.12.1 libradosstriper1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 librbd1-12.2.7+git.1531910353.c0ef85b854-2.12.1 librbd1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 librgw2-12.2.7+git.1531910353.c0ef85b854-2.12.1 librgw2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-cephfs-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-cephfs-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rados-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rados-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rbd-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rbd-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rgw-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rgw-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 - SUSE CaaS Platform ALL (x86_64): ceph-common-12.2.7+git.1531910353.c0ef85b854-2.12.1 ceph-common-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 ceph-debugsource-12.2.7+git.1531910353.c0ef85b854-2.12.1 libcephfs2-12.2.7+git.1531910353.c0ef85b854-2.12.1 libcephfs2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 librados2-12.2.7+git.1531910353.c0ef85b854-2.12.1 librados2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 libradosstriper1-12.2.7+git.1531910353.c0ef85b854-2.12.1 libradosstriper1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 librbd1-12.2.7+git.1531910353.c0ef85b854-2.12.1 librbd1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 librgw2-12.2.7+git.1531910353.c0ef85b854-2.12.1 librgw2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-cephfs-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-cephfs-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rados-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rados-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rbd-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rbd-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rgw-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rgw-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 - SUSE CaaS Platform 3.0 (x86_64): ceph-common-12.2.7+git.1531910353.c0ef85b854-2.12.1 ceph-common-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 ceph-debugsource-12.2.7+git.1531910353.c0ef85b854-2.12.1 libcephfs2-12.2.7+git.1531910353.c0ef85b854-2.12.1 libcephfs2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 librados2-12.2.7+git.1531910353.c0ef85b854-2.12.1 librados2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 libradosstriper1-12.2.7+git.1531910353.c0ef85b854-2.12.1 libradosstriper1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 librbd1-12.2.7+git.1531910353.c0ef85b854-2.12.1 librbd1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 librgw2-12.2.7+git.1531910353.c0ef85b854-2.12.1 librgw2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-cephfs-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-cephfs-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rados-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rados-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rbd-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rbd-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rgw-12.2.7+git.1531910353.c0ef85b854-2.12.1 python-rgw-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1 References: https://www.suse.com/security/cve/CVE-2018-10861.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://bugzilla.suse.com/1092874 https://bugzilla.suse.com/1094932 https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1099162 From sle-security-updates at lists.suse.com Wed Aug 22 13:07:39 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Aug 2018 21:07:39 +0200 (CEST) Subject: SUSE-SU-2018:2480-1: important: Security update for xen Message-ID: <20180822190739.57E34FCCF@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2480-1 Rating: important References: #1027519 #1091107 Cross-References: CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following security issue: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1743=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1743=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): xen-4.5.5_26-22.55.2 xen-debugsource-4.5.5_26-22.55.2 xen-doc-html-4.5.5_26-22.55.2 xen-kmp-default-4.5.5_26_k3.12.74_60.64.99-22.55.2 xen-kmp-default-debuginfo-4.5.5_26_k3.12.74_60.64.99-22.55.2 xen-libs-32bit-4.5.5_26-22.55.2 xen-libs-4.5.5_26-22.55.2 xen-libs-debuginfo-32bit-4.5.5_26-22.55.2 xen-libs-debuginfo-4.5.5_26-22.55.2 xen-tools-4.5.5_26-22.55.2 xen-tools-debuginfo-4.5.5_26-22.55.2 xen-tools-domU-4.5.5_26-22.55.2 xen-tools-domU-debuginfo-4.5.5_26-22.55.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): xen-4.5.5_26-22.55.2 xen-debugsource-4.5.5_26-22.55.2 xen-doc-html-4.5.5_26-22.55.2 xen-kmp-default-4.5.5_26_k3.12.74_60.64.99-22.55.2 xen-kmp-default-debuginfo-4.5.5_26_k3.12.74_60.64.99-22.55.2 xen-libs-32bit-4.5.5_26-22.55.2 xen-libs-4.5.5_26-22.55.2 xen-libs-debuginfo-32bit-4.5.5_26-22.55.2 xen-libs-debuginfo-4.5.5_26-22.55.2 xen-tools-4.5.5_26-22.55.2 xen-tools-debuginfo-4.5.5_26-22.55.2 xen-tools-domU-4.5.5_26-22.55.2 xen-tools-domU-debuginfo-4.5.5_26-22.55.2 References: https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1091107 From sle-security-updates at lists.suse.com Wed Aug 22 13:08:23 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Aug 2018 21:08:23 +0200 (CEST) Subject: SUSE-SU-2018:2481-1: moderate: Security update for podofo Message-ID: <20180822190823.90445FCCF@maintenance.suse.de> SUSE Security Update: Security update for podofo ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2481-1 Rating: moderate References: #1023067 #1023069 #1023070 #1023071 #1023380 #1027778 #1027782 #1027787 #1032017 #1032018 #1032019 #1035534 #1035596 #1037739 #1075772 #1084894 Cross-References: CVE-2017-5852 CVE-2017-5853 CVE-2017-5854 CVE-2017-5855 CVE-2017-5886 CVE-2017-6840 CVE-2017-6844 CVE-2017-6847 CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7994 CVE-2017-8054 CVE-2017-8787 CVE-2018-5308 CVE-2018-8001 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for podofo fixes the following issues: - CVE-2017-5852: The PoDoFo::PdfPage::GetInheritedKeyFromObject function allowed remote attackers to cause a denial of service (infinite loop) via a crafted file (bsc#1023067). - CVE-2017-5853: Integer overflow allowed remote attackers to have unspecified impact via a crafted file (bsc#1023069). - CVE-2017-5854: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted file (bsc#1023070). - CVE-2017-5855: The PoDoFo::PdfParser::ReadXRefSubsection function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1023071). - CVE-2017-5886: Prevent heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function that allowed remote attackers to have unspecified impact via a crafted file (bsc#1023380). - CVE-2017-6847: The PoDoFo::PdfVariant::DelayedLoad function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027778). - CVE-2017-6844: Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function allowed remote attackers to have unspecified impact via a crafted file (bsc#1027782). - CVE-2017-6840: The ColorChanger::GetColorFromStack function allowed remote attackers to cause a denial of service (invalid read) via a crafted file (bsc#1027787). - CVE-2017-7378: The PoDoFo::PdfPainter::ExpandTabs function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document (bsc#1032017). - CVE-2017-7379: The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document (bsc#1032018). - CVE-2017-7380: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032019). - CVE-2017-7994: The function TextExtractor::ExtractText allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document (bsc#1035534). - CVE-2017-8054: The function PdfPagesTree::GetPageNodeFromArray allowed remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document (bsc#1035596). - CVE-2017-8787: The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file (bsc#1037739). - CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772). - CVE-2018-8001: Prevent heap-based buffer over-read vulnerability in UnescapeName() that allowed remote attackers to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file (bsc#1084894). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1744=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1744=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1744=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libpodofo0_9_2-0.9.2-3.3.1 libpodofo0_9_2-debuginfo-0.9.2-3.3.1 podofo-debuginfo-0.9.2-3.3.1 podofo-debugsource-0.9.2-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.2-3.3.1 podofo-debuginfo-0.9.2-3.3.1 podofo-debugsource-0.9.2-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpodofo0_9_2-0.9.2-3.3.1 libpodofo0_9_2-debuginfo-0.9.2-3.3.1 podofo-debuginfo-0.9.2-3.3.1 podofo-debugsource-0.9.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-5852.html https://www.suse.com/security/cve/CVE-2017-5853.html https://www.suse.com/security/cve/CVE-2017-5854.html https://www.suse.com/security/cve/CVE-2017-5855.html https://www.suse.com/security/cve/CVE-2017-5886.html https://www.suse.com/security/cve/CVE-2017-6840.html https://www.suse.com/security/cve/CVE-2017-6844.html https://www.suse.com/security/cve/CVE-2017-6847.html https://www.suse.com/security/cve/CVE-2017-7378.html https://www.suse.com/security/cve/CVE-2017-7379.html https://www.suse.com/security/cve/CVE-2017-7380.html https://www.suse.com/security/cve/CVE-2017-7994.html https://www.suse.com/security/cve/CVE-2017-8054.html https://www.suse.com/security/cve/CVE-2017-8787.html https://www.suse.com/security/cve/CVE-2018-5308.html https://www.suse.com/security/cve/CVE-2018-8001.html https://bugzilla.suse.com/1023067 https://bugzilla.suse.com/1023069 https://bugzilla.suse.com/1023070 https://bugzilla.suse.com/1023071 https://bugzilla.suse.com/1023380 https://bugzilla.suse.com/1027778 https://bugzilla.suse.com/1027782 https://bugzilla.suse.com/1027787 https://bugzilla.suse.com/1032017 https://bugzilla.suse.com/1032018 https://bugzilla.suse.com/1032019 https://bugzilla.suse.com/1035534 https://bugzilla.suse.com/1035596 https://bugzilla.suse.com/1037739 https://bugzilla.suse.com/1075772 https://bugzilla.suse.com/1084894 From sle-security-updates at lists.suse.com Wed Aug 22 13:10:54 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Aug 2018 21:10:54 +0200 (CEST) Subject: SUSE-SU-2018:2482-1: important: Security update for xen Message-ID: <20180822191054.CEB70FCCF@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2482-1 Rating: important References: #1027519 #1091107 #1092631 #1101684 #1102116 Cross-References: CVE-2018-3646 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for xen fixes the following issues: This security issue was fixed: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). These non-security issues were fixed: - bsc#1102116: SSBD is not virtualized for guests - bsc#1092631: Preserve the xl dmesg output after boot for determining what speculative mitigations have been detected by the hypervisor. - bsc#1101684: Make xen able to disable the visibility of the new CPU flags. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-13749=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-13749=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-13749=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_36-61.37.2 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_36_3.0.101_108.68-61.37.2 xen-libs-4.4.4_36-61.37.2 xen-tools-domU-4.4.4_36-61.37.2 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_36-61.37.2 xen-doc-html-4.4.4_36-61.37.2 xen-libs-32bit-4.4.4_36-61.37.2 xen-tools-4.4.4_36-61.37.2 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_36_3.0.101_108.68-61.37.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_36-61.37.2 xen-debugsource-4.4.4_36-61.37.2 References: https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1091107 https://bugzilla.suse.com/1092631 https://bugzilla.suse.com/1101684 https://bugzilla.suse.com/1102116 From sle-security-updates at lists.suse.com Thu Aug 23 09:49:07 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Aug 2018 17:49:07 +0200 (CEST) Subject: SUSE-SU-2018:2483-1: important: Security update for xen Message-ID: <20180823154907.EECABFCF0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2483-1 Rating: important References: #1027519 #1091107 #1101684 #1102116 Cross-References: CVE-2018-3646 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for xen fixes the following issues: This security issue was fixed: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). These non-security issue were fixed: - bsc#1102116: SSBD is not virtualized for guests - bsc#1101684: Not able to disable the visibility of the new CPU flags Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1746=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_36-22.74.1 xen-debugsource-4.4.4_36-22.74.1 xen-doc-html-4.4.4_36-22.74.1 xen-kmp-default-4.4.4_36_k3.12.61_52.141-22.74.1 xen-kmp-default-debuginfo-4.4.4_36_k3.12.61_52.141-22.74.1 xen-libs-32bit-4.4.4_36-22.74.1 xen-libs-4.4.4_36-22.74.1 xen-libs-debuginfo-32bit-4.4.4_36-22.74.1 xen-libs-debuginfo-4.4.4_36-22.74.1 xen-tools-4.4.4_36-22.74.1 xen-tools-debuginfo-4.4.4_36-22.74.1 xen-tools-domU-4.4.4_36-22.74.1 xen-tools-domU-debuginfo-4.4.4_36-22.74.1 References: https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1091107 https://bugzilla.suse.com/1101684 https://bugzilla.suse.com/1102116 From sle-security-updates at lists.suse.com Thu Aug 23 13:07:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Aug 2018 21:07:48 +0200 (CEST) Subject: SUSE-SU-2018:2485-1: moderate: Security update for libreoffice Message-ID: <20180823190748.5279FFD03@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2485-1 Rating: moderate References: #1050305 #1088262 #1088263 #1091606 #1091772 #1092699 #1094359 #1095601 #1095639 #1096673 #1098891 Cross-References: CVE-2018-10583 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update for libreoffice to 6.0.5.2 fixes the following issues: Security issues fixed: - CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606) Non security issues fixed: - Bugfix: Table borders appear black in LibreOffice (while white in PowerPoint) (bsc#1088262) - Bugfix: LibreOffice extension 'Language Tool' fails after Tumbleweed update (bsc#1050305) - Bugfix: libreoffice-gnome can no longer be installed in parallel to libreoffice-gtk3 as there is a potential file conflict (bsc#1096673) - Bugfix: LibreOffice Writer: Text in boxes were not visible (bsc#1094359) - Use libreoffice-gtk3 if xfce is present (bsc#1092699) - Various other bug fixes - Exporting to PPTX results in vertical labels being shown horizontally (bsc#1095639) - Table in PPTX misplaced and partly blue (bsc#1098891) - Labels in chart change (from white and other colors) to black when saving as PPTX (bsc#1088263) - Exporting to PPTX shifts arrow shapes quite a bit bsc#1095601 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-1748=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1748=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1748=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libreoffice-branding-upstream-6.0.5.2-43.38.5 libreoffice-icon-themes-6.0.5.2-43.38.5 libreoffice-l10n-af-6.0.5.2-43.38.5 libreoffice-l10n-ar-6.0.5.2-43.38.5 libreoffice-l10n-bg-6.0.5.2-43.38.5 libreoffice-l10n-ca-6.0.5.2-43.38.5 libreoffice-l10n-cs-6.0.5.2-43.38.5 libreoffice-l10n-da-6.0.5.2-43.38.5 libreoffice-l10n-de-6.0.5.2-43.38.5 libreoffice-l10n-en-6.0.5.2-43.38.5 libreoffice-l10n-es-6.0.5.2-43.38.5 libreoffice-l10n-fi-6.0.5.2-43.38.5 libreoffice-l10n-fr-6.0.5.2-43.38.5 libreoffice-l10n-gu-6.0.5.2-43.38.5 libreoffice-l10n-hi-6.0.5.2-43.38.5 libreoffice-l10n-hr-6.0.5.2-43.38.5 libreoffice-l10n-hu-6.0.5.2-43.38.5 libreoffice-l10n-it-6.0.5.2-43.38.5 libreoffice-l10n-ja-6.0.5.2-43.38.5 libreoffice-l10n-ko-6.0.5.2-43.38.5 libreoffice-l10n-lt-6.0.5.2-43.38.5 libreoffice-l10n-nb-6.0.5.2-43.38.5 libreoffice-l10n-nl-6.0.5.2-43.38.5 libreoffice-l10n-nn-6.0.5.2-43.38.5 libreoffice-l10n-pl-6.0.5.2-43.38.5 libreoffice-l10n-pt_BR-6.0.5.2-43.38.5 libreoffice-l10n-pt_PT-6.0.5.2-43.38.5 libreoffice-l10n-ro-6.0.5.2-43.38.5 libreoffice-l10n-ru-6.0.5.2-43.38.5 libreoffice-l10n-sk-6.0.5.2-43.38.5 libreoffice-l10n-sv-6.0.5.2-43.38.5 libreoffice-l10n-uk-6.0.5.2-43.38.5 libreoffice-l10n-xh-6.0.5.2-43.38.5 libreoffice-l10n-zh_CN-6.0.5.2-43.38.5 libreoffice-l10n-zh_TW-6.0.5.2-43.38.5 libreoffice-l10n-zu-6.0.5.2-43.38.5 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libreoffice-6.0.5.2-43.38.5 libreoffice-base-6.0.5.2-43.38.5 libreoffice-base-debuginfo-6.0.5.2-43.38.5 libreoffice-base-drivers-mysql-6.0.5.2-43.38.5 libreoffice-base-drivers-mysql-debuginfo-6.0.5.2-43.38.5 libreoffice-base-drivers-postgresql-6.0.5.2-43.38.5 libreoffice-base-drivers-postgresql-debuginfo-6.0.5.2-43.38.5 libreoffice-calc-6.0.5.2-43.38.5 libreoffice-calc-debuginfo-6.0.5.2-43.38.5 libreoffice-calc-extensions-6.0.5.2-43.38.5 libreoffice-debuginfo-6.0.5.2-43.38.5 libreoffice-debugsource-6.0.5.2-43.38.5 libreoffice-draw-6.0.5.2-43.38.5 libreoffice-draw-debuginfo-6.0.5.2-43.38.5 libreoffice-filters-optional-6.0.5.2-43.38.5 libreoffice-gnome-6.0.5.2-43.38.5 libreoffice-gnome-debuginfo-6.0.5.2-43.38.5 libreoffice-gtk2-6.0.5.2-43.38.5 libreoffice-gtk2-debuginfo-6.0.5.2-43.38.5 libreoffice-impress-6.0.5.2-43.38.5 libreoffice-impress-debuginfo-6.0.5.2-43.38.5 libreoffice-mailmerge-6.0.5.2-43.38.5 libreoffice-math-6.0.5.2-43.38.5 libreoffice-math-debuginfo-6.0.5.2-43.38.5 libreoffice-officebean-6.0.5.2-43.38.5 libreoffice-officebean-debuginfo-6.0.5.2-43.38.5 libreoffice-pyuno-6.0.5.2-43.38.5 libreoffice-pyuno-debuginfo-6.0.5.2-43.38.5 libreoffice-writer-6.0.5.2-43.38.5 libreoffice-writer-debuginfo-6.0.5.2-43.38.5 libreoffice-writer-extensions-6.0.5.2-43.38.5 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): libreoffice-debuginfo-6.0.5.2-43.38.5 libreoffice-debugsource-6.0.5.2-43.38.5 libreoffice-sdk-6.0.5.2-43.38.5 libreoffice-sdk-debuginfo-6.0.5.2-43.38.5 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libreoffice-branding-upstream-6.0.5.2-43.38.5 libreoffice-icon-themes-6.0.5.2-43.38.5 libreoffice-l10n-af-6.0.5.2-43.38.5 libreoffice-l10n-ar-6.0.5.2-43.38.5 libreoffice-l10n-ca-6.0.5.2-43.38.5 libreoffice-l10n-cs-6.0.5.2-43.38.5 libreoffice-l10n-da-6.0.5.2-43.38.5 libreoffice-l10n-de-6.0.5.2-43.38.5 libreoffice-l10n-en-6.0.5.2-43.38.5 libreoffice-l10n-es-6.0.5.2-43.38.5 libreoffice-l10n-fi-6.0.5.2-43.38.5 libreoffice-l10n-fr-6.0.5.2-43.38.5 libreoffice-l10n-gu-6.0.5.2-43.38.5 libreoffice-l10n-hi-6.0.5.2-43.38.5 libreoffice-l10n-hu-6.0.5.2-43.38.5 libreoffice-l10n-it-6.0.5.2-43.38.5 libreoffice-l10n-ja-6.0.5.2-43.38.5 libreoffice-l10n-ko-6.0.5.2-43.38.5 libreoffice-l10n-nb-6.0.5.2-43.38.5 libreoffice-l10n-nl-6.0.5.2-43.38.5 libreoffice-l10n-nn-6.0.5.2-43.38.5 libreoffice-l10n-pl-6.0.5.2-43.38.5 libreoffice-l10n-pt_BR-6.0.5.2-43.38.5 libreoffice-l10n-pt_PT-6.0.5.2-43.38.5 libreoffice-l10n-ro-6.0.5.2-43.38.5 libreoffice-l10n-ru-6.0.5.2-43.38.5 libreoffice-l10n-sk-6.0.5.2-43.38.5 libreoffice-l10n-sv-6.0.5.2-43.38.5 libreoffice-l10n-xh-6.0.5.2-43.38.5 libreoffice-l10n-zh_CN-6.0.5.2-43.38.5 libreoffice-l10n-zh_TW-6.0.5.2-43.38.5 libreoffice-l10n-zu-6.0.5.2-43.38.5 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libreoffice-6.0.5.2-43.38.5 libreoffice-base-6.0.5.2-43.38.5 libreoffice-base-debuginfo-6.0.5.2-43.38.5 libreoffice-base-drivers-mysql-6.0.5.2-43.38.5 libreoffice-base-drivers-mysql-debuginfo-6.0.5.2-43.38.5 libreoffice-base-drivers-postgresql-6.0.5.2-43.38.5 libreoffice-base-drivers-postgresql-debuginfo-6.0.5.2-43.38.5 libreoffice-calc-6.0.5.2-43.38.5 libreoffice-calc-debuginfo-6.0.5.2-43.38.5 libreoffice-calc-extensions-6.0.5.2-43.38.5 libreoffice-debuginfo-6.0.5.2-43.38.5 libreoffice-debugsource-6.0.5.2-43.38.5 libreoffice-draw-6.0.5.2-43.38.5 libreoffice-draw-debuginfo-6.0.5.2-43.38.5 libreoffice-filters-optional-6.0.5.2-43.38.5 libreoffice-gnome-6.0.5.2-43.38.5 libreoffice-gnome-debuginfo-6.0.5.2-43.38.5 libreoffice-gtk2-6.0.5.2-43.38.5 libreoffice-gtk2-debuginfo-6.0.5.2-43.38.5 libreoffice-impress-6.0.5.2-43.38.5 libreoffice-impress-debuginfo-6.0.5.2-43.38.5 libreoffice-mailmerge-6.0.5.2-43.38.5 libreoffice-math-6.0.5.2-43.38.5 libreoffice-math-debuginfo-6.0.5.2-43.38.5 libreoffice-officebean-6.0.5.2-43.38.5 libreoffice-officebean-debuginfo-6.0.5.2-43.38.5 libreoffice-pyuno-6.0.5.2-43.38.5 libreoffice-pyuno-debuginfo-6.0.5.2-43.38.5 libreoffice-writer-6.0.5.2-43.38.5 libreoffice-writer-debuginfo-6.0.5.2-43.38.5 libreoffice-writer-extensions-6.0.5.2-43.38.5 References: https://www.suse.com/security/cve/CVE-2018-10583.html https://bugzilla.suse.com/1050305 https://bugzilla.suse.com/1088262 https://bugzilla.suse.com/1088263 https://bugzilla.suse.com/1091606 https://bugzilla.suse.com/1091772 https://bugzilla.suse.com/1092699 https://bugzilla.suse.com/1094359 https://bugzilla.suse.com/1095601 https://bugzilla.suse.com/1095639 https://bugzilla.suse.com/1096673 https://bugzilla.suse.com/1098891 From sle-security-updates at lists.suse.com Thu Aug 23 13:09:40 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Aug 2018 21:09:40 +0200 (CEST) Subject: SUSE-SU-2018:2486-1: moderate: Security update for openssl Message-ID: <20180823190940.92B89FD03@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2486-1 Rating: moderate References: #1089039 Cross-References: CVE-2018-0737 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-openssl-13750=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openssl-13750=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssl-13750=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-13750=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.106.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.106.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libopenssl-devel-32bit-0.9.8j-0.106.15.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.106.15.1 libopenssl0_9_8-hmac-0.9.8j-0.106.15.1 openssl-0.9.8j-0.106.15.1 openssl-doc-0.9.8j-0.106.15.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.106.15.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.15.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libopenssl0_9_8-x86-0.9.8j-0.106.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.15.1 openssl-debugsource-0.9.8j-0.106.15.1 References: https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1089039 From sle-security-updates at lists.suse.com Fri Aug 24 09:03:30 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Aug 2018 17:03:30 +0200 (CEST) Subject: SUSE-SU-2018:2492-1: moderate: Security update for openssl Message-ID: <20180824150330.6328BFD16@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2492-1 Rating: moderate References: #1089039 Cross-References: CVE-2018-0737 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1752=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1752=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libopenssl1_0_0-1.0.1i-54.17.1 libopenssl1_0_0-debuginfo-1.0.1i-54.17.1 libopenssl1_0_0-hmac-1.0.1i-54.17.1 openssl-1.0.1i-54.17.1 openssl-debuginfo-1.0.1i-54.17.1 openssl-debugsource-1.0.1i-54.17.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libopenssl1_0_0-32bit-1.0.1i-54.17.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.17.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.17.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): openssl-doc-1.0.1i-54.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-54.17.1 libopenssl1_0_0-debuginfo-1.0.1i-54.17.1 libopenssl1_0_0-hmac-1.0.1i-54.17.1 openssl-1.0.1i-54.17.1 openssl-debuginfo-1.0.1i-54.17.1 openssl-debugsource-1.0.1i-54.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-54.17.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.17.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): openssl-doc-1.0.1i-54.17.1 References: https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1089039 From sle-security-updates at lists.suse.com Fri Aug 24 10:07:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Aug 2018 18:07:58 +0200 (CEST) Subject: SUSE-SU-2018:2493-1: moderate: Security update for python Message-ID: <20180824160758.09D23FD16@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2493-1 Rating: moderate References: #1083507 Cross-References: CVE-2017-18207 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): libpython2_7-1_0-2.7.13-28.11.2 libpython2_7-1_0-debuginfo-2.7.13-28.11.2 python-2.7.13-28.11.1 python-base-2.7.13-28.11.2 python-base-debuginfo-2.7.13-28.11.2 python-base-debugsource-2.7.13-28.11.2 python-debuginfo-2.7.13-28.11.1 python-debugsource-2.7.13-28.11.1 python-xml-2.7.13-28.11.2 python-xml-debuginfo-2.7.13-28.11.2 References: https://www.suse.com/security/cve/CVE-2017-18207.html https://bugzilla.suse.com/1083507 From sle-security-updates at lists.suse.com Mon Aug 27 07:08:04 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Aug 2018 15:08:04 +0200 (CEST) Subject: SUSE-SU-2018:2527-1: moderate: Security update for gdm Message-ID: <20180827130804.6A768FC9F@maintenance.suse.de> SUSE Security Update: Security update for gdm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2527-1 Rating: moderate References: #1103737 Cross-References: CVE-2018-14424 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gdm fixes the following security issue: - CVE-2018-14424: The daemon in GDM did not properly unexport display objects from its D-Bus interface when they are destroyed, which allowed a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution (bsc#1103737). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1765=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1765=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1765=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gdm-debuginfo-3.10.0.1-54.6.3 gdm-debugsource-3.10.0.1-54.6.3 gdm-devel-3.10.0.1-54.6.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.6.3 gdm-debuginfo-3.10.0.1-54.6.3 gdm-debugsource-3.10.0.1-54.6.3 libgdm1-3.10.0.1-54.6.3 libgdm1-debuginfo-3.10.0.1-54.6.3 typelib-1_0-Gdm-1_0-3.10.0.1-54.6.3 - SUSE Linux Enterprise Server 12-SP3 (noarch): gdm-lang-3.10.0.1-54.6.3 gdmflexiserver-3.10.0.1-54.6.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gdm-3.10.0.1-54.6.3 gdm-debuginfo-3.10.0.1-54.6.3 gdm-debugsource-3.10.0.1-54.6.3 libgdm1-3.10.0.1-54.6.3 libgdm1-debuginfo-3.10.0.1-54.6.3 typelib-1_0-Gdm-1_0-3.10.0.1-54.6.