From sle-security-updates at lists.suse.com Mon Dec 3 13:08:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Dec 2018 21:08:38 +0100 (CET) Subject: SUSE-SU-2018:3963-1: important: Security update for apache2-mod_jk Message-ID: <20181203200838.B8687FCA4@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_jk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3963-1 Rating: important References: #1114612 Cross-References: CVE-2018-11759 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_jk fixes the following issue: Security issue fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2829=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_jk-1.2.40-7.3.1 apache2-mod_jk-debuginfo-1.2.40-7.3.1 apache2-mod_jk-debugsource-1.2.40-7.3.1 References: https://www.suse.com/security/cve/CVE-2018-11759.html https://bugzilla.suse.com/1114612 From sle-security-updates at lists.suse.com Mon Dec 3 13:09:15 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Dec 2018 21:09:15 +0100 (CET) Subject: SUSE-SU-2018:3964-1: moderate: Security update for openssl1 Message-ID: <20181203200915.7A40DFCA4@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3964-1 Rating: moderate References: #1104789 #1110018 #1113534 #1113652 Cross-References: CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 Affected Products: SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the "One and Done" side-channel attack on RSA (bsc#1104789). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-13887=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl1-13887=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.15.1 libopenssl1_0_0-1.0.1g-0.58.15.1 openssl1-1.0.1g-0.58.15.1 openssl1-doc-1.0.1g-0.58.15.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.58.15.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.58.15.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl1-debuginfo-1.0.1g-0.58.15.1 openssl1-debugsource-1.0.1g-0.58.15.1 References: https://www.suse.com/security/cve/CVE-2016-8610.html https://www.suse.com/security/cve/CVE-2018-0734.html https://www.suse.com/security/cve/CVE-2018-5407.html https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1110018 https://bugzilla.suse.com/1113534 https://bugzilla.suse.com/1113652 From sle-security-updates at lists.suse.com Mon Dec 3 13:10:21 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Dec 2018 21:10:21 +0100 (CET) Subject: SUSE-SU-2018:3965-1: important: Security update for pam Message-ID: <20181203201021.59E52FCA4@maintenance.suse.de> SUSE Security Update: Security update for pam ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3965-1 Rating: important References: #1115640 Cross-References: CVE-2018-17953 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2825=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2825=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): pam-32bit-debuginfo-1.3.0-6.6.1 pam-debugsource-1.3.0-6.6.1 pam-devel-32bit-1.3.0-6.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): pam-1.3.0-6.6.1 pam-debuginfo-1.3.0-6.6.1 pam-debugsource-1.3.0-6.6.1 pam-devel-1.3.0-6.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): pam-doc-1.3.0-6.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): pam-32bit-1.3.0-6.6.1 pam-32bit-debuginfo-1.3.0-6.6.1 References: https://www.suse.com/security/cve/CVE-2018-17953.html https://bugzilla.suse.com/1115640 From sle-security-updates at lists.suse.com Mon Dec 3 13:10:59 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Dec 2018 21:10:59 +0100 (CET) Subject: SUSE-SU-2018:3966-1: moderate: Security update for glib2 Message-ID: <20181203201059.09E6EFCA4@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3966-1 Rating: moderate References: #1107116 #1111499 Cross-References: CVE-2018-16429 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). - Fixing potentially exploitable bugs in UTF-8 validation in Variant and DBUS message parsing (bsc#1111499). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-glib2-13889=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glib2-13889=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glib2-13889=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glib2-13889=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): glib2-branding-upstream-2.22.5-0.8.36.1 glib2-devel-2.22.5-0.8.36.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): glib2-devel-2.22.5-0.8.36.1 libgio-fam-2.22.5-0.8.36.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): glib2-devel-32bit-2.22.5-0.8.36.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glib2-doc-2.22.5-0.8.36.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glib2-2.22.5-0.8.36.1 glib2-doc-2.22.5-0.8.36.1 glib2-lang-2.22.5-0.8.36.1 libgio-2_0-0-2.22.5-0.8.36.1 libglib-2_0-0-2.22.5-0.8.36.1 libgmodule-2_0-0-2.22.5-0.8.36.1 libgobject-2_0-0-2.22.5-0.8.36.1 libgthread-2_0-0-2.22.5-0.8.36.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libgio-2_0-0-32bit-2.22.5-0.8.36.1 libglib-2_0-0-32bit-2.22.5-0.8.36.1 libgmodule-2_0-0-32bit-2.22.5-0.8.36.1 libgobject-2_0-0-32bit-2.22.5-0.8.36.1 libgthread-2_0-0-32bit-2.22.5-0.8.36.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libgio-2_0-0-x86-2.22.5-0.8.36.1 libglib-2_0-0-x86-2.22.5-0.8.36.1 libgmodule-2_0-0-x86-2.22.5-0.8.36.1 libgobject-2_0-0-x86-2.22.5-0.8.36.1 libgthread-2_0-0-x86-2.22.5-0.8.36.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): glib2-debuginfo-2.22.5-0.8.36.1 glib2-debugsource-2.22.5-0.8.36.1 References: https://www.suse.com/security/cve/CVE-2018-16429.html https://bugzilla.suse.com/1107116 https://bugzilla.suse.com/1111499 From sle-security-updates at lists.suse.com Mon Dec 3 13:11:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Dec 2018 21:11:49 +0100 (CET) Subject: SUSE-SU-2018:3967-1: important: Security update for ncurses Message-ID: <20181203201149.D5DC7FCA4@maintenance.suse.de> SUSE Security Update: Security update for ncurses ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3967-1 Rating: important References: #1115929 Cross-References: CVE-2018-19211 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ncurses fixes the following issue: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2824=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2824=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2824=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2824=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2824=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2824=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2824=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ncurses-debugsource-5.9-61.1 ncurses-devel-5.9-61.1 ncurses-devel-debuginfo-5.9-61.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ncurses-debugsource-5.9-61.1 ncurses-devel-5.9-61.1 ncurses-devel-debuginfo-5.9-61.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libncurses5-5.9-61.1 libncurses5-debuginfo-5.9-61.1 libncurses6-5.9-61.1 libncurses6-debuginfo-5.9-61.1 ncurses-debugsource-5.9-61.1 ncurses-devel-5.9-61.1 ncurses-devel-debuginfo-5.9-61.1 ncurses-utils-5.9-61.1 ncurses-utils-debuginfo-5.9-61.1 tack-5.9-61.1 tack-debuginfo-5.9-61.1 terminfo-5.9-61.1 terminfo-base-5.9-61.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libncurses5-32bit-5.9-61.1 libncurses5-debuginfo-32bit-5.9-61.1 libncurses6-32bit-5.9-61.1 libncurses6-debuginfo-32bit-5.9-61.1 ncurses-devel-32bit-5.9-61.1 ncurses-devel-debuginfo-32bit-5.9-61.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libncurses5-5.9-61.1 libncurses5-debuginfo-5.9-61.1 libncurses6-5.9-61.1 libncurses6-debuginfo-5.9-61.1 ncurses-debugsource-5.9-61.1 ncurses-devel-5.9-61.1 ncurses-devel-debuginfo-5.9-61.1 ncurses-utils-5.9-61.1 ncurses-utils-debuginfo-5.9-61.1 tack-5.9-61.1 tack-debuginfo-5.9-61.1 terminfo-5.9-61.1 terminfo-base-5.9-61.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libncurses5-32bit-5.9-61.1 libncurses5-debuginfo-32bit-5.9-61.1 libncurses6-32bit-5.9-61.1 libncurses6-debuginfo-32bit-5.9-61.1 ncurses-devel-32bit-5.9-61.1 ncurses-devel-debuginfo-32bit-5.9-61.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libncurses5-32bit-5.9-61.1 libncurses5-5.9-61.1 libncurses5-debuginfo-32bit-5.9-61.1 libncurses5-debuginfo-5.9-61.1 libncurses6-32bit-5.9-61.1 libncurses6-5.9-61.1 libncurses6-debuginfo-32bit-5.9-61.1 libncurses6-debuginfo-5.9-61.1 ncurses-debugsource-5.9-61.1 ncurses-devel-5.9-61.1 ncurses-devel-debuginfo-5.9-61.1 ncurses-utils-5.9-61.1 ncurses-utils-debuginfo-5.9-61.1 tack-5.9-61.1 tack-debuginfo-5.9-61.1 terminfo-5.9-61.1 terminfo-base-5.9-61.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libncurses5-32bit-5.9-61.1 libncurses5-5.9-61.1 libncurses5-debuginfo-32bit-5.9-61.1 libncurses5-debuginfo-5.9-61.1 libncurses6-32bit-5.9-61.1 libncurses6-5.9-61.1 libncurses6-debuginfo-32bit-5.9-61.1 libncurses6-debuginfo-5.9-61.1 ncurses-debugsource-5.9-61.1 ncurses-devel-5.9-61.1 ncurses-devel-debuginfo-5.9-61.1 ncurses-utils-5.9-61.1 ncurses-utils-debuginfo-5.9-61.1 tack-5.9-61.1 tack-debuginfo-5.9-61.1 terminfo-5.9-61.1 terminfo-base-5.9-61.1 - SUSE CaaS Platform ALL (x86_64): libncurses5-5.9-61.1 libncurses5-debuginfo-5.9-61.1 libncurses6-5.9-61.1 libncurses6-debuginfo-5.9-61.1 ncurses-debugsource-5.9-61.1 ncurses-utils-5.9-61.1 ncurses-utils-debuginfo-5.9-61.1 terminfo-base-5.9-61.1 - SUSE CaaS Platform 3.0 (x86_64): libncurses5-5.9-61.1 libncurses5-debuginfo-5.9-61.1 libncurses6-5.9-61.1 libncurses6-debuginfo-5.9-61.1 ncurses-debugsource-5.9-61.1 ncurses-utils-5.9-61.1 ncurses-utils-debuginfo-5.9-61.1 terminfo-5.9-61.1 terminfo-base-5.9-61.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libncurses5-5.9-61.1 libncurses5-debuginfo-5.9-61.1 libncurses6-5.9-61.1 libncurses6-debuginfo-5.9-61.1 ncurses-debugsource-5.9-61.1 ncurses-utils-5.9-61.1 ncurses-utils-debuginfo-5.9-61.1 terminfo-base-5.9-61.1 References: https://www.suse.com/security/cve/CVE-2018-19211.html https://bugzilla.suse.com/1115929 From sle-security-updates at lists.suse.com Mon Dec 3 13:12:25 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Dec 2018 21:12:25 +0100 (CET) Subject: SUSE-SU-2018:3968-1: moderate: Security update for tomcat Message-ID: <20181203201225.7C699FCA4@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3968-1 Rating: moderate References: #1110850 Cross-References: CVE-2018-11784 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat to 9.0.12 fixes the following issues: See the full changelog at: http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt ) Security issues fixed: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2018-2823=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2823=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): tomcat-9.0.12-3.8.3 tomcat-admin-webapps-9.0.12-3.8.3 tomcat-el-3_0-api-9.0.12-3.8.3 tomcat-jsp-2_3-api-9.0.12-3.8.3 tomcat-lib-9.0.12-3.8.3 tomcat-servlet-4_0-api-9.0.12-3.8.3 tomcat-webapps-9.0.12-3.8.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): tomcat-docs-webapp-9.0.12-3.8.3 tomcat-embed-9.0.12-3.8.3 tomcat-javadoc-9.0.12-3.8.3 tomcat-jsvc-9.0.12-3.8.3 References: https://www.suse.com/security/cve/CVE-2018-11784.html https://bugzilla.suse.com/1110850 From sle-security-updates at lists.suse.com Mon Dec 3 13:13:01 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Dec 2018 21:13:01 +0100 (CET) Subject: SUSE-SU-2018:3969-1: important: Security update for apache2-mod_jk Message-ID: <20181203201301.6C97CFCA4@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_jk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3969-1 Rating: important References: #1114612 Cross-References: CVE-2018-11759 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_jk fixes the following issue: Security issue fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2828=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-mod_jk-1.2.43-3.3.1 apache2-mod_jk-debuginfo-1.2.43-3.3.1 apache2-mod_jk-debugsource-1.2.43-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-11759.html https://bugzilla.suse.com/1114612 From sle-security-updates at lists.suse.com Mon Dec 3 13:13:34 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Dec 2018 21:13:34 +0100 (CET) Subject: SUSE-SU-2018:3970-1: moderate: Security update for apache2-mod_jk Message-ID: <20181203201334.24098FCA4@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_jk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3970-1 Rating: moderate References: #1114612 #927845 Cross-References: CVE-2014-8111 CVE-2018-11759 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache2-mod_jk fixes the following issues: Security issues fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612). - CVE-2014-8111: Apache Tomcat Connectors (mod_jk) ignored JkUnmount rules for subtrees of previous JkMount rules, which allowed remote attackers to access otherwise restricted artifacts via unspecified vectors (bsc#927845). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-apache2-mod_jk-13888=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-apache2-mod_jk-13888=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_jk-1.2.40-0.2.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_jk-debuginfo-1.2.40-0.2.5.1 apache2-mod_jk-debugsource-1.2.40-0.2.5.1 References: https://www.suse.com/security/cve/CVE-2014-8111.html https://www.suse.com/security/cve/CVE-2018-11759.html https://bugzilla.suse.com/1114612 https://bugzilla.suse.com/927845 From sle-security-updates at lists.suse.com Tue Dec 4 13:08:36 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 4 Dec 2018 21:08:36 +0100 (CET) Subject: SUSE-SU-2018:3972-1: important: Security update for mariadb Message-ID: <20181204200836.9A785FCA4@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3972-1 Rating: important References: #1013882 #1101676 #1101677 #1101678 #1103342 #1112368 #1112397 #1112417 #1112421 #1112432 #1116686 Cross-References: CVE-2016-9843 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for mariadb fixes the following issues: Update to MariaDB 10.0.37 GA (bsc#1116686). Security issues fixed: - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10037-release-notes - https://kb.askmonty.org/en/mariadb-10037-changelog - https://kb.askmonty.org/en/mariadb-10036-release-notes - https://kb.askmonty.org/en/mariadb-10036-changelog Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2833=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libmysqlclient-devel-10.0.37-20.49.2 libmysqlclient18-10.0.37-20.49.2 libmysqlclient18-debuginfo-10.0.37-20.49.2 libmysqlclient_r18-10.0.37-20.49.2 libmysqld-devel-10.0.37-20.49.2 libmysqld18-10.0.37-20.49.2 libmysqld18-debuginfo-10.0.37-20.49.2 mariadb-10.0.37-20.49.2 mariadb-client-10.0.37-20.49.2 mariadb-client-debuginfo-10.0.37-20.49.2 mariadb-debuginfo-10.0.37-20.49.2 mariadb-debugsource-10.0.37-20.49.2 mariadb-errormessages-10.0.37-20.49.2 mariadb-tools-10.0.37-20.49.2 mariadb-tools-debuginfo-10.0.37-20.49.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libmysqlclient18-32bit-10.0.37-20.49.2 libmysqlclient18-debuginfo-32bit-10.0.37-20.49.2 References: https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2018-3058.html https://www.suse.com/security/cve/CVE-2018-3063.html https://www.suse.com/security/cve/CVE-2018-3064.html https://www.suse.com/security/cve/CVE-2018-3066.html https://www.suse.com/security/cve/CVE-2018-3143.html https://www.suse.com/security/cve/CVE-2018-3156.html https://www.suse.com/security/cve/CVE-2018-3174.html https://www.suse.com/security/cve/CVE-2018-3251.html https://www.suse.com/security/cve/CVE-2018-3282.html https://bugzilla.suse.com/1013882 https://bugzilla.suse.com/1101676 https://bugzilla.suse.com/1101677 https://bugzilla.suse.com/1101678 https://bugzilla.suse.com/1103342 https://bugzilla.suse.com/1112368 https://bugzilla.suse.com/1112397 https://bugzilla.suse.com/1112417 https://bugzilla.suse.com/1112421 https://bugzilla.suse.com/1112432 https://bugzilla.suse.com/1116686 From sle-security-updates at lists.suse.com Tue Dec 4 13:10:46 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 4 Dec 2018 21:10:46 +0100 (CET) Subject: SUSE-SU-2018:3973-1: moderate: Security update for qemu Message-ID: <20181204201046.69BA2FCA4@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3973-1 Rating: moderate References: #1106222 #1110910 #1111006 #1111010 #1111013 #1114422 Cross-References: CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2834=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): qemu-2.3.1-33.17.1 qemu-block-curl-2.3.1-33.17.1 qemu-block-curl-debuginfo-2.3.1-33.17.1 qemu-debugsource-2.3.1-33.17.1 qemu-guest-agent-2.3.1-33.17.1 qemu-guest-agent-debuginfo-2.3.1-33.17.1 qemu-lang-2.3.1-33.17.1 qemu-tools-2.3.1-33.17.1 qemu-tools-debuginfo-2.3.1-33.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): qemu-kvm-2.3.1-33.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le): qemu-ppc-2.3.1-33.17.1 qemu-ppc-debuginfo-2.3.1-33.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): qemu-ipxe-1.0.0-33.17.1 qemu-seabios-1.8.1-33.17.1 qemu-sgabios-8-33.17.1 qemu-vgabios-1.8.1-33.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): qemu-block-rbd-2.3.1-33.17.1 qemu-block-rbd-debuginfo-2.3.1-33.17.1 qemu-x86-2.3.1-33.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): qemu-s390-2.3.1-33.17.1 qemu-s390-debuginfo-2.3.1-33.17.1 References: https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-15746.