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gdm-lang-3.10.0.1-54.6.3 gdmflexiserver-3.10.0.1-54.6.3 References: https://www.suse.com/security/cve/CVE-2018-14424.html https://bugzilla.suse.com/1103737 From sle-security-updates at lists.suse.com Mon Aug 27 07:08:36 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Aug 2018 15:08:36 +0200 (CEST) Subject: SUSE-SU-2018:2528-1: important: Security update for xen Message-ID: <20180827130836.5355FFC9F@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2528-1 Rating: important References: #1027519 #1074562 #1079730 #1090822 #1090823 #1091107 #1092631 #1095242 #1096224 #1097206 #1097521 #1097522 #1098744 Cross-References: CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-10981 CVE-2018-10982 CVE-2018-11806 CVE-2018-12617 CVE-2018-12891 CVE-2018-12893 CVE-2018-3639 CVE-2018-3646 CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: These security issue were fixed: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - CVE-2018-12617: An integer overflow that could cause a segmentation fault in qmp_guest_file_read() with g_malloc() in qemu-guest-agent was fixed (bsc#1098744) - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. (bsc#1095242) - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (bsc#1092631) - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1074562) - CVE-2017-5754: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. (bsc#1074562) - CVE-2018-12891: Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. (bsc#1097521) - CVE-2018-12893: One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. (bsc#1097522) - CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. (bsc#1096224) - CVE-2018-10982: An issue was discovered in Xen allowed x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. (bsc#1090822) - CVE-2018-10981: An issue was discovered in Xen that allowed x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. (bsc#1090823) Following bugs were fixed: - After updating to kernel 3.0.101-0.47.106.32-xen system crashes in check_bugs() (bsc#1097206) - bsc#1079730 - in xen-kmp, unplug emulated devices after migration This is required since xen-4.10 and/or qemu-2.10 because the state of unplug is not propagated from one dom0 to another. Without this unplug qemu's block-backend will be unable to open qcow2 disks on the receiving dom0 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xen-13752=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-13752=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-13752=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): xen-kmp-default-4.2.5_21_3.0.101_0.47.106.43-45.25.1 xen-libs-4.2.5_21-45.25.1 xen-tools-domU-4.2.5_21-45.25.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): xen-4.2.5_21-45.25.1 xen-doc-html-4.2.5_21-45.25.1 xen-doc-pdf-4.2.5_21-45.25.1 xen-libs-32bit-4.2.5_21-45.25.1 xen-tools-4.2.5_21-45.25.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.43-45.25.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.106.43-45.25.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.43-45.25.1 xen-libs-4.2.5_21-45.25.1 xen-tools-domU-4.2.5_21-45.25.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_21-45.25.1 xen-debugsource-4.2.5_21-45.25.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2018-10981.html https://www.suse.com/security/cve/CVE-2018-10982.html https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-12891.html https://www.suse.com/security/cve/CVE-2018-12893.html https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-3646.html https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1079730 https://bugzilla.suse.com/1090822 https://bugzilla.suse.com/1090823 https://bugzilla.suse.com/1091107 https://bugzilla.suse.com/1092631 https://bugzilla.suse.com/1095242 https://bugzilla.suse.com/1096224 https://bugzilla.suse.com/1097206 https://bugzilla.suse.com/1097521 https://bugzilla.suse.com/1097522 https://bugzilla.suse.com/1098744 From sle-security-updates at lists.suse.com Mon Aug 27 07:11:51 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Aug 2018 15:11:51 +0200 (CEST) Subject: SUSE-SU-2018:2530-1: moderate: Security update for openssh Message-ID: <20180827131151.9FE99FC9F@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2530-1 Rating: moderate References: #1076957 Cross-References: CVE-2016-10708 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: Security issue fixed: - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1766=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1766=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1766=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1766=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1766=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): openssh-7.2p2-74.25.1 openssh-askpass-gnome-7.2p2-74.25.1 openssh-askpass-gnome-debuginfo-7.2p2-74.25.1 openssh-debuginfo-7.2p2-74.25.1 openssh-debugsource-7.2p2-74.25.1 openssh-fips-7.2p2-74.25.1 openssh-helpers-7.2p2-74.25.1 openssh-helpers-debuginfo-7.2p2-74.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openssh-7.2p2-74.25.1 openssh-askpass-gnome-7.2p2-74.25.1 openssh-askpass-gnome-debuginfo-7.2p2-74.25.1 openssh-debuginfo-7.2p2-74.25.1 openssh-debugsource-7.2p2-74.25.1 openssh-fips-7.2p2-74.25.1 openssh-helpers-7.2p2-74.25.1 openssh-helpers-debuginfo-7.2p2-74.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openssh-7.2p2-74.25.1 openssh-askpass-gnome-7.2p2-74.25.1 openssh-askpass-gnome-debuginfo-7.2p2-74.25.1 openssh-debuginfo-7.2p2-74.25.1 openssh-debugsource-7.2p2-74.25.1 openssh-fips-7.2p2-74.25.1 openssh-helpers-7.2p2-74.25.1 openssh-helpers-debuginfo-7.2p2-74.25.1 - SUSE Enterprise Storage 4 (x86_64): openssh-7.2p2-74.25.1 openssh-askpass-gnome-7.2p2-74.25.1 openssh-askpass-gnome-debuginfo-7.2p2-74.25.1 openssh-debuginfo-7.2p2-74.25.1 openssh-debugsource-7.2p2-74.25.1 openssh-fips-7.2p2-74.25.1 openssh-helpers-7.2p2-74.25.1 openssh-helpers-debuginfo-7.2p2-74.25.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): openssh-7.2p2-74.25.1 openssh-debuginfo-7.2p2-74.25.1 openssh-debugsource-7.2p2-74.25.1 References: https://www.suse.com/security/cve/CVE-2016-10708.html https://bugzilla.suse.com/1076957 From sle-security-updates at lists.suse.com Tue Aug 28 07:08:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Aug 2018 15:08:56 +0200 (CEST) Subject: SUSE-SU-2018:2535-1: moderate: Security update for libreoffice Message-ID: <20180828130856.A881FFD53@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2535-1 Rating: moderate References: #1050305 #1088262 #1091606 #1091772 #1092699 #1094359 #1096673 Cross-References: CVE-2018-10583 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for libreoffice to 6.0.5.2 fixes the following issues: Security issues fixed: - CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606) Non security issues fixed: - Bugfix: Table borders appear black in LibreOffice (while white in PowerPoint) (bsc#1088262) - Bugfix: LibreOffice extension 'Language Tool' fails after Tumbleweed update (bsc#1050305) - Bugfix: libreoffice-gnome can no longer be installed in parallel to libreoffice-gtk3 as there is a potential file conflict (bsc#1096673) - Bugfix: LibreOffice Writer: Text in boxes were not visible (bsc#1094359) - Use libreoffice-gtk3 if xfce is present (bsc#1092699) - Various other bug fixes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-1772=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): libreoffice-6.0.5.2-3.3.5 libreoffice-base-6.0.5.2-3.3.5 libreoffice-base-debuginfo-6.0.5.2-3.3.5 libreoffice-base-drivers-mysql-6.0.5.2-3.3.5 libreoffice-base-drivers-mysql-debuginfo-6.0.5.2-3.3.5 libreoffice-base-drivers-postgresql-6.0.5.2-3.3.5 libreoffice-base-drivers-postgresql-debuginfo-6.0.5.2-3.3.5 libreoffice-calc-6.0.5.2-3.3.5 libreoffice-calc-debuginfo-6.0.5.2-3.3.5 libreoffice-calc-extensions-6.0.5.2-3.3.5 libreoffice-debuginfo-6.0.5.2-3.3.5 libreoffice-debugsource-6.0.5.2-3.3.5 libreoffice-draw-6.0.5.2-3.3.5 libreoffice-draw-debuginfo-6.0.5.2-3.3.5 libreoffice-filters-optional-6.0.5.2-3.3.5 libreoffice-gnome-6.0.5.2-3.3.5 libreoffice-gnome-debuginfo-6.0.5.2-3.3.5 libreoffice-gtk3-6.0.5.2-3.3.5 libreoffice-gtk3-debuginfo-6.0.5.2-3.3.5 libreoffice-impress-6.0.5.2-3.3.5 libreoffice-impress-debuginfo-6.0.5.2-3.3.5 libreoffice-mailmerge-6.0.5.2-3.3.5 libreoffice-math-6.0.5.2-3.3.5 libreoffice-math-debuginfo-6.0.5.2-3.3.5 libreoffice-officebean-6.0.5.2-3.3.5 libreoffice-officebean-debuginfo-6.0.5.2-3.3.5 libreoffice-pyuno-6.0.5.2-3.3.5 libreoffice-pyuno-debuginfo-6.0.5.2-3.3.5 libreoffice-writer-6.0.5.2-3.3.5 libreoffice-writer-debuginfo-6.0.5.2-3.3.5 libreoffice-writer-extensions-6.0.5.2-3.3.5 libreofficekit-6.0.5.2-3.3.5 - SUSE Linux Enterprise Workstation Extension 15 (noarch): libreoffice-branding-upstream-6.0.5.2-3.3.5 libreoffice-icon-themes-6.0.5.2-3.3.5 libreoffice-l10n-af-6.0.5.2-3.3.5 libreoffice-l10n-ar-6.0.5.2-3.3.5 libreoffice-l10n-as-6.0.5.2-3.3.5 libreoffice-l10n-bg-6.0.5.2-3.3.5 libreoffice-l10n-bn-6.0.5.2-3.3.5 libreoffice-l10n-br-6.0.5.2-3.3.5 libreoffice-l10n-ca-6.0.5.2-3.3.5 libreoffice-l10n-cs-6.0.5.2-3.3.5 libreoffice-l10n-cy-6.0.5.2-3.3.5 libreoffice-l10n-da-6.0.5.2-3.3.5 libreoffice-l10n-de-6.0.5.2-3.3.5 libreoffice-l10n-dz-6.0.5.2-3.3.5 libreoffice-l10n-el-6.0.5.2-3.3.5 libreoffice-l10n-en-6.0.5.2-3.3.5 libreoffice-l10n-eo-6.0.5.2-3.3.5 libreoffice-l10n-es-6.0.5.2-3.3.5 libreoffice-l10n-et-6.0.5.2-3.3.5 libreoffice-l10n-eu-6.0.5.2-3.3.5 libreoffice-l10n-fa-6.0.5.2-3.3.5 libreoffice-l10n-fi-6.0.5.2-3.3.5 libreoffice-l10n-fr-6.0.5.2-3.3.5 libreoffice-l10n-ga-6.0.5.2-3.3.5 libreoffice-l10n-gl-6.0.5.2-3.3.5 libreoffice-l10n-gu-6.0.5.2-3.3.5 libreoffice-l10n-he-6.0.5.2-3.3.5 libreoffice-l10n-hi-6.0.5.2-3.3.5 libreoffice-l10n-hr-6.0.5.2-3.3.5 libreoffice-l10n-hu-6.0.5.2-3.3.5 libreoffice-l10n-it-6.0.5.2-3.3.5 libreoffice-l10n-ja-6.0.5.2-3.3.5 libreoffice-l10n-kk-6.0.5.2-3.3.5 libreoffice-l10n-kn-6.0.5.2-3.3.5 libreoffice-l10n-ko-6.0.5.2-3.3.5 libreoffice-l10n-lt-6.0.5.2-3.3.5 libreoffice-l10n-lv-6.0.5.2-3.3.5 libreoffice-l10n-mai-6.0.5.2-3.3.5 libreoffice-l10n-ml-6.0.5.2-3.3.5 libreoffice-l10n-mr-6.0.5.2-3.3.5 libreoffice-l10n-nb-6.0.5.2-3.3.5 libreoffice-l10n-nl-6.0.5.2-3.3.5 libreoffice-l10n-nn-6.0.5.2-3.3.5 libreoffice-l10n-nr-6.0.5.2-3.3.5 libreoffice-l10n-nso-6.0.5.2-3.3.5 libreoffice-l10n-or-6.0.5.2-3.3.5 libreoffice-l10n-pa-6.0.5.2-3.3.5 libreoffice-l10n-pl-6.0.5.2-3.3.5 libreoffice-l10n-pt_BR-6.0.5.2-3.3.5 libreoffice-l10n-pt_PT-6.0.5.2-3.3.5 libreoffice-l10n-ro-6.0.5.2-3.3.5 libreoffice-l10n-ru-6.0.5.2-3.3.5 libreoffice-l10n-si-6.0.5.2-3.3.5 libreoffice-l10n-sk-6.0.5.2-3.3.5 libreoffice-l10n-sl-6.0.5.2-3.3.5 libreoffice-l10n-sr-6.0.5.2-3.3.5 libreoffice-l10n-ss-6.0.5.2-3.3.5 libreoffice-l10n-st-6.0.5.2-3.3.5 libreoffice-l10n-sv-6.0.5.2-3.3.5 libreoffice-l10n-ta-6.0.5.2-3.3.5 libreoffice-l10n-te-6.0.5.2-3.3.5 libreoffice-l10n-th-6.0.5.2-3.3.5 libreoffice-l10n-tn-6.0.5.2-3.3.5 libreoffice-l10n-tr-6.0.5.2-3.3.5 libreoffice-l10n-ts-6.0.5.2-3.3.5 libreoffice-l10n-uk-6.0.5.2-3.3.5 libreoffice-l10n-ve-6.0.5.2-3.3.5 libreoffice-l10n-xh-6.0.5.2-3.3.5 libreoffice-l10n-zh_CN-6.0.5.2-3.3.5 libreoffice-l10n-zh_TW-6.0.5.2-3.3.5 libreoffice-l10n-zu-6.0.5.2-3.3.5 References: https://www.suse.com/security/cve/CVE-2018-10583.html https://bugzilla.suse.com/1050305 https://bugzilla.suse.com/1088262 https://bugzilla.suse.com/1091606 https://bugzilla.suse.com/1091772 https://bugzilla.suse.com/1092699 https://bugzilla.suse.com/1094359 https://bugzilla.suse.com/1096673 From sle-security-updates at lists.suse.com Tue Aug 28 07:10:23 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Aug 2018 15:10:23 +0200 (CEST) Subject: SUSE-SU-2018:2536-1: moderate: Security update for grafana, kafka, logstash and monasca-installer Message-ID: <20180828131023.39727FD53@maintenance.suse.de> SUSE Security Update: Security update for grafana, kafka, logstash and monasca-installer ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2536-1 Rating: moderate References: #1086909 #1090192 #1090343 #1090849 #1094448 #1095603 #1096985 #1102920 Cross-References: CVE-2018-12099 CVE-2018-1288 CVE-2018-3817 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update for grafana, kafka, logstash and monasca-installer fixes the following issues: The following security issues have been fixed: grafana: - CVE-2018-12099: Fix Cross-Site-Scripting (XSS) vulnerabilities in dashboard links. (bsc#1096985) kafka: - CVE-2018-1288: Authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. (bsc#1102920) logstash: - CVE-2018-3817: Fix potential leak of sensitive data when logging warnings about deprecated options. (bsc#1090849) Additionally, the following non-security issues have been fixed: monasca-installer: - Add complete set of elasticsearch performance tunables. - Update to version Build_20180427_14.04 (bsc#1090192, bsc#1090343) - Fix bad elasticsearch-curator configuration. (bsc#1090192) - Enable bootstrap.memory_lock for Elasticsearch. (bsc#1090343) logstash: - Declare Gemfile as config to prevent loss of installed plugins when updating. - Stop installing prebuilt jruby for non-x86. kafka: - Update to version 0.10.2.2 (bsc#1102920, CVE-2018-1288) - Add noreplace directive for /etc/kafka/server.properties. - Reduce package ownership of tmpfiles.d to bare minium. (SLE12 SP2) - Set log rotation options. (bsc#1094448) - Disable jmxremote debugging. (bsc#1095603) - Increase open file limits. (bsc#1086909) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1771=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): grafana-4.5.1-1.8.1 kafka-0.10.2.2-5.1 logstash-2.4.1-5.1 - SUSE OpenStack Cloud 7 (noarch): monasca-installer-20180608_12.47-9.1 References: https://www.suse.com/security/cve/CVE-2018-12099.html https://www.suse.com/security/cve/CVE-2018-1288.html https://www.suse.com/security/cve/CVE-2018-3817.html https://bugzilla.suse.com/1086909 https://bugzilla.suse.com/1090192 https://bugzilla.suse.com/1090343 https://bugzilla.suse.com/1090849 https://bugzilla.suse.com/1094448 https://bugzilla.suse.com/1095603 https://bugzilla.suse.com/1096985 https://bugzilla.suse.com/1102920 From sle-security-updates at lists.suse.com Tue Aug 28 10:10:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Aug 2018 18:10:06 +0200 (CEST) Subject: SUSE-SU-2018:2538-1: important: Security update for the Linux Kernel Message-ID: <20180828161006.A8587FD4A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2538-1 Rating: important References: #1046305 #1046306 #1046307 #1051510 #1065600 #1081917 #1083647 #1086288 #1086315 #1086317 #1086327 #1086331 #1086906 #1087092 #1090888 #1097104 #1097577 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1097808 #1100132 #1101480 #1101669 #1101822 #1102517 #1102715 #1103269 #1103277 #1103363 #1103445 #1103886 #1104353 #1104365 #1104427 #1104482 #1104494 #1104495 #1104683 #1104708 #1104777 #1104890 #1104897 #1105292 #1105296 #1105322 #1105355 #1105378 #1105396 #1105467 #1105731 #802154 #971975 Cross-References: CVE-2018-10853 CVE-2018-10902 CVE-2018-15572 CVE-2018-9363 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 52 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322). - CVE-2018-9363: A buffer overflow in bluetooth HID report processing could be used by malicious bluetooth devices to crash the kernel or potentially execute code (bnc#1105292). - CVE-2018-10853: A KVM guest userspace to guest kernel write was fixed, which could be used by guest users to crash the guest kernel (bnc#1097104). The following non-security bugs were fixed: - acpi / apei: Remove ghes_ioremap_area (bsc#1051510). - acpi / pci: Bail early in acpi_pci_add_bus() if there is no ACPI handle (bsc#1051510). - acpi / pm: save NVS memory for ASUS 1025C laptop (bsc#1051510). - affs_lookup(): close a race with affs_remove_link() (bsc#1105355). - alsa: cs5535audio: Fix invalid endian conversion (bsc#1051510). - alsa: hda: Correct Asrock B85M-ITX power_save blacklist entry (bsc#1051510). - alsa: hda - Sleep for 10ms after entering D3 on Conexant codecs (bsc#1051510). - alsa: hda - Turn CX8200 into D3 as well upon reboot (bsc#1051510). - alsa: memalloc: Do not exceed over the requested size (bsc#1051510). - alsa: snd-aoa: add of_node_put() in error path (bsc#1051510). - alsa: virmidi: Fix too long output trigger loop (bsc#1051510). - alsa: vx222: Fix invalid endian conversions (bsc#1051510). - alsa: vxpocket: Fix invalid endian conversions (bsc#1051510). - arm64: enable thunderx gpio driver - arm/asm/tlb.h: Fix build error implicit func declaration (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - asoc: dpcm: do not merge format from invalid codec dai (bsc#1051510). - asoc: es7134: remove 64kHz rate from the supported rates (bsc#1051510). - asoc: Intel: cht_bsw_max98090: remove useless code, align with ChromeOS driver (bsc#1051510). - asoc: Intel: cht_bsw_max98090_ti: Fix jack initialization (bsc#1051510). - asoc: msm8916-wcd-digital: fix RX2 MIX1 and RX3 MIX1 (bsc#1051510). - asoc: rsnd: cmd: Add missing newline to debug message (bsc#1051510). - asoc: sirf: Fix potential NULL pointer dereference (bsc#1051510). - asoc: zte: Fix incorrect PCM format bit usages (bsc#1051510). - ata: Fix ZBC_OUT all bit handling (bsc#1051510). - ata: Fix ZBC_OUT command block check (bsc#1051510). - ath10k: prevent active scans on potential unusable channels (bsc#1051510). - atm: horizon: Fix irq release error (bsc#1105355). - atm: Preserve value of skb->truesize when accounting to vcc (networking-stable-18_07_19). - atm: zatm: fix memcmp casting (bsc#1105355). - atm: zatm: Fix potential Spectre v1 (networking-stable-18_07_19). - audit: allow not equal op for audit by executable (bsc#1051510). - audit: Fix extended comparison of GID/EGID (bsc#1051510). - be2net: gather debug info and reset adapter (only for Lancer) on a tx-timeout (bsc#1086288). - be2net: Update the driver version to 12.0.0.0 (bsc#1086288 ). - binfmt_elf: Respect error return from `regset->active' (bsc#1051510). - bluetooth: avoid killing an already killed socket (bsc#1051510). - bluetooth: hidp: buffer overflow in hidp_process_report (bsc#1051510). - bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd (bsc#1083647). - brcmsmac: fix wrap around in conversion from constant to s16 (bsc#1051510). - clk: core: Potentially free connection id (bsc#1051510). - clk: imx6ul: fix missing of_node_put() (bsc#1051510). - clk: meson: gxbb: remove HHI_GEN_CLK_CTNL duplicate definition (bsc#1051510). - clk: mvebu: armada-38x: add support for 1866MHz variants (bsc#1105355). - clk: mvebu: armada-38x: add support for missing clocks (bsc#1105355). - clk: rockchip: fix clk_i2sout parent selection bits on rk3399 (bsc#1051510). - coresight: tpiu: Fix disabling timeouts (bsc#1051510). - cpufreq: CPPC: Do not set transition_latency (bsc#1101480). - cpufreq / CPPC: Set platform specific transition_delay_us (bsc#1101480). - cpufreq: CPPC: Use transition_delay_us depending transition_latency (bsc#1101480). - cpufreq: remove setting of policy->cpu in policy->cpus during init (bsc#1101480). - crypto: ablkcipher - fix crash flushing dcache in error path (bsc#1051510). - crypto: blkcipher - fix crash flushing dcache in error path (bsc#1051510). - crypto: ccp - Check for NULL PSP pointer at module unload (bsc#1051510). - crypto: ccp - Fix command completion detection race (bsc#1051510). - crypto: skcipher - fix aligning block size in skcipher_copy_iv() (bsc#1051510). - crypto: skcipher - fix crash flushing dcache in error path (bsc#1051510). - crypto: vmac - require a block cipher with 128-bit block size (bsc#1051510). - crypto: vmac - separate tfm and request context (bsc#1051510). - crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() (bsc#1051510). - cxgb4: Fix the condition to check if the card is T5 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - devicectree: bindings: fix location of leds common file (bsc#1051510). - dma-buf: remove redundant initialization of sg_table (bsc#1051510). - dmaengine: hsu: Support dmaengine_terminate_sync() (bsc#1051510). - dmaengine: idma64: Support dmaengine_terminate_sync() (bsc#1051510). - dmaengine: mv_xor_v2: kill the tasklets upon exit (bsc#1051510). - docs: zh_CN: fix location of oops-tracing.txt (bsc#1051510). - documentation: ip-sysctl.txt: document addr_gen_mode (bsc#1051510). - driver core: add __printf verification to __ata_ehi_pushv_desc (bsc#1051510). - drivers: hv: vmbus: do not mark HV_PCIE as perf_device (bsc#1051510). - drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() (bsc#1051510). - drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up (bsc#1101822). - drm/fb-helper: Fix typo on kerneldoc (bsc#1051510). - drm/i915/aml: Introducing Amber Lake platform (). - drm/i915/cfl: Add a new CFL PCI ID (). - drm/i915/gvt: Off by one in intel_vgpu_write_fence() (bsc#1051510). - drm/i915: Nuke the LVDS lid notifier (bsc#1051510). - drm/i915: Only show debug for state changes when banning (bsc#1051510). - drm/i915: Restore user forcewake domains across suspend (bsc#1100132). - drm/i915: Unmask user interrupts writes into HWSP on snb/ivb/vlv/hsw (bsc#1051510). - drm/i915/whl: Introducing Whiskey Lake platform (). - drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bsc#1051510). - drm/rockchip: lvds: add missing of_node_put (bsc#1051510). - edac: Add missing MEM_LRDDR4 entry in edac_mem_types[] (bsc#1103886). - edac, altera: Fix ARM64 build warning (bsc#1051510). - edac: Drop duplicated array of strings for memory type names (bsc#1103886). - edac: Fix memleak in module init error path (bsc#1051510). - edac, i7core: Fix memleaks and use-after-free on probe and remove (bsc#1051510). - edac, mv64x60: Fix an error handling path (bsc#1051510). - edac, octeon: Fix an uninitialized variable warning (bsc#1051510). - edac, sb_edac: Fix missing break in switch (bsc#1051510). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ext4: fix inline data updates with checksums enabled (bsc#1104494). - extcon: Release locking when sending the notification of connector state (bsc#1051510). - Fix kABI breakage with libertas dev field addition (bsc#1051510). - Fix kABI breakage with removing field addition to power_supply (bsc#1051510). - geneve: update skb dst pmtu on tx path (bsc#1051510). - genirq: Add handle_fasteoi_{level,edge}_irq flow handlers (bsc#1105378). - genirq: Export more irq_chip_*_parent() functions (bsc#1105378). - genirq: Fix editing error in a comment (bsc#1051510). - genirq: Make force irq threading setup more robust (bsc#1051510). - gen_stats: Fix netlink stats dumping in the presence of padding (netfilter-stable-18_07_23). - gpio: Add gpio driver support for ThunderX and OCTEON-TX (bsc#1105378). - gpio: Fix wrong rounding in gpio-menz127 (bsc#1051510). - gpio: thunderx: fix error return code in thunderx_gpio_probe() (bsc#1105378). - gpio: thunderx: remove unused .map() hook from irq_domain_ops (bsc#1105378). - gtp: Initialize 64-bit per-cpu stats correctly (bsc#1051510). - hns3: fix unused function warning (bsc#1104353). - hns3pf: do not check handle during mqprio offload (bsc#1104353 ). - hns3pf: fix hns3_del_tunnel_port() (bsc#1104353). - hns3pf: Fix some harmless copy and paste bugs (bsc#1104353 ). - hotplug/cpu: Add operation queuing function (). - hotplug/cpu: Conditionally acquire/release DRC index (). - hotplug/cpu: Provide CPU readd operation (). - hv_netvsc: Fix napi reschedule while receive completion is busy (). - hwmon: (asus_atk0110) Replace deprecated device register call (bsc#1103363). - i2c: imx: Fix reinit_completion() use (bsc#1051510). - ib/hns: Annotate iomem pointers correctly (bsc#1104427 ). - ib/hns: Avoid compile test under non 64bit environments (bsc#1104427). - ib/hns: Declare local functions 'static' (bsc#1104427 ). - ib/hns: fix boolreturn.cocci warnings (bsc#1104427). - ib/hns: Fix for checkpatch.pl comment style warnings (bsc#1104427). - ib/hns: fix memory leak on ah on error return path (bsc#1104427 ). - ib/hns: fix returnvar.cocci warnings (bsc#1104427). - ib/hns: fix semicolon.cocci warnings (bsc#1104427). - ib/hns: Fix the bug of polling cq failed for loopback Qps (bsc#1104427). - ib/hns: Fix the bug with modifying the MAC address without removing the driver (bsc#1104427). - ib/hns: Fix the bug with rdma operation (bsc#1104427 ). - ib/hns: Fix the bug with wild pointer when destroy rc qp (bsc#1104427). - ib/hns: include linux/interrupt.h (bsc#1104427). - ib/hns: Support compile test for hns RoCE driver (bsc#1104427 ). - ib/hns: Use zeroing memory allocator instead of allocator/memset (bsc#1104427). - ib/IPoIB: Set ah valid flag in multicast send flow (bsc#1046307 ). - ib/mlx5: fix uaccess beyond "count" in debugfs read/write handlers (bsc#1046305). - ieee802154: ca8210: fix uninitialised data read (bsc#1051510). - ieee802154: fix gcc-4.9 warnings (bsc#1051510). - ieee802154: mrf24j40: fix incorrect mask in mrf24j40_stop (bsc#1051510). - iio: 104-quad-8: Fix off-by-one error in register selection (bsc#1051510). - iio: ad9523: Fix displayed phase (bsc#1051510). - iio: ad9523: Fix return value for ad952x_store() (bsc#1051510). - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct (bsc#1051510). - iio: adc: sun4i-gpadc: select REGMAP_IRQ (bsc#1051510). - iio: sca3000: Fix an error handling path in 'sca3000_probe()' (bsc#1051510). - iio: sca3000: Fix missing return in switch (bsc#1051510). - ima: based on policy verify firmware signatures (pre-allocated buffer) (bsc#1051510). - include/rdma/opa_addr.h: Fix an endianness issue (bsc#1046306 ). - init: rename and re-order boot_cpu_state_init() (bsc#1104365). - ip: hash fragments consistently (netfilter-stable-18_07_27). - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull (netfilter-stable-18_07_27). - ipv4: Return EINVAL when ping_group_range sysctl does not map to user ns (netfilter-stable-18_07_23). - ipv6: fix useless rol32 call on hash (netfilter-stable-18_07_23). - ipv6: ila: select CONFIG_DST_CACHE (netfilter-stable-18_07_23). - ipv6: make DAD fail with enhanced DAD when nonce length differs (netfilter-stable-18_07_23). - ipv6: sr: fix passing wrong flags to crypto_alloc_shash() (networking-stable-18_07_19). - ipvlan: fix IFLA_MTU ignored on NEWLINK (networking-stable-18_07_19). - irqdomain: Add irq_domain_{push,pop}_irq() functions (bsc#1105378). - irqdomain: Check for NULL function pointer in irq_domain_free_irqs_hierarchy() (bsc#1105378). - irqdomain: Factor out code to add and remove items to and from the revmap (bsc#1105378). - irqdomain: Prevent potential NULL pointer dereference in irq_domain_push_irq() (bsc#1105378). - irqdomain: Update the comments of fwnode field of irq_domain structure (bsc#1051510). - isdn: Disable IIOCDBGVAR (bsc#1051510). - iwlwifi: pcie: do not access periphery registers when not available (bsc#1051510). - kABI: protect eswitch.h include (kabi). - kABI: protect struct nf_conn (kabi). - kABI: reexport tcp_send_ack (kabi). - kabi/severities: add qeth inter-module symbols to ignore list. - kabi/severities: Allow kABI changes for kvm/x86 (except for kvm_x86_ops) - kabi/severities: ignore qla2xxx as all symbols are internal - kthread, tracing: Do not expose half-written comm when creating kthreads (bsc#1104897). - leds: max8997: use mode when calling max8997_led_set_mode (bsc#1051510). - libata: Fix command retry decision (bsc#1051510). - libata: Fix compile warning with ATA_DEBUG enabled (bsc#1051510). - libertas: fix suspend and resume for SDIO connected cards (bsc#1051510). - libnvdimm: fix ars_status output length calculation (bsc#1104890). - lib/rhashtable: consider param->min_size when setting initial table size (bsc#1051510). - lib/vsprintf: Remove atomic-unsafe support for %pCr (bsc#1051510). - mailbox: xgene-slimpro: Fix potential NULL pointer dereference (bsc#1051510). - MAINTAINERS: fix location of ina2xx.txt device tree file (bsc#1051510). - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() (bsc#1051510). - media: mem2mem: Remove excessive try_run call (bsc#1051510). - media: omap3isp: fix unbalanced dma_iommu_mapping (bsc#1051510). - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data (bsc#1051510). - media: rc: oops in ir_timer_keyup after device unplug (bsc#1090888). - media: rtl28xxu: be sure that it won't go past the array size (bsc#1051510). - media: tw686x: Fix oops on buffer alloc failure (bsc#1051510). - media: v4l2-mem2mem: Fix