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18849.html https://bugzilla.suse.com/1106222 https://bugzilla.suse.com/1110910 https://bugzilla.suse.com/1111006 https://bugzilla.suse.com/1111010 https://bugzilla.suse.com/1111013 https://bugzilla.suse.com/1114422 From sle-security-updates at lists.suse.com Tue Dec 4 13:12:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 4 Dec 2018 21:12:58 +0100 (CET) Subject: SUSE-SU-2018:3975-1: moderate: Security update for kvm Message-ID: <20181204201258.2C380FCA4@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3975-1 Rating: moderate References: #1106222 #1110910 #1111006 #1111010 #1111013 #1112185 #1114422 Cross-References: CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for kvm fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). - CVE-2018-18438: Fixed integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value (bnc#1112185). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-13891=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-60.18.2 References: https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-15746.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18438.html https://www.suse.com/security/cve/CVE-2018-18849.html https://bugzilla.suse.com/1106222 https://bugzilla.suse.com/1110910 https://bugzilla.suse.com/1111006 https://bugzilla.suse.com/1111010 https://bugzilla.suse.com/1111013 https://bugzilla.suse.com/1112185 https://bugzilla.suse.com/1114422 From sle-security-updates at lists.suse.com Wed Dec 5 07:15:18 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Dec 2018 15:15:18 +0100 (CET) Subject: SUSE-SU-2018:3582-2: important: Security update for apache2 Message-ID: <20181205141518.1631EFCB4@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3582-2 Rating: important References: #1109961 Cross-References: CVE-2018-11763 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2541=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2541=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-devel-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.27.2 apache2-debuginfo-2.4.23-29.27.2 apache2-debugsource-2.4.23-29.27.2 apache2-example-pages-2.4.23-29.27.2 apache2-prefork-2.4.23-29.27.2 apache2-prefork-debuginfo-2.4.23-29.27.2 apache2-utils-2.4.23-29.27.2 apache2-utils-debuginfo-2.4.23-29.27.2 apache2-worker-2.4.23-29.27.2 apache2-worker-debuginfo-2.4.23-29.27.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): apache2-doc-2.4.23-29.27.2 References: https://www.suse.com/security/cve/CVE-2018-11763.html https://bugzilla.suse.com/1109961 From sle-security-updates at lists.suse.com Wed Dec 5 07:19:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Dec 2018 15:19:38 +0100 (CET) Subject: SUSE-SU-2018:3591-2: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss Message-ID: <20181205141938.BD0C0FCB4@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3591-2 Rating: important References: #1012260 #1021577 #1026191 #1041469 #1041894 #1049703 #1061204 #1064786 #1065464 #1066489 #1073210 #1078436 #1091551 #1092697 #1094767 #1096515 #1107343 #1108771 #1108986 #1109363 #1109465 #1110506 #1110507 #703591 #839074 #857131 #893359 Cross-References: CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12381 CVE-2018-12383 CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 17 fixes is now available. Description: This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing top visited, recently visited and recommended pages - Support for configuration policies in enterprise deployments via JSON files - Support for Web Authentication, allowing the use of USB tokens for authentication to web sites The following changes affect compatibility: - Now exclusively supports extensions built using the WebExtension API. - Unsupported legacy extensions will no longer work in Firefox 60 ESR - TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The "security.pki.distrust_ca_policy" preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: - new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: - CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343). - CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343). - CVE-2018-12376: Various memory safety bugs (bsc#1107343). - CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343). - CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343). - CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343). - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process (bsc#1110507) - CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) This update for mozilla-nspr to version 4.19 fixes the follwing issues - Added TCP Fast Open functionality - A socket without PR_NSPR_IO_LAYER will no longer trigger an assertion when polling This update for mozilla-nss to version 3.36.4 fixes the follwing issues - Connecting to a server that was recently upgraded to TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Replaces existing vectorized ChaCha20 code with verified HACL* implementation. - TLS 1.3 support has been updated to draft -23. - Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. - The following CA certificates were Removed: OU = Security Communication EV RootCA1 CN = CA Disig Root R1 CN = DST ACES CA X6 Certum CA, O=Unizeto Sp. z o.o. StartCom Certification Authority StartCom Certification Authority G2 T??B??TAK UEKAE K??k Sertifika Hizmet Sa??lay??c??s?? - S??r??m 3 ACEDICOM Root Certinomis - Autorit?? Racine T??RKTRUST Elektronik Sertifika Hizmet Sa??lay??c??s?? PSCProcert CA ???????????????, O=WoSign CA Limited Certification Authority of WoSign Certification Authority of WoSign G2 CA WoSign ECC Root Subject CN = VeriSign Class 3 Secure Server CA - G2 O = Japanese Government, OU = ApplicationCA CN = WellsSecure Public Root Certificate Authority CN = T??RKTRUST Elektronik Sertifika Hizmet Sa??lay??c??s?? H6 CN = Microsec e-Szigno Root * The following CA certificates were Removed: AddTrust Public CA Root AddTrust Qualified CA Root China Internet Network Information Center EV Certificates Root CNNIC ROOT ComSign Secured CA GeoTrust Global CA 2 Secure Certificate Services Swisscom Root CA 1 Swisscom Root EV CA 2 Trusted Certificate Services UTN-USERFirst-Hardware UTN-USERFirst-Object * The following CA certificates were Added CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 GDCA TrustAUTH R5 ROOT SSL.com Root Certification Authority RSA SSL.com Root Certification Authority ECC SSL.com EV Root Certification Authority RSA R2 SSL.com EV Root Certification Authority ECC TrustCor RootCert CA-1 TrustCor RootCert CA-2 TrustCor ECA-1 * The Websites (TLS/SSL) trust bit was turned off for the following CA certificates: CN = Chambers of Commerce Root CN = Global Chambersign Root * TLS servers are able to handle a ClientHello statelessly, if the client supports TLS 1.3. If the server sends a HelloRetryRequest, it is possible to discard the server socket, and make a new socket to handle any subsequent ClientHello. This better enables stateless server operation. (This feature is added in support of QUIC, but it also has utility for DTLS 1.3 servers.) Due to the update of mozilla-nss apache2-mod_nss needs to be updated to change to the SQLite certificate database, which is now the default (bsc#1108771) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2549=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2549=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2549=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-devel-60.2.2esr-109.46.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nspr-devel-4.19-19.3.1 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-devel-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 apache2-mod_nss-1.0.14-19.6.3 apache2-mod_nss-debuginfo-1.0.14-19.6.3 apache2-mod_nss-debugsource-1.0.14-19.6.3 libfreebl3-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-hmac-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-hmac-3.36.4-58.15.3 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libfreebl3-hmac-32bit-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-hmac-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.2.2esr-109.46.1 MozillaFirefox-branding-SLE-60-32.3.1 MozillaFirefox-debuginfo-60.2.2esr-109.46.1 MozillaFirefox-debugsource-60.2.2esr-109.46.1 MozillaFirefox-translations-common-60.2.2esr-109.46.1 libfreebl3-3.36.4-58.15.3 libfreebl3-32bit-3.36.4-58.15.3 libfreebl3-debuginfo-3.36.4-58.15.3 libfreebl3-debuginfo-32bit-3.36.4-58.15.3 libsoftokn3-3.36.4-58.15.3 libsoftokn3-32bit-3.36.4-58.15.3 libsoftokn3-debuginfo-3.36.4-58.15.3 libsoftokn3-debuginfo-32bit-3.36.4-58.15.3 mozilla-nspr-32bit-4.19-19.3.1 mozilla-nspr-4.19-19.3.1 mozilla-nspr-debuginfo-32bit-4.19-19.3.1 mozilla-nspr-debuginfo-4.19-19.3.1 mozilla-nspr-debugsource-4.19-19.3.1 mozilla-nss-3.36.4-58.15.3 mozilla-nss-32bit-3.36.4-58.15.3 mozilla-nss-certs-3.36.4-58.15.3 mozilla-nss-certs-32bit-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-3.36.4-58.15.3 mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debuginfo-3.36.4-58.15.3 mozilla-nss-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-debugsource-3.36.4-58.15.3 mozilla-nss-sysinit-3.36.4-58.15.3 mozilla-nss-sysinit-32bit-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3 mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3 mozilla-nss-tools-3.36.4-58.15.3 mozilla-nss-tools-debuginfo-3.36.4-58.15.3 References: https://www.suse.com/security/cve/CVE-2017-16541.html https://www.suse.com/security/cve/CVE-2018-12376.html https://www.suse.com/security/cve/CVE-2018-12377.html https://www.suse.com/security/cve/CVE-2018-12378.html https://www.suse.com/security/cve/CVE-2018-12379.html https://www.suse.com/security/cve/CVE-2018-12381.html https://www.suse.com/security/cve/CVE-2018-12383.html https://www.suse.com/security/cve/CVE-2018-12385.html https://www.suse.com/security/cve/CVE-2018-12386.html https://www.suse.com/security/cve/CVE-2018-12387.html https://bugzilla.suse.com/1012260 https://bugzilla.suse.com/1021577 https://bugzilla.suse.com/1026191 https://bugzilla.suse.com/1041469 https://bugzilla.suse.com/1041894 https://bugzilla.suse.com/1049703 https://bugzilla.suse.com/1061204 https://bugzilla.suse.com/1064786 https://bugzilla.suse.com/1065464 https://bugzilla.suse.com/1066489 https://bugzilla.suse.com/1073210 https://bugzilla.suse.com/1078436 https://bugzilla.suse.com/1091551 https://bugzilla.suse.com/1092697 https://bugzilla.suse.com/1094767 https://bugzilla.suse.com/1096515 https://bugzilla.suse.com/1107343 https://bugzilla.suse.com/1108771 https://bugzilla.suse.com/1108986 https://bugzilla.suse.com/1109363 https://bugzilla.suse.com/1109465 https://bugzilla.suse.com/1110506 https://bugzilla.suse.com/1110507 https://bugzilla.suse.com/703591 https://bugzilla.suse.com/839074 https://bugzilla.suse.com/857131 https://bugzilla.suse.com/893359 From sle-security-updates at lists.suse.com Wed Dec 5 10:09:53 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Dec 2018 18:09:53 +0100 (CET) Subject: SUSE-SU-2018:3590-2: important: Security update for wireshark Message-ID: <20181205170953.831CFFCB4@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3590-2 Rating: important References: #1111647 Cross-References: CVE-2018-12086 CVE-2018-18227 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2548=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2548=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2548=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-devel-2.4.10-48.32.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 References: https://www.suse.com/security/cve/CVE-2018-12086.html https://www.suse.com/security/cve/CVE-2018-18227.html https://bugzilla.suse.com/1111647 From sle-security-updates at lists.suse.com Wed Dec 5 10:10:39 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Dec 2018 18:10:39 +0100 (CET) Subject: SUSE-SU-2018:3986-1: moderate: Recommended update for php53 Message-ID: <20181205171039.6D759FCB4@maintenance.suse.de> SUSE Security Update: Recommended update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3986-1 Rating: moderate References: #1117107 Cross-References: CVE-2018-19518 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php53 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imap_open script injection flaw (bsc#1117107). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-13893=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-13893=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-13893=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-112.45.1 php53-imap-5.3.17-112.45.1 php53-posix-5.3.17-112.45.1 php53-readline-5.3.17-112.45.1 php53-sockets-5.3.17-112.45.1 php53-sqlite-5.3.17-112.45.1 php53-tidy-5.3.17-112.45.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.45.1 php53-5.3.17-112.45.1 php53-bcmath-5.3.17-112.45.1 php53-bz2-5.3.17-112.45.1 php53-calendar-5.3.17-112.45.1 php53-ctype-5.3.17-112.45.1 php53-curl-5.3.17-112.45.1 php53-dba-5.3.17-112.45.1 php53-dom-5.3.17-112.45.1 php53-exif-5.3.17-112.45.1 php53-fastcgi-5.3.17-112.45.1 php53-fileinfo-5.3.17-112.45.1 php53-ftp-5.3.17-112.45.1 php53-gd-5.3.17-112.45.1 php53-gettext-5.3.17-112.45.1 php53-gmp-5.3.17-112.45.1 php53-iconv-5.3.17-112.45.1 php53-intl-5.3.17-112.45.1 php53-json-5.3.17-112.45.1 php53-ldap-5.3.17-112.45.1 php53-mbstring-5.3.17-112.45.1 php53-mcrypt-5.3.17-112.45.1 php53-mysql-5.3.17-112.45.1 php53-odbc-5.3.17-112.45.1 php53-openssl-5.3.17-112.45.1 php53-pcntl-5.3.17-112.45.1 php53-pdo-5.3.17-112.45.1 php53-pear-5.3.17-112.45.1 php53-pgsql-5.3.17-112.45.1 php53-pspell-5.3.17-112.45.1 php53-shmop-5.3.17-112.45.1 php53-snmp-5.3.17-112.45.1 php53-soap-5.3.17-112.45.1 php53-suhosin-5.3.17-112.45.1 php53-sysvmsg-5.3.17-112.45.1 php53-sysvsem-5.3.17-112.45.1 php53-sysvshm-5.3.17-112.45.1 php53-tokenizer-5.3.17-112.45.1 php53-wddx-5.3.17-112.45.1 php53-xmlreader-5.3.17-112.45.1 php53-xmlrpc-5.3.17-112.45.1 php53-xmlwriter-5.3.17-112.45.1 php53-xsl-5.3.17-112.45.1 php53-zip-5.3.17-112.45.1 php53-zlib-5.3.17-112.45.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.45.1 php53-debugsource-5.3.17-112.45.1 References: https://www.suse.com/security/cve/CVE-2018-19518.html https://bugzilla.suse.com/1117107 From sle-security-updates at lists.suse.com Wed Dec 5 10:11:25 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Dec 2018 18:11:25 +0100 (CET) Subject: SUSE-SU-2018:3987-1: moderate: Security update for kvm Message-ID: <20181205171125.1005DFCB4@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3987-1 Rating: moderate References: #1106222 #1110910 #1111006 #1111010 #1111013 #1112185 #1114422 Cross-References: CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for kvm fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). - CVE-2018-18438: Fixed integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value (bnc#1112185). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kvm-13894=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kvm-13894=1 Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kvm-1.4.2-53.26.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kvm-1.4.2-53.26.2 References: https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-15746.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18438.html https://www.suse.com/security/cve/CVE-2018-18849.html https://bugzilla.suse.com/1106222 https://bugzilla.suse.com/1110910 https://bugzilla.suse.com/1111006 https://bugzilla.suse.com/1111010 https://bugzilla.suse.com/1111013 https://bugzilla.suse.com/1112185 https://bugzilla.suse.com/1114422 From sle-security-updates at lists.suse.com Wed Dec 5 10:13:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Dec 2018 18:13:06 +0100 (CET) Subject: SUSE-SU-2018:3988-1: moderate: Recommended update for php7 Message-ID: <20181205171306.784DDFCB4@maintenance.suse.de> SUSE Security Update: Recommended update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3988-1 Rating: moderate References: #1117107 Cross-References: CVE-2018-19518 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imap_open script injection flaw (bsc#1117107). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2849=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2849=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-2849=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.56.2 php7-debugsource-7.0.7-50.56.2 php7-devel-7.0.7-50.56.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.56.2 php7-debugsource-7.0.7-50.56.2 php7-devel-7.0.7-50.56.