missing v4l2_m2m_try_run call (bsc#1051510). - media: videobuf2-core: do not call memop 'finish' when queueing (bsc#1051510). - mfd: arizona: Do not use regmap_read_poll_timeout (bsc#1051510). - mfd: sm501: Set coherent_dma_mask when creating subdevices (bsc#1051510). - mmc: tegra: prevent HS200 on Tegra 3 (bsc#1051510). - mm, page_alloc: double zone's batchsize (bnc#971975 VM performance -- page allocator). - Move the previous hv netvsc fix to the sorted section (bsc#1104708) Patch tags update, too - net: bcmgenet: correct bad merge (bsc#1051510). - net: bcmgenet: enable loopback during UniMAC sw_reset (bsc#1051510). - net: bcmgenet: Fix sparse warnings in bcmgenet_put_tx_csum() (bsc#1051510). - net: bcmgenet: Fix unmapping of fragments in bcmgenet_xmit() (bsc#1051510). - net: bcmgenet: prevent duplicate calls of bcmgenet_dma_teardown (bsc#1051510). - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() (networking-stable-18_07_19). - net: dccp: switch rx_tstamp_last_feedback to monotonic clock (networking-stable-18_07_19). - net: diag: Do not double-free TCP_NEW_SYN_RECV sockets in tcp_abort (netfilter-stable-18_07_23). - netfilter: do not set F_IFACE on ipv6 fib lookups (netfilter-stable-18_06_25). - netfilter: ip6t_rpfilter: provide input interface for route lookup (netfilter-stable-18_06_25). - netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable" (netfilter-stable-17_11_16). - netfilter: nf_tables: add missing netlink attrs to policies (netfilter-stable-18_06_27). - netfilter: nf_tables: do not assume chain stats are set when jumplabel is set (netfilter-stable-18_06_27). - netfilter: nf_tables: fix memory leak on error exit return (netfilter-stable-18_06_27). - netfilter: nf_tables: nft_compat: fix refcount leak on xt module (netfilter-stable-18_06_27). - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() (netfilter-stable-18_06_25). - netfilter: nft_compat: fix handling of large matchinfo size (netfilter-stable-18_06_27). - netfilter: nft_compat: prepare for indirect info storage (netfilter-stable-18_06_27). - netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval (netfilter-stable-18_06_27). - net: fix use-after-free in GRO with ESP (networking-stable-18_07_19). - net: hns3: Add a check for client instance init state (bsc#1104353). - net: hns3: add a mask initialization for mac_vlan table (bsc#1104353). - net: hns3: Add *Asserting Reset* mailbox message & handling in VF (bsc#1104353). - net: hns3: add Asym Pause support to phy default features (bsc#1104353). - net: hns3: Add dcb netlink interface for the support of DCB feature (bsc#1104353). - net: hns3: Add DCB support when interacting with network stack (bsc#1104353). - net: hns3: Add ethtool interface for vlan filter (bsc#1104353 ). - net: hns3: add ethtool_ops.get_channels support for VF (bsc#1104353). - net: hns3: add ethtool_ops.get_coalesce support to PF (bsc#1104353). - net: hns3: add ethtool_ops.set_coalesce support to PF (bsc#1104353). - net: hns3: add ethtool -p support for fiber port (bsc#1104353 ). - net: hns3: add ethtool related offload command (bsc#1104353 ). - net: hns3: Add Ethtool support to HNS3 driver (bsc#1104353 ). - net: hns3: add existence checking before adding unicast mac address (bsc#1104353). - net: hns3: add existence check when remove old uc mac address (bsc#1104353). - net: hns3: add feature check when feature changed (bsc#1104353 ). - net: hns3: add get_link support to VF (bsc#1104353). - net: hns3: add get/set_coalesce support to VF (bsc#1104353 ). - net: hns3: add handling vlan tag offload in bd (bsc#1104353 ). - net: hns3: Add hclge_dcb module for the support of DCB feature (bsc#1104353). - net: hns3: Add HNS3 Acceleration Engine & Compatibility Layer Support (bsc#1104353). - net: hns3: Add HNS3 driver to kernel build framework & MAINTAINERS (bsc#1104353). - net: hns3: Add hns3_get_handle macro in hns3 driver (bsc#1104353 ). - net: hns3: Add HNS3 IMP(Integrated Mgmt Proc) Cmd Interface Support (bsc#1104353). - net: hns3: Add HNS3 VF driver to kernel build framework (bsc#1104353). - net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support (bsc#1104353). - net: hns3: Add HNS3 VF IMP(Integrated Management Proc) cmd interface (bsc#1104353). - net: hns3: add int_gl_idx setup for TX and RX queues (bsc#1104353). - net: hns3: add int_gl_idx setup for VF (bsc#1104353 ). - net: hns3: Add mac loopback selftest support in hns3 driver (bsc#1104353). - net: hns3: Add mailbox interrupt handling to PF driver (bsc#1104353). - net: hns3: Add mailbox support to PF driver (bsc#1104353 ). - net: hns3: Add mailbox support to VF driver (bsc#1104353 ). - net: hns3: add manager table initialization for hardware (bsc#1104353). - net: hns3: Add MDIO support to HNS3 Ethernet driver for hip08 SoC (bsc#1104353). - net: hns3: Add missing break in misc_irq_handle (bsc#1104353 ). - net: hns3: Add more packet size statisctics (bsc#1104353 ). - net: hns3: add MTU initialization for hardware (bsc#1104353 ). - net: hns3: add net status led support for fiber port (bsc#1104353). - net: hns3: add nic_client check when initialize roce base information (bsc#1104353). - net: hns3: add querying speed and duplex support to VF (bsc#1104353). - net: hns3: Add repeat address checking for setting mac address (bsc#1104353). - net: hns3: Add reset interface implementation in client (bsc#1104353). - net: hns3: Add reset process in hclge_main (bsc#1104353 ). - net: hns3: Add reset service task for handling reset requests (bsc#1104353). - net: hns3: add result checking for VF when modify unicast mac address (bsc#1104353). - net: hns3: Add some interface for the support of DCB feature (bsc#1104353). - net: hns3: Adds support for led locate command for copper port (bsc#1104353). - net: hns3: Add STRP_TAGP field support for hardware revision 0x21 (bsc#1104353). - net: hns3: Add support for dynamically buffer reallocation (bsc#1104353). - net: hns3: add support for ETHTOOL_GRXFH (bsc#1104353 ). - net: hns3: add support for get_regs (bsc#1104353). - net: hns3: Add support for IFF_ALLMULTI flag (bsc#1104353 ). - net: hns3: Add support for misc interrupt (bsc#1104353 ). - net: hns3: add support for nway_reset (bsc#1104353). - net: hns3: Add support for PFC setting in TM module (bsc#1104353 ). - net: hns3: Add support for port shaper setting in TM module (bsc#1104353). - net: hns3: add support for querying advertised pause frame by ethtool ethx (bsc#1104353). - net: hns3: add support for querying pfc puase packets statistic (bsc#1104353). - net: hns3: add support for set_link_ksettings (bsc#1104353 ). - net: hns3: add support for set_pauseparam (bsc#1104353 ). - net: hns3: add support for set_ringparam (bsc#1104353 ). - net: hns3: add support for set_rxnfc (bsc#1104353). - net: hns3: Add support for tx_accept_tag2 and tx_accept_untag2 config (bsc#1104353). - net: hns3: add support for VF driver inner interface hclgevf_ops.get_tqps_and_rss_info (bsc#1104353). - net: hns3: Add support of hardware rx-vlan-offload to HNS3 VF driver (bsc#1104353). - net: hns3: Add support of HNS3 Ethernet Driver for hip08 SoC (bsc#1104353). - net: hns3: Add support of .sriov_configure in HNS3 driver (bsc#1104353). - net: hns3: Add support of the HNAE3 framework (bsc#1104353 ). - net: hns3: Add support of TX Scheduler & Shaper to HNS3 driver (bsc#1104353). - net: hns3: Add support to change MTU in HNS3 hardware (bsc#1104353). - net: hns3: Add support to enable TX/RX promisc mode for H/W rev(0x21) (bsc#1104353). - net: hns3: add support to modify tqps number (bsc#1104353 ). - net: hns3: add support to query tqps number (bsc#1104353 ). - net: hns3: Add support to re-initialize the hclge device (bsc#1104353). - net: hns3: Add support to request VF Reset to PF (bsc#1104353 ). - net: hns3: Add support to reset the enet/ring mgmt layer (bsc#1104353). - net: hns3: add support to update flow control settings after autoneg (bsc#1104353). - net: hns3: Add tc-based TM support for sriov enabled port (bsc#1104353). - net: hns3: Add timeout process in hns3_enet (bsc#1104353 ). - net: hns3: add unlikely for error check (bsc#1104353 ). - net: hns3: Add VF Reset device state and its handling (bsc#1104353). - net: hns3: Add VF Reset Service Task to support event handling (bsc#1104353). - net: hns3: add vlan offload config command (bsc#1104353 ). - net: hns3: change GL update rate (bsc#1104353). - net: hns3: Change PF to add ring-vect binding & resetQ to mailbox (bsc#1104353). - net: hns3: Change return type of hnae3_register_ae_algo (bsc#1104353). - net: hns3: Change return type of hnae3_register_ae_dev (bsc#1104353). - net: hns3: Change return value in hnae3_register_client (bsc#1104353). - net: hns3: Changes required in PF mailbox to support VF reset (bsc#1104353). - net: hns3: Changes to make enet watchdog timeout func common for PF/VF (bsc#1104353). - net: hns3: Changes to support ARQ(Asynchronous Receive Queue) (bsc#1104353). - net: hns3: change the returned tqp number by ethtool -x (bsc#1104353). - net: hns3: change the time interval of int_gl calculating (bsc#1104353). - net: hns3: change the unit of GL value macro (bsc#1104353 ). - net: hns3: change TM sched mode to TC-based mode when SRIOV enabled (bsc#1104353). - net: hns3: check for NULL function pointer in hns3_nic_set_features (bsc#1104353). - net: hns3: Cleanup for endian issue in hns3 driver (bsc#1104353 ). - net: hns3: Cleanup for non-static function in hns3 driver (bsc#1104353). - net: hns3: Cleanup for ROCE capability flag in ae_dev (bsc#1104353). - net: hns3: Cleanup for shifting true in hns3 driver (bsc#1104353 ). - net: hns3: Cleanup for struct that used to send cmd to firmware (bsc#1104353). - net: hns3: Cleanup indentation for Kconfig in the the hisilicon folder (bsc#1104353). - net: hns3: cleanup mac auto-negotiation state query (bsc#1104353 ). - net: hns3: cleanup mac auto-negotiation state query in hclge_update_speed_duplex (bsc#1104353). - net: hns3: cleanup of return values in hclge_init_client_instance() (bsc#1104353). - net: hns3: Clear TX/RX rings when stopping port & un-initializing client (bsc#1104353). - net: hns3: Consistently using GENMASK in hns3 driver (bsc#1104353). - net: hns3: converting spaces into tabs to avoid checkpatch.pl warning (bsc#1104353). - net: hns3: Disable VFs change rxvlan offload status (bsc#1104353 ). - net: hns3: Disable vf vlan filter when vf vlan table is full (bsc#1104353). - net: hns3: ensure media_type is unitialized (bsc#1104353 ). - net: hns3: export pci table of hclge and hclgevf to userspace (bsc#1104353). - net: hns3: fix a bug about hns3_clean_tx_ring (bsc#1104353 ). - net: hns3: fix a bug for phy supported feature initialization (bsc#1104353). - net: hns3: fix a bug in hclge_uninit_client_instance (bsc#1104353). - net: hns3: fix a bug in hns3_driv_to_eth_caps (bsc#1104353 ). - net: hns3: fix a bug when alloc new buffer (bsc#1104353 ). - net: hns3: fix a bug when getting phy address from NCL_config file (bsc#1104353). - net: hns3: fix a dead loop in hclge_cmd_csq_clean (bsc#1104353 ). - net: hns3: fix a handful of spelling mistakes (bsc#1104353 ). - net: hns3: Fix a loop index error of tqp statistics query (bsc#1104353). - net: hns3: Fix a misuse to devm_free_irq (bsc#1104353 ). - net: hns3: Fix an error handling path in 'hclge_rss_init_hw()' (bsc#1104353). - net: hns3: Fix an error macro definition of HNS3_TQP_STAT (bsc#1104353). - net: hns3: Fix an error of total drop packet statistics (bsc#1104353). - net: hns3: Fix a response data read error of tqp statistics query (bsc#1104353). - net: hns3: Fix comments for hclge_get_ring_chain_from_mbx (bsc#1104353). - net: hns3: Fix desc num set to default when setting channel (bsc#1104353). - net: hns3: fix endian issue when PF get mbx message flag (bsc#1104353). - net: hns3: fix error type definition of return value (bsc#1104353). - net: hns3: Fixes API to fetch ethernet header length with kernel default (bsc#1104353). - net: hns3: Fixes error reported by Kbuild and internal review (bsc#1104353). - net: hns3: Fixes initalization of RoCE handle and makes it conditional (bsc#1104353). - net: hns3: Fixes initialization of phy address from firmware (bsc#1104353). - net: hns3: Fixes kernel panic issue during rmmod hns3 driver (bsc#1104353). - net: hns3: Fixes ring-to-vector map-and-unmap command (bsc#1104353). - net: hns3: Fixes the back pressure setting when sriov is enabled (bsc#1104353). - net: hns3: Fixes the command used to unmap ring from vector (bsc#1104353). - net: hns3: Fixes the default VLAN-id of PF (bsc#1104353 ). - net: hns3: Fixes the error legs in hclge_init_ae_dev function (bsc#1104353). - net: hns3: Fixes the ether address copy with appropriate API (bsc#1104353). - net: hns3: Fixes the initialization of MAC address in hardware (bsc#1104353). - net: hns3: Fixes the init of the VALID BD info in the descriptor (bsc#1104353). - net: hns3: Fixes the missing PCI iounmap for various legs (bsc#1104353). - net: hns3: Fixes the missing u64_stats_fetch_begin_irq in 64-bit stats fetch (bsc#1104353). - net: hns3: Fixes the out of bounds access in hclge_map_tqp (bsc#1104353). - net: hns3: Fixes the premature exit of loop when matching clients (bsc#1104353). - net: hns3: fixes the ring index in hns3_fini_ring (bsc#1104353 ). - net: hns3: Fixes the state to indicate client-type initialization (bsc#1104353). - net: hns3: Fixes the static checker error warning in hns3_get_link_ksettings() (bsc#1104353). - net: hns3: Fixes the static check warning due to missing unsupp L3 proto check (bsc#1104353). - net: hns3: Fixes the wrong IS_ERR check on the returned phydev value (bsc#1104353). - net: hns3: fix for buffer overflow smatch warning (bsc#1104353 ). - net: hns3: fix for changing MTU (bsc#1104353). - net: hns3: fix for cleaning ring problem (bsc#1104353 ). - net: hns3: Fix for CMDQ and Misc. interrupt init order problem (bsc#1104353). - net: hns3: fix for coal configuation lost when setting the channel (bsc#1104353). - net: hns3: fix for coalesce configuration lost during reset (bsc#1104353). - net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero (bsc#1104353). - net: hns3: Fix for deadlock problem occurring when unregistering ae_algo (bsc#1104353). - net: hns3: Fix for DEFAULT_DV when dev does not support DCB (bsc#1104353). - net: hns3: Fix for fiber link up problem (bsc#1104353 ). - net: hns3: fix for getting advertised_caps in hns3_get_link_ksettings (bsc#1104353). - net: hns3: fix for getting autoneg in hns3_get_link_ksettings (bsc#1104353). - net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg (bsc#1104353). - net: hns3: fix for getting wrong link mode problem (bsc#1104353 ). - net: hns3: Fix for hclge_reset running repeatly problem (bsc#1104353). - net: hns3: Fix for hns3 module is loaded multiple times problem (bsc#1104353). - net: hns3: Fix for information of phydev lost problem when down/up (bsc#1104353). - net: hns3: fix for ipv6 address loss problem after setting channels (bsc#1104353). - net: hns3: Fix for l4 checksum offload bug (bsc#1104353 ). - net: hns3: fix for loopback failure when vlan filter is enable (bsc#1104353). - net: hns3: Fix for mac pause not disable in pfc mode (bsc#1104353). - net: hns3: Fix for mailbox message truncated problem (bsc#1104353). - net: hns3: fix for netdev not running problem after calling net_stop and net_open (bsc#1104353). - net: hns3: Fix for netdev not running problem after calling net_stop and net_open (bsc#1104353). - net: hns3: fix for not initializing VF rss_hash_key problem (bsc#1104353). - net: hns3: fix for not returning problem in get_link_ksettings when phy exists (bsc#1104353). - net: hns3: fix for not setting pause parameters (bsc#1104353 ). - net: hns3: Fix for not setting rx private buffer size to zero (bsc#1104353). - net: hns3: Fix for packet loss due wrong filter config in VLAN tbls (bsc#1104353). - net: hns3: fix for pause configuration lost during reset (bsc#1104353). - net: hns3: Fix for PF mailbox receving unknown message (bsc#1104353). - net: hns3: fix for phy_addr error in hclge_mac_mdio_config (bsc#1104353). - net: hns3: Fix for phy link issue when using marvell phy driver (bsc#1104353). - net: hns3: Fix for phy not link up problem after resetting (bsc#1104353). - net: hns3: Fix for pri to tc mapping in TM (bsc#1104353 ). - net: hns3: Fix for reset_level default assignment probelm (bsc#1104353). - net: hns3: fix for returning wrong value problem in hns3_get_rss_indir_size (bsc#1104353). - net: hns3: fix for returning wrong value problem in hns3_get_rss_key_size (bsc#1104353). - net: hns3: fix for RSS configuration loss problem during reset (bsc#1104353). - net: hns3: Fix for rx priv buf allocation when DCB is not supported (bsc#1104353). - net: hns3: Fix for rx_priv_buf_alloc not setting rx shared buffer (bsc#1104353). - net: hns3: Fix for service_task not running problem after resetting (bsc#1104353). - net: hns3: Fix for setting mac address when resetting (bsc#1104353). - net: hns3: fix for setting MTU (bsc#1104353). - net: hns3: Fix for setting rss_size incorrectly (bsc#1104353 ). - net: hns3: Fix for the null pointer problem occurring when initializing ae_dev failed (bsc#1104353). - net: hns3: fix for the wrong shift problem in hns3_set_txbd_baseinfo (bsc#1104353). - net: hns3: fix for updating fc_mode_last_time (bsc#1104353 ). - net: hns3: fix for use-after-free when setting ring parameter (bsc#1104353). - net: hns3: Fix for using wrong mask and shift in hclge_get_ring_chain_from_mbx (bsc#1104353). - net: hns3: Fix for VF mailbox cannot receiving PF response (bsc#1104353). - net: hns3: Fix for VF mailbox receiving unknown message (bsc#1104353). - net: hns3: fix for vlan table lost problem when resetting (bsc#1104353). - net: hns3: Fix for vxlan tx checksum bug (bsc#1104353 ). - net: hns3: Fix get_vector ops in hclgevf_main module (bsc#1104353). - net: hns3: Fix initialization when cmd is not supported (bsc#1104353). - net: hns3: fix length overflow when CONFIG_ARM64_64K_PAGES (bsc#1104353). - net: hns3: Fix MSIX allocation issue for VF (bsc#1104353 ). - net: hns3: fix null pointer dereference before null check (bsc#1104353). - net: hns3: Fix return value error in hns3_reset_notify_down_enet (bsc#1104353). - net: hns3: fix return value error of hclge_get_mac_vlan_cmd_status() (bsc#1104353). - net: hns3: fix return value error while hclge_cmd_csq_clean failed (bsc#1104353). - net: hns3: fix rx path skb->truesize reporting bug (bsc#1104353 ). - net: hns3: Fix setting mac address error (bsc#1104353 ). - net: hns3: Fix spelling errors (bsc#1104353). - net: hns3: fix spelling mistake: "capabilty" -> "capability" (bsc#1104353). - net: hns3: fix the bug of hns3_set_txbd_baseinfo (bsc#1104353 ). - net: hns3: fix the bug when map buffer fail (bsc#1104353 ). - net: hns3: fix the bug when reuse command description in hclge_add_mac_vlan_tbl (bsc#1104353). - net: hns3: Fix the missing client list node initialization (bsc#1104353). - net: hns3: fix the ops check in hns3_get_rxnfc (bsc#1104353 ). - net: hns3: fix the queue id for tqp enable&&reset (bsc#1104353 ). - net: hns3: fix the ring count for ETHTOOL_GRXRINGS (bsc#1104353 ). - net: hns3: fix the TX/RX ring.queue_index in hns3_ring_get_cfg (bsc#1104353). - net: hns3: fix the VF queue reset flow error (bsc#1104353 ). - net: hns3: fix to correctly fetch l4 protocol outer header (bsc#1104353). - net: hns3: Fix to support autoneg only for port attached with phy (bsc#1104353). - net: hns3: Fix typo error for feild in hclge_tm (bsc#1104353 ). - net: hns3: Fix warning bug when doing lp selftest (bsc#1104353 ). - net: hns3: free the ring_data structrue when change tqps (bsc#1104353). - net: hns3: get rss_size_max from configuration but not hardcode (bsc#1104353). - net: hns3: get vf count by pci_sriov_get_totalvfs (bsc#1104353 ). - net: hns3: hclge_inform_reset_assert_to_vf() can be static (bsc#1104353). - net: hns3: hns3:fix a bug about statistic counter in reset process (bsc#1104353). - net: hns3: hns3_get_channels() can be static (bsc#1104353 ). - net: hns3: Increase the default depth of bucket for TM shaper (bsc#1104353). - net: hns3: increase the max time for IMP handle command (bsc#1104353). - net: hns3: make local functions static (bsc#1104353 ). - net: hns3: Mask the packet statistics query when NIC is down (bsc#1104353). - net: hns3: modify hnae_ to hnae3_ (bsc#1104353). - net: hns3: Modify the update period of packet statistics (bsc#1104353). - net: hns3: never send command queue message to IMP when reset (bsc#1104353). - net: hns3: Optimize PF CMDQ interrupt switching process (bsc#1104353). - net: hns3: Optimize the PF's process of updating multicast MAC (bsc#1104353). - net: hns3: Optimize the VF's process of updating multicast MAC (bsc#1104353). - net: hns3: Prevent sending command during global or core reset (bsc#1104353). - net: hns3: reallocate tx/rx buffer after changing mtu (bsc#1104353). - net: hns3: refactor GL update function (bsc#1104353 ). - net: hns3: refactor interrupt coalescing init function (bsc#1104353). - net: hns3: Refactor mac_init function (bsc#1104353). - net: hns3: Refactor of the reset interrupt handling logic (bsc#1104353). - net: hns3: Refactors the requested reset & pending reset handling code (bsc#1104353). - net: hns3: refactor the coalesce related struct (bsc#1104353 ). - net: hns3: refactor the get/put_vector function (bsc#1104353 ). - net: hns3: refactor the hclge_get/set_rss function (bsc#1104353 ). - net: hns3: refactor the hclge_get/set_rss_tuple function (bsc#1104353). - net: hns3: Refactor the initialization of command queue (bsc#1104353). - net: hns3: refactor the loopback related function (bsc#1104353 ). - net: hns3: Refactor the mapping of tqp to vport (bsc#1104353 ). - net: hns3: Refactor the skb receiving and transmitting function (bsc#1104353). - net: hns3: remove a couple of redundant assignments (bsc#1104353 ). - net: hns3: remove add/del_tunnel_udp in hns3_enet module (bsc#1104353). - net: hns3: Remove a useless member of struct hns3_stats (bsc#1104353). - net: hns3: Remove error log when getting pfc stats fails (bsc#1104353). - net: hns3: Remove packet statistics in the range of 8192~12287 (bsc#1104353). - net: hns3: remove redundant memset when alloc buffer (bsc#1104353). - net: hns3: remove redundant semicolon (bsc#1104353). - net: hns3: Remove repeat statistic of rx_errors (bsc#1104353 ). - net: hns3: remove some redundant assignments (bsc#1104353 ). - net: hns3: Removes unnecessary check when clearing TX/RX rings (bsc#1104353). - net: hns3: remove TSO config command from VF driver (bsc#1104353 ). - net: hns3: remove unnecessary pci_set_drvdata() and devm_kfree() (bsc#1104353). - net: hns3: remove unnecessary ring configuration operation while resetting (bsc#1104353). - net: hns3: remove unused GL setup function (bsc#1104353 ). - net: hns3: remove unused hclgevf_cfg_func_mta_filter (bsc#1104353). - net: hns3: Remove unused led control code (bsc#1104353 ). - net: hns3: report the function type the same line with hns3_nic_get_stats64 (bsc#1104353). - net: hns3: set the cmdq out_vld bit to 0 after used (bsc#1104353 ). - net: hns3: set the max ring num when alloc netdev (bsc#1104353 ). - net: hns3: Setting for fc_mode and dcb enable flag in TM module (bsc#1104353). - net: hns3: simplify hclge_cmd_csq_clean (bsc#1104353 ). - net: hns3: Standardize the handle of return value (bsc#1104353 ). - net: hns3: Support for dynamically assigning tx buffer to TC (bsc#1104353). - net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC (bsc#1104353). - net: hns3: unify the pause params setup function (bsc#1104353 ). - net: hns3: Unify the strings display of packet statistics (bsc#1104353). - net: hns3: Updates MSI/MSI-X alloc/free APIs(depricated) to new APIs (bsc#1104353). - net: hns3: Updates RX packet info fetch in case of multi BD (bsc#1104353). - net: hns3: Use enums instead of magic number in hclge_is_special_opcode (bsc#1104353). - net: hns3: VF should get the real rss_size instead of rss_size_max (bsc#1104353). - net/ipv4: Set oif in fib_compute_spec_dst (netfilter-stable-18_07_23). - net: lan78xx: Fix race in tx pending skb size calculation (bsc#1100132). - net: lan78xx: fix rx handling before first packet is send (bsc#1100132). - net/mlx5e: Avoid dealing with vport representors if not being e-switch manager (networking-stable-18_07_19). - net/mlx5: E-Switch, Avoid setup attempt if not being e-switch manager (networking-stable-18_07_19). - net: mvneta: fix the Rx desc DMA address in the Rx path (networking-stable-18_07_19). - net/packet: fix use-after-free (networking-stable-18_07_19). - net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv (netfilter-stable-18_07_27). - net: phy: fix flag masking in __set_phy_supported (netfilter-stable-18_07_23). - net: qmi_wwan: add BroadMobi BM806U 2020:2033 (bsc#1087092). - net: qmi_wwan: Add Netgear Aircard 779S (bsc#1090888). - net_sched: blackhole: tell upper qdisc about dropped packets (networking-stable-18_07_19). - net: skb_segment() should not return NULL (netfilter-stable-18_07_27). - net: sungem: fix rx checksum support (networking-stable-18_07_19). - net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite (netfilter-stable-18_07_23). - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 (bsc#1087092). - net: usb: asix: replace mii_nway_restart in resume path (bsc#1100132). - partitions/aix: append null character to print data from disk (bsc#1051510). - partitions/aix: fix usage of uninitialized lv_info and lvname structures (bsc#1051510). - PCI: Add pci_resize_resource() for resizing BARs (bsc#1105355). - PCI: Add PCI resource type mask #define (bsc#1105355). - PCI: Add resizable BAR infrastructure (bsc#1105355). - PCI: Allow release of resources that were never assigned (bsc#1105355). - PCI: Cleanup PCI_REBAR_CTRL_BAR_SHIFT handling (bsc#1105355). - PCI: pciehp: Fix unprotected list iteration in IRQ handler (bsc#1051510). - PCI: Restore resized BAR state on resume (bsc#1105355). - PCI: Skip MPS logic for Virtual Functions (VFs) (bsc#1051510). - pinctrl: cannonlake: Fix community ordering for H variant (bsc#1051510). - pinctrl: core: Return selector to the pinctrl driver (bsc#1051510). - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() (bsc#1051510). - pinctrl: imx: off by one in imx_pinconf_group_dbg_show() (bsc#1051510). - pinctrl: pinmux: Return selector to the pinctrl driver (bsc#1051510). - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant (bsc#1051510). - pinctrl: single: Fix group and function selector use (bsc#1051510). - platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1051510). - PM / devfreq: rk3399_dmc: Fix duplicated opp table on reload (bsc#1051510). - PM / sleep: wakeup: Fix build error caused by missing SRCU support (bsc#1051510). - power: gemini-poweroff: Avoid more spurious poweroffs (bsc#1051510). - power: generic-adc-battery: check for duplicate properties copied from iio channels (bsc#1051510). - power: generic-adc-battery: fix out-of-bounds write when copying channel properties (bsc#1051510). - powerpc/64: Add GENERIC_CPU support for little endian (). - powerpc/fadump: handle crash memory ranges array index overflow (bsc#1103269). - powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements (bsc#1103269). - powerpc/pkeys: Deny read/write/execute by default (bsc#1097577). - powerpc/pkeys: Fix calculation of total pkeys (bsc#1097577). - powerpc/pkeys: Give all threads control of their key permissions (bsc#1097577). - powerpc/pkeys: key allocation/deallocation must not change pkey registers (bsc#1097577). - powerpc/pkeys: make protection key 0 less special (bsc#1097577). - powerpc/pkeys: Preallocate execute-only key (bsc#1097577). - powerpc/pkeys: Save the pkey registers before fork (bsc#1097577). - powerpc/topology: Get topology for shared processors at boot (bsc#1104683). - Refresh patches.arch/mobility-numa-Ensure-numa-update-does-not-overlap.patch. - power: remove possible deadlock when unregistering power_supply (bsc#1051510). - power: supply: axp288_charger: Fix initial constant_charge_current value (bsc#1051510). - power: supply: max77693_charger: fix unintentional fall-through (bsc#1051510). - power: vexpress: fix corruption in notifier registration (bsc#1051510). - ppp: Destroy the mutex when cleanup (bsc#1051510). - ppp: fix __percpu annotation (bsc#1051510). - ptp: fix missing break in switch (bsc#1105355). - ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE (bsc#1105355). - ptr_ring: fix up after recent ptr_ring changes (bsc#1105355). - ptr_ring: prevent integer overflow when calculating size (bsc#1105355). - qedf: Add get_generic_tlv_data handler (bsc#1086317). - qedf: Add support for populating ethernet TLVs (bsc#1086317). - qedi: Add get_generic_tlv_data handler (bsc#1086315). - qedi: Add support for populating ethernet TLVs (bsc#1086315). - random: add new ioctl RNDRESEEDCRNG (bsc#1051510). - random: fix possible sleeping allocation from irq context (bsc#1051510). - random: mix rdrand with entropy sent in from userspace (bsc#1051510). - random: set up the NUMA crng instances after the CRNG is fully initialized (bsc#1051510). - rdma/hns: Add 64KB page size support for hip08 (bsc#1104427 ). - rdma/hns: Add command queue support for hip08 RoCE driver (bsc#1104427). - rdma/hns: Add CQ operations support for hip08 RoCE driver (bsc#1104427). - rdma/hns: Add detailed comments for mb() call (bsc#1104427 ). - rdma/hns: Add eq support of hip08 (bsc#1104427). - rdma/hns: Add gsi qp support for modifying qp in hip08 (bsc#1104427). - rdma/hns: Add mailbox's implementation for hip08 RoCE driver (bsc#1104427). - rdma/hns: Add modify CQ support for hip08 (bsc#1104427 ). - rdma/hns: Add names to function arguments in function pointers (bsc#1104427). - rdma/hns: Add profile support for hip08 driver (bsc#1104427 ). - rdma/hns: Add QP operations support for hip08 SoC (bsc#1104427 ). - rdma/hns: Add releasing resource operation in error branch (bsc#1104427). - rdma/hns: Add rereg mr support for hip08 (bsc#1104427 ). - rdma/hns: Add reset process for RoCE in hip08 (bsc#1104427 ). - rdma/hns: Add return operation when configured global param fail (bsc#1104427). - rdma/hns: Add rq inline data support for hip08 RoCE (bsc#1104427 ). - rdma/hns: Add rq inline flags judgement (bsc#1104427 ). - rdma/hns: Add sq_invld_flg field in QP context (bsc#1104427 ). - rdma/hns: Add support for processing send wr and receive wr (bsc#1104427). - rdma/hns: Add the interfaces to support multi hop addressing for the contexts in hip08 (bsc#1104427). - rdma/hns: Adjust the order of cleanup hem table (bsc#1104427 ). - rdma/hns: Assign dest_qp when deregistering mr (bsc#1104427 ). - rdma/hns: Assign the correct value for tx_cqn (bsc#1104427 ). - rdma/hns: Assign zero for pkey_index of wc in hip08 (bsc#1104427 ). - rdma/hns: Avoid NULL pointer exception (bsc#1104427 ). - rdma/hns: Bugfix for cq record db for kernel (bsc#1104427 ). - rdma/hns: Bugfix for init hem table (bsc#1104427). - rdma/hns: Bugfix for rq record db for kernel (bsc#1104427 ). - rdma/hns: Check return value of kzalloc (bsc#1104427 ). - rdma/hns: Configure BT BA and BT attribute for the contexts in hip08 (bsc#1104427). - rdma/hns: Configure fence attribute in hip08 RoCE (bsc#1104427 ). - rdma/hns: Configure mac&gid and user access region for hip08 RoCE driver (bsc#1104427). - rdma/hns: Configure sgid type for hip08 RoCE (bsc#1104427 ). - rdma/hns: Configure the MTPT in hip08 (bsc#1104427). - rdma/hns: Configure TRRL field in hip08 RoCE device (bsc#1104427 ). - rdma/hns: Create gsi qp in hip08 (bsc#1104427). - rdma/hns: Delete the unnecessary initializing enum to zero (bsc#1104427). - rdma/hns: Do not unregister a callback we didn't register (bsc#1104427). - rdma/hns: Drop local zgid in favor of core defined variable (bsc#1104427). - rdma/hns: Enable inner_pa_vld filed of mpt (bsc#1104427 ). - rdma/hns: Enable the cqe field of sqwqe of RC (bsc#1104427 ). - rdma/hns: ensure for-loop actually iterates and free's buffers (bsc#1104427). - rdma/hns: Fill sq wqe context of ud type in hip08 (bsc#1104427 ). - rdma/hns: Filter for zero length of sge in hip08 kernel mode (bsc#1104427). - rdma/hns: Fix a bug with modifying mac address (bsc#1104427 ). - rdma/hns: Fix a couple misspellings (bsc#1104427). - rdma/hns: Fix calltrace for sleeping in atomic (bsc#1104427 ). - rdma/hns: Fix cqn type and init resp (bsc#1104427). - rdma/hns: Fix cq record doorbell enable in kernel (bsc#1104427 ). - rdma/hns: Fix endian problems around imm_data and rkey (bsc#1104427). - rdma/hns: Fix inconsistent warning (bsc#1104427). - rdma/hns: Fix init resp when alloc ucontext (bsc#1104427 ). - rdma/hns: Fix misplaced call to hns_roce_cleanup_hem_table (bsc#1104427). - rdma/hns: Fix QP state judgement before receiving work requests (bsc#1104427). - rdma/hns: Fix QP state judgement before sending work requests (bsc#1104427). - rdma/hns: fix spelling mistake: "Reseved" -> "Reserved" (bsc#1104427). - rdma/hns: Fix the bug with NULL pointer (bsc#1104427 ). - rdma/hns: Fix the bug with rq sge (bsc#1104427). - rdma/hns: Fix the endian problem for hns (bsc#1104427 ). - rdma/hns: Fix the illegal memory operation when cross page (bsc#1104427). - rdma/hns: Fix the issue of IOVA not page continuous in hip08 (bsc#1104427). - rdma/hns: Fix the qp context state diagram (bsc#1104427 ). - rdma/hns: Generate gid type of RoCEv2 (bsc#1104427). - rdma/hns: Get rid of page operation after dma_alloc_coherent (bsc#1104427). - rdma/hns: Get rid of virt_to_page and vmap calls after dma_alloc_coherent (bsc#1104427). - rdma/hns: Implement the disassociate_ucontext API (bsc#1104427 ). - rdma/hns: Increase checking CMQ status timeout value (bsc#1104427). - rdma/hns: Initialize the PCI device for hip08 RoCE (bsc#1104427 ). - rdma/hns: Intercept illegal RDMA operation when use inline data (bsc#1104427). - rdma/hns: Load the RoCE dirver automatically (bsc#1104427 ). - rdma/hns: make various function static, fixes warnings (bsc#1104427). - rdma/hns: Modify assignment device variable to support both PCI device and platform device (bsc#1104427). - rdma/hns: Modify the usage of cmd_sn in hip08 (bsc#1104427 ). - rdma/hns: Modify the value with rd&dest_rd of qp_attr (bsc#1104427). - rdma/hns: Modify uar allocation algorithm to avoid bitmap exhaust (bsc#1104427). - rdma/hns: Move priv in order to add multiple hns_roce support (bsc#1104427). - rdma/hns: Move the location for initializing tmp_len (bsc#1104427). - rdma/hns: Not support qp transition from reset to reset for hip06 (bsc#1104427). - rdma/hns: Only assign dest_qp if ib_QP_DEST_QPN bit is set (bsc#1104427). - rdma/hns: Only assign dqpn if ib_QP_PATH_DEST_QPN bit is set (bsc#1104427). - rdma/hns: Only assign mtu if ib_QP_PATH_MTU bit is set (bsc#1104427). - rdma/hns: Refactor code for readability (bsc#1104427 ). - rdma/hns: Refactor eq code for hip06 (bsc#1104427). - rdma/hns: remove redundant assignment to variable j (bsc#1104427 ). - rdma/hns: Remove some unnecessary attr_mask judgement (bsc#1104427). - rdma/hns: Remove unnecessary operator (bsc#1104427). - rdma/hns: Remove unnecessary platform_get_resource() error check (bsc#1104427). - rdma/hns: Rename the idx field of db (bsc#1104427). - rdma/hns: Replace condition statement using hardware version information (bsc#1104427). - rdma/hns: Replace __raw_write*(cpu_to_le*()) with LE write*() (bsc#1104427). - rdma/hns: return 0 rather than return a garbage status value (bsc#1104427). - rdma/hns_roce: Do not check return value of zap_vma_ptes() (bsc#1104427). - rdma/hns: Set access flags of hip08 RoCE (bsc#1104427 ). - rdma/hns: Set desc_dma_addr for zero when free cmq desc (bsc#1104427). - rdma/hns: Set NULL for __internal_mr (bsc#1104427). - rdma/hns: Set rdma_ah_attr type for querying qp (bsc#1104427 ). - rdma/hns: Set se attribute of sqwqe in hip08 (bsc#1104427 ). - rdma/hns: Set sq_cur_sge_blk_addr field in QPC in hip08 (bsc#1104427). - rdma/hns: Set the guid for hip08 RoCE device (bsc#1104427 ). - rdma/hns: Set the owner field of SQWQE in hip08 RoCE (bsc#1104427). - rdma/hns: Split CQE from MTT in hip08 (bsc#1104427). - rdma/hns: Split hw v1 driver from hns roce driver (bsc#1104427 ). - rdma/hns: Submit bad wr (bsc#1104427). - rdma/hns: Support cq record doorbell for kernel space (bsc#1104427). - rdma/hns: Support cq record doorbell for the user space (bsc#1104427). - rdma/hns: Support multi hop addressing for PBL in hip08 (bsc#1104427). - rdma/hns: Support rq record doorbell for kernel space (bsc#1104427). - rdma/hns: Support rq record doorbell for the user space (bsc#1104427). - rdma/hns: Support WQE/CQE/PBL page size configurable feature in hip08 (bsc#1104427). - rdma/hns: Unify the calculation for hem index in hip08 (bsc#1104427). - rdma/hns: Update assignment method for owner field of send wqe (bsc#1104427). - rdma/hns: Update calculation of irrl_ba field for hip08 (bsc#1104427). - rdma/hns: Update convert function of endian format (bsc#1104427 ). - rdma/hns: Update the interfaces for MTT/CQE multi hop addressing in hip08 (bsc#1104427). - rdma/hns: Update the IRRL table chunk size in hip08 (bsc#1104427 ). - rdma/hns: Update the PD&CQE&MTT specification in hip08 (bsc#1104427). - rdma/hns: Update the usage of ack timeout in hip08 (bsc#1104427 ). - rdma/hns: Update the usage of sr_max and rr_max field (bsc#1104427). - rdma/hns: Update the verbs of polling for completion (bsc#1104427). - rdma/hns: Use free_pages function instead of free_page (bsc#1104427). - rdma/hns: Use structs to describe the uABI instead of opencoding (bsc#1104427). - rdma/uverbs: Expand primary and alt AV port checks (bsc#1046306 ). - readahead: stricter check for bdi io_pages (VM Functionality, git fixes). - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() (bsc#1051510). - rtc: ensure rtc_set_alarm fails when alarms are not supported (bsc#1051510). - rtnetlink: add rtnl_link_state check in rtnl_configure_link (netfilter-stable-18_07_27). - s390/dasd: configurable IFCC handling (bsc#1097808). - s390: Prevent hotplug rwsem recursion (bsc#1105731). - s390/qeth: consistently re-enable device features (bsc#1104482, LTC#170340). - s390/qeth: do not clobber buffer on async TX completion (bsc#1104482, LTC#170340). - s390/qeth: rely on kernel for feature recovery (bsc#1104482, LTC#170340). - sched/debug: Reverse the order of printing faults (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Evaluate move once per node (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Modify migrate_swap() to accept additional parameters (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Move task_numa_placement() closer to numa_migrate_preferred() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove redundant field (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove redundant field -kabi (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove unused task_capacity from 'struct numa_stats' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Set preferred_node based on best_cpu (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Simplify load_too_imbalanced() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Skip nodes that are at 'hoplimit' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Update the scan period without holding the numa_group lock (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Use group_weights to identify if migration degrades locality (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Use task faults only if numa_group is not yet set up (bnc#1101669 optimise numa balancing for fast migrate). - scripts/git_sort/git_sort.py: add libnvdimm-for-next branch - scsi: cxlflash: Abstract hardware dependent assignments (). - scsi: cxlflash: Acquire semaphore before invoking ioctl services (). - scsi: cxlflash: Adapter context init can return error (). - scsi: cxlflash: Adapter context support for OCXL (). - scsi: cxlflash: Add argument identifier names (). - scsi: cxlflash: Add include guards to backend.h (). - scsi: cxlflash: Avoid clobbering context control register value (). - scsi: cxlflash: Enable OCXL operations (). - scsi: cxlflash: Explicitly cache number of interrupts per context (). - scsi: cxlflash: Handle spurious interrupts (). - scsi: cxlflash: Hardware AFU for OCXL (). - scsi: cxlflash: Introduce object handle fop (). - scsi: cxlflash: Introduce OCXL backend (). - scsi: cxlflash: Introduce OCXL context state machine (). - scsi: cxlflash: Isolate external module dependencies (). - scsi: cxlflash: Limit the debug logs in the IO path (). - scsi: cxlflash: MMIO map the AFU (). - scsi: cxlflash: Preserve number of interrupts for master contexts (). - scsi: cxlflash: Read host AFU configuration (). - scsi: cxlflash: Read host function configuration (). - scsi: cxlflash: Register for translation errors (). - scsi: cxlflash: Remove commmands from pending list on timeout (). - scsi: cxlflash: Remove embedded CXL work structures (). - scsi: cxlflash: Setup AFU acTag range (). - scsi: cxlflash: Setup AFU PASID (). - scsi: cxlflash: Setup function acTag range (). - scsi: cxlflash: Setup function OCXL link (). - scsi: cxlflash: Setup LISNs for master contexts (). - scsi: cxlflash: Setup LISNs for user contexts (). - scsi: cxlflash: Setup OCXL transaction layer (). - scsi: cxlflash: Staging to support future accelerators (). - scsi: cxlflash: Support adapter context discovery (). - scsi: cxlflash: Support adapter context mmap and release (). - scsi: cxlflash: Support adapter context polling (). - scsi: cxlflash: Support adapter context reading (). - scsi: cxlflash: Support adapter file descriptors for OCXL (). - scsi: cxlflash: Support AFU interrupt management (). - scsi: cxlflash: Support AFU interrupt mapping and registration (). - scsi: cxlflash: Support AFU reset (). - scsi: cxlflash: Support AFU state toggling (). - scsi: cxlflash: Support file descriptor mapping (). - scsi: cxlflash: Support image reload policy modification (). - scsi: cxlflash: Support process element lifecycle (). - scsi: cxlflash: Support process specific mappings (). - scsi: cxlflash: Support reading adapter VPD data (). - scsi: cxlflash: Support starting an adapter context (). - scsi: cxlflash: Support starting user contexts (). - scsi: cxlflash: Synchronize reset and remove ops (). - scsi: cxlflash: Use IDR to manage adapter contexts (). - scsi: cxlflash: Use local mutex for AFU serialization (). - scsi: cxlflash: Yield to active send threads (). - scsi: mpt3sas: Add an I/O barrier (bsc#1086906,). - scsi: mpt3sas: Added support for SAS Device Discovery Error Event (bsc#1086906,). - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1086906,). - scsi: mpt3sas: Allow processing of events during driver unload (bsc#1086906,). - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (bsc#1086906,). - scsi: mpt3sas: Bug fix for big endian systems (bsc#1086906,). - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1086906,). - scsi: mpt3sas: clarify mmio pointer types (bsc#1086906,). - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize (bsc#1086906,). - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing Async Broadcast primitive event (bsc#1086906,). - scsi: mpt3sas: Do not access the structure after decrementing it's instance reference count (bsc#1086906,). - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1086906,). - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1086906,). - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal commands during controller reset (bsc#1086906,). - scsi: mpt3sas: fix possible memory leak (bsc#1086906,). - scsi: mpt3sas: fix spelling mistake: "disbale" -> "disable" (bsc#1086906,). - scsi: mpt3sas: For NVME device, issue a protocol level reset (bsc#1086906,). - scsi: mpt3sas: Incorrect command status was set/marked as not used (bsc#1086906,). - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's (bsc#1086906,). - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address (bsc#1086906,). - scsi: mpt3sas: Introduce Base function for cloning (bsc#1086906,). - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1086906,). - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1086906,). - scsi: mpt3sas: Lockless access for chain buffers (bsc#1086906,). - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1086906,). - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1086906,). - scsi: mpt3sas: Replace PCI pool old API (bsc#1081917). - Refresh patches.drivers/scsi-mpt3sas-SGL-to-PRP-Translation-for-I-Os-to-NVMe.patch. - scsi: mpt3sas: Report Firmware Package Version from HBA Driver (bsc#1086906,). - scsi: mpt3sas: Update driver version "25.100.00.00" (bsc#1086906,). - scsi: mpt3sas: Update driver version "26.100.00.00" (bsc#1086906,). - scsi: mpt3sas: Update MPI Headers (bsc#1086906,). - scsi: qedf: Add additional checks when restarting an rport due to ABTS timeout (bsc#1086317). - scsi: qedf: Add check for offload before flushing I/Os for target (bsc#1086317). - scsi: qedf: Add dcbx_not_wait module parameter so we won't wait for DCBX convergence to start discovery (bsc#1086317). - scsi: qedf: Add missing skb frees in error path (bsc#1086317). - scsi: qedf: Add more defensive checks for concurrent error conditions (bsc#1086317). - scsi: qedf: Add task id to kref_get_unless_zero() debug messages when flushing requests (bsc#1086317). - scsi: qedf: Check if link is already up when receiving a link up event from qed (bsc#1086317). - scsi: qedf: fix LTO-enabled build (bsc#1086317). - scsi: qedf: Fix VLAN display when printing sent FIP frames (bsc#1086317). - scsi: qedf: Honor default_prio module parameter even if DCBX does not converge (bsc#1086317). - scsi: qedf: Honor priority from DCBX FCoE App tag (bsc#1086317). - scsi: qedf: If qed fails to enable MSI-X fail PCI probe (bsc#1086317). - scsi: qedf: Improve firmware debug dump handling (bsc#1086317). - scsi: qedf: Increase the number of default FIP VLAN request retries to 60 (bsc#1086317). - scsi: qedf: Release RRQ reference correctly when RRQ command times out (bsc#1086317). - scsi: qedf: remove redundant initialization of 'fcport' (bsc#1086317). - scsi: qedf: Remove setting DCBX pending during soft context reset (bsc#1086317). - scsi: qedf: Return request as DID_NO_CONNECT if MSI-X is not enabled (bsc#1086317). - scsi: qedf: Sanity check FCoE/FIP priority value to make sure it's between 0 and 7 (bsc#1086317). - scsi: qedf: Send the driver state to MFW (bsc#1086317). - scsi: qedf: Set the UNLOADING flag when removing a vport (bsc#1086317). - scsi: qedf: Synchronize rport restarts when multiple ELS commands time out (bsc#1086317). - scsi: qedf: Update copyright for 2018 (bsc#1086317). - scsi: qedf: Update version number to 8.33.16.20 (bsc#1086317). - scsi: qedf: use correct strncpy() size (bsc#1086317). - scsi: qedi: fix building with LTO (bsc#1086315). - scsi: qedi: fix build regression (bsc#1086315). - scsi: qedi: Fix kernel crash during port toggle (bsc#1086315). - scsi: qedi: Send driver state to MFW (bsc#1086315). - scsi: qla2xxx: Add longer window for chip reset (bsc#1086327,). - scsi: qla2xxx: Cleanup for N2N code (bsc#1086327,). - scsi: qla2xxx: correctly shift host byte (bsc#1086327,). - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1086327,). - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1086327,). - scsi: qla2xxx: Fix Inquiry command being dropped in Target mode (bsc#1086327,). - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1086327,). - scsi: qla2xxx: Fix issue reported by static checker for qla2x00_els_dcmd2_sp_done() (bsc#1086327,). - scsi: qla2xxx: Fix login retry count (bsc#1086327,). - scsi: qla2xxx: Fix Management Server NPort handle reservation logic (bsc#1086327,). - scsi: qla2xxx: Fix N2N link re-connect (bsc#1086327,). - scsi: qla2xxx: Fix race between switch cmd completion and timeout (bsc#1086327,). - scsi: qla2xxx: Fix race condition between iocb timeout and initialisation (bsc#1086327,). - scsi: qla2xxx: Fix redundant fc_rport registration (bsc#1086327,). - scsi: qla2xxx: Fix Rport and session state getting out of sync (bsc#1086327,). - scsi: qla2xxx: Fix sending ADISC command for login (bsc#1086327,). - scsi: qla2xxx: Fix session state stuck in Get Port DB (bsc#1086327,). - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails (bsc#1086327,). - scsi: qla2xxx: Fix stalled relogin (bsc#1086327,). - scsi: qla2xxx: Fix TMF and Multi-Queue config (bsc#1086327,). - scsi: qla2xxx: Fix unintended Logout (bsc#1086327,). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1086327,). - scsi: qla2xxx: Migrate NVME N2N handling into state machine (bsc#1086327,). - scsi: qla2xxx: Move GPSC and GFPNID out of session management (bsc#1086327,). - scsi: qla2xxx: Prevent relogin loop by removing stale code (bsc#1086327,). - scsi: qla2xxx: Prevent sysfs access when chip is down (bsc#1086327,). - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (bsc#1086327,). - scsi: qla2xxx: remove irq save in qla2x00_poll() (bsc#1086327,). - scsi: qla2xxx: Remove stale debug value for login_retry flag (bsc#1086327,). - scsi: qla2xxx: Save frame payload size from ICB (bsc#1086327,). - scsi: qla2xxx: Silent erroneous message (bsc#1086327,). - scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1086327,). - scsi: qla2xxx: Update driver version to 10.00.00.07-k (bsc#1086327,). - scsi: qla2xxx: Update driver version to 10.00.00.08-k (bsc#1086327,). - scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function (bsc#1086327,). - scsi: qla4xxx: Move an array from a .h into a .c file (bsc#1086331). - scsi: qla4xxx: Remove unused symbols (bsc#1086331). - scsi: qla4xxx: skip error recovery in case of register disconnect (bsc#1086331). - scsi: qla4xxx: Use dma_pool_zalloc() (bsc#1086331). - scsi: qla4xxx: Use zeroing allocator rather than allocator/memset (bsc#1086331). - security: check for kstrdup() failure in lsm_append() (bsc#1051510). - selftests/powerpc: Fix core-pkey for default execute permission change (bsc#1097577). - selftests/powerpc: Fix ptrace-pkey for default execute permission change (bsc#1097577). - serial: 8250: Do not service RX FIFO if interrupts are disabled (bsc#1051510). - serial: 8250_dw: Add ACPI support for uart on Broadcom SoC (bsc#1051510). - serial: 8250_dw: always set baud rate in dw8250_set_termios (bsc#1051510). - serial: core: mark port as initialized after successful IRQ change (bsc#1051510). - serial: pxa: Fix an error handling path in 'serial_pxa_probe()' (bsc#1051510). - serial: sh-sci: Stop RX FIFO timer during port shutdown (bsc#1051510). - serial: xuartps: fix typo in cdns_uart_startup (bsc#1051510). - spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe (bsc#1051510). - staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout (bsc#1051510). - staging: bcm2835-camera: handle wait_for_completion_timeout return properly (bsc#1051510). - staging: rts5208: fix missing error check on call to rtsx_write_register (bsc#1051510). - stmmac: fix DMA channel hang in half-duplex mode (networking-stable-18_07_19). - strparser: Remove early eaten to fix full tcp receive buffer stall (networking-stable-18_07_19). - supported.conf - supported.conf: added hns3 modules - supported.conf: added hns-roce-hw-v1 and hns-roce-hw-v2 - supported.conf: Enable HiSi v3 SAS adapter () - TCM_RBD depends on BLK_DEV_RBD (). - tcp: do not cancel delay-AcK on DCTCP special ACK (netfilter-stable-18_07_27). - tcp: do not delay ACK in DCTCP upon CE status change (netfilter-stable-18_07_27). - tcp: fix dctcp delayed ACK schedule (netfilter-stable-18_07_27). - tcp: fix Fast Open key endianness (networking-stable-18_07_19). - tcp: helpers to send special DCTCP ack (netfilter-stable-18_07_27). - tcp: prevent bogus FRTO undos with non-SACK flows (networking-stable-18_07_19). - tg3: Add higher cpu clock for 5762 (netfilter-stable-18_07_23). - tty: fix termios input-speed encoding (bsc#1051510). - tty: fix termios input-speed encoding when using BOTHER (bsc#1051510). - tty: serial: 8250: Revert NXP SC16C2552 workaround (bsc#1051510). - typec: tcpm: fusb302: Resolve out of order messaging events (bsc#1087092). - uio: potential double frees if __uio_register_device() fails (bsc#1051510). - uprobes: Use synchronize_rcu() not synchronize_sched() (bsc#1051510). - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() (bsc#1051510). - usb: cdc-wdm: do not enable interrupts in USB-giveback (bsc#1051510). - usb: dwc3: change stream event enable bit back to 13 (bsc#1051510). - usb: option: add support for DW5821e (bsc#1051510). - usb: serial: kobil_sct: fix modem-status error handling (bsc#1051510). - usb: serial: pl2303: add a new device id for ATEN (bsc#1051510). - usb: serial: sierra: fix potential deadlock at close (bsc#1051510). - vhost_net: validate sock before trying to put its fd (networking-stable-18_07_19). - vmci: type promotion bug in qp_host_get_user_memory() (bsc#1105355). - vmw_balloon: do not use 2MB without batching (bsc#1051510). - vmw_balloon: fix inflation of 64-bit GFNs (bsc#1051510). - vmw_balloon: fix VMCI use when balloon built into kernel (bsc#1051510). - vmw_balloon: remove inflation rate limiting (bsc#1051510). - vmw_balloon: VMCI_DOORBELL_SET does not check status (bsc#1051510). - vsock: fix loopback on big-endian systems (networking-stable-18_07_19). - vxlan: add new fdb alloc and create helpers (netfilter-stable-18_07_27). - vxlan: fix default fdb entry netlink notify ordering during netdev create (netfilter-stable-18_07_27). - vxlan: make netlink notify in vxlan_fdb_destroy optional (netfilter-stable-18_07_27). - wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc (bsc#1051510). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/mm/tlb: Always use lazy TLB mode (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Leave lazy TLB mode at page table free time (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Make lazy TLB mode lazier (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Only send page table free TLB flush to lazy TLB CPUs (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Restructure switch_mm_irqs_off() (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Skip atomic operations for 'init_mm' in switch_mm_irqs_off() (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (bnc#1065600). - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths (bnc#1065600). - x86/xen: init %gs very early to avoid page faults with stack protector (bnc#1104777). - xen-netback: fix input validation in xenvif_set_hash_mapping() (bnc#1103277). - xen/netfront: do not cache skb_shinfo() (bnc#1065600). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xhci: Fix perceived dead host due to runtime suspend race with event handler (bsc#1051510). - zram: fix null dereference of handle (bsc#1105355). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-1776=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-25.16.1 kernel-default-debugsource-4.12.14-25.16.1 kernel-default-livepatch-4.12.14-25.16.1 kernel-livepatch-4_12_14-25_16-default-1-1.3.1 kernel-livepatch-4_12_14-25_16-default-debuginfo-1-1.3.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-9363.html https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1046307 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1081917 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1086288 https://bugzilla.suse.com/1086315 https://bugzilla.suse.com/1086317 https://bugzilla.suse.com/1086327 https://bugzilla.suse.com/1086331 https://bugzilla.suse.com/1086906 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1097104 https://bugzilla.suse.com/1097577 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1097808 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1101480 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1101822 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1102715 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1103277 https://bugzilla.suse.com/1103363 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1103886 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104365 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104482 https://bugzilla.suse.com/1104494 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1104683 https://bugzilla.suse.com/1104708 https://bugzilla.suse.com/1104777 https://bugzilla.suse.com/1104890 https://bugzilla.suse.com/1104897 https://bugzilla.suse.com/1105292 https://bugzilla.suse.com/1105296 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105355 https://bugzilla.suse.com/1105378 https://bugzilla.suse.com/1105396 https://bugzilla.suse.com/1105467 https://bugzilla.suse.com/1105731 https://bugzilla.suse.com/802154 https://bugzilla.suse.com/971975 From sle-security-updates at lists.suse.com Tue Aug 28 10:19:15 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Aug 2018 18:19:15 +0200 (CEST) Subject: SUSE-SU-2018:2539-1: important: Security update for the Linux Kernel Message-ID: <20180828161915.2930BFD4A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2539-1 Rating: important References: #1046305 #1046306 #1046307 #1051510 #1065600 #1081917 #1083647 #1086288 #1086315 #1086317 #1086327 #1086331 #1086906 #1087092 #1090888 #1097104 #1097577 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1097808 #1100132 #1101480 #1101669 #1101822 #1102517 #1102715 #1103269 #1103277 #1103363 #1103445 #1103886 #1104353 #1104365 #1104427 #1104482 #1104494 #1104495 #1104683 #1104708 #1104777 #1104890 #1104897 #1105292 #1105296 #1105322 #1105355 #1105378 #1105396 #1105467 #1105731 #802154 #971975 Cross-References: CVE-2018-10853 CVE-2018-10902 CVE-2018-15572 CVE-2018-9363 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 52 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322). - CVE-2018-9363: A buffer overflow in bluetooth HID report processing could be used by malicious bluetooth devices to crash the kernel or potentially execute code (bnc#1105292). - CVE-2018-10853: A KVM guest userspace to guest kernel write was fixed, which could be used by guest users to crash the guest kernel (bnc#1097104). The following non-security bugs were fixed: - acpi / apei: Remove ghes_ioremap_area (bsc#1051510). - acpi / pci: Bail early in acpi_pci_add_bus() if there is no ACPI handle (bsc#1051510). - acpi / pm: save NVS memory for ASUS 1025C laptop (bsc#1051510). - affs_lookup(): close a race with affs_remove_link() (bsc#1105355). - alsa: cs5535audio: Fix invalid endian conversion (bsc#1051510). - alsa: hda: Correct Asrock B85M-ITX power_save blacklist entry (bsc#1051510). - alsa: hda - Sleep for 10ms after entering D3 on Conexant codecs (bsc#1051510). - alsa: hda - Turn CX8200 into D3 as well upon reboot (bsc#1051510). - alsa: memalloc: Do not exceed over the requested size (bsc#1051510). - alsa: snd-aoa: add of_node_put() in error path (bsc#1051510). - alsa: virmidi: Fix too long output trigger loop (bsc#1051510). - alsa: vx222: Fix invalid endian conversions (bsc#1051510). - alsa: vxpocket: Fix invalid endian conversions (bsc#1051510). - arm64: enable thunderx gpio driver - arm/asm/tlb.h: Fix build error implicit func declaration (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - asoc: dpcm: do not merge format from invalid codec dai (bsc#1051510). - asoc: es7134: remove 64kHz rate from the supported rates (bsc#1051510). - asoc: Intel: cht_bsw_max98090: remove useless code, align with ChromeOS driver (bsc#1051510). - asoc: Intel: cht_bsw_max98090_ti: Fix jack initialization (bsc#1051510). - asoc: msm8916-wcd-digital: fix RX2 MIX1 and RX3 MIX1 (bsc#1051510). - asoc: rsnd: cmd: Add missing newline to debug message (bsc#1051510). - asoc: sirf: Fix potential NULL pointer dereference (bsc#1051510). - asoc: zte: Fix incorrect PCM format bit usages (bsc#1051510). - ata: Fix ZBC_OUT all bit handling (bsc#1051510). - ata: Fix ZBC_OUT command block check (bsc#1051510). - ath10k: prevent active scans on potential unusable channels (bsc#1051510). - atm: horizon: Fix irq release error (bsc#1105355). - atm: Preserve value of skb->truesize when accounting to vcc (networking-stable-18_07_19). - atm: zatm: fix memcmp casting (bsc#1105355). - atm: zatm: Fix potential Spectre v1 (networking-stable-18_07_19). - audit: allow not equal op for audit by executable (bsc#1051510). - audit: Fix extended comparison of GID/EGID (bsc#1051510). - be2net: gather debug info and reset adapter (only for Lancer) on a tx-timeout (bsc#1086288). - be2net: Update the driver version to 12.0.0.0 (bsc#1086288 ). - binfmt_elf: Respect error return from `regset->active' (bsc#1051510). - bluetooth: avoid killing an already killed socket (bsc#1051510). - bluetooth: hidp: buffer overflow in hidp_process_report (bsc#1051510). - bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd (bsc#1083647). - brcmsmac: fix wrap around in conversion from constant to s16 (bsc#1051510). - clk: core: Potentially free connection id (bsc#1051510). - clk: imx6ul: fix missing of_node_put() (bsc#1051510). - clk: meson: gxbb: remove HHI_GEN_CLK_CTNL duplicate definition (bsc#1051510). - clk: mvebu: armada-38x: add support for 1866MHz variants (bsc#1105355). - clk: mvebu: armada-38x: add support for missing clocks (bsc#1105355). - clk: rockchip: fix clk_i2sout parent selection bits on rk3399 (bsc#1051510). - coresight: tpiu: Fix disabling timeouts (bsc#1051510). - cpufreq: CPPC: Do not set transition_latency (bsc#1101480). - cpufreq / CPPC: Set platform specific transition_delay_us (bsc#1101480). - cpufreq: CPPC: Use transition_delay_us depending transition_latency (bsc#1101480). - cpufreq: remove setting of policy->cpu in policy->cpus during init (bsc#1101480). - crypto: ablkcipher - fix crash flushing dcache in error path (bsc#1051510). - crypto: blkcipher - fix crash flushing dcache in error path (bsc#1051510). - crypto: ccp - Check for NULL PSP pointer at module unload (bsc#1051510). - crypto: ccp - Fix command completion detection race (bsc#1051510). - crypto: skcipher - fix aligning block size in skcipher_copy_iv() (bsc#1051510). - crypto: skcipher - fix crash flushing dcache in error path (bsc#1051510). - crypto: vmac - require a block cipher with 128-bit block size (bsc#1051510). - crypto: vmac - separate tfm and request context (bsc#1051510). - crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() (bsc#1051510). - cxgb4: Fix the condition to check if the card is T5 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - devicectree: bindings: fix location of leds common file (bsc#1051510). - dma-buf: remove redundant initialization of sg_table (bsc#1051510). - dmaengine: hsu: Support dmaengine_terminate_sync() (bsc#1051510). - dmaengine: idma64: Support dmaengine_terminate_sync() (bsc#1051510). - dmaengine: mv_xor_v2: kill the tasklets upon exit (bsc#1051510). - docs: zh_CN: fix location of oops-tracing.txt (bsc#1051510). - documentation: ip-sysctl.txt: document addr_gen_mode (bsc#1051510). - driver core: add __printf verification to __ata_ehi_pushv_desc (bsc#1051510). - drivers: hv: vmbus: do not mark HV_PCIE as perf_device (bsc#1051510). - drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() (bsc#1051510). - drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up (bsc#1101822). - drm/fb-helper: Fix typo on kerneldoc (bsc#1051510). - drm/i915/aml: Introducing Amber Lake platform (). - drm/i915/cfl: Add a new CFL PCI ID (). - drm/i915/gvt: Off by one in intel_vgpu_write_fence() (bsc#1051510). - drm/i915: Nuke the LVDS lid notifier (bsc#1051510). - drm/i915: Only show debug for state changes when banning (bsc#1051510). - drm/i915: Restore user forcewake domains across suspend (bsc#1100132). - drm/i915: Unmask user interrupts writes into HWSP on snb/ivb/vlv/hsw (bsc#1051510). - drm/i915/whl: Introducing Whiskey Lake platform (). - drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bsc#1051510). - drm/rockchip: lvds: add missing of_node_put (bsc#1051510). - edac: Add missing MEM_LRDDR4 entry in edac_mem_types[] (bsc#1103886). - edac, altera: Fix ARM64 build warning (bsc#1051510). - edac: Drop duplicated array of strings for memory type names (bsc#1103886). - edac: Fix memleak in module init error path (bsc#1051510). - edac, i7core: Fix memleaks and use-after-free on probe and remove (bsc#1051510). - edac, mv64x60: Fix an error handling path (bsc#1051510). - edac, octeon: Fix an uninitialized variable warning (bsc#1051510). - edac, sb_edac: Fix missing break in switch (bsc#1051510). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ext4: fix inline data updates with checksums enabled (bsc#1104494). - extcon: Release locking when sending the notification of connector state (bsc#1051510). - Fix kABI breakage with libertas dev field addition (bsc#1051510). - Fix kABI breakage with removing field addition to power_supply (bsc#1051510). - geneve: update skb dst pmtu on tx path (bsc#1051510). - genirq: Add handle_fasteoi_{level,edge}_irq flow handlers (bsc#1105378). - genirq: Export more irq_chip_*_parent() functions (bsc#1105378). - genirq: Fix editing error in a comment (bsc#1051510). - genirq: Make force irq threading setup more robust (bsc#1051510). - gen_stats: Fix netlink stats dumping in the presence of padding (netfilter-stable-18_07_23). - gpio: Add gpio driver support for ThunderX and OCTEON-TX (bsc#1105378). - gpio: Fix wrong rounding in gpio-menz127 (bsc#1051510). - gpio: thunderx: fix error return code in thunderx_gpio_probe() (bsc#1105378). - gpio: thunderx: remove unused .map() hook from irq_domain_ops (bsc#1105378). - gtp: Initialize 64-bit per-cpu stats correctly (bsc#1051510). - hns3: fix unused function warning (bsc#1104353). - hns3pf: do not check handle during mqprio offload (bsc#1104353 ). - hns3pf: fix hns3_del_tunnel_port() (bsc#1104353). - hns3pf: Fix some harmless copy and paste bugs (bsc#1104353 ). - hotplug/cpu: Add operation queuing function (). - hotplug/cpu: Conditionally acquire/release DRC index (). - hotplug/cpu: Provide CPU readd operation (). - hv_netvsc: Fix napi reschedule while receive completion is busy (). - hwmon: (asus_atk0110) Replace deprecated device register call (bsc#1103363). - i2c: imx: Fix reinit_completion() use (bsc#1051510). - ib/hns: Annotate iomem pointers correctly (bsc#1104427 ). - ib/hns: Avoid compile test under non 64bit environments (bsc#1104427). - ib/hns: Declare local functions 'static' (bsc#1104427 ). - ib/hns: fix boolreturn.cocci warnings (bsc#1104427). - ib/hns: Fix for checkpatch.pl comment style warnings (bsc#1104427). - ib/hns: fix memory leak on ah on error return path (bsc#1104427 ). - ib/hns: fix returnvar.cocci warnings (bsc#1104427). - ib/hns: fix semicolon.cocci warnings (bsc#1104427). - ib/hns: Fix the bug of polling cq failed for loopback Qps (bsc#1104427). - ib/hns: Fix the bug with modifying the MAC address without removing the driver (bsc#1104427). - ib/hns: Fix the bug with rdma operation (bsc#1104427 ). - ib/hns: Fix the bug with wild pointer when destroy rc qp (bsc#1104427). - ib/hns: include linux/interrupt.h (bsc#1104427). - ib/hns: Support compile test for hns RoCE driver (bsc#1104427 ). - ib/hns: Use zeroing memory allocator instead of allocator/memset (bsc#1104427). - ib/IPoIB: Set ah valid flag in multicast send flow (bsc#1046307 ). - ib/mlx5: fix uaccess beyond "count" in debugfs read/write handlers (bsc#1046305). - ieee802154: ca8210: fix uninitialised data read (bsc#1051510). - ieee802154: fix gcc-4.9 warnings (bsc#1051510). - ieee802154: mrf24j40: fix incorrect mask in mrf24j40_stop (bsc#1051510). - iio: 104-quad-8: Fix off-by-one error in register selection (bsc#1051510). - iio: ad9523: Fix displayed phase (bsc#1051510). - iio: ad9523: Fix return value for ad952x_store() (bsc#1051510). - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct (bsc#1051510). - iio: adc: sun4i-gpadc: select REGMAP_IRQ (bsc#1051510). - iio: sca3000: Fix an error handling path in 'sca3000_probe()' (bsc#1051510). - iio: sca3000: Fix missing return in switch (bsc#1051510). - ima: based on policy verify firmware signatures (pre-allocated buffer) (bsc#1051510). - include/rdma/opa_addr.h: Fix an endianness issue (bsc#1046306 ). - init: rename and re-order boot_cpu_state_init() (bsc#1104365). - ip: hash fragments consistently (netfilter-stable-18_07_27). - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull (netfilter-stable-18_07_27). - ipv4: Return EINVAL when ping_group_range sysctl does not map to user ns (netfilter-stable-18_07_23). - ipv6: fix useless rol32 call on hash (netfilter-stable-18_07_23). - ipv6: ila: select CONFIG_DST_CACHE (netfilter-stable-18_07_23). - ipv6: make DAD fail with enhanced DAD when nonce length differs (netfilter-stable-18_07_23). - ipv6: sr: fix passing wrong flags to crypto_alloc_shash() (networking-stable-18_07_19). - ipvlan: fix IFLA_MTU ignored on NEWLINK (networking-stable-18_07_19). - irqdomain: Add irq_domain_{push,pop}_irq() functions (bsc#1105378). - irqdomain: Check for NULL function pointer in irq_domain_free_irqs_hierarchy() (bsc#1105378). - irqdomain: Factor out code to add and remove items to and from the revmap (bsc#1105378). - irqdomain: Prevent potential NULL pointer dereference in irq_domain_push_irq() (bsc#1105378). - irqdomain: Update the comments of fwnode field of irq_domain structure (bsc#1051510). - isdn: Disable IIOCDBGVAR (bsc#1051510). - iwlwifi: pcie: do not access periphery registers when not available (bsc#1051510). - kABI: protect eswitch.h include (kabi). - kABI: protect struct nf_conn (kabi). - kABI: reexport tcp_send_ack (kabi). - kabi/severities: add qeth inter-module symbols to ignore list. - kabi/severities: Allow kABI changes for kvm/x86 (except for kvm_x86_ops) - kabi/severities: ignore qla2xxx as all symbols are internal - kthread, tracing: Do not expose half-written comm when creating kthreads (bsc#1104897). - leds: max8997: use mode when calling max8997_led_set_mode (bsc#1051510). - libata: Fix command retry decision (bsc#1051510). - libata: Fix compile warning with ATA_DEBUG enabled (bsc#1051510). - libertas: fix suspend and resume for SDIO connected cards (bsc#1051510). - libnvdimm: fix ars_status output length calculation (bsc#1104890). - lib/rhashtable: consider param->min_size when setting initial table size (bsc#1051510). - lib/vsprintf: Remove atomic-unsafe support for %pCr (bsc#1051510). - mailbox: xgene-slimpro: Fix potential NULL pointer dereference (bsc#1051510). - MAINTAINERS: fix location of ina2xx.txt device tree file (bsc#1051510). - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() (bsc#1051510). - media: mem2mem: Remove excessive try_run call (bsc#1051510). - media: omap3isp: fix unbalanced dma_iommu_mapping (bsc#1051510). - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data (bsc#1051510). - media: rc: oops in ir_timer_keyup after device unplug (bsc#1090888). - media: rtl28xxu: be sure that it won't go past the array size (bsc#1051510). - media: tw686x: Fix oops on buffer alloc failure (bsc#1051510). - media: v4l2-mem2mem: Fix missing v4l2_m2m_try_run call (bsc#1051510). - media: videobuf2-core: do not call memop 'finish' when queueing (bsc#1051510). - mfd: arizona: Do not use regmap_read_poll_timeout (bsc#1051510). - mfd: sm501: Set coherent_dma_mask when creating subdevices (bsc#1051510). - mmc: tegra: prevent HS200 on Tegra 3 (bsc#1051510). - mm, page_alloc: double zone's batchsize (bnc#971975 VM performance -- page allocator). - Move the previous hv netvsc fix to the sorted section (bsc#1104708) Patch tags update, too - net: bcmgenet: correct bad merge (bsc#1051510). - net: bcmgenet: enable loopback during UniMAC sw_reset (bsc#1051510). - net: bcmgenet: Fix sparse warnings in bcmgenet_put_tx_csum() (bsc#1051510). - net: bcmgenet: Fix unmapping of fragments in bcmgenet_xmit() (bsc#1051510). - net: bcmgenet: prevent duplicate calls of bcmgenet_dma_teardown (bsc#1051510). - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() (networking-stable-18_07_19). - net: dccp: switch rx_tstamp_last_feedback to monotonic clock (networking-stable-18_07_19). - net: diag: Do not double-free TCP_NEW_SYN_RECV sockets in tcp_abort (netfilter-stable-18_07_23). - netfilter: do not set F_IFACE on ipv6 fib lookups (netfilter-stable-18_06_25). - netfilter: ip6t_rpfilter: provide input interface for route lookup (netfilter-stable-18_06_25). - netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable" (netfilter-stable-17_11_16). - netfilter: nf_tables: add missing netlink attrs to policies (netfilter-stable-18_06_27). - netfilter: nf_tables: do not assume chain stats are set when jumplabel is set (netfilter-stable-18_06_27). - netfilter: nf_tables: fix memory leak on error exit return (netfilter-stable-18_06_27). - netfilter: nf_tables: nft_compat: fix refcount leak on xt module (netfilter-stable-18_06_27). - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() (netfilter-stable-18_06_25). - netfilter: nft_compat: fix handling of large matchinfo size (netfilter-stable-18_06_27). - netfilter: nft_compat: prepare for indirect info storage (netfilter-stable-18_06_27). - netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval (netfilter-stable-18_06_27). - net: fix use-after-free in GRO with ESP (networking-stable-18_07_19). - net: hns3: Add a check for client instance init state (bsc#1104353). - net: hns3: add a mask initialization for mac_vlan table (bsc#1104353). - net: hns3: Add *Asserting Reset* mailbox message & handling in VF (bsc#1104353). - net: hns3: add Asym Pause support to phy default features (bsc#1104353). - net: hns3: Add dcb netlink interface for the support of DCB feature (bsc#1104353). - net: hns3: Add DCB support when interacting with network stack (bsc#1104353). - net: hns3: Add ethtool interface for vlan filter (bsc#1104353 ). - net: hns3: add ethtool_ops.get_channels support for VF (bsc#1104353). - net: hns3: add ethtool_ops.get_coalesce support to PF (bsc#1104353). - net: hns3: add ethtool_ops.set_coalesce support to PF (bsc#1104353). - net: hns3: add ethtool -p support for fiber port (bsc#1104353 ). - net: hns3: add ethtool related offload command (bsc#1104353 ). - net: hns3: Add Ethtool support to HNS3 driver (bsc#1104353 ). - net: hns3: add existence checking before adding unicast mac address (bsc#1104353). - net: hns3: add existence check when remove old uc mac address (bsc#1104353). - net: hns3: add feature check when feature changed (bsc#1104353 ). - net: hns3: add get_link support to VF (bsc#1104353). - net: hns3: add get/set_coalesce support to VF (bsc#1104353 ). - net: hns3: add handling vlan tag offload in bd (bsc#1104353 ). - net: hns3: Add hclge_dcb module for the support of DCB feature (bsc#1104353). - net: hns3: Add HNS3 Acceleration Engine & Compatibility Layer Support (bsc#1104353). - net: hns3: Add HNS3 driver to kernel build framework & MAINTAINERS (bsc#1104353). - net: hns3: Add hns3_get_handle macro in hns3 driver (bsc#1104353 ). - net: hns3: Add HNS3 IMP(Integrated Mgmt Proc) Cmd Interface Support (bsc#1104353). - net: hns3: Add HNS3 VF driver to kernel build framework (bsc#1104353). - net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support (bsc#1104353). - net: hns3: Add HNS3 VF IMP(Integrated Management Proc) cmd interface (bsc#1104353). - net: hns3: add int_gl_idx setup for TX and RX queues (bsc#1104353). - net: hns3: add int_gl_idx setup for VF (bsc#1104353 ). - net: hns3: Add mac loopback selftest support in hns3 driver (bsc#1104353). - net: hns3: Add mailbox interrupt handling to PF driver (bsc#1104353). - net: hns3: Add mailbox support to PF driver (bsc#1104353 ). - net: hns3: Add mailbox support to VF driver (bsc#1104353 ). - net: hns3: add manager table initialization for hardware (bsc#1104353). - net: hns3: Add MDIO support to HNS3 Ethernet driver for hip08 SoC (bsc#1104353). - net: hns3: Add missing break in misc_irq_handle (bsc#1104353 ). - net: hns3: Add more packet size statisctics (bsc#1104353 ). - net: hns3: add MTU initialization for hardware (bsc#1104353 ). - net: hns3: add net status led support for fiber port (bsc#1104353). - net: hns3: add nic_client check when initialize roce base information (bsc#1104353). - net: hns3: add querying speed and duplex support to VF (bsc#1104353). - net: hns3: Add repeat address checking for setting mac address (bsc#1104353). - net: hns3: Add reset interface implementation in client (bsc#1104353). - net: hns3: Add reset process in hclge_main (bsc#1104353 ). - net: hns3: Add reset service task for handling reset requests (bsc#1104353). - net: hns3: add result checking for VF when modify unicast mac address (bsc#1104353). - net: hns3: Add some interface for the support of DCB feature (bsc#1104353). - net: hns3: Adds support for led locate command for copper port (bsc#1104353). - net: hns3: Add STRP_TAGP field support for hardware revision 0x21 (bsc#1104353). - net: hns3: Add support for dynamically buffer reallocation (bsc#1104353). - net: hns3: add support for ETHTOOL_GRXFH (bsc#1104353 ). - net: hns3: add support for get_regs (bsc#1104353). - net: hns3: Add support for IFF_ALLMULTI flag (bsc#1104353 ). - net: hns3: Add support for misc interrupt (bsc#1104353 ). - net: hns3: add support for nway_reset (bsc#1104353). - net: hns3: Add support for PFC setting in TM module (bsc#1104353 ). - net: hns3: Add support for port shaper setting in TM module (bsc#1104353). - net: hns3: add support for querying advertised pause frame by ethtool ethx (bsc#1104353). - net: hns3: add support for querying pfc puase packets statistic (bsc#1104353). - net: hns3: add support for set_link_ksettings (bsc#1104353 ). - net: hns3: add support for set_pauseparam (bsc#1104353 ). - net: hns3: add support for set_ringparam (bsc#1104353 ). - net: hns3: add support for set_rxnfc (bsc#1104353). - net: hns3: Add support for tx_accept_tag2 and tx_accept_untag2 config (bsc#1104353). - net: hns3: add support for VF driver inner interface hclgevf_ops.get_tqps_and_rss_info (bsc#1104353). - net: hns3: Add support of hardware rx-vlan-offload to HNS3 VF driver (bsc#1104353). - net: hns3: Add support of HNS3 Ethernet Driver for hip08 SoC (bsc#1104353). - net: hns3: Add support of .sriov_configure in HNS3 driver (bsc#1104353). - net: hns3: Add support of the HNAE3 framework (bsc#1104353 ). - net: hns3: Add support of TX Scheduler & Shaper to HNS3 driver (bsc#1104353). - net: hns3: Add support to change MTU in HNS3 hardware (bsc#1104353). - net: hns3: Add support to enable TX/RX promisc mode for H/W rev(0x21) (bsc#1104353). - net: hns3: add support to modify tqps number (bsc#1104353 ). - net: hns3: add support to query tqps number (bsc#1104353 ). - net: hns3: Add support to re-initialize the hclge device (bsc#1104353). - net: hns3: Add support to request VF Reset to PF (bsc#1104353 ). - net: hns3: Add support to reset the enet/ring mgmt layer (bsc#1104353). - net: hns3: add support to update flow control settings after autoneg (bsc#1104353). - net: hns3: Add tc-based TM support for sriov enabled port (bsc#1104353). - net: hns3: Add timeout process in hns3_enet (bsc#1104353 ). - net: hns3: add unlikely for error check (bsc#1104353 ). - net: hns3: Add VF Reset device state and its handling (bsc#1104353). - net: hns3: Add VF Reset Service Task to support event handling (bsc#1104353). - net: hns3: add vlan offload config command (bsc#1104353 ). - net: hns3: change GL update rate (bsc#1104353). - net: hns3: Change PF to add ring-vect binding & resetQ to mailbox (bsc#1104353). - net: hns3: Change return type of hnae3_register_ae_algo (bsc#1104353). - net: hns3: Change return type of hnae3_register_ae_dev (bsc#1104353). - net: hns3: Change return value in hnae3_register_client (bsc#1104353). - net: hns3: Changes required in PF mailbox to support VF reset (bsc#1104353). - net: hns3: Changes to make enet watchdog timeout func common for PF/VF (bsc#1104353). - net: hns3: Changes to support ARQ(Asynchronous Receive Queue) (bsc#1104353). - net: hns3: change the returned tqp number by ethtool -x (bsc#1104353). - net: hns3: change the time interval of int_gl calculating (bsc#1104353). - net: hns3: change the unit of GL value macro (bsc#1104353 ). - net: hns3: change TM sched mode to TC-based mode when SRIOV enabled (bsc#1104353). - net: hns3: check for NULL function pointer in hns3_nic_set_features (bsc#1104353). - net: hns3: Cleanup for endian issue in hns3 driver (bsc#1104353 ). - net: hns3: Cleanup for non-static function in hns3 driver (bsc#1104353). - net: hns3: Cleanup for ROCE capability flag in ae_dev (bsc#1104353). - net: hns3: Cleanup for shifting true in hns3 driver (bsc#1104353 ). - net: hns3: Cleanup for struct that used to send cmd to firmware (bsc#1104353). - net: hns3: Cleanup indentation for Kconfig in the the hisilicon folder (bsc#1104353). - net: hns3: cleanup mac auto-negotiation state query (bsc#1104353 ). - net: hns3: cleanup mac auto-negotiation state query in hclge_update_speed_duplex (bsc#1104353). - net: hns3: cleanup of return values in hclge_init_client_instance() (bsc#1104353). - net: hns3: Clear TX/RX rings when stopping port & un-initializing client (bsc#1104353). - net: hns3: Consistently using GENMASK in hns3 driver (bsc#1104353). - net: hns3: converting spaces into tabs to avoid checkpatch.pl warning (bsc#1104353). - net: hns3: Disable VFs change rxvlan offload status (bsc#1104353 ). - net: hns3: Disable vf vlan filter when vf vlan table is full (bsc#1104353). - net: hns3: ensure media_type is unitialized (bsc#1104353 ). - net: hns3: export pci table of hclge and hclgevf to userspace (bsc#1104353). - net: hns3: fix a bug about hns3_clean_tx_ring (bsc#1104353 ). - net: hns3: fix a bug for phy supported feature initialization (bsc#1104353). - net: hns3: fix a bug in hclge_uninit_client_instance (bsc#1104353). - net: hns3: fix a bug in hns3_driv_to_eth_caps (bsc#1104353 ). - net: hns3: fix a bug when alloc new buffer (bsc#1104353 ). - net: hns3: fix a bug when getting phy address from NCL_config file (bsc#1104353). - net: hns3: fix a dead loop in hclge_cmd_csq_clean (bsc#1104353 ). - net: hns3: fix a handful of spelling mistakes (bsc#1104353 ). - net: hns3: Fix a loop index error of tqp statistics query (bsc#1104353). - net: hns3: Fix a misuse to devm_free_irq (bsc#1104353 ). - net: hns3: Fix an error handling path in 'hclge_rss_init_hw()' (bsc#1104353). - net: hns3: Fix an error macro definition of HNS3_TQP_STAT (bsc#1104353). - net: hns3: Fix an error of total drop packet statistics (bsc#1104353). - net: hns3: Fix a response data read error of tqp statistics query (bsc#1104353). - net: hns3: Fix comments for hclge_get_ring_chain_from_mbx (bsc#1104353). - net: hns3: Fix desc num set to default when setting channel (bsc#1104353). - net: hns3: fix endian issue when PF get mbx message flag (bsc#1104353). - net: hns3: fix error type definition of return value (bsc#1104353). - net: hns3: Fixes API to fetch ethernet header length with kernel default (bsc#1104353). - net: hns3: Fixes error reported by Kbuild and internal review (bsc#1104353). - net: hns3: Fixes initalization of RoCE handle and makes it conditional (bsc#1104353). - net: hns3: Fixes initialization of phy address from firmware (bsc#1104353). - net: hns3: Fixes kernel panic issue during rmmod hns3 driver (bsc#1104353). - net: hns3: Fixes ring-to-vector map-and-unmap command (bsc#1104353). - net: hns3: Fixes the back pressure setting when sriov is enabled (bsc#1104353). - net: hns3: Fixes the command used to unmap ring from vector (bsc#1104353). - net: hns3: Fixes the default VLAN-id of PF (bsc#1104353 ). - net: hns3: Fixes the error legs in hclge_init_ae_dev function (bsc#1104353). - net: hns3: Fixes the ether address copy with appropriate API (bsc#1104353). - net: hns3: Fixes the initialization of MAC address in hardware (bsc#1104353). - net: hns3: Fixes the init of the VALID BD info in the descriptor (bsc#1104353). - net: hns3: Fixes the missing PCI iounmap for various legs (bsc#1104353). - net: hns3: Fixes the missing u64_stats_fetch_begin_irq in 64-bit stats fetch (bsc#1104353). - net: hns3: Fixes the out of bounds access in hclge_map_tqp (bsc#1104353). - net: hns3: Fixes the premature exit of loop when matching clients (bsc#1104353). - net: hns3: fixes the ring index in hns3_fini_ring (bsc#1104353 ). - net: hns3: Fixes the state to indicate client-type initialization (bsc#1104353). - net: hns3: Fixes the static checker error warning in hns3_get_link_ksettings() (bsc#1104353). - net: hns3: Fixes the static check warning due to missing unsupp L3 proto check (bsc#1104353). - net: hns3: Fixes the wrong IS_ERR check on the returned phydev value (bsc#1104353). - net: hns3: fix for buffer overflow smatch warning (bsc#1104353 ). - net: hns3: fix for changing MTU (bsc#1104353). - net: hns3: fix for cleaning ring problem (bsc#1104353 ). - net: hns3: Fix for CMDQ and Misc. interrupt init order problem (bsc#1104353). - net: hns3: fix for coal configuation lost when setting the channel (bsc#1104353). - net: hns3: fix for coalesce configuration lost during reset (bsc#1104353). - net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero (bsc#1104353). - net: hns3: Fix for deadlock problem occurring when unregistering ae_algo (bsc#1104353). - net: hns3: Fix for DEFAULT_DV when dev does not support DCB (bsc#1104353). - net: hns3: Fix for fiber link up problem (bsc#1104353 ). - net: hns3: fix for getting advertised_caps in hns3_get_link_ksettings (bsc#1104353). - net: hns3: fix for getting autoneg in hns3_get_link_ksettings (bsc#1104353). - net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg (bsc#1104353). - net: hns3: fix for getting wrong link mode problem (bsc#1104353 ). - net: hns3: Fix for hclge_reset running repeatly problem (bsc#1104353). - net: hns3: Fix for hns3 module is loaded multiple times problem (bsc#1104353). - net: hns3: Fix for information of phydev lost problem when down/up (bsc#1104353). - net: hns3: fix for ipv6 address loss problem after setting channels (bsc#1104353). - net: hns3: Fix for l4 checksum offload bug (bsc#1104353 ). - net: hns3: fix for loopback failure when vlan filter is enable (bsc#1104353). - net: hns3: Fix for mac pause not disable in pfc mode (bsc#1104353). - net: hns3: Fix for mailbox message truncated problem (bsc#1104353). - net: hns3: fix for netdev not running problem after calling net_stop and net_open (bsc#1104353). - net: hns3: Fix for netdev not running problem after calling net_stop and net_open (bsc#1104353). - net: hns3: fix for not initializing VF rss_hash_key problem (bsc#1104353). - net: hns3: fix for not returning problem in get_link_ksettings when phy exists (bsc#1104353). - net: hns3: fix for not setting pause parameters (bsc#1104353 ). - net: hns3: Fix for not setting rx private buffer size to zero (bsc#1104353). - net: hns3: Fix for packet loss due wrong filter config in VLAN tbls (bsc#1104353). - net: hns3: fix for pause configuration lost during reset (bsc#1104353). - net: hns3: Fix for PF mailbox receving unknown message (bsc#1104353). - net: hns3: fix for phy_addr error in hclge_mac_mdio_config (bsc#1104353). - net: hns3: Fix for phy link issue when using marvell phy driver (bsc#1104353). - net: hns3: Fix for phy not link up problem after resetting (bsc#1104353). - net: hns3: Fix for pri to tc mapping in TM (bsc#1104353 ). - net: hns3: Fix for reset_level default assignment probelm (bsc#1104353). - net: hns3: fix for returning wrong value problem in hns3_get_rss_indir_size (bsc#1104353). - net: hns3: fix for returning wrong value problem in hns3_get_rss_key_size (bsc#1104353). - net: hns3: fix for RSS configuration loss problem during reset (bsc#1104353). - net: hns3: Fix for rx priv buf allocation when DCB is not supported (bsc#1104353). - net: hns3: Fix for rx_priv_buf_alloc not setting rx shared buffer (bsc#1104353). - net: hns3: Fix for service_task not running problem after resetting (bsc#1104353). - net: hns3: Fix for setting mac address when resetting (bsc#1104353). - net: hns3: fix for setting MTU (bsc#1104353). - net: hns3: Fix for setting rss_size incorrectly (bsc#1104353 ). - net: hns3: Fix for the null pointer problem occurring when initializing ae_dev failed (bsc#1104353). - net: hns3: fix for the wrong shift problem in hns3_set_txbd_baseinfo (bsc#1104353). - net: hns3: fix for updating fc_mode_last_time (bsc#1104353 ). - net: hns3: fix for use-after-free when setting ring parameter (bsc#1104353). - net: hns3: Fix for using wrong mask and shift in hclge_get_ring_chain_from_mbx (bsc#1104353). - net: hns3: Fix for VF mailbox cannot receiving PF response (bsc#1104353). - net: hns3: Fix for VF mailbox receiving unknown message (bsc#1104353). - net: hns3: fix for vlan table lost problem when resetting (bsc#1104353). - net: hns3: Fix for vxlan tx checksum bug (bsc#1104353 ). - net: hns3: Fix get_vector ops in hclgevf_main module (bsc#1104353). - net: hns3: Fix initialization when cmd is not supported (bsc#1104353). - net: hns3: fix length overflow when CONFIG_ARM64_64K_PAGES (bsc#1104353). - net: hns3: Fix MSIX allocation issue for VF (bsc#1104353 ). - net: hns3: fix null pointer dereference before null check (bsc#1104353). - net: hns3: Fix return value error in hns3_reset_notify_down_enet (bsc#1104353). - net: hns3: fix return value error of hclge_get_mac_vlan_cmd_status() (bsc#1104353). - net: hns3: fix return value error while hclge_cmd_csq_clean failed (bsc#1104353). - net: hns3: fix rx path skb->truesize reporting bug (bsc#1104353 ). - net: hns3: Fix setting mac address error (bsc#1104353 ). - net: hns3: Fix spelling errors (bsc#1104353). - net: hns3: fix spelling mistake: "capabilty" -> "capability" (bsc#1104353). - net: hns3: fix the bug of hns3_set_txbd_baseinfo (bsc#1104353 ). - net: hns3: fix the bug when map buffer fail (bsc#1104353 ). - net: hns3: fix the bug when reuse command description in hclge_add_mac_vlan_tbl (bsc#1104353). - net: hns3: Fix the missing client list node initialization (bsc#1104353). - net: hns3: fix the ops check in hns3_get_rxnfc (bsc#1104353 ). - net: hns3: fix the queue id for tqp enable&&reset (bsc#1104353 ). - net: hns3: fix the ring count for ETHTOOL_GRXRINGS (bsc#1104353 ). - net: hns3: fix the TX/RX ring.queue_index in hns3_ring_get_cfg (bsc#1104353). - net: hns3: fix the VF queue reset flow error (bsc#1104353 ). - net: hns3: fix to correctly fetch l4 protocol outer header (bsc#1104353). - net: hns3: Fix to support autoneg only for port attached with phy (bsc#1104353). - net: hns3: Fix typo error for feild in hclge_tm (bsc#1104353 ). - net: hns3: Fix warning bug when doing lp selftest (bsc#1104353 ). - net: hns3: free the ring_data structrue when change tqps (bsc#1104353). - net: hns3: get rss_size_max from configuration but not hardcode (bsc#1104353). - net: hns3: get vf count by pci_sriov_get_totalvfs (bsc#1104353 ). - net: hns3: hclge_inform_reset_assert_to_vf() can be static (bsc#1104353). - net: hns3: hns3:fix a bug about statistic counter in reset process (bsc#1104353). - net: hns3: hns3_get_channels() can be static (bsc#1104353 ). - net: hns3: Increase the default depth of bucket for TM shaper (bsc#1104353). - net: hns3: increase the max time for IMP handle command (bsc#1104353). - net: hns3: make local functions static (bsc#1104353 ). - net: hns3: Mask the packet statistics query when NIC is down (bsc#1104353). - net: hns3: modify hnae_ to hnae3_ (bsc#1104353). - net: hns3: Modify the update period of packet statistics (bsc#1104353). - net: hns3: never send command queue message to IMP when reset (bsc#1104353). - net: hns3: Optimize PF CMDQ interrupt switching process (bsc#1104353). - net: hns3: Optimize the PF's process of updating multicast MAC (bsc#1104353). - net: hns3: Optimize the VF's process of updating multicast MAC (bsc#1104353). - net: hns3: Prevent sending command during global or core reset (bsc#1104353). - net: hns3: reallocate tx/rx buffer after changing mtu (bsc#1104353). - net: hns3: refactor GL update function (bsc#1104353 ). - net: hns3: refactor interrupt coalescing init function (bsc#1104353). - net: hns3: Refactor mac_init function (bsc#1104353). - net: hns3: Refactor of the reset interrupt handling logic (bsc#1104353). - net: hns3: Refactors the requested reset & pending reset handling code (bsc#1104353). - net: hns3: refactor the coalesce related struct (bsc#1104353 ). - net: hns3: refactor the get/put_vector function (bsc#1104353 ). - net: hns3: refactor the hclge_get/set_rss function (bsc#1104353 ). - net: hns3: refactor the hclge_get/set_rss_tuple function (bsc#1104353). - net: hns3: Refactor the initialization of command queue (bsc#1104353). - net: hns3: refactor the loopback related function (bsc#1104353 ). - net: hns3: Refactor the mapping of tqp to vport (bsc#1104353 ). - net: hns3: Refactor the skb receiving and transmitting function (bsc#1104353). - net: hns3: remove a couple of redundant assignments (bsc#1104353 ). - net: hns3: remove add/del_tunnel_udp in hns3_enet module (bsc#1104353). - net: hns3: Remove a useless member of struct hns3_stats (bsc#1104353). - net: hns3: Remove error log when getting pfc stats fails (bsc#1104353). - net: hns3: Remove packet statistics in the range of 8192~12287 (bsc#1104353). - net: hns3: remove redundant memset when alloc buffer (bsc#1104353). - net: hns3: remove redundant semicolon (bsc#1104353). - net: hns3: Remove repeat statistic of rx_errors (bsc#1104353 ). - net: hns3: remove some redundant assignments (bsc#1104353 ). - net: hns3: Removes unnecessary check when clearing TX/RX rings (bsc#1104353). - net: hns3: remove TSO config command from VF driver (bsc#1104353 ). - net: hns3: remove unnecessary pci_set_drvdata() and devm_kfree() (bsc#1104353). - net: hns3: remove unnecessary ring configuration operation while resetting (bsc#1104353). - net: hns3: remove unused GL setup function (bsc#1104353 ). - net: hns3: remove unused hclgevf_cfg_func_mta_filter (bsc#1104353). - net: hns3: Remove unused led control code (bsc#1104353 ). - net: hns3: report the function type the same line with hns3_nic_get_stats64 (bsc#1104353). - net: hns3: set the cmdq out_vld bit to 0 after used (bsc#1104353 ). - net: hns3: set the max ring num when alloc netdev (bsc#1104353 ). - net: hns3: Setting for fc_mode and dcb enable flag in TM module (bsc#1104353). - net: hns3: simplify hclge_cmd_csq_clean (bsc#1104353 ). - net: hns3: Standardize the handle of return value (bsc#1104353 ). - net: hns3: Support for dynamically assigning tx buffer to TC (bsc#1104353). - net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC (bsc#1104353). - net: hns3: unify the pause params setup function (bsc#1104353 ). - net: hns3: Unify the strings display of packet statistics (bsc#1104353). - net: hns3: Updates MSI/MSI-X alloc/free APIs(depricated) to new APIs (bsc#1104353). - net: hns3: Updates RX packet info fetch in case of multi BD (bsc#1104353). - net: hns3: Use enums instead of magic number in hclge_is_special_opcode (bsc#1104353). - net: hns3: VF should get the real rss_size instead of rss_size_max (bsc#1104353). - net/ipv4: Set oif in fib_compute_spec_dst (netfilter-stable-18_07_23). - net: lan78xx: Fix race in tx pending skb size calculation (bsc#1100132). - net: lan78xx: fix rx handling before first packet is send (bsc#1100132). - net/mlx5e: Avoid dealing with vport representors if not being e-switch manager (networking-stable-18_07_19). - net/mlx5: E-Switch, Avoid setup attempt if not being e-switch manager (networking-stable-18_07_19). - net: mvneta: fix the Rx desc DMA address in the Rx path (networking-stable-18_07_19). - net/packet: fix use-after-free (networking-stable-18_07_19). - net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv (netfilter-stable-18_07_27). - net: phy: fix flag masking in __set_phy_supported (netfilter-stable-18_07_23). - net: qmi_wwan: add BroadMobi BM806U 2020:2033 (bsc#1087092). - net: qmi_wwan: Add Netgear Aircard 779S (bsc#1090888). - net_sched: blackhole: tell upper qdisc about dropped packets (networking-stable-18_07_19). - net: skb_segment() should not return NULL (netfilter-stable-18_07_27). - net: sungem: fix rx checksum support (networking-stable-18_07_19). - net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite (netfilter-stable-18_07_23). - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 (bsc#1087092). - net: usb: asix: replace mii_nway_restart in resume path (bsc#1100132). - partitions/aix: append null character to print data from disk (bsc#1051510). - partitions/aix: fix usage of uninitialized lv_info and lvname structures (bsc#1051510). - PCI: Add pci_resize_resource() for resizing BARs (bsc#1105355). - PCI: Add PCI resource type mask #define (bsc#1105355). - PCI: Add resizable BAR infrastructure (bsc#1105355). - PCI: Allow release of resources that were never assigned (bsc#1105355). - PCI: Cleanup PCI_REBAR_CTRL_BAR_SHIFT handling (bsc#1105355). - PCI: pciehp: Fix unprotected list iteration in IRQ handler (bsc#1051510). - PCI: Restore resized BAR state on resume (bsc#1105355). - PCI: Skip MPS logic for Virtual Functions (VFs) (bsc#1051510). - pinctrl: cannonlake: Fix community ordering for H variant (bsc#1051510). - pinctrl: core: Return selector to the pinctrl driver (bsc#1051510). - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() (bsc#1051510). - pinctrl: imx: off by one in imx_pinconf_group_dbg_show() (bsc#1051510). - pinctrl: pinmux: Return selector to the pinctrl driver (bsc#1051510). - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant (bsc#1051510). - pinctrl: single: Fix group and function selector use (bsc#1051510). - platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1051510). - PM / devfreq: rk3399_dmc: Fix duplicated opp table on reload (bsc#1051510). - PM / sleep: wakeup: Fix build error caused by missing SRCU support (bsc#1051510). - power: gemini-poweroff: Avoid more spurious poweroffs (bsc#1051510). - power: generic-adc-battery: check for duplicate properties copied from iio channels (bsc#1051510). - power: generic-adc-battery: fix out-of-bounds write when copying channel properties (bsc#1051510). - powerpc/64: Add GENERIC_CPU support for little endian (). - powerpc/fadump: handle crash memory ranges array index overflow (bsc#1103269). - powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements (bsc#1103269). - powerpc/pkeys: Deny read/write/execute by default (bsc#1097577). - powerpc/pkeys: Fix calculation of total pkeys (bsc#1097577). - powerpc/pkeys: Give all threads control of their key permissions (bsc#1097577). - powerpc/pkeys: key allocation/deallocation must not change pkey registers (bsc#1097577). - powerpc/pkeys: make protection key 0 less special (bsc#1097577). - powerpc/pkeys: Preallocate execute-only key (bsc#1097577). - powerpc/pkeys: Save the pkey registers before fork (bsc#1097577). - powerpc/topology: Get topology for shared processors at boot (bsc#1104683). - Refresh patches.arch/mobility-numa-Ensure-numa-update-does-not-overlap.patch. - power: remove possible deadlock when unregistering power_supply (bsc#1051510). - power: supply: axp288_charger: Fix initial constant_charge_current value (bsc#1051510). - power: supply: max77693_charger: fix unintentional fall-through (bsc#1051510). - power: vexpress: fix corruption in notifier registration (bsc#1051510). - ppp: Destroy the mutex when cleanup (bsc#1051510). - ppp: fix __percpu annotation (bsc#1051510). - ptp: fix missing break in switch (bsc#1105355). - ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE (bsc#1105355). - ptr_ring: fix up after recent ptr_ring changes (bsc#1105355). - ptr_ring: prevent integer overflow when calculating size (bsc#1105355). - qedf: Add get_generic_tlv_data handler (bsc#1086317). - qedf: Add support for populating ethernet TLVs (bsc#1086317). - qedi: Add get_generic_tlv_data handler (bsc#1086315). - qedi: Add support for populating ethernet TLVs (bsc#1086315). - random: add new ioctl RNDRESEEDCRNG (bsc#1051510). - random: fix possible sleeping allocation from irq context (bsc#1051510). - random: mix rdrand with entropy sent in from userspace (bsc#1051510). - random: set up the NUMA crng instances after the CRNG is fully initialized (bsc#1051510). - rdma/hns: Add 64KB page size support for hip08 (bsc#1104427 ). - rdma/hns: Add command queue support for hip08 RoCE driver (bsc#1104427). - rdma/hns: Add CQ operations support for hip08 RoCE driver (bsc#1104427). - rdma/hns: Add detailed comments for mb() call (bsc#1104427 ). - rdma/hns: Add eq support of hip08 (bsc#1104427). - rdma/hns: Add gsi qp support for modifying qp in hip08 (bsc#1104427). - rdma/hns: Add mailbox's implementation for hip08 RoCE driver (bsc#1104427). - rdma/hns: Add modify CQ support for hip08 (bsc#1104427 ). - rdma/hns: Add names to function arguments in function pointers (bsc#1104427). - rdma/hns: Add profile support for hip08 driver (bsc#1104427 ). - rdma/hns: Add QP operations support for hip08 SoC (bsc#1104427 ). - rdma/hns: Add releasing resource operation in error branch (bsc#1104427). - rdma/hns: Add rereg mr support for hip08 (bsc#1104427 ). - rdma/hns: Add reset process for RoCE in hip08 (bsc#1104427 ). - rdma/hns: Add return operation when configured global param fail (bsc#1104427). - rdma/hns: Add rq inline data support for hip08 RoCE (bsc#1104427 ). - rdma/hns: Add rq inline flags judgement (bsc#1104427 ). - rdma/hns: Add sq_invld_flg field in QP context (bsc#1104427 ). - rdma/hns: Add support for processing send wr and receive wr (bsc#1104427). - rdma/hns: Add the interfaces to support multi hop addressing for the contexts in hip08 (bsc#1104427). - rdma/hns: Adjust the order of cleanup hem table (bsc#1104427 ). - rdma/hns: Assign dest_qp when deregistering mr (bsc#1104427 ). - rdma/hns: Assign the correct value for tx_cqn (bsc#1104427 ). - rdma/hns: Assign zero for pkey_index of wc in hip08 (bsc#1104427 ). - rdma/hns: Avoid NULL pointer exception (bsc#1104427 ). - rdma/hns: Bugfix for cq record db for kernel (bsc#1104427 ). - rdma/hns: Bugfix for init hem table (bsc#1104427). - rdma/hns: Bugfix for rq record db for kernel (bsc#1104427 ). - rdma/hns: Check return value of kzalloc (bsc#1104427 ). - rdma/hns: Configure BT BA and BT attribute for the contexts in hip08 (bsc#1104427). - rdma/hns: Configure fence attribute in hip08 RoCE (bsc#1104427 ). - rdma/hns: Configure mac&gid and user access region for hip08 RoCE driver (bsc#1104427). - rdma/hns: Configure sgid type for hip08 RoCE (bsc#1104427 ). - rdma/hns: Configure the MTPT in hip08 (bsc#1104427). - rdma/hns: Configure TRRL field in hip08 RoCE device (bsc#1104427 ). - rdma/hns: Create gsi qp in hip08 (bsc#1104427). - rdma/hns: Delete the unnecessary initializing enum to zero (bsc#1104427). - rdma/hns: Do not unregister a callback we didn't register (bsc#1104427). - rdma/hns: Drop local zgid in favor of core defined variable (bsc#1104427). - rdma/hns: Enable inner_pa_vld filed of mpt (bsc#1104427 ). - rdma/hns: Enable the cqe field of sqwqe of RC (bsc#1104427 ). - rdma/hns: ensure for-loop actually iterates and free's buffers (bsc#1104427). - rdma/hns: Fill sq wqe context of ud type in hip08 (bsc#1104427 ). - rdma/hns: Filter for zero length of sge in hip08 kernel mode (bsc#1104427). - rdma/hns: Fix a bug with modifying mac address (bsc#1104427 ). - rdma/hns: Fix a couple misspellings (bsc#1104427). - rdma/hns: Fix calltrace for sleeping in atomic (bsc#1104427 ). - rdma/hns: Fix cqn type and init resp (bsc#1104427). - rdma/hns: Fix cq record doorbell enable in kernel (bsc#1104427 ). - rdma/hns: Fix endian problems around imm_data and rkey (bsc#1104427). - rdma/hns: Fix inconsistent warning (bsc#1104427). - rdma/hns: Fix init resp when alloc ucontext (bsc#1104427 ). - rdma/hns: Fix misplaced call to hns_roce_cleanup_hem_table (bsc#1104427). - rdma/hns: Fix QP state judgement before receiving work requests (bsc#1104427). - rdma/hns: Fix QP state judgement before sending work requests (bsc#1104427). - rdma/hns: fix spelling mistake: "Reseved" -> "Reserved" (bsc#1104427). - rdma/hns: Fix the bug with NULL pointer (bsc#1104427 ). - rdma/hns: Fix the bug with rq sge (bsc#1104427). - rdma/hns: Fix the endian problem for hns (bsc#1104427 ). - rdma/hns: Fix the illegal memory operation when cross page (bsc#1104427). - rdma/hns: Fix the issue of IOVA not page continuous in hip08 (bsc#1104427). - rdma/hns: Fix the qp context state diagram (bsc#1104427 ). - rdma/hns: Generate gid type of RoCEv2 (bsc#1104427). - rdma/hns: Get rid of page operation after dma_alloc_coherent (bsc#1104427). - rdma/hns: Get rid of virt_to_page and vmap calls after dma_alloc_coherent (bsc#1104427). - rdma/hns: Implement the disassociate_ucontext API (bsc#1104427 ). - rdma/hns: Increase checking CMQ status timeout value (bsc#1104427). - rdma/hns: Initialize the PCI device for hip08 RoCE (bsc#1104427 ). - rdma/hns: Intercept illegal RDMA operation when use inline data (bsc#1104427). - rdma/hns: Load the RoCE dirver automatically (bsc#1104427 ). - rdma/hns: make various function static, fixes warnings (bsc#1104427). - rdma/hns: Modify assignment device variable to support both PCI device and platform device (bsc#1104427). - rdma/hns: Modify the usage of cmd_sn in hip08 (bsc#1104427 ). - rdma/hns: Modify the value with rd&dest_rd of qp_attr (bsc#1104427). - rdma/hns: Modify uar allocation algorithm to avoid bitmap exhaust (bsc#1104427). - rdma/hns: Move priv in order to add multiple hns_roce support (bsc#1104427). - rdma/hns: Move the location for initializing tmp_len (bsc#1104427). - rdma/hns: Not support qp transition from reset to reset for hip06 (bsc#1104427). - rdma/hns: Only assign dest_qp if ib_QP_DEST_QPN bit is set (bsc#1104427). - rdma/hns: Only assign dqpn if ib_QP_PATH_DEST_QPN bit is set (bsc#1104427). - rdma/hns: Only assign mtu if ib_QP_PATH_MTU bit is set (bsc#1104427). - rdma/hns: Refactor code for readability (bsc#1104427 ). - rdma/hns: Refactor eq code for hip06 (bsc#1104427). - rdma/hns: remove redundant assignment to variable j (bsc#1104427 ). - rdma/hns: Remove some unnecessary attr_mask judgement (bsc#1104427). - rdma/hns: Remove unnecessary operator (bsc#1104427). - rdma/hns: Remove unnecessary platform_get_resource() error check (bsc#1104427). - rdma/hns: Rename the idx field of db (bsc#1104427). - rdma/hns: Replace condition statement using hardware version information (bsc#1104427). - rdma/hns: Replace __raw_write*(cpu_to_le*()) with LE write*() (bsc#1104427). - rdma/hns: return 0 rather than return a garbage status value (bsc#1104427). - rdma/hns_roce: Do not check return value of zap_vma_ptes() (bsc#1104427). - rdma/hns: Set access flags of hip08 RoCE (bsc#1104427 ). - rdma/hns: Set desc_dma_addr for zero when free cmq desc (bsc#1104427). - rdma/hns: Set NULL for __internal_mr (bsc#1104427). - rdma/hns: Set rdma_ah_attr type for querying qp (bsc#1104427 ). - rdma/hns: Set se attribute of sqwqe in hip08 (bsc#1104427 ). - rdma/hns: Set sq_cur_sge_blk_addr field in QPC in hip08 (bsc#1104427). - rdma/hns: Set the guid for hip08 RoCE device (bsc#1104427 ). - rdma/hns: Set the owner field of SQWQE in hip08 RoCE (bsc#1104427). - rdma/hns: Split CQE from MTT in hip08 (bsc#1104427). - rdma/hns: Split hw v1 driver from hns roce driver (bsc#1104427 ). - rdma/hns: Submit bad wr (bsc#1104427). - rdma/hns: Support cq record doorbell for kernel space (bsc#1104427). - rdma/hns: Support cq record doorbell for the user space (bsc#1104427). - rdma/hns: Support multi hop addressing for PBL in hip08 (bsc#1104427). - rdma/hns: Support rq record doorbell for kernel space (bsc#1104427). - rdma/hns: Support rq record doorbell for the user space (bsc#1104427). - rdma/hns: Support WQE/CQE/PBL page size configurable feature in hip08 (bsc#1104427). - rdma/hns: Unify the calculation for hem index in hip08 (bsc#1104427). - rdma/hns: Update assignment method for owner field of send wqe (bsc#1104427). - rdma/hns: Update calculation of irrl_ba field for hip08 (bsc#1104427). - rdma/hns: Update convert function of endian format (bsc#1104427 ). - rdma/hns: Update the interfaces for MTT/CQE multi hop addressing in hip08 (bsc#1104427). - rdma/hns: Update the IRRL table chunk size in hip08 (bsc#1104427 ). - rdma/hns: Update the PD&CQE&MTT specification in hip08 (bsc#1104427). - rdma/hns: Update the usage of ack timeout in hip08 (bsc#1104427 ). - rdma/hns: Update the usage of sr_max and rr_max field (bsc#1104427). - rdma/hns: Update the verbs of polling for completion (bsc#1104427). - rdma/hns: Use free_pages function instead of free_page (bsc#1104427). - rdma/hns: Use structs to describe the uABI instead of opencoding (bsc#1104427). - rdma/uverbs: Expand primary and alt AV port checks (bsc#1046306 ). - readahead: stricter check for bdi io_pages (VM Functionality, git fixes). - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() (bsc#1051510). - rtc: ensure rtc_set_alarm fails when alarms are not supported (bsc#1051510). - rtnetlink: add rtnl_link_state check in rtnl_configure_link (netfilter-stable-18_07_27). - s390/dasd: configurable IFCC handling (bsc#1097808). - s390: Prevent hotplug rwsem recursion (bsc#1105731). - s390/qeth: consistently re-enable device features (bsc#1104482, LTC#170340). - s390/qeth: do not clobber buffer on async TX completion (bsc#1104482, LTC#170340). - s390/qeth: rely on kernel for feature recovery (bsc#1104482, LTC#170340). - sched/debug: Reverse the order of printing faults (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Evaluate move once per node (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Modify migrate_swap() to accept additional parameters (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Move task_numa_placement() closer to numa_migrate_preferred() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove redundant field (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove redundant field -kabi (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove unused task_capacity from 'struct numa_stats' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Set preferred_node based on best_cpu (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Simplify load_too_imbalanced() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Skip nodes that are at 'hoplimit' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Update the scan period without holding the numa_group lock (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Use group_weights to identify if migration degrades locality (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Use task faults only if numa_group is not yet set up (bnc#1101669 optimise numa balancing for fast migrate). - scripts/git_sort/git_sort.py: add libnvdimm-for-next branch - scsi: cxlflash: Abstract hardware dependent assignments (). - scsi: cxlflash: Acquire semaphore before invoking ioctl services (). - scsi: cxlflash: Adapter context init can return error (). - scsi: cxlflash: Adapter context support for OCXL (). - scsi: cxlflash: Add argument identifier names (). - scsi: cxlflash: Add include guards to backend.h (). - scsi: cxlflash: Avoid clobbering context control register value (). - scsi: cxlflash: Enable OCXL operations (). - scsi: cxlflash: Explicitly cache number of interrupts per context (). - scsi: cxlflash: Handle spurious interrupts (). - scsi: cxlflash: Hardware AFU for OCXL (). - scsi: cxlflash: Introduce object handle fop (). - scsi: cxlflash: Introduce OCXL backend (). - scsi: cxlflash: Introduce OCXL context state machine (). - scsi: cxlflash: Isolate external module dependencies (). - scsi: cxlflash: Limit the debug logs in the IO path (). - scsi: cxlflash: MMIO map the AFU (). - scsi: cxlflash: Preserve number of interrupts for master contexts (). - scsi: cxlflash: Read host AFU configuration (). - scsi: cxlflash: Read host function configuration (). - scsi: cxlflash: Register for translation errors (). - scsi: cxlflash: Remove commmands from pending list on timeout (). - scsi: cxlflash: Remove embedded CXL work structures (). - scsi: cxlflash: Setup AFU acTag range (). - scsi: cxlflash: Setup AFU PASID (). - scsi: cxlflash: Setup function acTag range (). - scsi: cxlflash: Setup function OCXL link (). - scsi: cxlflash: Setup LISNs for master contexts (). - scsi: cxlflash: Setup LISNs for user contexts (). - scsi: cxlflash: Setup OCXL transaction layer (). - scsi: cxlflash: Staging to support future accelerators (). - scsi: cxlflash: Support adapter context discovery (). - scsi: cxlflash: Support adapter context mmap and release (). - scsi: cxlflash: Support adapter context polling (). - scsi: cxlflash: Support adapter context reading (). - scsi: cxlflash: Support adapter file descriptors for OCXL (). - scsi: cxlflash: Support AFU interrupt management (). - scsi: cxlflash: Support AFU interrupt mapping and registration (). - scsi: cxlflash: Support AFU reset (). - scsi: cxlflash: Support AFU state toggling (). - scsi: cxlflash: Support file descriptor mapping (). - scsi: cxlflash: Support image reload policy modification (). - scsi: cxlflash: Support process element lifecycle (). - scsi: cxlflash: Support process specific mappings (). - scsi: cxlflash: Support reading adapter VPD data (). - scsi: cxlflash: Support starting an adapter context (). - scsi: cxlflash: Support starting user contexts (). - scsi: cxlflash: Synchronize reset and remove ops (). - scsi: cxlflash: Use IDR to manage adapter contexts (). - scsi: cxlflash: Use local mutex for AFU serialization (). - scsi: cxlflash: Yield to active send threads (). - scsi: mpt3sas: Add an I/O barrier (bsc#1086906,). - scsi: mpt3sas: Added support for SAS Device Discovery Error Event (bsc#1086906,). - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1086906,). - scsi: mpt3sas: Allow processing of events during driver unload (bsc#1086906,). - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (bsc#1086906,). - scsi: mpt3sas: Bug fix for big endian systems (bsc#1086906,). - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1086906,). - scsi: mpt3sas: clarify mmio pointer types (bsc#1086906,). - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize (bsc#1086906,). - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing Async Broadcast primitive event (bsc#1086906,). - scsi: mpt3sas: Do not access the structure after decrementing it's instance reference count (bsc#1086906,). - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1086906,). - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1086906,). - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal commands during controller reset (bsc#1086906,). - scsi: mpt3sas: fix possible memory leak (bsc#1086906,). - scsi: mpt3sas: fix spelling mistake: "disbale" -> "disable" (bsc#1086906,). - scsi: mpt3sas: For NVME device, issue a protocol level reset (bsc#1086906,). - scsi: mpt3sas: Incorrect command status was set/marked as not used (bsc#1086906,). - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's (bsc#1086906,). - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address (bsc#1086906,). - scsi: mpt3sas: Introduce Base function for cloning (bsc#1086906,). - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1086906,). - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1086906,). - scsi: mpt3sas: Lockless access for chain buffers (bsc#1086906,). - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1086906,). - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1086906,). - scsi: mpt3sas: Replace PCI pool old API (bsc#1081917). - Refresh patches.drivers/scsi-mpt3sas-SGL-to-PRP-Translation-for-I-Os-to-NVMe.patch. - scsi: mpt3sas: Report Firmware Package Version from HBA Driver (bsc#1086906,). - scsi: mpt3sas: Update driver version "25.100.00.00" (bsc#1086906,). - scsi: mpt3sas: Update driver version "26.100.00.00" (bsc#1086906,). - scsi: mpt3sas: Update MPI Headers (bsc#1086906,). - scsi: qedf: Add additional checks when restarting an rport due to ABTS timeout (bsc#1086317). - scsi: qedf: Add check for offload before flushing I/Os for target (bsc#1086317). - scsi: qedf: Add dcbx_not_wait module parameter so we won't wait for DCBX convergence to start discovery (bsc#1086317). - scsi: qedf: Add missing skb frees in error path (bsc#1086317). - scsi: qedf: Add more defensive checks for concurrent error conditions (bsc#1086317). - scsi: qedf: Add task id to kref_get_unless_zero() debug messages when flushing requests (bsc#1086317). - scsi: qedf: Check if link is already up when receiving a link up event from qed (bsc#1086317). - scsi: qedf: fix LTO-enabled build (bsc#1086317). - scsi: qedf: Fix VLAN display when printing sent FIP frames (bsc#1086317). - scsi: qedf: Honor default_prio module parameter even if DCBX does not converge (bsc#1086317). - scsi: qedf: Honor priority from DCBX FCoE App tag (bsc#1086317). - scsi: qedf: If qed fails to enable MSI-X fail PCI probe (bsc#1086317). - scsi: qedf: Improve firmware debug dump handling (bsc#1086317). - scsi: qedf: Increase the number of default FIP VLAN request retries to 60 (bsc#1086317). - scsi: qedf: Release RRQ reference correctly when RRQ command times out (bsc#1086317). - scsi: qedf: remove redundant initialization of 'fcport' (bsc#1086317). - scsi: qedf: Remove setting DCBX pending during soft context reset (bsc#1086317). - scsi: qedf: Return request as DID_NO_CONNECT if MSI-X is not enabled (bsc#1086317). - scsi: qedf: Sanity check FCoE/FIP priority value to make sure it's between 0 and 7 (bsc#1086317). - scsi: qedf: Send the driver state to MFW (bsc#1086317). - scsi: qedf: Set the UNLOADING flag when removing a vport (bsc#1086317). - scsi: qedf: Synchronize rport restarts when multiple ELS commands time out (bsc#1086317). - scsi: qedf: Update copyright for 2018 (bsc#1086317). - scsi: qedf: Update version number to 8.33.16.20 (bsc#1086317). - scsi: qedf: use correct strncpy() size (bsc#1086317). - scsi: qedi: fix building with LTO (bsc#1086315). - scsi: qedi: fix build regression (bsc#1086315). - scsi: qedi: Fix kernel crash during port toggle (bsc#1086315). - scsi: qedi: Send driver state to MFW (bsc#1086315). - scsi: qla2xxx: Add longer window for chip reset (bsc#1086327,). - scsi: qla2xxx: Cleanup for N2N code (bsc#1086327,). - scsi: qla2xxx: correctly shift host byte (bsc#1086327,). - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1086327,). - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1086327,). - scsi: qla2xxx: Fix Inquiry command being dropped in Target mode (bsc#1086327,). - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1086327,). - scsi: qla2xxx: Fix issue reported by static checker for qla2x00_els_dcmd2_sp_done() (bsc#1086327,). - scsi: qla2xxx: Fix login retry count (bsc#1086327,). - scsi: qla2xxx: Fix Management Server NPort handle reservation logic (bsc#1086327,). - scsi: qla2xxx: Fix N2N link re-connect (bsc#1086327,). - scsi: qla2xxx: Fix race between switch cmd completion and timeout (bsc#1086327,). - scsi: qla2xxx: Fix race condition between iocb timeout and initialisation (bsc#1086327,). - scsi: qla2xxx: Fix redundant fc_rport registration (bsc#1086327,). - scsi: qla2xxx: Fix Rport and session state getting out of sync (bsc#1086327,). - scsi: qla2xxx: Fix sending ADISC command for login (bsc#1086327,). - scsi: qla2xxx: Fix session state stuck in Get Port DB (bsc#1086327,). - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails (bsc#1086327,). - scsi: qla2xxx: Fix stalled relogin (bsc#1086327,). - scsi: qla2xxx: Fix TMF and Multi-Queue config (bsc#1086327,). - scsi: qla2xxx: Fix unintended Logout (bsc#1086327,). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1086327,). - scsi: qla2xxx: Migrate NVME N2N handling into state machine (bsc#1086327,). - scsi: qla2xxx: Move GPSC and GFPNID out of session management (bsc#1086327,). - scsi: qla2xxx: Prevent relogin loop by removing stale code (bsc#1086327,). - scsi: qla2xxx: Prevent sysfs access when chip is down (bsc#1086327,). - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (bsc#1086327,). - scsi: qla2xxx: remove irq save in qla2x00_poll() (bsc#1086327,). - scsi: qla2xxx: Remove stale debug value for login_retry flag (bsc#1086327,). - scsi: qla2xxx: Save frame payload size from ICB (bsc#1086327,). - scsi: qla2xxx: Silent erroneous message (bsc#1086327,). - scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1086327,). - scsi: qla2xxx: Update driver version to 10.00.00.07-k (bsc#1086327,). - scsi: qla2xxx: Update driver version to 10.00.00.08-k (bsc#1086327,). - scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function (bsc#1086327,). - scsi: qla4xxx: Move an array from a .h into a .c file (bsc#1086331). - scsi: qla4xxx: Remove unused symbols (bsc#1086331). - scsi: qla4xxx: skip error recovery in case of register disconnect (bsc#1086331). - scsi: qla4xxx: Use dma_pool_zalloc() (bsc#1086331). - scsi: qla4xxx: Use zeroing allocator rather than allocator/memset (bsc#1086331). - security: check for kstrdup() failure in lsm_append() (bsc#1051510). - selftests/powerpc: Fix core-pkey for default execute permission change (bsc#1097577). - selftests/powerpc: Fix ptrace-pkey for default execute permission change (bsc#1097577). - serial: 8250: Do not service RX FIFO if interrupts are disabled (bsc#1051510). - serial: 8250_dw: Add ACPI support for uart on Broadcom SoC (bsc#1051510). - serial: 8250_dw: always set baud rate in dw8250_set_termios (bsc#1051510). - serial: core: mark port as initialized after successful IRQ change (bsc#1051510). - serial: pxa: Fix an error handling path in 'serial_pxa_probe()' (bsc#1051510). - serial: sh-sci: Stop RX FIFO timer during port shutdown (bsc#1051510). - serial: xuartps: fix typo in cdns_uart_startup (bsc#1051510). - spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe (bsc#1051510). - staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout (bsc#1051510). - staging: bcm2835-camera: handle wait_for_completion_timeout return properly (bsc#1051510). - staging: rts5208: fix missing error check on call to rtsx_write_register (bsc#1051510). - stmmac: fix DMA channel hang in half-duplex mode (networking-stable-18_07_19). - strparser: Remove early eaten to fix full tcp receive buffer stall (networking-stable-18_07_19). - supported.conf - supported.conf: added hns3 modules - supported.conf: added hns-roce-hw-v1 and hns-roce-hw-v2 - supported.conf: Enable HiSi v3 SAS adapter () - TCM_RBD depends on BLK_DEV_RBD (). - tcp: do not cancel delay-AcK on DCTCP special ACK (netfilter-stable-18_07_27). - tcp: do not delay ACK in DCTCP upon CE status change (netfilter-stable-18_07_27). - tcp: fix dctcp delayed ACK schedule (netfilter-stable-18_07_27). - tcp: fix Fast Open key endianness (networking-stable-18_07_19). - tcp: helpers to send special DCTCP ack (netfilter-stable-18_07_27). - tcp: prevent bogus FRTO undos with non-SACK flows (networking-stable-18_07_19). - tg3: Add higher cpu clock for 5762 (netfilter-stable-18_07_23). - tty: fix termios input-speed encoding (bsc#1051510). - tty: fix termios input-speed encoding when using BOTHER (bsc#1051510). - tty: serial: 8250: Revert NXP SC16C2552 workaround (bsc#1051510). - typec: tcpm: fusb302: Resolve out of order messaging events (bsc#1087092). - uio: potential double frees if __uio_register_device() fails (bsc#1051510). - uprobes: Use synchronize_rcu() not synchronize_sched() (bsc#1051510). - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() (bsc#1051510). - usb: cdc-wdm: do not enable interrupts in USB-giveback (bsc#1051510). - usb: dwc3: change stream event enable bit back to 13 (bsc#1051510). - usb: option: add support for DW5821e (bsc#1051510). - usb: serial: kobil_sct: fix modem-status error handling (bsc#1051510). - usb: serial: pl2303: add a new device id for ATEN (bsc#1051510). - usb: serial: sierra: fix potential deadlock at close (bsc#1051510). - vhost_net: validate sock before trying to put its fd (networking-stable-18_07_19). - vmci: type promotion bug in qp_host_get_user_memory() (bsc#1105355). - vmw_balloon: do not use 2MB without batching (bsc#1051510). - vmw_balloon: fix inflation of 64-bit GFNs (bsc#1051510). - vmw_balloon: fix VMCI use when balloon built into kernel (bsc#1051510). - vmw_balloon: remove inflation rate limiting (bsc#1051510). - vmw_balloon: VMCI_DOORBELL_SET does not check status (bsc#1051510). - vsock: fix loopback on big-endian systems (networking-stable-18_07_19). - vxlan: add new fdb alloc and create helpers (netfilter-stable-18_07_27). - vxlan: fix default fdb entry netlink notify ordering during netdev create (netfilter-stable-18_07_27). - vxlan: make netlink notify in vxlan_fdb_destroy optional (netfilter-stable-18_07_27). - wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc (bsc#1051510). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/mm/tlb: Always use lazy TLB mode (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Leave lazy TLB mode at page table free time (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Make lazy TLB mode lazier (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Only send page table free TLB flush to lazy TLB CPUs (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Restructure switch_mm_irqs_off() (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Skip atomic operations for 'init_mm' in switch_mm_irqs_off() (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (bnc#1065600). - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths (bnc#1065600). - x86/xen: init %gs very early to avoid page faults with stack protector (bnc#1104777). - xen-netback: fix input validation in xenvif_set_hash_mapping() (bnc#1103277). - xen/netfront: do not cache skb_shinfo() (bnc#1065600). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xhci: Fix perceived dead host due to runtime suspend race with event handler (bsc#1051510). - zram: fix null dereference of handle (bsc#1105355). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-1776=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-1776=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1776=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1776=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-1776=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.16.1 kernel-default-debugsource-4.12.14-25.16.1 kernel-default-extra-4.12.14-25.16.1 kernel-default-extra-debuginfo-4.12.14-25.16.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.16.1 kernel-default-debugsource-4.12.14-25.16.1 reiserfs-kmp-default-4.12.14-25.16.1 reiserfs-kmp-default-debuginfo-4.12.14-25.16.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.16.1 kernel-obs-build-debugsource-4.12.14-25.16.1 kernel-syms-4.12.14-25.16.1 kernel-vanilla-base-4.12.14-25.16.1 kernel-vanilla-base-debuginfo-4.12.14-25.16.1 kernel-vanilla-debuginfo-4.12.14-25.16.1 kernel-vanilla-debugsource-4.12.14-25.16.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): lttng-modules-2.10.0-5.6.1 lttng-modules-debugsource-2.10.0-5.6.1 lttng-modules-kmp-default-2.10.0_k4.12.14_25.16-5.6.1 lttng-modules-kmp-default-debuginfo-2.10.0_k4.12.14_25.16-5.6.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.16.1 kernel-source-4.12.14-25.16.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.16.1 kernel-default-debuginfo-4.12.14-25.16.1 kernel-default-debugsource-4.12.14-25.16.1 kernel-default-devel-4.12.14-25.16.1 kernel-default-devel-debuginfo-4.12.14-25.16.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.16.1 kernel-macros-4.12.14-25.16.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.16.1 kernel-zfcpdump-4.12.14-25.16.1 kernel-zfcpdump-debuginfo-4.12.14-25.16.1 kernel-zfcpdump-debugsource-4.12.14-25.16.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.16.1 cluster-md-kmp-default-debuginfo-4.12.14-25.16.1 dlm-kmp-default-4.12.14-25.16.1 dlm-kmp-default-debuginfo-4.12.14-25.16.1 gfs2-kmp-default-4.12.14-25.16.1 gfs2-kmp-default-debuginfo-4.12.14-25.16.1 kernel-default-debuginfo-4.12.14-25.16.1 kernel-default-debugsource-4.12.14-25.16.1 ocfs2-kmp-default-4.12.14-25.16.1 ocfs2-kmp-default-debuginfo-4.12.14-25.16.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-15572.html https://www.suse.com/security/cve/CVE-2018-9363.html https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1046307 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1081917 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1086288 https://bugzilla.suse.com/1086315 https://bugzilla.suse.com/1086317 https://bugzilla.suse.com/1086327 https://bugzilla.suse.com/1086331 https://bugzilla.suse.com/1086906 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1097104 https://bugzilla.suse.com/1097577 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1097808 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1101480 https://bugzilla.suse.com/1101669 https://bugzilla.suse.com/1101822 https://bugzilla.suse.com/1102517 https://bugzilla.suse.com/1102715 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1103277 https://bugzilla.suse.com/1103363 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1103886 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104365 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104482 https://bugzilla.suse.com/1104494 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1104683 https://bugzilla.suse.com/1104708 https://bugzilla.suse.com/1104777 https://bugzilla.suse.com/1104890 https://bugzilla.suse.com/1104897 https://bugzilla.suse.com/1105292 https://bugzilla.suse.com/1105296 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105355 https://bugzilla.suse.com/1105378 https://bugzilla.suse.com/1105396 https://bugzilla.suse.com/1105467 https://bugzilla.suse.com/1105731 https://bugzilla.suse.com/802154 https://bugzilla.suse.com/971975 From sle-security-updates at lists.suse.com Tue Aug 28 13:10:24 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Aug 2018 21:10:24 +0200 (CEST) Subject: SUSE-SU-2018:2545-1: moderate: Security update for openssl1 Message-ID: <20180828191024.1DA35FCEA@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2545-1 Rating: moderate References: #1089039 #1097158 #1097624 #1098592 Cross-References: CVE-2018-0732 CVE-2018-0737 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for openssl1 fixes the following security issues: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-13755=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.12.1 libopenssl1_0_0-1.0.1g-0.58.12.1 openssl1-1.0.1g-0.58.12.1 openssl1-doc-1.0.1g-0.58.12.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.58.12.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.58.12.1 References: https://www.suse.com/security/cve/CVE-2018-0732.html https://www.suse.com/security/cve/CVE-2018-0737.html https://bugzilla.suse.com/1089039 https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097624 https://bugzilla.suse.com/1098592 From sle-security-updates at lists.suse.com Wed Aug 29 13:09:04 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Aug 2018 21:09:04 +0200 (CEST) Subject: SUSE-SU-2018:2550-1: important: Security update for cobbler Message-ID: <20180829190904.2D147FCBF@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2550-1 Rating: important References: #1104189 #1104287 Cross-References: CVE-2018-10931 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for cobbler fixes the following issues: Security issue fixed: - CVE-2018-10931: Forbid exposure of private methods in the API (bsc#1104287, bsc#1104189) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-cobbler-13758=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-cobbler-13758=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.68.6.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.68.6.1 References: https://www.suse.com/security/cve/CVE-2018-10931.html https://bugzilla.suse.com/1104189 https://bugzilla.suse.com/1104287 From sle-security-updates at lists.suse.com Wed Aug 29 13:09:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Aug 2018 21:09:45 +0200 (CEST) Subject: SUSE-SU-2018:2551-1: important: Security update for cobbler Message-ID: <20180829190945.96573FCBF@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2551-1 Rating: important References: #1101670 #1104189 #1104190 #1104287 #1105440 #1105442 Cross-References: CVE-2018-1000225 CVE-2018-1000226 CVE-2018-10931 Affected Products: SUSE Manager Server 3.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API (CVE-2018-10931, CVE-2018-1000225, bsc#1104287, bsc#1104189, bsc#1105442) - Check access token when calling 'modify_setting' API endpoint (bsc#1104190, bsc#1105440, CVE-2018-1000226) Other bugs fixed: - Fix kernel options when generating bootiso (bsc#1101670) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-1788=1 Package List: - SUSE Manager Server 3.2 (noarch): cobbler-2.6.6-6.7.1 References: https://www.suse.com/security/cve/CVE-2018-1000225.html https://www.suse.com/security/cve/CVE-2018-1000226.html https://www.suse.com/security/cve/CVE-2018-10931.html https://bugzilla.suse.com/1101670 https://bugzilla.suse.com/1104189 https://bugzilla.suse.com/1104190 https://bugzilla.suse.com/1104287 https://bugzilla.suse.com/1105440 https://bugzilla.suse.com/1105442 From sle-security-updates at lists.suse.com Wed Aug 29 13:12:15 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Aug 2018 21:12:15 +0200 (CEST) Subject: SUSE-SU-2018:2553-1: important: Security update for ImageMagick Message-ID: <20180829191215.C8B13FCBF@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2553-1 Rating: important References: #1105592 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ImageMagick fixes the following issues: Security issue fixed: - Hide PS, XPS and PDF coders into */vulnerable (bsc#1105592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13757=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13757=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13757=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-78.59.1 ImageMagick-devel-6.4.3.6-78.59.1 libMagick++-devel-6.4.3.6-78.59.1 libMagick++1-6.4.3.6-78.59.1 libMagickWand1-6.4.3.6-78.59.1 perl-PerlMagick-6.4.3.6-78.59.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-78.59.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-78.59.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-78.59.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-78.59.1 ImageMagick-debugsource-6.4.3.6-78.59.1 References: https://bugzilla.suse.com/1105592 From sle-security-updates at lists.suse.com Thu Aug 30 04:13:39 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Aug 2018 12:13:39 +0200 (CEST) Subject: SUSE-SU-2018:2554-1: moderate: Security update for apache2 Message-ID: <20180830101339.2970FFD56@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2554-1 Rating: moderate References: #1016715 #1104826 Cross-References: CVE-2016-4975 CVE-2016-8743 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the "Location" or other outbound header key or value. (bsc#1104826) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1791=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1791=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): apache2-2.4.16-20.19.1 apache2-debuginfo-2.4.16-20.19.1 apache2-debugsource-2.4.16-20.19.1 apache2-example-pages-2.4.16-20.19.1 apache2-prefork-2.4.16-20.19.1 apache2-prefork-debuginfo-2.4.16-20.19.1 apache2-utils-2.4.16-20.19.1 apache2-utils-debuginfo-2.4.16-20.19.1 apache2-worker-2.4.16-20.19.1 apache2-worker-debuginfo-2.4.16-20.19.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): apache2-doc-2.4.16-20.19.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): apache2-2.4.16-20.19.1 apache2-debuginfo-2.4.16-20.19.1 apache2-debugsource-2.4.16-20.19.1 apache2-example-pages-2.4.16-20.19.1 apache2-prefork-2.4.16-20.19.1 apache2-prefork-debuginfo-2.4.16-20.19.1 apache2-utils-2.4.16-20.19.1 apache2-utils-debuginfo-2.4.16-20.19.1 apache2-worker-2.4.16-20.19.1 apache2-worker-debuginfo-2.4.16-20.19.