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.56.2 apache2-mod_php7-debuginfo-7.0.7-50.56.2 php7-7.0.7-50.56.2 php7-bcmath-7.0.7-50.56.2 php7-bcmath-debuginfo-7.0.7-50.56.2 php7-bz2-7.0.7-50.56.2 php7-bz2-debuginfo-7.0.7-50.56.2 php7-calendar-7.0.7-50.56.2 php7-calendar-debuginfo-7.0.7-50.56.2 php7-ctype-7.0.7-50.56.2 php7-ctype-debuginfo-7.0.7-50.56.2 php7-curl-7.0.7-50.56.2 php7-curl-debuginfo-7.0.7-50.56.2 php7-dba-7.0.7-50.56.2 php7-dba-debuginfo-7.0.7-50.56.2 php7-debuginfo-7.0.7-50.56.2 php7-debugsource-7.0.7-50.56.2 php7-dom-7.0.7-50.56.2 php7-dom-debuginfo-7.0.7-50.56.2 php7-enchant-7.0.7-50.56.2 php7-enchant-debuginfo-7.0.7-50.56.2 php7-exif-7.0.7-50.56.2 php7-exif-debuginfo-7.0.7-50.56.2 php7-fastcgi-7.0.7-50.56.2 php7-fastcgi-debuginfo-7.0.7-50.56.2 php7-fileinfo-7.0.7-50.56.2 php7-fileinfo-debuginfo-7.0.7-50.56.2 php7-fpm-7.0.7-50.56.2 php7-fpm-debuginfo-7.0.7-50.56.2 php7-ftp-7.0.7-50.56.2 php7-ftp-debuginfo-7.0.7-50.56.2 php7-gd-7.0.7-50.56.2 php7-gd-debuginfo-7.0.7-50.56.2 php7-gettext-7.0.7-50.56.2 php7-gettext-debuginfo-7.0.7-50.56.2 php7-gmp-7.0.7-50.56.2 php7-gmp-debuginfo-7.0.7-50.56.2 php7-iconv-7.0.7-50.56.2 php7-iconv-debuginfo-7.0.7-50.56.2 php7-imap-7.0.7-50.56.2 php7-imap-debuginfo-7.0.7-50.56.2 php7-intl-7.0.7-50.56.2 php7-intl-debuginfo-7.0.7-50.56.2 php7-json-7.0.7-50.56.2 php7-json-debuginfo-7.0.7-50.56.2 php7-ldap-7.0.7-50.56.2 php7-ldap-debuginfo-7.0.7-50.56.2 php7-mbstring-7.0.7-50.56.2 php7-mbstring-debuginfo-7.0.7-50.56.2 php7-mcrypt-7.0.7-50.56.2 php7-mcrypt-debuginfo-7.0.7-50.56.2 php7-mysql-7.0.7-50.56.2 php7-mysql-debuginfo-7.0.7-50.56.2 php7-odbc-7.0.7-50.56.2 php7-odbc-debuginfo-7.0.7-50.56.2 php7-opcache-7.0.7-50.56.2 php7-opcache-debuginfo-7.0.7-50.56.2 php7-openssl-7.0.7-50.56.2 php7-openssl-debuginfo-7.0.7-50.56.2 php7-pcntl-7.0.7-50.56.2 php7-pcntl-debuginfo-7.0.7-50.56.2 php7-pdo-7.0.7-50.56.2 php7-pdo-debuginfo-7.0.7-50.56.2 php7-pgsql-7.0.7-50.56.2 php7-pgsql-debuginfo-7.0.7-50.56.2 php7-phar-7.0.7-50.56.2 php7-phar-debuginfo-7.0.7-50.56.2 php7-posix-7.0.7-50.56.2 php7-posix-debuginfo-7.0.7-50.56.2 php7-pspell-7.0.7-50.56.2 php7-pspell-debuginfo-7.0.7-50.56.2 php7-shmop-7.0.7-50.56.2 php7-shmop-debuginfo-7.0.7-50.56.2 php7-snmp-7.0.7-50.56.2 php7-snmp-debuginfo-7.0.7-50.56.2 php7-soap-7.0.7-50.56.2 php7-soap-debuginfo-7.0.7-50.56.2 php7-sockets-7.0.7-50.56.2 php7-sockets-debuginfo-7.0.7-50.56.2 php7-sqlite-7.0.7-50.56.2 php7-sqlite-debuginfo-7.0.7-50.56.2 php7-sysvmsg-7.0.7-50.56.2 php7-sysvmsg-debuginfo-7.0.7-50.56.2 php7-sysvsem-7.0.7-50.56.2 php7-sysvsem-debuginfo-7.0.7-50.56.2 php7-sysvshm-7.0.7-50.56.2 php7-sysvshm-debuginfo-7.0.7-50.56.2 php7-tokenizer-7.0.7-50.56.2 php7-tokenizer-debuginfo-7.0.7-50.56.2 php7-wddx-7.0.7-50.56.2 php7-wddx-debuginfo-7.0.7-50.56.2 php7-xmlreader-7.0.7-50.56.2 php7-xmlreader-debuginfo-7.0.7-50.56.2 php7-xmlrpc-7.0.7-50.56.2 php7-xmlrpc-debuginfo-7.0.7-50.56.2 php7-xmlwriter-7.0.7-50.56.2 php7-xmlwriter-debuginfo-7.0.7-50.56.2 php7-xsl-7.0.7-50.56.2 php7-xsl-debuginfo-7.0.7-50.56.2 php7-zip-7.0.7-50.56.2 php7-zip-debuginfo-7.0.7-50.56.2 php7-zlib-7.0.7-50.56.2 php7-zlib-debuginfo-7.0.7-50.56.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.56.2 php7-pear-Archive_Tar-7.0.7-50.56.2 References: https://www.suse.com/security/cve/CVE-2018-19518.html https://bugzilla.suse.com/1117107 From sle-security-updates at lists.suse.com Wed Dec 5 10:13:46 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Dec 2018 18:13:46 +0100 (CET) Subject: SUSE-SU-2018:3989-1: moderate: Security update for openssl-1_0_0 Message-ID: <20181205171346.5A248FCB4@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3989-1 Rating: moderate References: #1100078 #1112209 #1113534 #1113652 #1113742 Cross-References: CVE-2018-0734 CVE-2018-5407 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2846=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2846=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2846=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.3.1 openssl-1_0_0-debuginfo-1.0.2p-3.3.1 openssl-1_0_0-debugsource-1.0.2p-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.3.1 libopenssl1_0_0-1.0.2p-3.3.1 libopenssl1_0_0-debuginfo-1.0.2p-3.3.1 libopenssl1_0_0-hmac-1.0.2p-3.3.1 openssl-1_0_0-1.0.2p-3.3.1 openssl-1_0_0-debuginfo-1.0.2p-3.3.1 openssl-1_0_0-debugsource-1.0.2p-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.3.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.3.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): openssl-1_0_0-doc-1.0.2p-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.3.1 libopenssl1_0_0-1.0.2p-3.3.1 libopenssl1_0_0-32bit-1.0.2p-3.3.1 libopenssl1_0_0-debuginfo-1.0.2p-3.3.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.3.1 openssl-1_0_0-1.0.2p-3.3.1 openssl-1_0_0-debuginfo-1.0.2p-3.3.1 openssl-1_0_0-debugsource-1.0.2p-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-0734.html https://www.suse.com/security/cve/CVE-2018-5407.html https://bugzilla.suse.com/1100078 https://bugzilla.suse.com/1112209 https://bugzilla.suse.com/1113534 https://bugzilla.suse.com/1113652 https://bugzilla.suse.com/1113742 From sle-security-updates at lists.suse.com Thu Dec 6 07:08:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Dec 2018 15:08:58 +0100 (CET) Subject: SUSE-SU-2018:3994-1: moderate: Security update for compat-openssl097g Message-ID: <20181206140858.987A5FCB4@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3994-1 Rating: moderate References: #1110018 #1113742 Cross-References: CVE-2016-8610 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for compat-openssl097g fixes the following issues: Security issue fixed: - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). Non-security issue fixed: - Fixed timing vulnerability in DSA signature generation (bsc#1113742). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-compat-openssl097g-13896=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-compat-openssl097g-13896=1 Package List: - SUSE Linux Enterprise Server for SAP 11-SP4 (ppc64 x86_64): compat-openssl097g-0.9.7g-146.22.51.8.1 compat-openssl097g-32bit-0.9.7g-146.22.51.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): compat-openssl097g-debuginfo-0.9.7g-146.22.51.8.1 compat-openssl097g-debugsource-0.9.7g-146.22.51.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): compat-openssl097g-debuginfo-32bit-0.9.7g-146.22.51.8.1 References: https://www.suse.com/security/cve/CVE-2016-8610.html https://bugzilla.suse.com/1110018 https://bugzilla.suse.com/1113742 From sle-security-updates at lists.suse.com Thu Dec 6 07:09:52 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Dec 2018 15:09:52 +0100 (CET) Subject: SUSE-SU-2018:3995-1: moderate: Recommended update for php5 Message-ID: <20181206140952.B1CACFCB4@maintenance.suse.de> SUSE Security Update: Recommended update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3995-1 Rating: moderate References: #1117107 Cross-References: CVE-2018-19518 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php5 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imap_open script injection flaw (bsc#1117107). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2859=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2859=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-2859=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.45.2 php5-debugsource-5.5.14-109.45.2 php5-devel-5.5.14-109.45.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.45.2 php5-debugsource-5.5.14-109.45.2 php5-devel-5.5.14-109.45.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.45.2 apache2-mod_php5-debuginfo-5.5.14-109.45.2 php5-5.5.14-109.45.2 php5-bcmath-5.5.14-109.45.2 php5-bcmath-debuginfo-5.5.14-109.45.2 php5-bz2-5.5.14-109.45.2 php5-bz2-debuginfo-5.5.14-109.45.2 php5-calendar-5.5.14-109.45.2 php5-calendar-debuginfo-5.5.14-109.45.2 php5-ctype-5.5.14-109.45.2 php5-ctype-debuginfo-5.5.14-109.45.2 php5-curl-5.5.14-109.45.2 php5-curl-debuginfo-5.5.14-109.45.2 php5-dba-5.5.14-109.45.2 php5-dba-debuginfo-5.5.14-109.45.2 php5-debuginfo-5.5.14-109.45.2 php5-debugsource-5.5.14-109.45.2 php5-dom-5.5.14-109.45.2 php5-dom-debuginfo-5.5.14-109.45.2 php5-enchant-5.5.14-109.45.2 php5-enchant-debuginfo-5.5.14-109.45.2 php5-exif-5.5.14-109.45.2 php5-exif-debuginfo-5.5.14-109.45.2 php5-fastcgi-5.5.14-109.45.2 php5-fastcgi-debuginfo-5.5.14-109.45.2 php5-fileinfo-5.5.14-109.45.2 php5-fileinfo-debuginfo-5.5.14-109.45.2 php5-fpm-5.5.14-109.45.2 php5-fpm-debuginfo-5.5.14-109.45.2 php5-ftp-5.5.14-109.45.2 php5-ftp-debuginfo-5.5.14-109.45.2 php5-gd-5.5.14-109.45.2 php5-gd-debuginfo-5.5.14-109.45.2 php5-gettext-5.5.14-109.45.2 php5-gettext-debuginfo-5.5.14-109.45.2 php5-gmp-5.5.14-109.45.2 php5-gmp-debuginfo-5.5.14-109.45.2 php5-iconv-5.5.14-109.45.2 php5-iconv-debuginfo-5.5.14-109.45.2 php5-imap-5.5.14-109.45.2 php5-imap-debuginfo-5.5.14-109.45.2 php5-intl-5.5.14-109.45.2 php5-intl-debuginfo-5.5.14-109.45.2 php5-json-5.5.14-109.45.2 php5-json-debuginfo-5.5.14-109.45.2 php5-ldap-5.5.14-109.45.2 php5-ldap-debuginfo-5.5.14-109.45.2 php5-mbstring-5.5.14-109.45.2 php5-mbstring-debuginfo-5.5.14-109.45.2 php5-mcrypt-5.5.14-109.45.2 php5-mcrypt-debuginfo-5.5.14-109.45.2 php5-mysql-5.5.14-109.45.2 php5-mysql-debuginfo-5.5.14-109.45.2 php5-odbc-5.5.14-109.45.2 php5-odbc-debuginfo-5.5.14-109.45.2 php5-opcache-5.5.14-109.45.2 php5-opcache-debuginfo-5.5.14-109.45.2 php5-openssl-5.5.14-109.45.2 php5-openssl-debuginfo-5.5.14-109.45.2 php5-pcntl-5.5.14-109.45.2 php5-pcntl-debuginfo-5.5.14-109.45.2 php5-pdo-5.5.14-109.45.2 php5-pdo-debuginfo-5.5.14-109.45.2 php5-pgsql-5.5.14-109.45.2 php5-pgsql-debuginfo-5.5.14-109.45.2 php5-phar-5.5.14-109.45.2 php5-phar-debuginfo-5.5.14-109.45.2 php5-posix-5.5.14-109.45.2 php5-posix-debuginfo-5.5.14-109.45.2 php5-pspell-5.5.14-109.45.2 php5-pspell-debuginfo-5.5.14-109.45.2 php5-shmop-5.5.14-109.45.2 php5-shmop-debuginfo-5.5.14-109.45.2 php5-snmp-5.5.14-109.45.2 php5-snmp-debuginfo-5.5.14-109.45.2 php5-soap-5.5.14-109.45.2 php5-soap-debuginfo-5.5.14-109.45.2 php5-sockets-5.5.14-109.45.2 php5-sockets-debuginfo-5.5.14-109.45.2 php5-sqlite-5.5.14-109.45.2 php5-sqlite-debuginfo-5.5.14-109.45.2 php5-suhosin-5.5.14-109.45.2 php5-suhosin-debuginfo-5.5.14-109.45.2 php5-sysvmsg-5.5.14-109.45.2 php5-sysvmsg-debuginfo-5.5.14-109.45.2 php5-sysvsem-5.5.14-109.45.2 php5-sysvsem-debuginfo-5.5.14-109.45.2 php5-sysvshm-5.5.14-109.45.2 php5-sysvshm-debuginfo-5.5.14-109.45.2 php5-tokenizer-5.5.14-109.45.2 php5-tokenizer-debuginfo-5.5.14-109.45.2 php5-wddx-5.5.14-109.45.2 php5-wddx-debuginfo-5.5.14-109.45.2 php5-xmlreader-5.5.14-109.45.2 php5-xmlreader-debuginfo-5.5.14-109.45.2 php5-xmlrpc-5.5.14-109.45.2 php5-xmlrpc-debuginfo-5.5.14-109.45.2 php5-xmlwriter-5.5.14-109.45.2 php5-xmlwriter-debuginfo-5.5.14-109.45.2 php5-xsl-5.5.14-109.45.2 php5-xsl-debuginfo-5.5.14-109.45.2 php5-zip-5.5.14-109.45.2 php5-zip-debuginfo-5.5.14-109.45.2 php5-zlib-5.5.14-109.45.2 php5-zlib-debuginfo-5.5.14-109.45.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.45.2 References: https://www.suse.com/security/cve/CVE-2018-19518.html https://bugzilla.suse.com/1117107 From sle-security-updates at lists.suse.com Thu Dec 6 07:10:30 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Dec 2018 15:10:30 +0100 (CET) Subject: SUSE-SU-2018:3996-1: Security update for rubygem-activejob-5_1 Message-ID: <20181206141031.004EBFCB4@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activejob-5_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3996-1 Rating: low References: #1117632 Cross-References: CVE-2018-16476 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activejob-5_1 fixes the following issues: Security issue fixed: - CVE-2018-16476: Fixed broken access control vulnerability (bsc#1117632). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2857=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2857=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activejob-doc-5_1-5.1.4-3.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activejob-5_1-5.1.4-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-16476.html https://bugzilla.suse.com/1117632 From sle-security-updates at lists.suse.com Fri Dec 7 04:11:08 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Dec 2018 12:11:08 +0100 (CET) Subject: SUSE-SU-2018:3640-2: moderate: Security update for libarchive Message-ID: <20181207111108.30DC6FD43@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3640-2 Rating: moderate References: #1032089 #1037008 #1037009 #1057514 #1059100 #1059134 #1059139 Cross-References: CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for libarchive fixes the following issues: - CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089) - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008) - CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009) - CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514) - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2594=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2594=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2594=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.1.2-26.3.1 libarchive-devel-3.1.2-26.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.1.2-26.3.1 libarchive13-3.1.2-26.3.1 libarchive13-debuginfo-3.1.2-26.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libarchive-debugsource-3.1.2-26.3.1 libarchive13-3.1.2-26.3.1 libarchive13-debuginfo-3.1.2-26.3.1 References: https://www.suse.com/security/cve/CVE-2016-10209.html https://www.suse.com/security/cve/CVE-2016-10349.html https://www.suse.com/security/cve/CVE-2016-10350.html https://www.suse.com/security/cve/CVE-2017-14166.html https://www.suse.com/security/cve/CVE-2017-14501.html https://www.suse.com/security/cve/CVE-2017-14502.html https://www.suse.com/security/cve/CVE-2017-14503.html https://bugzilla.suse.com/1032089 https://bugzilla.suse.com/1037008 https://bugzilla.suse.com/1037009 https://bugzilla.suse.com/1057514 https://bugzilla.suse.com/1059100 https://bugzilla.suse.com/1059134 https://bugzilla.suse.com/1059139 From sle-security-updates at lists.suse.com Fri Dec 7 04:14:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Dec 2018 12:14:19 +0100 (CET) Subject: SUSE-SU-2018:3771-2: important: Security update for squid Message-ID: <20181207111419.75531FD43@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3771-2 Rating: important References: #1082318 #1112066 #1112695 #1113668 #1113669 Cross-References: CVE-2018-19131 CVE-2018-19132 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for squid fixes the following issues: Security issues fixed: - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668). - CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669). Non-security issues fixed: - Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066). - Install license correctly (bsc#1082318). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2663=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.12.1 squid-debuginfo-3.5.21-26.12.1 squid-debugsource-3.5.21-26.12.1 References: https://www.suse.com/security/cve/CVE-2018-19131.html https://www.suse.com/security/cve/CVE-2018-19132.html https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1112066 https://bugzilla.suse.com/1112695 https://bugzilla.suse.com/1113668 https://bugzilla.suse.com/1113669 From sle-security-updates at lists.suse.com Fri Dec 7 04:15:50 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Dec 2018 12:15:50 +0100 (CET) Subject: SUSE-SU-2018:4000-1: important: Security update for ncurses Message-ID: <20181207111550.8FD4EFD43@maintenance.suse.de> SUSE Security Update: Security update for ncurses ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4000-1 Rating: important References: #1103320 #1115929 Cross-References: CVE-2018-19211 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2861=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2861=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2861=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): libncurses5-6.1-5.3.1 libncurses5-debuginfo-6.1-5.3.1 ncurses-debugsource-6.1-5.3.1 ncurses5-devel-6.1-5.3.1 - SUSE Linux Enterprise Module for Legacy Software 15 (x86_64): libncurses5-32bit-6.1-5.3.1 libncurses5-32bit-debuginfo-6.1-5.3.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): ncurses-debugsource-6.1-5.3.1 ncurses-devel-32bit-6.1-5.3.1 ncurses-devel-32bit-debuginfo-6.1-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libncurses6-6.1-5.3.1 libncurses6-debuginfo-6.1-5.3.1 ncurses-debugsource-6.1-5.3.1 ncurses-devel-6.1-5.3.1 ncurses-devel-debuginfo-6.1-5.3.1 ncurses-utils-6.1-5.3.1 ncurses-utils-debuginfo-6.1-5.3.1 tack-6.1-5.3.1 tack-debuginfo-6.1-5.3.1 terminfo-6.1-5.3.1 terminfo-base-6.1-5.3.1 terminfo-iterm-6.1-5.3.1 terminfo-screen-6.1-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libncurses6-32bit-6.1-5.3.1 libncurses6-32bit-debuginfo-6.1-5.3.1 References: https://www.suse.com/security/cve/CVE-2018-19211.html https://bugzilla.suse.com/1103320 https://bugzilla.suse.com/1115929 From sle-security-updates at lists.suse.com Fri Dec 7 04:16:51 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Dec 2018 12:16:51 +0100 (CET) Subject: SUSE-SU-2018:4001-1: moderate: Security update for openssl-1_0_0 Message-ID: <20181207111651.13AFAFD43@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4001-1 Rating: moderate References: #1100078 #1112209 #1113534 #1113652 #1113742 Cross-References: CVE-2018-0734 CVE-2018-5407 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Added elliptic curve scalar multiplication timing attack defenses that fixes "PortSmash" (bsc#1113534). Non-security issues fixed: - Added missing timing side channel patch for DSA signature generation (bsc#1113742). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2862=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2862=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libopenssl1_0_0-hmac-1.0.2p-3.11.1 libopenssl1_0_0-steam-1.0.2p-3.11.1 libopenssl1_0_0-steam-debuginfo-1.0.2p-3.11.1 openssl-1_0_0-cavs-1.0.2p-3.11.1 openssl-1_0_0-cavs-debuginfo-1.0.2p-3.11.1 openssl-1_0_0-debuginfo-1.0.2p-3.11.1 openssl-1_0_0-debugsource-1.0.2p-3.11.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): openssl-1_0_0-doc-1.0.2p-3.11.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.11.1 libopenssl1_0_0-1.0.2p-3.11.1 libopenssl1_0_0-debuginfo-1.0.2p-3.11.1 openssl-1_0_0-1.0.2p-3.11.1 openssl-1_0_0-debuginfo-1.0.2p-3.11.1 openssl-1_0_0-debugsource-1.0.2p-3.11.1 References: https://www.suse.com/security/cve/CVE-2018-0734.html https://www.suse.com/security/cve/CVE-2018-5407.html https://bugzilla.suse.com/1100078 https://bugzilla.suse.com/1112209 https://bugzilla.suse.com/1113534 https://bugzilla.suse.com/1113652 https://bugzilla.suse.com/1113742 From sle-security-updates at lists.suse.com Fri Dec 7 04:21:43 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Dec 2018 12:21:43 +0100 (CET) Subject: SUSE-SU-2018:3911-2: moderate: Security update for tiff Message-ID: <20181207112143.1E056FFE9@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3911-2 Rating: moderate References: #1099257 #1113094 #1113672 Cross-References: CVE-2018-12900 CVE-2018-18557 CVE-2018-18661 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2782=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2782=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2782=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.27.1 tiff-debuginfo-4.0.9-44.27.1 tiff-debugsource-4.0.9-44.27.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.27.1 libtiff5-debuginfo-4.0.9-44.27.1 tiff-4.0.9-44.27.1 tiff-debuginfo-4.0.9-44.27.1 tiff-debugsource-4.0.9-44.27.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libtiff5-32bit-4.0.9-44.27.1 libtiff5-debuginfo-32bit-4.0.9-44.27.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libtiff5-32bit-4.0.9-44.27.1 libtiff5-4.0.9-44.27.1 libtiff5-debuginfo-32bit-4.0.9-44.27.1 libtiff5-debuginfo-4.0.9-44.27.1 tiff-debuginfo-4.0.9-44.27.1 tiff-debugsource-4.0.9-44.27.1 References: https://www.suse.com/security/cve/CVE-2018-12900.html https://www.suse.com/security/cve/CVE-2018-18557.html https://www.suse.com/security/cve/CVE-2018-18661.html https://bugzilla.suse.com/1099257 https://bugzilla.suse.com/1113094 https://bugzilla.suse.com/1113672 From sle-security-updates at lists.suse.com Fri Dec 7 04:22:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Dec 2018 12:22:38 +0100 (CET) Subject: SUSE-SU-2018:3749-2: important: Security update for MozillaFirefox Message-ID: <20181207112238.96040FFE9@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3749-2 Rating: important References: #1112852 Cross-References: CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852) - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting. - CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts. - CVE-2018-12397: WebExtension local file access vulnerability. - CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3. - CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2648=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2648=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2648=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.3.0-109.50.2 MozillaFirefox-debugsource-60.3.0-109.50.2 MozillaFirefox-devel-60.3.0-109.50.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.3.0-109.50.2 MozillaFirefox-debuginfo-60.3.0-109.50.2 MozillaFirefox-debugsource-60.3.0-109.50.2 MozillaFirefox-translations-common-60.3.0-109.50.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.3.0-109.50.2 MozillaFirefox-debuginfo-60.3.0-109.50.2 MozillaFirefox-debugsource-60.3.0-109.50.2 MozillaFirefox-translations-common-60.3.0-109.50.2 References: https://www.suse.com/security/cve/CVE-2018-12389.html https://www.suse.com/security/cve/CVE-2018-12390.html https://www.suse.com/security/cve/CVE-2018-12392.html https://www.suse.com/security/cve/CVE-2018-12393.html https://www.suse.com/security/cve/CVE-2018-12395.html https://www.suse.com/security/cve/CVE-2018-12396.html https://www.suse.com/security/cve/CVE-2018-12397.html https://bugzilla.suse.com/1112852 From sle-security-updates at lists.suse.com Fri Dec 7 04:27:41 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Dec 2018 12:27:41 +0100 (CET) Subject: SUSE-SU-2018:2485-2: moderate: Security update for libreoffice Message-ID: <20181207112741.AF129FFE9@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2485-2 Rating: moderate References: #1050305 #1088262 #1088263 #1091606 #1091772 #1092699 #1094359 #1095601 #1095639 #1096673 #1098891 Cross-References: CVE-2018-10583 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update for libreoffice to 6.0.5.2 fixes the following issues: Security issues fixed: - CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606) Non security issues fixed: - Bugfix: Table borders appear black in LibreOffice (while white in PowerPoint) (bsc#1088262) - Bugfix: LibreOffice extension 'Language Tool' fails after Tumbleweed update (bsc#1050305) - Bugfix: libreoffice-gnome can no longer be installed in parallel to libreoffice-gtk3 as there is a potential file conflict (bsc#1096673) - Bugfix: LibreOffice Writer: Text in boxes were not visible (bsc#1094359) - Use libreoffice-gtk3 if xfce is present (bsc#1092699) - Various other bug fixes - Exporting to PPTX results in vertical labels being shown horizontally (bsc#1095639) - Table in PPTX misplaced and partly blue (bsc#1098891) - Labels in chart change (from white and other colors) to black when saving as PPTX (bsc#1088263) - Exporting to PPTX shifts arrow shapes quite a bit bsc#1095601 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2018-1748=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-1748=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-1748=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libreoffice-6.0.5.2-43.38.5 libreoffice-base-6.0.5.2-43.38.5 libreoffice-base-debuginfo-6.0.5.2-43.38.5 libreoffice-base-drivers-mysql-6.0.5.2-43.38.5 libreoffice-base-drivers-mysql-debuginfo-6.0.5.2-43.38.5 libreoffice-base-drivers-postgresql-6.0.5.2-43.38.5 libreoffice-base-drivers-postgresql-debuginfo-6.0.5.2-43.38.5 libreoffice-calc-6.0.5.2-43.38.5 libreoffice-calc-debuginfo-6.0.5.2-43.38.5 libreoffice-calc-extensions-6.0.5.2-43.38.5 libreoffice-debuginfo-6.0.5.2-43.38.5 libreoffice-debugsource-6.0.5.2-43.38.5 libreoffice-draw-6.0.5.2-43.38.5 libreoffice-draw-debuginfo-6.0.5.2-43.38.5 libreoffice-filters-optional-6.0.5.2-43.38.5 libreoffice-gnome-6.0.5.2-43.38.5 libreoffice-gnome-debuginfo-6.0.5.2-43.38.5 libreoffice-gtk2-6.0.5.2-43.38.5 libreoffice-gtk2-debuginfo-6.0.5.2-43.38.5 libreoffice-impress-6.0.5.2-43.38.5 libreoffice-impress-debuginfo-6.0.5.2-43.38.5 libreoffice-mailmerge-6.0.5.2-43.38.5 libreoffice-math-6.0.5.2-43.38.5 libreoffice-math-debuginfo-6.0.5.2-43.38.5 libreoffice-officebean-6.0.5.2-43.38.5 libreoffice-officebean-debuginfo-6.0.5.2-43.38.5 libreoffice-pyuno-6.0.5.2-43.38.5 libreoffice-pyuno-debuginfo-6.0.5.2-43.38.5 libreoffice-writer-6.0.5.2-43.38.5 libreoffice-writer-debuginfo-6.0.5.2-43.38.5 libreoffice-writer-extensions-6.0.5.2-43.38.5 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libreoffice-branding-upstream-6.0.5.2-43.38.5 libreoffice-icon-themes-6.0.5.2-43.38.5 libreoffice-l10n-af-6.0.5.2-43.38.5 libreoffice-l10n-ar-6.0.5.2-43.38.5 libreoffice-l10n-bg-6.0.5.2-43.38.5 libreoffice-l10n-ca-6.0.5.2-43.38.5 libreoffice-l10n-cs-6.0.5.2-43.38.5 libreoffice-l10n-da-6.0.5.2-43.38.5 libreoffice-l10n-de-6.0.5.2-43.38.5 libreoffice-l10n-en-6.0.5.2-43.38.5 libreoffice-l10n-es-6.0.5.2-43.38.5 libreoffice-l10n-fi-6.0.5.2-43.38.5 libreoffice-l10n-fr-6.0.5.2-43.38.5 libreoffice-l10n-gu-6.0.5.2-43.38.5 libreoffice-l10n-hi-6.0.5.2-43.38.5 libreoffice-l10n-hr-6.0.5.2-43.38.5 libreoffice-l10n-hu-6.0.5.2-43.38.5 libreoffice-l10n-it-6.0.5.2-43.38.5 libreoffice-l10n-ja-6.0.5.2-43.38.5 libreoffice-l10n-ko-6.0.5.2-43.38.5 libreoffice-l10n-lt-6.0.5.2-43.38.5 libreoffice-l10n-nb-6.0.5.2-43.38.5 libreoffice-l10n-nl-6.0.5.2-43.38.5 libreoffice-l10n-nn-6.0.5.2-43.38.5 libreoffice-l10n-pl-6.0.5.2-43.38.5 libreoffice-l10n-pt_BR-6.0.5.2-43.38.5 libreoffice-l10n-pt_PT-6.0.5.2-43.38.5 libreoffice-l10n-ro-6.0.5.2-43.38.5 libreoffice-l10n-ru-6.0.5.2-43.38.5 libreoffice-l10n-sk-6.0.5.2-43.38.5 libreoffice-l10n-sv-6.0.5.2-43.38.5 libreoffice-l10n-uk-6.0.5.2-43.38.5 libreoffice-l10n-xh-6.0.5.2-43.38.5 libreoffice-l10n-zh_CN-6.0.5.2-43.38.5 libreoffice-l10n-zh_TW-6.0.5.2-43.38.5 libreoffice-l10n-zu-6.0.5.2-43.38.5 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 x86_64): libreoffice-debuginfo-6.0.5.2-43.38.5 libreoffice-debugsource-6.0.5.2-43.38.5 libreoffice-sdk-6.0.5.2-43.38.5 libreoffice-sdk-debuginfo-6.0.5.2-43.38.5 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): libreoffice-branding-upstream-6.0.5.2-43.38.5 libreoffice-icon-themes-6.0.5.2-43.38.5 libreoffice-l10n-af-6.0.5.2-43.38.5 libreoffice-l10n-ar-6.0.5.2-43.38.5 libreoffice-l10n-ca-6.0.5.2-43.38.5 libreoffice-l10n-cs-6.0.5.2-43.38.5 libreoffice-l10n-da-6.0.5.2-43.38.5 libreoffice-l10n-de-6.0.5.2-43.38.5 libreoffice-l10n-en-6.0.5.2-43.38.5 libreoffice-l10n-es-6.0.5.2-43.38.5 libreoffice-l10n-fi-6.0.5.2-43.38.5 libreoffice-l10n-fr-6.0.5.2-43.38.5 libreoffice-l10n-gu-6.0.5.2-43.38.5 libreoffice-l10n-hi-6.0.5.2-43.38.5 libreoffice-l10n-hu-6.0.5.2-43.38.5 libreoffice-l10n-it-6.0.5.2-43.38.5 libreoffice-l10n-ja-6.0.5.2-43.38.5 libreoffice-l10n-ko-6.0.5.2-43.38.5 libreoffice-l10n-nb-6.0.5.2-43.38.5 libreoffice-l10n-nl-6.0.5.2-43.38.5 libreoffice-l10n-nn-6.0.5.2-43.38.5 libreoffice-l10n-pl-6.0.5.2-43.38.5 libreoffice-l10n-pt_BR-6.0.5.2-43.38.5 libreoffice-l10n-pt_PT-6.0.5.2-43.38.5 libreoffice-l10n-ro-6.0.5.2-43.38.5 libreoffice-l10n-ru-6.0.5.2-43.38.5 libreoffice-l10n-sk-6.0.5.2-43.38.5 libreoffice-l10n-sv-6.0.5.2-43.38.5 libreoffice-l10n-xh-6.0.5.2-43.38.5 libreoffice-l10n-zh_CN-6.0.5.2-43.38.5 libreoffice-l10n-zh_TW-6.0.5.2-43.38.5 libreoffice-l10n-zu-6.0.5.2-43.38.5 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libreoffice-6.0.5.2-43.38.5 libreoffice-base-6.0.5.2-43.38.5 libreoffice-base-debuginfo-6.0.5.2-43.38.5 libreoffice-base-drivers-mysql-6.0.5.2-43.38.5 libreoffice-base-drivers-mysql-debuginfo-6.0.5.2-43.38.5 libreoffice-base-drivers-postgresql-6.0.5.2-43.38.5 libreoffice-base-drivers-postgresql-debuginfo-6.0.5.2-43.38.5 libreoffice-calc-6.0.5.2-43.38.5 libreoffice-calc-debuginfo-6.0.5.2-43.38.5 libreoffice-calc-extensions-6.0.5.2-43.38.5 libreoffice-debuginfo-6.0.5.2-43.38.5 libreoffice-debugsource-6.0.5.2-43.38.5 libreoffice-draw-6.0.5.2-43.38.5 libreoffice-draw-debuginfo-6.0.5.2-43.38.5 libreoffice-filters-optional-6.0.5.2-43.38.5 libreoffice-gnome-6.0.5.2-43.38.5 libreoffice-gnome-debuginfo-6.0.5.2-43.38.5 libreoffice-gtk2-6.0.5.2-43.38.5 libreoffice-gtk2-debuginfo-6.0.5.2-43.38.5 libreoffice-impress-6.0.5.2-43.38.5 libreoffice-impress-debuginfo-6.0.5.2-43.38.5 libreoffice-mailmerge-6.0.5.2-43.38.5 libreoffice-math-6.0.5.2-43.38.5 libreoffice-math-debuginfo-6.0.5.2-43.38.5 libreoffice-officebean-6.0.5.2-43.38.5 libreoffice-officebean-debuginfo-6.0.5.2-43.38.5 libreoffice-pyuno-6.0.5.2-43.38.5 libreoffice-pyuno-debuginfo-6.0.5.2-43.38.5 libreoffice-writer-6.0.5.2-43.38.5 libreoffice-writer-debuginfo-6.0.5.2-43.38.5 libreoffice-writer-extensions-6.0.5.2-43.38.5 References: https://www.suse.com/security/cve/CVE-2018-10583.html https://bugzilla.suse.com/1050305 https://bugzilla.suse.com/1088262 https://bugzilla.suse.com/1088263 https://bugzilla.suse.com/1091606 https://bugzilla.suse.com/1091772 https://bugzilla.suse.com/1092699 https://bugzilla.suse.com/1094359 https://bugzilla.suse.com/1095601 https://bugzilla.suse.com/1095639 https://bugzilla.suse.com/1096673 https://bugzilla.suse.com/1098891 From sle-security-updates at lists.suse.com Fri Dec 7 07:09:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Dec 2018 15:09:06 +0100 (CET) Subject: SUSE-SU-2018:4008-1: moderate: Security update for tiff Message-ID: <20181207140906.0563EFD43@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4008-1 Rating: moderate References: #1017693 #1054594 #1115717 #990460 Cross-References: CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-6223 CVE-2017-12944 CVE-2018-19210 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function (bsc#1115717). - CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function (bsc#1054594). - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). - CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2864=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2864=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2864=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2864=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-5.20.1 tiff-debuginfo-4.0.9-5.20.1 tiff-debugsource-4.0.9-5.20.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-5.20.1 tiff-debuginfo-4.0.9-5.20.1 tiff-debugsource-4.0.9-5.20.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): libtiff5-32bit-4.0.9-5.20.1 libtiff5-32bit-debuginfo-4.0.9-5.20.1 tiff-debugsource-4.0.9-5.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-5.20.1 libtiff5-4.0.9-5.20.1 libtiff5-debuginfo-4.0.9-5.20.1 tiff-debuginfo-4.0.9-5.20.1 tiff-debugsource-4.0.9-5.20.1 References: https://www.suse.com/security/cve/CVE-2016-10092.html https://www.suse.com/security/cve/CVE-2016-10093.html https://www.suse.com/security/cve/CVE-2016-10094.html https://www.suse.com/security/cve/CVE-2016-6223.html https://www.suse.com/security/cve/CVE-2017-12944.html https://www.suse.com/security/cve/CVE-2018-19210.html https://bugzilla.suse.com/1017693 https://bugzilla.suse.com/1054594 https://bugzilla.suse.com/1115717 https://bugzilla.suse.com/990460 From sle-security-updates at lists.suse.com Fri Dec 7 07:10:25 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Dec 2018 15:10:25 +0100 (CET) Subject: SUSE-SU-2018:4009-1: important: Security update for libgit2 Message-ID: <20181207141025.9BA31FD43@maintenance.suse.de> SUSE Security Update: Security update for libgit2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4009-1 Rating: important References: #1110949 #1114729 Cross-References: CVE-2018-17456 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libgit2 fixes the following issues: Security issue fixed: - CVE-2018-17456: Submodule URLs and paths with a leading "-" are now ignored to avoid injecting options into library consumers that perform recursive clones (bsc#1110949). Non-security issues fixed: - Version update to version 0.26.8 (bsc#1114729). - Full changelog can be found at: * https://github.com/libgit2/libgit2/releases/tag/v0.26.8 * https://github.com/libgit2/libgit2/releases/tag/v0.26.7 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2865=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): libgit2-26-0.26.8-3.8.1 libgit2-26-debuginfo-0.26.8-3.8.1 libgit2-debugsource-0.26.8-3.8.1 libgit2-devel-0.26.8-3.8.1 References: https://www.suse.com/security/cve/CVE-2018-17456.html https://bugzilla.suse.com/1110949 https://bugzilla.suse.com/1114729 From sle-security-updates at lists.suse.com Fri Dec 7 10:09:03 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Dec 2018 18:09:03 +0100 (CET) Subject: SUSE-SU-2018:4011-1: moderate: Security update for SUSE Manager Server 3.2 Message-ID: <20181207170903.2FCE9FD43@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4011-1 Rating: moderate References: #1041999 #1080474 #1083094 #1104487 #1105359 #1105724 #1106430 #1106626 #1107869 #1109235 #1110361 #1110625 #1111247 #1111249 #1111387 #1111497 #1111542 #1111810 #1111966 #1112163 #1112445 #1112754 #1113557 #1113747 #1114181 #1114362 #1114814 #1114991 #1115449 #1116517 Cross-References: CVE-2018-11761 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves one vulnerability and has 29 fixes is now available. Description: This update fixes the following issues: apache-mybatis: - Install missing LICENSE.txt file (bsc#1114814) cobbler: - Fix service restart after logrotate for cobblerd (bsc#1113747) - Rotate cobbler logs at higher frequency to prevent disk fillup (bsc#1113747) hadoop: - Install missing LICENSE.txt file (bsc#1114814) image-sync-formula: - Handle empty images pillar (bsc#1105359) lucene: - Install missing LICENSE.txt file (bsc#1114814) nekohtml: - Install missing LICENSE.txt file (bsc#1114814) nutch-core: - Install missing LICENSE.txt file (bsc#1114814) - Add conditional requirement for java 1.8 - Use java >= 1.8 - required by tika 0.19.1 to /var/log/nutch (bsc#1107869) - Add new tarball file for v1.0.1 - Bump up version to 1.0.1 and fix paths - Adjustments after upgrade of tika-core to v1.19 picocontainer: - Install missing LICENSE.txt file (bsc#1114814) python-susemanager-retail: - Improve error reporting on duplicate systems - Output partition size as int (bsc#1116517) - Start partition numbers from 1 - Warn on long group names - Improved logging support - Add retail_yaml --only-new option - Print import summary (bsc#1112754) - Add retail_migration tool - Check for duplicate addresses in yaml (bsc#1111497) salt-netapi-client: - Version 0.15.0 See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.15.0 saltboot-formula: - Send pxe_update by external command to make sure it is finished (bsc#1111387) - Better error message on missing partitioning pillar (bsc#1110625) spacecmd: - Show group id on group_details (bsc#1111542) - State channels handling: Existing commands configchannel_create and configchannel_import were updated while system_scheduleapplyconfigchannels and configchannel_updateinitsls were added. spacewalk-branding: - Automatic cleanup of notification messages after a configurable lifetime - ActivationKey base and child channel in a reactjs component - New messages are added for XMLRPC API for state channels spacewalk-config: - Add permissions for tomcat & apache to check bootstrap ssh file (bsc#1114181) spacewalk-java: - Improve return value and errors thrown for system.createEmptyProfile XMLRPC endpoint - Fix scheduling jobs to prevent forever pending events (bsc#1114991) - Performance improvements for group listings and detail page (bsc#1111810) - Fix wrong counts of systems currency reports when a system belongs to more than one group (bsc#1114362) - Add check if ssh-file permissions are correct (bsc#1114181) - Increase maximum number of threads and open files for taskomatic (bsc#1111966) - When removing cobbler system record, lookup by mac address as well if lookup by id fails(bsc#1110361) - Allow listing empty system profiles via XMLRPC - Automatic cleanup of notification messages after a configurable lifetime - Different methods have been refactored in tomcat/taskomatic for better performance(bsc#1106430) - Do not try cleanup when deleting empty system profiles (bsc#1111247) - Better error handling when a websocket connection is aborted (bsc#1080474) - Change Requires to allow installing