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): apache2-doc-2.4.16-20.19.1 References: https://www.suse.com/security/cve/CVE-2016-4975.html https://www.suse.com/security/cve/CVE-2016-8743.html https://bugzilla.suse.com/1016715 https://bugzilla.suse.com/1104826 From sle-security-updates at lists.suse.com Thu Aug 30 04:14:24 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Aug 2018 12:14:24 +0200 (CEST) Subject: SUSE-SU-2018:2555-1: important: Security update for libzypp, zypper Message-ID: <20180830101424.B9658FD55@maintenance.suse.de> SUSE Security Update: Security update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2555-1 Rating: important References: #1037210 #1038984 #1045735 #1048315 #1054088 #1070851 #1076192 #1088705 #1091624 #1092413 #1096803 #1100028 #1101349 #1102429 Cross-References: CVE-2017-7435 CVE-2017-7436 CVE-2017-9269 CVE-2018-7685 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has 10 fixes is now available. Description: This update for libzypp, zypper provides the following fixes: libzypp security fixes: - CVE-2018-7685: Validate RPMs before caching (bsc#1091624, bsc#1088705) - CVE-2017-9269: Be sure bad packages do not stay in the cache (bsc#1045735) - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix repo gpg check workflows, mainly for unsigned repos and packages (bsc#1045735, bsc#1038984) libzypp changes: - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - Prefer calling "repo2solv" rather than "repo2solv.sh". - libzypp-devel should not require cmake. (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been loaded. (bsc#1096803) - Avoid zombie tar processes. (bsc#1076192) - man: Make sure that '--config FILE' affects zypper.conf, not zypp.conf. (bsc#1100028) - ansi.h: Prevent ESC sequence strings from going out of scope. (bsc#1092413) - RepoInfo: add enum GpgCheck for convenient gpgcheck mode handling (bsc#1045735) - repo refresh: Re-probe if the repository type changes (bsc#1048315) - Use common workflow for downloading packages and srcpackages. This includes a common way of handling and reporting gpg signature and checks. (bsc#1037210) - PackageProvider: as well support downloading SrcPackage (for bsc#1037210) - Adapt to work with GnuPG 2.1.23 (bsc#1054088) Use 'gpg --list-packets' to determine the keyid to verify a signature. - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) zypper security fixes: - Improve signature check callback messages (bsc#1045735, CVE-2017-9269) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735, CVE-2017-9269) - Adapt download callback to report and handle unsigned packages (bsc#1038984, CVE-2017-7436) zypper changes: - download: fix crash when non-package types are passed as argument (bsc#1037210) - XML attribute `packages-to-change` added (bsc#1102429) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1792=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1792=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libzypp-15.25.17-46.22.1 libzypp-debuginfo-15.25.17-46.22.1 libzypp-debugsource-15.25.17-46.22.1 zypper-1.12.59-46.10.1 zypper-debuginfo-1.12.59-46.10.1 zypper-debugsource-1.12.59-46.10.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): zypper-log-1.12.59-46.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libzypp-15.25.17-46.22.1 libzypp-debuginfo-15.25.17-46.22.1 libzypp-debugsource-15.25.17-46.22.1 zypper-1.12.59-46.10.1 zypper-debuginfo-1.12.59-46.10.1 zypper-debugsource-1.12.59-46.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): zypper-log-1.12.59-46.10.1 References: https://www.suse.com/security/cve/CVE-2017-7435.html https://www.suse.com/security/cve/CVE-2017-7436.html https://www.suse.com/security/cve/CVE-2017-9269.html https://www.suse.com/security/cve/CVE-2018-7685.html https://bugzilla.suse.com/1037210 https://bugzilla.suse.com/1038984 https://bugzilla.suse.com/1045735 https://bugzilla.suse.com/1048315 https://bugzilla.suse.com/1054088 https://bugzilla.suse.com/1070851 https://bugzilla.suse.com/1076192 https://bugzilla.suse.com/1088705 https://bugzilla.suse.com/1091624 https://bugzilla.suse.com/1092413 https://bugzilla.suse.com/1096803 https://bugzilla.suse.com/1100028 https://bugzilla.suse.com/1101349 https://bugzilla.suse.com/1102429 From sle-security-updates at lists.suse.com Thu Aug 30 04:17:14 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Aug 2018 12:17:14 +0200 (CEST) Subject: SUSE-SU-2018:2556-1: moderate: Security update for qemu Message-ID: <20180830101714.A0207FCBE@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2556-1 Rating: moderate References: #1092885 #1096223 #1098735 Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for qemu fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1793=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): qemu-2.0.2-48.43.3 qemu-block-curl-2.0.2-48.43.3 qemu-block-curl-debuginfo-2.0.2-48.43.3 qemu-debugsource-2.0.2-48.43.3 qemu-guest-agent-2.0.2-48.43.3 qemu-guest-agent-debuginfo-2.0.2-48.43.3 qemu-lang-2.0.2-48.43.3 qemu-tools-2.0.2-48.43.3 qemu-tools-debuginfo-2.0.2-48.43.3 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): qemu-kvm-2.0.2-48.43.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le): qemu-ppc-2.0.2-48.43.3 qemu-ppc-debuginfo-2.0.2-48.43.3 - SUSE Linux Enterprise Server 12-LTSS (x86_64): qemu-block-rbd-2.0.2-48.43.3 qemu-block-rbd-debuginfo-2.0.2-48.43.3 qemu-x86-2.0.2-48.43.3 qemu-x86-debuginfo-2.0.2-48.43.3 - SUSE Linux Enterprise Server 12-LTSS (noarch): qemu-ipxe-1.0.0-48.43.3 qemu-seabios-1.7.4-48.43.3 qemu-sgabios-8-48.43.3 qemu-vgabios-1.7.4-48.43.3 - SUSE Linux Enterprise Server 12-LTSS (s390x): qemu-s390-2.0.2-48.43.3 qemu-s390-debuginfo-2.0.2-48.43.3 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1092885 https://bugzilla.suse.com/1096223 https://bugzilla.suse.com/1098735 From sle-security-updates at lists.suse.com Thu Aug 30 06:05:59 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Aug 2018 14:05:59 +0200 (CEST) Subject: SUSE-SU-2018:2557-1: moderate: Security update for libtirpc Message-ID: <20180830120559.118ACFCBE@maintenance.suse.de> SUSE Security Update: Security update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2557-1 Rating: moderate References: #968175 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libtirpc fixes the following issues: - Prevent remote crash of RPC services (bsc#968175) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libtirpc-13761=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libtirpc-13761=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libtirpc-13761=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc-devel-0.2.1-1.13.3.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc1-0.2.1-1.13.3.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc-debuginfo-0.2.1-1.13.3.3 libtirpc-debugsource-0.2.1-1.13.3.3 References: https://bugzilla.suse.com/968175 From sle-security-updates at lists.suse.com Thu Aug 30 13:08:05 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Aug 2018 21:08:05 +0200 (CEST) Subject: SUSE-SU-2018:2560-1: important: Security update for GraphicsMagick Message-ID: <20180830190805.26655FD53@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2560-1 Rating: important References: #1105592 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for GraphicsMagick fixes the following issues: - Disable PS and PDF coders by default, remove gs calls from delegates.mgk (bsc#1105592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13763=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13763=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13763=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-78.66.2 libGraphicsMagick2-1.2.5-78.66.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-78.66.2 libGraphicsMagick2-1.2.5-78.66.2 perl-GraphicsMagick-1.2.5-78.66.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-78.66.2 GraphicsMagick-debugsource-1.2.5-78.66.2 References: https://bugzilla.suse.com/1105592 From sle-security-updates at lists.suse.com Thu Aug 30 13:08:37 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Aug 2018 21:08:37 +0200 (CEST) Subject: SUSE-SU-2018:2561-1: important: Security update for cobbler Message-ID: <20180830190837.5C2C7FCBF@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2561-1 Rating: important References: #1097733 #1101670 #1104189 #1104190 #1104287 #1105440 #1105442 Cross-References: CVE-2018-1000225 CVE-2018-1000226 CVE-2018-10931 Affected Products: SUSE OpenStack Cloud 8 SUSE Manager Tools 12 SUSE Manager Server 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API (CVE-2018-10931, CVE-2018-1000225, bsc#1104287, bsc#1104189, bsc#1105442) - Check access token when calling 'modify_setting' API endpoint (bsc#1104190, bsc#1105440, CVE-2018-1000226) Other bugs fixed: - Do not try to hardlink to a symlink. The result will be a dangling symlink in the general case. (bsc#1097733) - fix kernel options when generating bootiso (bsc#1101670) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1795=1 - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-1795=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-1795=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1795=1 Package List: - SUSE OpenStack Cloud 8 (noarch): cobbler-2.6.6-49.14.1 - SUSE Manager Tools 12 (noarch): koan-2.6.6-49.14.1 - SUSE Manager Server 3.0 (noarch): cobbler-2.6.6-49.14.1 - HPE Helion Openstack 8 (noarch): cobbler-2.6.6-49.14.1 References: https://www.suse.com/security/cve/CVE-2018-1000225.html https://www.suse.com/security/cve/CVE-2018-1000226.html https://www.suse.com/security/cve/CVE-2018-10931.html https://bugzilla.suse.com/1097733 https://bugzilla.suse.com/1101670 https://bugzilla.suse.com/1104189 https://bugzilla.suse.com/1104190 https://bugzilla.suse.com/1104287 https://bugzilla.suse.com/1105440 https://bugzilla.suse.com/1105442 From sle-security-updates at lists.suse.com Thu Aug 30 13:10:07 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Aug 2018 21:10:07 +0200 (CEST) Subject: SUSE-SU-2018:2562-1: important: Security update for ImageMagick Message-ID: <20180830191007.ACA69FCBF@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2562-1 Rating: important References: #1105592 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ImageMagick fixes the following issues: Security issue fixed: - Disable PS, PS2, PS3, XPS and PDF coders in default policy.xml (bsc#1105592) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1797=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1797=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.17.1 ImageMagick-debugsource-7.0.7.34-3.17.1 perl-PerlMagick-7.0.7.34-3.17.1 perl-PerlMagick-debuginfo-7.0.7.34-3.17.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.17.1 ImageMagick-debuginfo-7.0.7.34-3.17.1 ImageMagick-debugsource-7.0.7.34-3.17.1 ImageMagick-devel-7.0.7.34-3.17.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.17.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.17.1 libMagick++-devel-7.0.7.34-3.17.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.17.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.17.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.17.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.17.1 References: https://bugzilla.suse.com/1105592 From sle-security-updates at lists.suse.com Thu Aug 30 13:10:39 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Aug 2018 21:10:39 +0200 (CEST) Subject: SUSE-SU-2018:2563-1: important: Security update for spice Message-ID: <20180830191039.E1E91FD4E@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2563-1 Rating: important References: #1101295 #1104448 Cross-References: CVE-2018-10873 CVE-2018-10893 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for spice fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-spice-13762=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-spice-13762=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-spice-13762=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libspice-server-devel-0.12.4-15.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): libspice-server1-0.12.4-15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): spice-debuginfo-0.12.4-15.1 spice-debugsource-0.12.4-15.1 References: https://www.suse.com/security/cve/CVE-2018-10873.html https://www.suse.com/security/cve/CVE-2018-10893.html https://bugzilla.suse.com/1101295 https://bugzilla.suse.com/1104448 From sle-security-updates at lists.suse.com Thu Aug 30 13:11:22 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Aug 2018 21:11:22 +0200 (CEST) Subject: SUSE-SU-2018:2564-1: moderate: Security update for postgresql10 Message-ID: <20180830191122.297F3FCBF@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2564-1 Rating: moderate References: #1091610 #1104199 #1104202 Cross-References: CVE-2018-10915 CVE-2018-10925 CVE-2018-1115 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for postgresql10 fixes the following issues: PostgreSQL 10 was updated to 10.5: - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-10-5.html A dump/restore is not required for those running 10.X. However, if you use the adminpack extension, you should update it as per the first changelog entry below. Also, if the function marking mistakes mentioned in the second and third changelog entries below affect you, you will want to take steps to correct your database catalogs. Security issues fixed: - CVE-2018-1115: Remove public execute privilege from contrib/adminpack's pg_logfile_rotate() function pg_logfile_rotate() is a deprecated wrapper for the core function pg_rotate_logfile(). When that function was changed to rely on SQL privileges for access control rather than a hard-coded superuser check, pg_logfile_rotate() should have been updated as well, but the need for this was missed. Hence, if adminpack is installed, any user could request a logfile rotation, creating a minor security issue. After installing this update, administrators should update adminpack by performing ALTER EXTENSION adminpack UPDATE in each database in which adminpack is installed (bsc#1091610). - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199) - CVE-2018-10925: Add missing authorization check on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could have exploited this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could have exploited this to update other columns in the same table (bsc#1104202). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1799=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1799=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libecpg6-10.5-4.5.1 libecpg6-debuginfo-10.5-4.5.1 postgresql10-contrib-10.5-4.5.1 postgresql10-contrib-debuginfo-10.5-4.5.1 postgresql10-debuginfo-10.5-4.5.1 postgresql10-debugsource-10.5-4.5.1 postgresql10-devel-10.5-4.5.1 postgresql10-devel-debuginfo-10.5-4.5.1 postgresql10-plperl-10.5-4.5.1 postgresql10-plperl-debuginfo-10.5-4.5.1 postgresql10-plpython-10.5-4.5.1 postgresql10-plpython-debuginfo-10.5-4.5.1 postgresql10-pltcl-10.5-4.5.1 postgresql10-pltcl-debuginfo-10.5-4.5.1 postgresql10-server-10.5-4.5.1 postgresql10-server-debuginfo-10.5-4.5.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): postgresql10-docs-10.5-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpq5-10.5-4.5.1 libpq5-debuginfo-10.5-4.5.1 postgresql10-10.5-4.5.1 postgresql10-debuginfo-10.5-4.5.1 postgresql10-debugsource-10.5-4.5.1 References: https://www.suse.com/security/cve/CVE-2018-10915.html https://www.suse.com/security/cve/CVE-2018-10925.html https://www.suse.com/security/cve/CVE-2018-1115.html https://bugzilla.suse.com/1091610 https://bugzilla.suse.com/1104199 https://bugzilla.suse.com/1104202 From sle-security-updates at lists.suse.com Thu Aug 30 16:07:54 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Aug 2018 00:07:54 +0200 (CEST) Subject: SUSE-SU-2018:2565-1: moderate: Security update for qemu Message-ID: <20180830220754.94A1FFCBF@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2565-1 Rating: moderate References: #1020928 #1092885 #1096223 #1098735 Cross-References: CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: These security issues were fixed: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). This non-security was fixed: - Fix VirtQueue error for virtio-balloon during live migration (bsc#1020928). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1801=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1801=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): qemu-2.3.1-33.12.1 qemu-block-curl-2.3.1-33.12.1 qemu-block-curl-debuginfo-2.3.1-33.12.1 qemu-debugsource-2.3.1-33.12.1 qemu-guest-agent-2.3.1-33.12.1 qemu-guest-agent-debuginfo-2.3.1-33.12.1 qemu-lang-2.3.1-33.12.1 qemu-tools-2.3.1-33.12.1 qemu-tools-debuginfo-2.3.1-33.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le): qemu-ppc-2.3.1-33.12.1 qemu-ppc-debuginfo-2.3.1-33.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): qemu-ipxe-1.0.0-33.12.1 qemu-seabios-1.8.1-33.12.1 qemu-sgabios-8-33.12.1 qemu-vgabios-1.8.1-33.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): qemu-block-rbd-2.3.1-33.12.1 qemu-block-rbd-debuginfo-2.3.1-33.12.1 qemu-kvm-2.3.1-33.12.1 qemu-x86-2.3.1-33.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): qemu-2.3.1-33.12.1 qemu-block-curl-2.3.1-33.12.1 qemu-block-curl-debuginfo-2.3.1-33.12.1 qemu-debugsource-2.3.1-33.12.1 qemu-guest-agent-2.3.1-33.12.1 qemu-guest-agent-debuginfo-2.3.1-33.12.1 qemu-lang-2.3.1-33.12.1 qemu-tools-2.3.1-33.12.1 qemu-tools-debuginfo-2.3.1-33.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): qemu-kvm-2.3.1-33.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le): qemu-ppc-2.3.1-33.12.1 qemu-ppc-debuginfo-2.3.1-33.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): qemu-block-rbd-2.3.1-33.12.1 qemu-block-rbd-debuginfo-2.3.1-33.12.1 qemu-x86-2.3.1-33.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): qemu-ipxe-1.0.0-33.12.1 qemu-seabios-1.8.1-33.12.1 qemu-sgabios-8-33.12.1 qemu-vgabios-1.8.1-33.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): qemu-s390-2.3.1-33.12.1 qemu-s390-debuginfo-2.3.1-33.12.1 References: https://www.suse.com/security/cve/CVE-2018-11806.html https://www.suse.com/security/cve/CVE-2018-12617.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1020928 https://bugzilla.suse.com/1092885 https://bugzilla.suse.com/1096223 https://bugzilla.suse.com/1098735 From sle-security-updates at lists.suse.com Thu Aug 30 16:09:09 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Aug 2018 00:09:09 +0200 (CEST) Subject: SUSE-SU-2018:2566-1: important: Security update for spice Message-ID: <20180830220909.65E7DFCBF@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2566-1 Rating: important References: #1101295 #1104448 Cross-References: CVE-2018-10873 CVE-2018-10893 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for spice fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-1800=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.14.0-4.3.1 libspice-server1-0.14.0-4.3.1 libspice-server1-debuginfo-0.14.0-4.3.1 spice-debugsource-0.14.0-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-10873.html https://www.suse.com/security/cve/CVE-2018-10893.html https://bugzilla.suse.com/1101295 https://bugzilla.suse.com/1104448 From sle-security-updates at lists.suse.com Fri Aug 31 04:12:18 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Aug 2018 12:12:18 +0200 (CEST) Subject: SUSE-SU-2018:2569-1: moderate: Security update for liblouis Message-ID: <20180831101218.B3888FD56@maintenance.suse.de> SUSE Security Update: Security update for liblouis ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2569-1 Rating: moderate References: #1095825 #1095826 #1095827 Cross-References: CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for liblouis, python-louis fixes the following issues: Security issues fixed: - CVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826) - CVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825) - CVE-2018-11683: Fix a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095827) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-liblouis-13764=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-liblouis-13764=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): liblouis-1.7.0-1.3.13.1 liblouis0-1.7.0-1.3.13.1 python-louis-1.7.0-1.3.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): liblouis-debuginfo-1.7.0-1.3.13.1 liblouis-debugsource-1.7.0-1.3.13.1 References: https://www.suse.com/security/cve/CVE-2018-11683.html https://www.suse.com/security/cve/CVE-2018-11684.html https://www.suse.com/security/cve/CVE-2018-11685.html https://bugzilla.suse.com/1095825 https://bugzilla.suse.com/1095826 https://bugzilla.suse.com/1095827 From sle-security-updates at lists.suse.com Fri Aug 31 10:10:12 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Aug 2018 18:10:12 +0200 (CEST) Subject: SUSE-SU-2018:2574-1: important: Security update for java-1_7_0-ibm Message-ID: <20180831161012.8D1A4FD53@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2574-1 Rating: important References: #1104668 Cross-References: CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_7_0-ibm fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/# IBM_Security_Update_August_2018). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_7_0-ibm-13765=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-13765=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr10.30-65.28.1 java-1_7_0-ibm-devel-1.7.0_sr10.30-65.28.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.30-65.28.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr10.30-65.28.1 java-1_7_0-ibm-plugin-1.7.0_sr10.30-65.28.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr10.30-65.28.1 java-1_7_0-ibm-alsa-1.7.0_sr10.30-65.28.1 java-1_7_0-ibm-devel-1.7.0_sr10.30-65.28.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.30-65.28.1 java-1_7_0-ibm-plugin-1.7.0_sr10.30-65.28.1 References: https://www.suse.com/security/cve/CVE-2018-12539.html https://www.suse.com/security/cve/CVE-2018-1517.html https://www.suse.com/security/cve/CVE-2018-1656.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://bugzilla.suse.com/1104668 From sle-security-updates at lists.suse.com Fri Aug 31 10:11:25 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Aug 2018 18:11:25 +0200 (CEST) Subject: SUSE-SU-2018:2576-1: moderate: Security update for OpenStack Message-ID: <20180831161125.707BDFD53@maintenance.suse.de> SUSE Security Update: Security update for OpenStack ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2576-1 Rating: moderate References: #1084724 #1095482 #1099902 #1100751 #1102151 Cross-References: CVE-2018-14432 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for OpenStack fixes the following issues: The following security issue with openstack-keystone has been fixed: - CVE-2018-14432: Reduce duplication in federated authentication APIs. (bsc#1102151) Additionally, the following non-security issues have been fixed: openstack-dashboard: - Fetch and show Cinder availability zones list during volume creation and volume creation from image. (bsc#1100751) openstack-heat: - Add Trunk resource support. openstack-horizon-plugin-designate-ui: - Install all designate panels that are available. openstack-nova: - Stop _undefine_domain erroring if domain not found. (bsc#1099902) - Fix Nova to allow using cinder v3 endpoint. (bsc#1095482) python-os-vif: - Check if interface belongs to a Linux Bridge before removing. (bsc#1084724) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1808=1 Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-dashboard-10.0.6~dev4-4.15.1 openstack-heat-7.0.7~dev10-5.12.1 openstack-heat-api-7.0.7~dev10-5.12.1 openstack-heat-api-cfn-7.0.7~dev10-5.12.1 openstack-heat-api-cloudwatch-7.0.7~dev10-5.12.1 openstack-heat-doc-7.0.7~dev10-5.12.1 openstack-heat-engine-7.0.7~dev10-5.12.1 openstack-heat-plugin-heat_docker-7.0.7~dev10-5.12.1 openstack-heat-test-7.0.7~dev10-5.12.1 openstack-horizon-plugin-designate-ui-3.0.2~dev1-3.6.1 openstack-keystone-10.0.3~dev9-7.12.1 openstack-keystone-doc-10.0.3~dev9-7.12.1 openstack-nova-14.0.11~dev13-4.25.1 openstack-nova-api-14.0.11~dev13-4.25.1 openstack-nova-cells-14.0.11~dev13-4.25.1 openstack-nova-cert-14.0.11~dev13-4.25.1 openstack-nova-compute-14.0.11~dev13-4.25.1 openstack-nova-conductor-14.0.11~dev13-4.25.1 openstack-nova-console-14.0.11~dev13-4.25.1 openstack-nova-consoleauth-14.0.11~dev13-4.25.1 openstack-nova-doc-14.0.11~dev13-4.25.1 openstack-nova-novncproxy-14.0.11~dev13-4.25.1 openstack-nova-placement-api-14.0.11~dev13-4.25.1 openstack-nova-scheduler-14.0.11~dev13-4.25.1 openstack-nova-serialproxy-14.0.11~dev13-4.25.1 openstack-nova-vncproxy-14.0.11~dev13-4.25.1 python-heat-7.0.7~dev10-5.12.1 python-horizon-10.0.6~dev4-4.15.1 python-horizon-plugin-designate-ui-3.0.2~dev1-3.6.1 python-keystone-10.0.3~dev9-7.12.1 python-nova-14.0.11~dev13-4.25.1 python-os-vif-1.2.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-14432.html https://bugzilla.suse.com/1084724 https://bugzilla.suse.com/1095482 https://bugzilla.suse.com/1099902 https://bugzilla.suse.com/1100751 https://bugzilla.suse.com/1102151 From sle-security-updates at lists.suse.com Fri Aug 31 10:13:11 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Aug 2018 18:13:11 +0200 (CEST) Subject: SUSE-SU-2018:2578-1: important: Security update for couchdb Message-ID: <20180831161311.D0A18FD53@maintenance.suse.de> SUSE Security Update: Security update for couchdb ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2578-1 Rating: important References: #1068386 #1100973 Cross-References: CVE-2017-12636 CVE-2018-8007 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for couchdb to 1.7.2 fixes the following security issues: - CVE-2018-8007: Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it was possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API (bsc#1100973). - CVE-2017-12636: CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allowed an admin user in Apache CouchDB to execute arbitrary shell commands as the CouchDB user (bsc#1068386). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1807=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1807=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): couchdb-1.7.2-2.8.2 couchdb-debuginfo-1.7.2-2.8.2 couchdb-debugsource-1.7.2-2.8.2 - SUSE Enterprise Storage 4 (aarch64 x86_64): couchdb-1.7.2-2.8.2 couchdb-debuginfo-1.7.2-2.8.2 couchdb-debugsource-1.7.2-2.8.2 References: https://www.suse.com/security/cve/CVE-2017-12636.html https://www.suse.com/security/cve/CVE-2018-8007.html https://bugzilla.suse.com/1068386 https://bugzilla.suse.com/1100973 From sle-security-updates at lists.suse.com Fri Aug 31 10:20:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Aug 2018 18:20:02 +0200 (CEST) Subject: SUSE-SU-2018:2583-1: important: Security update for java-1_7_1-ibm Message-ID: <20180831162002.900A2FD53@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2583-1 Rating: important References: #1104668 Cross-References: CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_7_1-ibm to version 7.1.4.30 fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/# IBM_Security_Update_August_2018). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1-ibm-13766=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1-ibm-13766=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.30-26.29.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.30-26.29.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.30-26.29.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.30-26.29.1 java-1_7_1-ibm-plugin-1.7.1_sr4.30-26.29.1 References: https://www.suse.com/security/cve/CVE-2018-12539.html https://www.suse.com/security/cve/CVE-2018-1517.html https://www.suse.com/security/cve/CVE-2018-1656.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://bugzilla.suse.com/1104668 From sle-security-updates at lists.suse.com Fri Aug 31 10:20:34 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Aug 2018 18:20:34 +0200 (CEST) Subject: SUSE-SU-2018:2584-1: important: Security update for spice Message-ID: <20180831162034.F0B31FD53@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2584-1 Rating: important References: #1101295 #1104448 Cross-References: CVE-2018-10873 CVE-2018-10893 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for spice fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1816=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): libspice-server1-0.12.4-8.18.1 libspice-server1-debuginfo-0.12.4-8.18.1 spice-debugsource-0.12.4-8.18.1 References: https://www.suse.com/security/cve/CVE-2018-10873.html https://www.suse.com/security/cve/CVE-2018-10893.html https://bugzilla.suse.com/1101295 https://bugzilla.suse.com/1104448