with both Tomcat 8 (SLE-12SP3) and 9 (SLE12-SP4) - ActivationKey base and child channel in a reactjs component - Fix typo in messages (bsc#1111249) - Cleanup formula data and assignment when migrating formulas or when removing system - Remove restrictions on SUSE Manager Channel subscriptions (bsc#1105724) - Added shortcut for editing Software Channel - Fix permissions check on formula list api call (bsc#1106626) - Add sp migration dry runs to the daily status report (bsc#1083094) spacewalk-search: - Fix nutch-core path (bsc#1112445) spacewalk-setup: - Increase maximum number of threads and open files for taskomatic (bsc#1111966) spacewalk-utils: - Fix typo at --phases option help spacewalk-web: - Make datetimepicker update displayed time (bsc#1041999) - Show human-readable system cleanup error messages - ActivationKey base and child channel in a reactjs component - Fix typo in messages (bsc#1111249) susemanager: - Add new option --with-parent-channel to mgr-create-bootrap-repo to specify parent channel to use if multiple options are available (bsc#1104487) susemanager-docs_en: - Update text and image files. - Add information about SLE12 SP4 as base OS for Server and Proxy susemanager-frontend-libs: - Fix package version (bsc#1115449) susemanager-schema: - Automatic cleanup of notification messages after a configurable lifetime - Add missing minion-action-chain-cleanup to db init scripts susemanager-sls: - Deploy SSL certificate during onboarding of openSUSE Leap 15.0 (bsc#1112163) susemanager-sync-data: - SUSE OpenStack Cloud 9 enablement (bsc#1113557) - Add SUSE Manager 3.1 and 3.2 to SLES12 SP4 tika-core: - Fix improper XML parsing to prevent DoS attacks (CVE-2018-11761) (bsc#1109235) - Install missing LICENSE.txt file (bsc#1114814) - New upstream version (0.19.1) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2018-2869=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2018-2869=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): spacewalk-branding-2.8.5.12-3.10.4 susemanager-3.2.14-3.13.3 susemanager-tools-3.2.14-3.13.3 - SUSE Manager Server 3.2 (noarch): apache-mybatis-3.2.3-3.3.3 cobbler-2.6.6-6.10.3 hadoop-0.18.1-3.3.3 image-sync-formula-0.1.1542287363.b8aa274-3.6.3 lucene-2.4.1-4.3.3 nekohtml-1.9.21-3.3.3 nutch-core-1.0.1-7.10.3 picocontainer-1.3.7-3.3.3 python-susemanager-retail-1.0.1542643545.8752d17-2.6.3 salt-netapi-client-0.15.0-4.3.3 saltboot-formula-0.1.1542287363.b8aa274-3.6.3 spacecmd-2.8.25.7-3.9.3 spacewalk-base-2.8.7.11-3.13.3 spacewalk-base-minimal-2.8.7.11-3.13.3 spacewalk-base-minimal-config-2.8.7.11-3.13.3 spacewalk-config-2.8.5.5-3.10.3 spacewalk-html-2.8.7.11-3.13.3 spacewalk-java-2.8.78.13-3.13.1 spacewalk-java-config-2.8.78.13-3.13.1 spacewalk-java-lib-2.8.78.13-3.13.1 spacewalk-java-oracle-2.8.78.13-3.13.1 spacewalk-java-postgresql-2.8.78.13-3.13.1 spacewalk-search-2.8.3.7-3.12.3 spacewalk-setup-2.8.7.5-3.10.3 spacewalk-taskomatic-2.8.78.13-3.13.1 spacewalk-utils-2.8.18.3-3.3.3 susemanager-advanced-topics_en-pdf-3.2-11.12.3 susemanager-best-practices_en-pdf-3.2-11.12.3 susemanager-docs_en-3.2-11.12.3 susemanager-frontend-libs-3.2.4-3.7.3 susemanager-getting-started_en-pdf-3.2-11.12.3 susemanager-jsp_en-3.2-11.12.3 susemanager-reference_en-pdf-3.2-11.12.3 susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3 susemanager-schema-3.2.15-3.13.3 susemanager-sls-3.2.18-3.13.3 susemanager-sync-data-3.2.10-3.9.3 tika-core-1.19.1-3.3.3 - SUSE Manager Proxy 3.2 (noarch): spacewalk-base-minimal-2.8.7.11-3.13.3 spacewalk-base-minimal-config-2.8.7.11-3.13.3 References: https://www.suse.com/security/cve/CVE-2018-11761.html https://bugzilla.suse.com/1041999 https://bugzilla.suse.com/1080474 https://bugzilla.suse.com/1083094 https://bugzilla.suse.com/1104487 https://bugzilla.suse.com/1105359 https://bugzilla.suse.com/1105724 https://bugzilla.suse.com/1106430 https://bugzilla.suse.com/1106626 https://bugzilla.suse.com/1107869 https://bugzilla.suse.com/1109235 https://bugzilla.suse.com/1110361 https://bugzilla.suse.com/1110625 https://bugzilla.suse.com/1111247 https://bugzilla.suse.com/1111249 https://bugzilla.suse.com/1111387 https://bugzilla.suse.com/1111497 https://bugzilla.suse.com/1111542 https://bugzilla.suse.com/1111810 https://bugzilla.suse.com/1111966 https://bugzilla.suse.com/1112163 https://bugzilla.suse.com/1112445 https://bugzilla.suse.com/1112754 https://bugzilla.suse.com/1113557 https://bugzilla.suse.com/1113747 https://bugzilla.suse.com/1114181 https://bugzilla.suse.com/1114362 https://bugzilla.suse.com/1114814 https://bugzilla.suse.com/1114991 https://bugzilla.suse.com/1115449 https://bugzilla.suse.com/1116517 From sle-security-updates at lists.suse.com Fri Dec 7 10:24:57 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Dec 2018 18:24:57 +0100 (CET) Subject: SUSE-SU-2018:4020-1: important: Security update for cri-o and kubernetes packages Message-ID: <20181207172457.A9611FD43@maintenance.suse.de> SUSE Security Update: Security update for cri-o and kubernetes packages ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4020-1 Rating: important References: #1084765 #1095131 #1108195 #1111341 #1112967 #1112980 #1114645 #1116933 #1118198 Cross-References: CVE-2016-8859 CVE-2018-1002105 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has 7 fixes is now available. Description: This update provide fixes for kubernetes, kubernetes-salt, cri-o, and caasp-container-manifests: - VUL-0: kubernetes: proxy request handling in kube-apiserver can leave vulnerable TCP connections (bsc#1118198) - Error in Velum when applying the k8s 1.10.8 on CRI-O cluster (bsc#1116933) - Update regexp for SUSE images (bsc#1111341) - Require kubernetes-kubelet for kubeadm (bsc#1084765) - Move deprecated flags to kubelet config.yaml (bsc#1114645) - Update to k8s 1.10.x (bsc#1114645) - Fix kubelet failing to get device for dir "/var/lib/kubelet (bsc#1095131) - Set NOFILE and NPROC limit to 1048576 to align with Docker/containerd and the upstream unit file. (bsc#1112980) - Update cluster-proportional-autoscaler-amd64 in typha addon to w/ fix for (CVE-2016-8859) - Add a whitelist for returned events so we only save events that we care about (bsc#1112967) - Aggregation layer needs configuration (bsc#1108195) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): caasp-container-manifests-3.0.0+git_r291_33f7b2d-3.6.3 kubernetes-salt-3.0.0+git_r888_7af7095-3.33.2 - SUSE CaaS Platform 3.0 (x86_64): cri-o-1.10.6-4.8.5 cri-tools-1.0.0beta2-3.3.3 kubernetes-client-1.10.11-4.8.2 kubernetes-common-1.10.11-4.8.2 kubernetes-kubelet-1.10.11-4.8.2 kubernetes-master-1.10.11-4.8.2 kubernetes-node-1.10.11-4.8.2 References: https://www.suse.com/security/cve/CVE-2016-8859.html https://www.suse.com/security/cve/CVE-2018-1002105.html https://bugzilla.suse.com/1084765 https://bugzilla.suse.com/1095131 https://bugzilla.suse.com/1108195 https://bugzilla.suse.com/1111341 https://bugzilla.suse.com/1112967 https://bugzilla.suse.com/1112980 https://bugzilla.suse.com/1114645 https://bugzilla.suse.com/1116933 https://bugzilla.suse.com/1118198 From sle-security-updates at lists.suse.com Fri Dec 7 10:28:13 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Dec 2018 18:28:13 +0100 (CET) Subject: SUSE-SU-2018:4023-1: moderate: Security update for ImageMagick Message-ID: <20181207172813.06076FD43@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4023-1 Rating: moderate References: #1057246 #1113064 #1117463 Cross-References: CVE-2018-18544 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064). Non-security issues fixed: - Improve import documentation (bsc#1057246). - Allow override system security policy (bsc#1117463). - asan_build: build ASAN included - debug_build: build more suitable for debugging Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2018-2868=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2868=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2868=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2868=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2868=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2868=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2868=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2868=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): ImageMagick-6.8.8.1-71.93.2 ImageMagick-debuginfo-6.8.8.1-71.93.2 ImageMagick-debugsource-6.8.8.1-71.93.2 libMagick++-6_Q16-3-6.8.8.1-71.93.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.93.2 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.93.2 ImageMagick-debuginfo-6.8.8.1-71.93.2 ImageMagick-debugsource-6.8.8.1-71.93.2 libMagick++-6_Q16-3-6.8.8.1-71.93.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.93.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.93.2 ImageMagick-debuginfo-6.8.8.1-71.93.2 ImageMagick-debugsource-6.8.8.1-71.93.2 ImageMagick-devel-6.8.8.1-71.93.2 libMagick++-6_Q16-3-6.8.8.1-71.93.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.93.2 libMagick++-devel-6.8.8.1-71.93.2 perl-PerlMagick-6.8.8.1-71.93.2 perl-PerlMagick-debuginfo-6.8.8.1-71.93.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.93.2 ImageMagick-debuginfo-6.8.8.1-71.93.2 ImageMagick-debugsource-6.8.8.1-71.93.2 ImageMagick-devel-6.8.8.1-71.93.2 libMagick++-6_Q16-3-6.8.8.1-71.93.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.93.2 libMagick++-devel-6.8.8.1-71.93.2 perl-PerlMagick-6.8.8.1-71.93.2 perl-PerlMagick-debuginfo-6.8.8.1-71.93.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.93.2 ImageMagick-debugsource-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.93.2 libMagickWand-6_Q16-1-6.8.8.1-71.93.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.93.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.93.2 ImageMagick-debugsource-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.93.2 libMagickWand-6_Q16-1-6.8.8.1-71.93.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.93.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ImageMagick-6.8.8.1-71.93.2 ImageMagick-debuginfo-6.8.8.1-71.93.2 ImageMagick-debugsource-6.8.8.1-71.93.2 libMagick++-6_Q16-3-6.8.8.1-71.93.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.93.2 libMagickWand-6_Q16-1-6.8.8.1-71.93.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.93.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.93.2 ImageMagick-debuginfo-6.8.8.1-71.93.2 ImageMagick-debugsource-6.8.8.1-71.93.2 libMagick++-6_Q16-3-6.8.8.1-71.93.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.93.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.93.2 libMagickWand-6_Q16-1-6.8.8.1-71.93.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.93.2 References: https://www.suse.com/security/cve/CVE-2018-18544.html https://bugzilla.suse.com/1057246 https://bugzilla.suse.com/1113064 https://bugzilla.suse.com/1117463 From sle-security-updates at lists.suse.com Mon Dec 10 04:11:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Dec 2018 12:11:19 +0100 (CET) Subject: SUSE-SU-2018:3812-2: important: Security update for libwpd Message-ID: <20181210111119.3ED19FFE5@maintenance.suse.de> SUSE Security Update: Security update for libwpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3812-2 Rating: important References: #1115713 Cross-References: CVE-2018-19208 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libwpd fixes the following issues: Security issue fixed: - CVE-2018-19208: Fixed illegal address access inside libwpd at function WP6ContentListener:defineTable (bsc#1115713). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2018-2706=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2706=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2706=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libwpd-0_10-10-0.10.2-2.7.1 libwpd-0_10-10-debuginfo-0.10.2-2.7.1 libwpd-debugsource-0.10.2-2.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libwpd-0_10-10-0.10.2-2.7.1 libwpd-0_10-10-debuginfo-0.10.2-2.7.1 libwpd-debugsource-0.10.2-2.7.1 libwpd-devel-0.10.2-2.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): libwpd-devel-doc-0.10.2-2.7.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libwpd-0_10-10-0.10.2-2.7.1 libwpd-0_10-10-debuginfo-0.10.2-2.7.1 libwpd-debugsource-0.10.2-2.7.1 References: https://www.suse.com/security/cve/CVE-2018-19208.html https://bugzilla.suse.com/1115713 From sle-security-updates at lists.suse.com Mon Dec 10 04:12:03 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Dec 2018 12:12:03 +0100 (CET) Subject: SUSE-SU-2018:4059-1: important: Security update for cups Message-ID: <20181210111203.7A30CFFE5@maintenance.suse.de> SUSE Security Update: Security update for cups ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4059-1 Rating: important References: #1115750 Cross-References: CVE-2018-4700 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2882=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2882=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2882=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): cups-ddk-2.2.7-3.6.1 cups-ddk-debuginfo-2.2.7-3.6.1 cups-debuginfo-2.2.7-3.6.1 cups-debugsource-2.2.7-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): cups-debugsource-2.2.7-3.6.1 libcups2-32bit-2.2.7-3.6.1 libcups2-32bit-debuginfo-2.2.7-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): cups-2.2.7-3.6.1 cups-client-2.2.7-3.6.1 cups-client-debuginfo-2.2.7-3.6.1 cups-config-2.2.7-3.6.1 cups-debuginfo-2.2.7-3.6.1 cups-debugsource-2.2.7-3.6.1 cups-devel-2.2.7-3.6.1 libcups2-2.2.7-3.6.1 libcups2-debuginfo-2.2.7-3.6.1 libcupscgi1-2.2.7-3.6.1 libcupscgi1-debuginfo-2.2.7-3.6.1 libcupsimage2-2.2.7-3.6.1 libcupsimage2-debuginfo-2.2.7-3.6.1 libcupsmime1-2.2.7-3.6.1 libcupsmime1-debuginfo-2.2.7-3.6.1 libcupsppdc1-2.2.7-3.6.1 libcupsppdc1-debuginfo-2.2.7-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-4700.html https://bugzilla.suse.com/1115750 From sle-security-updates at lists.suse.com Mon Dec 10 04:12:51 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Dec 2018 12:12:51 +0100 (CET) Subject: SUSE-SU-2018:3767-2: important: Security update for systemd Message-ID: <20181210111251.04EA3FFE5@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3767-2 Rating: important References: #1106923 #1108835 #1109252 #1110445 #1111278 #1112024 #1113083 #1113632 #1113665 Cross-References: CVE-2018-15686 CVE-2018-15688 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 7 fixes is now available. Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if "missing ok" (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user at .service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - socket-util: introduce port argument in sockaddr_port() - service: fixup ExecStop for socket-activated shutdown (#4120) - service: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923) - cryptsetup: build fixes for "add support for sector-size= option" - udev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278) - core: keep the kernel coredump defaults when systemd-coredump is disabled - core: shorten main() a bit, split out coredump initialization - core: set RLIMIT_CORE to unlimited by default (bsc#1108835) - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make "tmpfs" dependencies on swapfs a "default" dep, not an "implicit" (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - tmp.mount.hm4: After swap.target (#3087) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2659=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2659=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2659=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.53.3 systemd-debuginfo-228-150.53.3 systemd-debugsource-228-150.53.3 systemd-devel-228-150.53.3 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.53.3 libsystemd0-debuginfo-228-150.53.3 libudev1-228-150.53.3 libudev1-debuginfo-228-150.53.3 systemd-228-150.53.3 systemd-debuginfo-228-150.53.3 systemd-debugsource-228-150.53.3 systemd-sysvinit-228-150.53.3 udev-228-150.53.3 udev-debuginfo-228-150.53.3 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsystemd0-32bit-228-150.53.3 libsystemd0-debuginfo-32bit-228-150.53.3 libudev1-32bit-228-150.53.3 libudev1-debuginfo-32bit-228-150.53.3 systemd-32bit-228-150.53.3 systemd-debuginfo-32bit-228-150.53.3 - SUSE Linux Enterprise Server 12-SP4 (noarch): systemd-bash-completion-228-150.53.3 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): systemd-bash-completion-228-150.53.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsystemd0-228-150.53.3 libsystemd0-32bit-228-150.53.3 libsystemd0-debuginfo-228-150.53.3 libsystemd0-debuginfo-32bit-228-150.53.3 libudev1-228-150.53.3 libudev1-32bit-228-150.53.3 libudev1-debuginfo-228-150.53.3 libudev1-debuginfo-32bit-228-150.53.3 systemd-228-150.53.3 systemd-32bit-228-150.53.3 systemd-debuginfo-228-150.53.3 systemd-debuginfo-32bit-228-150.53.3 systemd-debugsource-228-150.53.3 systemd-sysvinit-228-150.53.3 udev-228-150.53.3 udev-debuginfo-228-150.53.3 References: https://www.suse.com/security/cve/CVE-2018-15686.html https://www.suse.com/security/cve/CVE-2018-15688.html https://bugzilla.suse.com/1106923 https://bugzilla.suse.com/1108835 https://bugzilla.suse.com/1109252 https://bugzilla.suse.com/1110445 https://bugzilla.suse.com/1111278 https://bugzilla.suse.com/1112024 https://bugzilla.suse.com/1113083 https://bugzilla.suse.com/1113632 https://bugzilla.suse.com/1113665 From sle-security-updates at lists.suse.com Mon Dec 10 07:09:12 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Dec 2018 15:09:12 +0100 (CET) Subject: SUSE-SU-2018:3588-2: moderate: Security update for audiofile Message-ID: <20181210140912.99F72FD4B@maintenance.suse.de> SUSE Security Update: Security update for audiofile ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3588-2 Rating: moderate References: #1111586 Cross-References: CVE-2018-17095 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for audiofile fixes the following issues: - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2542=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2542=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2542=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): audiofile-debuginfo-0.3.6-11.3.1 audiofile-debugsource-0.3.6-11.3.1 audiofile-devel-0.3.6-11.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): audiofile-0.3.6-11.3.1 audiofile-debuginfo-0.3.6-11.3.1 audiofile-debugsource-0.3.6-11.3.1 libaudiofile1-0.3.6-11.3.1 libaudiofile1-debuginfo-0.3.6-11.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libaudiofile1-32bit-0.3.6-11.3.1 libaudiofile1-debuginfo-32bit-0.3.6-11.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): audiofile-0.3.6-11.3.1 audiofile-debuginfo-0.3.6-11.3.1 audiofile-debugsource-0.3.6-11.3.1 libaudiofile1-0.3.6-11.3.1 libaudiofile1-32bit-0.3.6-11.3.1 libaudiofile1-debuginfo-0.3.6-11.3.1 libaudiofile1-debuginfo-32bit-0.3.6-11.3.1 References: https://www.suse.com/security/cve/CVE-2018-17095.html https://bugzilla.suse.com/1111586 From sle-security-updates at lists.suse.com Mon Dec 10 10:13:42 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Dec 2018 18:13:42 +0100 (CET) Subject: SUSE-SU-2018:3622-2: moderate: Security update for opensc Message-ID: <20181210171342.D84CFFFEA@maintenance.suse.de> SUSE Security Update: Security update for opensc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3622-2 Rating: moderate References: #1104812 #1106998 #1106999 #1107033 #1107034 #1107037 #1107038 #1107039 #1107097 #1107107 #1108318 Cross-References: CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16420 CVE-2018-16422 CVE-2018-16423 CVE-2018-16426 CVE-2018-16427 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for opensc fixes the following issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) - CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097) - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038) - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037) - CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034) - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2582=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2582=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): opensc-0.13.0-3.3.2 opensc-debuginfo-0.13.0-3.3.2 opensc-debugsource-0.13.0-3.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): opensc-0.13.0-3.3.2 opensc-debuginfo-0.13.0-3.3.2 opensc-debugsource-0.13.0-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-16391.html https://www.suse.com/security/cve/CVE-2018-16392.html https://www.suse.com/security/cve/CVE-2018-16393.html https://www.suse.com/security/cve/CVE-2018-16418.html https://www.suse.com/security/cve/CVE-2018-16419.html https://www.suse.com/security/cve/CVE-2018-16420.html https://www.suse.com/security/cve/CVE-2018-16422.html https://www.suse.com/security/cve/CVE-2018-16423.html https://www.suse.com/security/cve/CVE-2018-16426.html https://www.suse.com/security/cve/CVE-2018-16427.html https://bugzilla.suse.com/1104812 https://bugzilla.suse.com/1106998 https://bugzilla.suse.com/1106999 https://bugzilla.suse.com/1107033 https://bugzilla.suse.com/1107034 https://bugzilla.suse.com/1107037 https://bugzilla.suse.com/1107038 https://bugzilla.suse.com/1107039 https://bugzilla.suse.com/1107097 https://bugzilla.suse.com/1107107 https://bugzilla.suse.com/1108318 From sle-security-updates at lists.suse.com Mon Dec 10 10:20:42 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Dec 2018 18:20:42 +0100 (CET) Subject: SUSE-SU-2018:4063-1: important: Security update for python-cryptography, python-pyOpenSSL Message-ID: <20181210172042.76644FFEA@maintenance.suse.de> SUSE Security Update: Security update for python-cryptography, python-pyOpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4063-1 Rating: important References: #1021578 #1111634 #1111635 Cross-References: CVE-2018-1000807 CVE-2018-1000808 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6-LTSS SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for python-cryptography, python-pyOpenSSL fixes the following issues: Security issues fixed: - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS#12 store handling was fixed (bsc#1111634) - CVE-2018-1000807: A use-after-free in X509 object handling was fixed (bsc#1111635) - avoid bad interaction with python-cryptography package. (bsc#1021578) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2885=1 - SUSE OpenStack Cloud 6-LTSS: zypper in -t patch SUSE-OpenStack-Cloud-6-LTSS-2018-2885=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2885=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2885=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2885=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2885=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2885=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2885=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2885=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2885=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2885=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2018-2885=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2885=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2885=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2885=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2885=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-cryptography-1.3.1-7.13.4 python-cryptography-debuginfo-1.3.1-7.13.4 python-cryptography-debugsource-1.3.1-7.13.4 - SUSE OpenStack Cloud 7 (s390x x86_64): python3-cryptography-1.3.1-7.13.4 - SUSE OpenStack Cloud 7 (noarch): python-pyOpenSSL-16.0.0-4.11.3 python-setuptools-18.0.1-4.8.1 python3-pyOpenSSL-16.0.0-4.11.3 python3-setuptools-18.0.1-4.8.1 - SUSE OpenStack Cloud 6-LTSS (noarch): python-setuptools-18.0.1-4.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): python3-setuptools-18.0.1-4.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): python-setuptools-18.0.1-4.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): python-cryptography-1.3.1-7.13.4 python-cryptography-debuginfo-1.3.1-7.13.4 python-cryptography-debugsource-1.3.1-7.13.4 python3-cryptography-1.3.1-7.13.4 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-pyOpenSSL-16.0.0-4.11.3 python-setuptools-18.0.1-4.8.1 python3-pyOpenSSL-16.0.0-4.11.3 python3-setuptools-18.0.1-4.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): python-cryptography-1.3.1-7.13.4 python-cryptography-debuginfo-1.3.1-7.13.4 python-cryptography-debugsource-1.3.1-7.13.4 python3-cryptography-1.3.1-7.13.4 python3-cryptography-debuginfo-1.3.1-7.13.4 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-pyOpenSSL-16.0.0-4.11.3 python-setuptools-18.0.1-4.8.1 python3-pyOpenSSL-16.0.0-4.11.3 python3-setuptools-18.0.1-4.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): python-cryptography-1.3.1-7.13.4 python-cryptography-debuginfo-1.3.1-7.13.4 python-cryptography-debugsource-1.3.1-7.13.4 python3-cryptography-1.3.1-7.13.4 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-pyOpenSSL-16.0.0-4.11.3 python-setuptools-18.0.1-4.8.1 python3-pyOpenSSL-16.0.0-4.11.3 python3-setuptools-18.0.1-4.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): python-cryptography-1.3.1-7.13.4 python-cryptography-debuginfo-1.3.1-7.13.4 python-cryptography-debugsource-1.3.1-7.13.4 python3-cryptography-1.3.1-7.13.4 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-pyOpenSSL-16.0.0-4.11.3 python-setuptools-18.0.1-4.8.1 python3-pyOpenSSL-16.0.0-4.11.3 python3-setuptools-18.0.1-4.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-pyOpenSSL-16.0.0-4.11.3 python-setuptools-18.0.1-4.8.1 python3-pyOpenSSL-16.0.0-4.11.3 python3-setuptools-18.0.1-4.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): python-cryptography-1.3.1-7.13.4 python-cryptography-debuginfo-1.3.1-7.13.4 python-cryptography-debugsource-1.3.1-7.13.4 python3-cryptography-1.3.1-7.13.4 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-setuptools-18.0.1-4.8.1 python3-setuptools-18.0.1-4.8.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-setuptools-18.0.1-4.8.1 python3-setuptools-18.0.1-4.8.1 - SUSE Linux Enterprise Module for Containers 12 (noarch): python-setuptools-18.0.1-4.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): python-cryptography-1.3.1-7.13.4 python-cryptography-debuginfo-1.3.1-7.13.4 python-cryptography-debugsource-1.3.1-7.13.4 python3-cryptography-1.3.1-7.13.4 python3-cryptography-debuginfo-1.3.1-7.13.4 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): python-pyOpenSSL-16.0.0-4.11.3 python-setuptools-18.0.1-4.8.1 python3-pyOpenSSL-16.0.0-4.11.3 python3-setuptools-18.0.1-4.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): python-cryptography-1.3.1-7.13.4 python-cryptography-debuginfo-1.3.1-7.13.4 python-cryptography-debugsource-1.3.1-7.13.4 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): python-pyOpenSSL-16.0.0-4.11.3 python-setuptools-18.0.1-4.8.1 python3-setuptools-18.0.1-4.8.1 - SUSE Enterprise Storage 4 (noarch): python-pyOpenSSL-16.0.0-4.11.3 python-setuptools-18.0.1-4.8.1 python3-pyOpenSSL-16.0.0-4.11.3 python3-setuptools-18.0.1-4.8.1 - SUSE Enterprise Storage 4 (x86_64): python-cryptography-1.3.1-7.13.4 python-cryptography-debuginfo-1.3.1-7.13.4 python-cryptography-debugsource-1.3.1-7.13.4 python3-cryptography-1.3.1-7.13.4 - SUSE CaaS Platform ALL (x86_64): python-cryptography-1.3.1-7.13.4 python-cryptography-debuginfo-1.3.1-7.13.4 python-cryptography-debugsource-1.3.1-7.13.4 - SUSE CaaS Platform ALL (noarch): python-setuptools-18.0.1-4.8.1 - SUSE CaaS Platform 3.0 (x86_64): python-cryptography-1.3.1-7.13.4 python-cryptography-debuginfo-1.3.1-7.13.4 python-cryptography-debugsource-1.3.1-7.13.4 - SUSE CaaS Platform 3.0 (noarch): python-pyOpenSSL-16.0.0-4.11.3 python-setuptools-18.0.1-4.8.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): python-cryptography-1.3.1-7.13.4 python-cryptography-debuginfo-1.3.1-7.13.4 python-cryptography-debugsource-1.3.1-7.13.4 - OpenStack Cloud Magnum Orchestration 7 (noarch): python-setuptools-18.0.1-4.8.1 References: https://www.suse.com/security/cve/CVE-2018-1000807.html https://www.suse.com/security/cve/CVE-2018-1000808.html https://bugzilla.suse.com/1021578 https://bugzilla.suse.com/1111634 https://bugzilla.suse.com/1111635 From sle-security-updates at lists.suse.com Mon Dec 10 10:22:36 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Dec 2018 18:22:36 +0100 (CET) Subject: SUSE-SU-2018:3606-2: moderate: Security update for soundtouch Message-ID: <20181210172236.6ACCCFFEA@maintenance.suse.de> SUSE Security Update: Security update for soundtouch ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3606-2 Rating: moderate References: #1108630 #1108631 #1108632 Cross-References: CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for soundtouch fixes the following issues: - CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632) - CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631) - CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2018-2564=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2564=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2564=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2564=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libSoundTouch0-32bit-1.7.1-5.6.1 libSoundTouch0-debuginfo-32bit-1.7.1-5.6.1 soundtouch-1.7.1-5.6.1 soundtouch-debuginfo-1.7.1-5.6.1 soundtouch-debugsource-1.7.1-5.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): soundtouch-1.7.1-5.6.1 soundtouch-debuginfo-1.7.1-5.6.1 soundtouch-debugsource-1.7.1-5.6.1 soundtouch-devel-1.7.1-5.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libSoundTouch0-1.7.1-5.6.1 libSoundTouch0-debuginfo-1.7.1-5.6.1 soundtouch-debuginfo-1.7.1-5.6.1 soundtouch-debugsource-1.7.1-5.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libSoundTouch0-1.7.1-5.6.1 libSoundTouch0-32bit-1.7.1-5.6.1 libSoundTouch0-debuginfo-1.7.1-5.6.1 libSoundTouch0-debuginfo-32bit-1.7.1-5.6.1 soundtouch-1.7.1-5.6.1 soundtouch-debuginfo-1.7.1-5.6.1 soundtouch-debugsource-1.7.1-5.6.1 References: https://www.suse.com/security/cve/CVE-2018-17096.html https://www.suse.com/security/cve/CVE-2018-17097.html https://www.suse.com/security/cve/CVE-2018-17098.html https://bugzilla.suse.com/1108630 https://bugzilla.suse.com/1108631 https://bugzilla.suse.com/1108632 From sle-security-updates at lists.suse.com Mon Dec 10 10:25:37 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Dec 2018 18:25:37 +0100 (CET) Subject: SUSE-SU-2018:3554-2: moderate: Security update for python, python-base Message-ID: <20181210172537.5B37AFFEA@maintenance.suse.de> SUSE Security Update: Security update for python, python-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3554-2 Rating: moderate References: #1086001 #1088004 #1088009 #1109663 Cross-References: CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes: - bsc#1086001: python tarfile uses random order. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2018-2520=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2520=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2520=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2520=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-devel-2.7.13-28.16.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-devel-2.7.13-28.16.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-2.7.13-28.16.1 python-2.7.13-28.16.1 python-base-2.7.13-28.16.1 python-base-debuginfo-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-curses-2.7.13-28.16.1 python-curses-debuginfo-2.7.13-28.16.1 python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-demo-2.7.13-28.16.1 python-gdbm-2.7.13-28.16.1 python-gdbm-debuginfo-2.7.13-28.16.1 python-idle-2.7.13-28.16.1 python-tk-2.7.13-28.16.1 python-tk-debuginfo-2.7.13-28.16.1 python-xml-2.7.13-28.16.1 python-xml-debuginfo-2.7.13-28.16.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.16.1 python-32bit-2.7.13-28.16.1 python-base-32bit-2.7.13-28.16.1 python-base-debuginfo-32bit-2.7.13-28.16.1 python-debuginfo-32bit-2.7.13-28.16.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-doc-2.7.13-28.16.1 python-doc-pdf-2.7.13-28.16.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython2_7-1_0-2.7.13-28.16.1 libpython2_7-1_0-32bit-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-2.7.13-28.16.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.16.1 python-2.7.13-28.16.1 python-base-2.7.13-28.16.1 python-base-debuginfo-2.7.13-28.16.1 python-base-debuginfo-32bit-2.7.13-28.16.1 python-base-debugsource-2.7.13-28.16.1 python-curses-2.7.13-28.16.1 python-curses-debuginfo-2.7.13-28.16.1 python-debuginfo-2.7.13-28.16.1 python-debugsource-2.7.13-28.16.1 python-devel-2.7.13-28.16.1 python-tk-2.7.13-28.16.1 python-tk-debuginfo-2.7.13-28.16.1 python-xml-2.7.13-28.16.1 python-xml-debuginfo-2.7.13-28.16.1 References: https://www.suse.com/security/cve/CVE-2018-1000802.html https://www.suse.com/security/cve/CVE-2018-1060.html https://www.suse.com/security/cve/CVE-2018-1061.html https://bugzilla.suse.com/1086001 https://bugzilla.suse.com/1088004 https://bugzilla.suse.com/1088009 https://bugzilla.suse.com/1109663 From sle-security-updates at lists.suse.com Mon Dec 10 10:27:47 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Dec 2018 18:27:47 +0100 (CET) Subject: SUSE-SU-2018:4064-1: important: Security update for java-1_8_0-ibm Message-ID: <20181210172747.5153FFFEA@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4064-1 Rating: important References: #1116574 Cross-References: CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574) * Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK???S CACERTS. - IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 ??? BELGIUM EBCDIC * Java Virtual Machine - IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT - IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP - IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ???JAVA.SYSTEM.CLASS.LOADE R??? IS NOT HONORED. - IJ10931 CVE-2018-3169 - IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE - IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION - IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API - IJ10680 RECURRENT ABORTED SCAVENGE * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Reliability and Serviceability - IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD - IJ10491 AES/GCM CIPHER ??? AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER ??? INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL ??? INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ???ARRAY INDEX OUT OF RANGE??? EXCEPTION - IJ08704 THE SECURITY PROPERTY ???JDK.CERTPATH.DISABLEDAL GORITHMS??? IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE - PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059 - PH04008 ZERTJSSE ??? Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK This includes the update to Java 8.0 Service Refresh 5 Fix Pack 22: * Java Virtual Machine - IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS * JIT Compiler - IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32 - IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION - IJ08850 CRASH IN ARRAYLIST$ITR.NEXT() - IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER * z/OS Extentions - PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Also the update to Java 8.0 Service Refresh 5 Fix Pack 21 * Class Libraries - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM * Java Virtual Machine - IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS - IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE) * JIT Compiler - IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE - IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS - IJ08205 CRASH WHILE COMPILING - IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2886=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2886=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2886=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2886=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2886=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2886=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2886=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2886=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2886=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2886=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-devel-1.8.0_sr5.25-30.39.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr5.25-30.39.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr5.25-30.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-devel-1.8.0_sr5.25-30.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.25-30.39.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.25-30.39.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-devel-1.8.0_sr5.25-30.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-devel-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-devel-1.8.0_sr5.25-30.39.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39.1 - SUSE Enterprise Storage 4 (x86_64): java-1_8_0-ibm-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-devel-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2018-3136.html https://www.suse.com/security/cve/CVE-2018-3139.html https://www.suse.com/security/cve/CVE-2018-3149.html https://www.suse.com/security/cve/CVE-2018-3169.html https://www.suse.com/security/cve/CVE-2018-3180.html https://www.suse.com/security/cve/CVE-2018-3183.html https://www.suse.com/security/cve/CVE-2018-3214.html https://bugzilla.suse.com/1116574 From sle-security-updates at lists.suse.com Mon Dec 10 13:08:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Dec 2018 21:08:49 +0100 (CET) Subject: SUSE-SU-2018:4066-1: moderate: Security update for samba Message-ID: <20181210200849.17528FF58@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4066-1 Rating: moderate References: #1068059 #1087303 #1087931 #1101499 #1102230 #1116319 #1116320 #1116322 #1116324 Cross-References: CVE-2018-14629 CVE-2018-16841 CVE-2018-16851 CVE-2018-16853 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 5 fixes is now available. Description: This update for samba fixes the following issues: Update to samba version 4.7.11. Security issues fixed: - CVE-2018-14629: Fixed CNAME loops in Samba AD DC DNS server (bsc#1116319). - CVE-2018-16841: Fixed segfault on PKINIT when mis-matching principal (bsc#1116320). - CVE-2018-16851: Fixed NULL pointer de-reference in Samba AD DC LDAP server (bsc#1116322). - CVE-2018-16853: Mark MIT support for the AD DC experimental (bsc#1116324). Non-security issues fixed: - Fixed do not take over stderr when there is no log file (bsc#1101499). - Fixed ctdb_mutex_ceph_rados_helper deadlock; (bsc#1102230). - Fixed ntlm authentications with "winbind use default domain = yes"; (bsc#1068059). - Fixed idmap_rid to have primary group other than "Domain Users"; (bsc#1087931). - Fixed windows domain with one way trust that was not working (bsc#1087303). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2888=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2888=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2888=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-2888=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): samba-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-debugsource-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-python-4.7.11+git.140.6bd0e5b30d8-4.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ctdb-pcp-pmda-4.7.11+git.140.6bd0e5b30d8-4.21.1 ctdb-pcp-pmda-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 ctdb-tests-4.7.11+git.140.6bd0e5b30d8-4.21.1 ctdb-tests-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-debugsource-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-python-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-test-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-test-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): samba-doc-4.7.11+git.140.6bd0e5b30d8-4.21.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libdcerpc-binding0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libdcerpc-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libdcerpc-samr-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libdcerpc-samr0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libdcerpc-samr0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libdcerpc0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libdcerpc0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libndr-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libndr-krb5pac-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libndr-krb5pac0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libndr-krb5pac0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libndr-nbt-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libndr-nbt0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libndr-nbt0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libndr-standard-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libndr-standard0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libndr-standard0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libndr0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libndr0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libnetapi-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libnetapi0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libnetapi0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-credentials-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-credentials0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-credentials0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-errors-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-errors0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-errors0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-hostconfig-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-hostconfig0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-hostconfig0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-passdb-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-passdb0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-passdb0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-policy-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-policy0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-util-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-util0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamba-util0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamdb-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamdb0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsamdb0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsmbclient-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsmbclient0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsmbclient0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsmbconf-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsmbconf0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsmbconf0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsmbldap-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsmbldap2-4.7.11+git.140.6bd0e5b30d8-4.21.1 libsmbldap2-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libtevent-util-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libtevent-util0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libtevent-util0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 libwbclient-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 libwbclient0-4.7.11+git.140.6bd0e5b30d8-4.21.1 libwbclient0-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-client-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-client-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-core-devel-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-debugsource-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-libs-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-libs-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-winbind-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-winbind-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ctdb-4.7.11+git.140.6bd0e5b30d8-4.21.1 ctdb-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-debuginfo-4.7.11+git.140.6bd0e5b30d8-4.21.1 samba-debugsource-4.7.11+git.140.6bd0e5b30d8-4.21.1 References: https://www.suse.com/security/cve/CVE-2018-14629.html https://www.suse.com/security/cve/CVE-2018-16841.html https://www.suse.com/security/cve/CVE-2018-16851.html https://www.suse.com/security/cve/CVE-2018-16853.html https://bugzilla.suse.com/1068059 https://bugzilla.suse.com/1087303 https://bugzilla.suse.com/1087931 https://bugzilla.suse.com/1101499 https://bugzilla.suse.com/1102230 https://bugzilla.suse.com/1116319 https://bugzilla.suse.com/1116320 https://bugzilla.suse.com/1116322 https://bugzilla.suse.com/1116324 From sle-security-updates at lists.suse.com Mon Dec 10 16:08:43 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 11 Dec 2018 00:08:43 +0100 (CET) Subject: SUSE-SU-2018:4067-1: moderate: Recommended update for glibc Message-ID: <20181210230843.85A21FF59@maintenance.suse.de> SUSE Security Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4067-1 Rating: moderate References: #1064569 #1110170 #1110174 Cross-References: CVE-2017-15671 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2017-15671: Fixed memory leak in glob with GLOB_TILDE (bsc#1064569, BZ #22325). Non-security issue fixed: - Avoid access beyond memory bounds in pthread_attr_getaffinity_np (bsc#1110170, BZ #15618). - Remove improper assert in dlclose (bsc#1110174, BZ #11941). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-13903=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-13903=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-glibc-13903=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-glibc-13903=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-13903=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-13903=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.110.24.2 glibc-info-2.11.3-17.110.24.2 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.110.24.2 glibc-devel-2.11.3-17.110.24.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.110.24.2 glibc-i18ndata-2.11.3-17.110.24.2 glibc-info-2.11.3-17.110.24.2 glibc-locale-2.11.3-17.110.24.2 glibc-profile-2.11.3-17.110.24.2 nscd-2.11.3-17.110.24.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.110.24.2 glibc-devel-32bit-2.11.3-17.110.24.2 glibc-locale-32bit-2.11.3-17.110.24.2 glibc-profile-32bit-2.11.3-17.110.24.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.110.24.2 glibc-profile-x86-2.11.3-17.110.24.2 glibc-x86-2.11.3-17.110.24.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.110.24.2 glibc-devel-2.11.3-17.110.24.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.110.24.2 glibc-i18ndata-2.11.3-17.110.24.2 glibc-info-2.11.3-17.110.24.2 glibc-locale-2.11.3-17.110.24.2 glibc-profile-2.11.3-17.110.24.2 nscd-2.11.3-17.110.24.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): glibc-32bit-2.11.3-17.110.24.2 glibc-devel-32bit-2.11.3-17.110.24.2 glibc-locale-32bit-2.11.3-17.110.24.2 glibc-profile-32bit-2.11.3-17.110.24.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 i686): glibc-2.11.3-17.110.24.2 glibc-devel-2.11.3-17.110.24.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): glibc-html-2.11.3-17.110.24.2 glibc-i18ndata-2.11.3-17.110.24.2 glibc-info-2.11.3-17.110.24.2 glibc-locale-2.11.3-17.110.24.2 glibc-profile-2.11.3-17.110.24.2 nscd-2.11.3-17.110.24.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.110.24.2 glibc-debugsource-2.11.3-17.110.24.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.24.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): glibc-debuginfo-x86-2.11.3-17.110.24.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 s390x x86_64): glibc-debuginfo-2.11.3-17.110.24.2 glibc-debugsource-2.11.3-17.110.24.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.24.2 References: https://www.suse.com/security/cve/CVE-2017-15671.html https://bugzilla.suse.com/1064569 https://bugzilla.suse.com/1110170 https://bugzilla.suse.com/1110174 From sle-security-updates at lists.suse.com Tue Dec 11 07:08:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 11 Dec 2018 15:08:49 +0100 (CET) Subject: SUSE-SU-2018:4068-1: moderate: Security update for compat-openssl098 Message-ID: <20181211140849.A4274FF59@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4068-1 Rating: moderate References: #1104789 #1110018 #1113534 #1113652 Cross-References: CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for compat-openssl098 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the "One and Done" side-channel attack on RSA (bsc#1104789). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2018-2893=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-2893=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2893=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-2893=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2018-2893=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2893=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2893=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): compat-openssl098-debugsource-0.9.8j-106.9.1 libopenssl0_9_8-0.9.8j-106.9.1 libopenssl0_9_8-debuginfo-0.9.8j-106.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): compat-openssl098-debugsource-0.9.8j-106.9.1 libopenssl0_9_8-0.9.8j-106.9.1 libopenssl0_9_8-debuginfo-0.9.8j-106.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): compat-openssl098-debugsource-0.9.8j-106.9.1 libopenssl0_9_8-0.9.8j-106.9.1 libopenssl0_9_8-debuginfo-0.9.8j-106.9.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): compat-openssl098-debugsource-0.9.8j-106.9.1 libopenssl0_9_8-0.9.8j-106.9.1 libopenssl0_9_8-debuginfo-0.9.8j-106.9.1 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-106.9.1 libopenssl0_9_8-0.9.8j-106.9.1 libopenssl0_9_8-32bit-0.9.8j-106.9.1 libopenssl0_9_8-debuginfo-0.9.8j-106.9.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): compat-openssl098-debugsource-0.9.8j-106.9.1 libopenssl0_9_8-0.9.8j-106.9.1 libopenssl0_9_8-32bit-0.9.8j-106.9.1 libopenssl0_9_8-debuginfo-0.9.8j-106.9.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): compat-openssl098-debugsource-0.9.8j-106.9.1 libopenssl0_9_8-0.9.8j-106.9.1 libopenssl0_9_8-32bit-0.9.8j-106.9.1 libopenssl0_9_8-debuginfo-0.9.8j-106.9.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.9.1 References: https://www.suse.com/security/cve/CVE-2016-8610.html https://www.suse.com/security/cve/CVE-2018-0734.html https://www.suse.com/security/cve/CVE-2018-5407.html https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1110018 https://bugzilla.suse.com/1113534 https://bugzilla.suse.com/1113652 From sle-security-updates at lists.suse.com Tue Dec 11 07:10:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 11 Dec 2018 15:10:02 +0100 (CET) Subject: SUSE-SU-2018:4069-1: important: Security update for the Linux Kernel Message-ID: <20181211141002.145EAFF58@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4069-1 Rating: important References: #1051510 #1055120 #1061840 #1065600 #1065729 #1066674 #1067906 #1068273 #1076830 #1078248 #1079524 #1082555 #1082653 #1083647 #1084760 #1084831 #1085535 #1086196 #1089350 #1091800 #1094825 #1095805 #1097755 #1100132 #1103356 #1103925 #1104124 #1104731 #1104824 #1105025 #1105428 #1106105 #1106110 #1106237 #1106240 #1107256 #1107385 #1107866 #1108377 #1108468 #1109330 #1109739 #1109772 #1109806 #1109818 #1109907 #1109911 #1109915 #1109919 #1109951 #1110006 #1110998 #1111040 #1111062 #1111174 #1111506 #1111696 #1111809 #1111921 #1111983 #1112128 #1112170 #1112173 #1112208 #1112219 #1112221 #1112246 #1112372 #1112514 #1112554 #1112708 #1112710 #1112711 #1112712 #1112713 #1112731 #1112732 #1112733 #1112734 #1112735 #1112736 #1112738 #1112739 #1112740 #1112741 #1112743 #1112745 #1112746 #1112878 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1112963 #1113257 #1113284 #1113295 #1113408 #1113412 #1113501 #1113667 #1113677 #1113722 #1113751 #1113769 #1113780 #1113972 #1114015 #1114178 #1114279 #1114385 #1114576 #1114577 #1114578 #1114579 #1114580 #1114581 #1114582 #1114583 #1114584 #1114585 #1114839 #1115074 #1115269 #1115431 #1115433 #1115440 #1115567 #1115709 #1115976 #1116183 #1116692 #1116693 #1116698 #1116699 #1116700 #1116701 #1116862 #1116863 #1116876 #1116877 #1116878 #1116891 #1116895 #1116899 #1116950 #1117168 #1117172 #1117174 #1117181 #1117184 #1117188 #1117189 #1117349 #1117561 #1117788 #1117789 #1117790 #1117791 #1117792 #1117794 #1117795 #1117796 #1117798 #1117799 #1117801 #1117802 #1117803 #1117804 #1117805 #1117806 #1117807 #1117808 #1117815 #1117816 #1117817 #1117818 #1117819 #1117820 #1117821 #1117822 #1118102 #1118136 #1118137 #1118138 #1118140 #1118152 #1118316 Cross-References: CVE-2017-16533 CVE-2017-18224 CVE-2018-18281 CVE-2018-18386 CVE-2018-18445 CVE-2018-18710 CVE-2018-19824 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 184 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removed entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry could remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permitted out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and consequently had a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). - ACPICA: Tables: Add WSMT support (bsc#1089350). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - ACPI, nfit: Fix ARS overflow continuation (bsc#1116895). - ACPI, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128). - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - ACPI / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - Add the cherry-picked dup id for PCI dwc fix - Add version information to KLP_SYMBOLS file - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - ALSA: control: Fix race between adding and removing a user element (bsc#1051510). - ALSA: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - ALSA: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - ALSA: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - ALSA: hda: fix unused variable warning (bsc#1051510). - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510). - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - ALSA: hda/realtek - Support ALC300 (bsc#1051510). - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - ALSA: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998). - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - Blacklist commit that modifies Scsi_Host/kabi (bsc#1114579) - Blacklist sd_zbc patch that is too invasive (bsc#1114583) - Blacklist virtio patch that uses bio_integrity_bytes() (bsc#1114585) - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: respect virtual boundary mask in bvecs (bsc#1113412). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - Bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - Btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - Btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - Btrfs: fix deadlock when writing out free space caches (bsc#1116700). - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - Btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - Btrfs: fix use-after-free during inode eviction (bsc#1116701). - Btrfs: fix use-after-free when dumping free space (bsc#1116862). - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - Btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - Btrfs: make sure we create all new block groups (bsc#1116699). - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - configfs: replace strncpy with memcpy (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - Enable LSPCON instead of blindly disabling HDMI - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev: fix broken menu dependencies (bsc#1113722) - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix kABI for "Ensure we commit after writeback is complete" (bsc#1111809). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwrng: core - document the quality field (bsc#1051510). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - Input: atakbd - fix Atari keymap (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - KABI fix for "NFSv4.1: Fix up replays of interrupted requests" (git-fixes). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840). - KABI: mask raw in struct bpf_reg_state (bsc#1083647). - KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - KABI: powerpc: Revert npu callback signature change (bsc#1055120). - KABI: protect struct fib_nh_exception (kabi). - KABI: protect struct rtable (kabi). - KABI/severities: ignore __xive_vm_h_* KVM internal symbols. - Kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: move "_all" target out of $(KBUILD_SRC) conditional (bsc#1114279). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - KVM: Make VM ioctl do valloc for some archs (bsc#1111506). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - KVM: PPC: Book3S HV: Do not use existing "prodded" flag for XIVE escalations (bsc#1061840). - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840). - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - KVM: s390: vsie: copy wrapping keys to right place (git-fixes). - KVM: SVM: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - KVM: VMX: re-add ple_gap module parameter (bsc#1106240). - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - KVM: x86: Add a framework for supporting MSR-based features (bsc#1106240). - KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240). - KVM/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - KVM: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: call into generic suspend code before turning off power (bsc#1051510). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libnvdimm, badrange: remove a WARN for list_empty (bsc#1112128). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm: Introduce locked DIMM capacity support (bsc#1112128). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: move poison list functions to a new 'badrange' file (bsc#1112128). - libnvdimm/nfit_test: add firmware download emulation (bsc#1112128). - libnvdimm/nfit_test: adding support for unit testing enable LSS status (bsc#1112128). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - libnvdimm, testing: Add emulation for smart injection commands (bsc#1112128). - libnvdimm, testing: update the default smart ctrl_temperature (bsc#1112128). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - livepatch: create and include UAPI headers (). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - lockd: fix "list_add double add" caused by legacy signal interface (git-fixes). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Always report TX status (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: rework memcg kernel stack accounting (bnc#1113677). - modpost: ignore livepatch unresolved relocations (). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - move changes without Git-commit out of sorted section - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfit_test: add error injection DSMs (bsc#1112128). - nfit_test: fix buffer overrun, add sanity check (bsc#1112128). - nfit_test: improve structure offset handling (bsc#1112128). - nfit_test: prevent parsing error of nfit_test.0 (bsc#1112128). - nfit_test: when clearing poison, also remove badrange entries (bsc#1112128). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - NFS: Avoid quadratic search when freeing delegations (bsc#1084760). - NFS: Avoid RCU usage in tracepoints (git-fixes). - NFS: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - NFS: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - NFS: Ensure we commit after writeback is complete (bsc#1111809). - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes). - NFS: Fix a typo in nfs_rename() (git-fixes). - NFS: Fix typo in nomigration mount option (git-fixes). - NFS: Fix unstable write completion (git-fixes). - NFSv4.0 fix client reference leak in callback (git-fixes). - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - NFSv4.1 fix infinite loop on I/O (git-fixes). - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - NFSv4.1: Fix up replays of interrupted requests (git-fixes). - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Include dependency (bsc#1114279). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme: Free ctrl device name on init failure (). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - of: add helper to lookup compatible child node (bsc#1106110) - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk (bsc#1051510). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510). - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510) - PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: imx6: Fix link training status detection in link up check (bsc#1109806). - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - PCI: Reprogram bridge prefetch registers on resume (bsc#1051510). - PCI: vmd: Assign vector zero to all bridges (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1109806). - PCI: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries: Fix "OF: ERROR: Bad of_node_put() on /cpus" during DLPAR (bsc#1113295). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rds: fix two RCU related problems (networking-stable-18_09_18). - README: Clean-up trailing whitespace - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - rename a hv patch to reduce conflicts in -AZURE - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert "powerpc/64: Fix checksum folding in csum_add()" (bsc#1065729). - Revert "rpm/kernel-binary.spec.in: allow unsupported modules for -extra" - Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" (bsc#1051510). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - skip LAYOUTRETURN if layout is invalid (git-fixes). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - test_firmware: fix error return getting clobbered (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools/testing/nvdimm: advertise a write cache for nfit_test (bsc#1112128). - tools/testing/nvdimm: allow custom error code injection (bsc#1112128). - tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#1112128). - tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (bsc#1112128). - tools/testing/nvdimm: Fix support for emulating controller temperature (bsc#1112128). - tools/testing/nvdimm: force nfit_test to depend on instrumented modules (bsc#1112128). - tools/testing/nvdimm: improve emulation of smart injection (bsc#1112128). - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() (bsc#1112128). - tools/testing/nvdimm: Make DSM failure code injection an override (bsc#1112128). - tools/testing/nvdimm: smart alarm/threshold control (bsc#1112128). - tools/testing/nvdimm: stricter bounds checking for error injection commands (bsc#1112128). - tools/testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: unit test clear-error commands (bsc#1112128). - tools/vm/page-types.c: fix "defined but not used" warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - Update config files. Enabled ENA (Amazon network driver) for arm64. - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20" Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - Use upstream version of pci-hyperv patch (35a88a1) - VFS: close race between getcwd() and d_move() (git-fixes). - VFS: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/eisa: Add missing include (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86, nfit_test: Add unit test for memcpy_mcsafe() (bsc#1112128). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2018-2894=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2894=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2894=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2018-2894=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2894=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.3.1 kernel-default-debugsource-4.12.14-95.3.1 kernel-default-extra-4.12.14-95.3.1 kernel-default-extra-debuginfo-4.12.14-95.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.3.2 kernel-obs-build-debugsource-4.12.14-95.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.3.1 kernel-default-base-4.12.14-95.3.1 kernel-default-base-debuginfo-4.12.14-95.3.1 kernel-default-debuginfo-4.12.14-95.3.1 kernel-default-debugsource-4.12.14-95.3.1 kernel-default-devel-4.12.14-95.3.1 kernel-syms-4.12.14-95.3.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.3.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.3.1 kernel-macros-4.12.14-95.3.1 kernel-source-4.12.14-95.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.3.1 cluster-md-kmp-default-debuginfo-4.12.14-95.3.1 dlm-kmp-default-4.12.14-95.3.1 dlm-kmp-default-debuginfo-4.12.14-95.3.1 gfs2-kmp-default-4.12.14-95.3.1 gfs2-kmp-default-debuginfo-4.12.14-95.3.1 kernel-default-debuginfo-4.12.14-95.3.1 kernel-default-debugsource-4.12.14-95.3.1 ocfs2-kmp-default-4.12.14-95.3.1 ocfs2-kmp-default-debuginfo-4.12.14-95.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.3.1 kernel-default-debuginfo-4.12.14-95.3.1 kernel-default-debugsource-4.12.14-95.3.1 kernel-default-devel-4.12.14-95.3.1 kernel-default-devel-debuginfo-4.12.14-95.3.1 kernel-default-extra-4.12.14-95.3.1 kernel-default-extra-debuginfo-4.12.14-95.3.1 kernel-syms-4.12.14-95.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.3.1 kernel-macros-4.12.14-95.3.1 kernel-source-4.12.14-95.3.1 References: https://www.suse.com/security/cve/CVE-2017-16533.html https://www.suse.com/security/cve/CVE-2017-18224.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18386.html https://www.suse.com/security/cve/CVE-2018-18445.html https://www.suse.com/security/cve/CVE-2018-18710.html https://www.suse.com/security/cve/CVE-2018-19824.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066674 https://bugzilla.suse.com/1067906 https://bugzilla.suse.com/1068273 https://bugzilla.suse.com/1076830 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1079524 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1082653 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1084760 https://bugzilla.suse.com/1084831 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1086196 https://bugzilla.suse.com/1089350 https://bugzilla.suse.com/1091800 https://bugzilla.suse.com/1094825 https://bugzilla.suse.com/1095805 https://bugzilla.suse.com/1097755 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1103356 https://bugzilla.suse.com/1103925 https://bugzilla.suse.com/1104124 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1104824 https://bugzilla.suse.com/1105025 https://bugzilla.suse.com/1105428 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1107256 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1108377 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109739 https://bugzilla.suse.com/1109772 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1109818 https://bugzilla.suse.com/1109907 https://bugzilla.suse.com/1109911 https://bugzilla.suse.com/1109915 https://bugzilla.suse.com/1109919 https://bugzilla.suse.com/1109951 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110998 https://bugzilla.suse.com/1111040 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111174 https://bugzilla.suse.com/1111506 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1111921 https://bugzilla.suse.com/1111983 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1112170 https://bugzilla.suse.com/1112173 https://bugzilla.suse.com/1112208 https://bugzilla.suse.com/1112219 https://bugzilla.suse.com/1112221 https://bugzilla.suse.com/1112246 https://bugzilla.suse.com/1112372 https://bugzilla.suse.com/1112514 https://bugzilla.suse.com/1112554 https://bugzilla.suse.com/1112708 https://bugzilla.suse.com/1112710 https://bugzilla.suse.com/1112711 https://bugzilla.suse.com/1112712 https://bugzilla.suse.com/1112713 https://bugzilla.suse.com/1112731 https://bugzilla.suse.com/1112732 https://bugzilla.suse.com/1112733 https://bugzilla.suse.com/1112734 https://bugzilla.suse.com/1112735 https://bugzilla.suse.com/1112736 https://bugzilla.suse.com/1112738 https://bugzilla.suse.com/1112739 https://bugzilla.suse.com/1112740 https://bugzilla.suse.com/1112741 https://bugzilla.suse.com/1112743 https://bugzilla.suse.com/1112745 https://bugzilla.suse.com/1112746 https://bugzilla.suse.com/1112878 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113257 https://bugzilla.suse.com/1113284 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1113408 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1113501 https://bugzilla.suse.com/1113667 https://bugzilla.suse.com/1113677 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113751 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1113780 https://bugzilla.suse.com/1113972 https://bugzilla.suse.com/1114015 https://bugzilla.suse.com/1114178 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114385 https://bugzilla.suse.com/1114576 https://bugzilla.suse.com/1114577 https://bugzilla.suse.com/1114578 https://bugzilla.suse.com/1114579 https://bugzilla.suse.com/1114580 https://bugzilla.suse.com/1114581 https://bugzilla.suse.com/1114582 https://bugzilla.suse.com/1114583 https://bugzilla.suse.com/1114584 https://bugzilla.suse.com/1114585 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1115074 https://bugzilla.suse.com/1115269 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115567 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1115976 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116692 https://bugzilla.suse.com/1116693 https://bugzilla.suse.com/1116698 https://bugzilla.suse.com/1116699 https://bugzilla.suse.com/1116700 https://bugzilla.suse.com/1116701 https://bugzilla.suse.com/1116862 https://bugzilla.suse.com/1116863 https://bugzilla.suse.com/1116876 https://bugzilla.suse.com/1116877 https://bugzilla.suse.com/1116878 https://bugzilla.suse.com/1116891 https://bugzilla.suse.com/1116895 https://bugzilla.suse.com/1116899 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1117168 https://bugzilla.suse.com/1117172 https://bugzilla.suse.com/1117174 https://bugzilla.suse.com/1117181 https://bugzilla.suse.com/1117184 https://bugzilla.suse.com/1117188 https://bugzilla.suse.com/1117189 https://bugzilla.suse.com/1117349 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1117788 https://bugzilla.suse.com/1117789 https://bugzilla.suse.com/1117790 https://bugzilla.suse.com/1117791 https://bugzilla.suse.com/1117792 https://bugzilla.suse.com/1117794 https://bugzilla.suse.com/1117795 https://bugzilla.suse.com/1117796 https://bugzilla.suse.com/1117798 https://bugzilla.suse.com/1117799 https://bugzilla.suse.com/1117801 https://bugzilla.suse.com/1117802 https://bugzilla.suse.com/1117803 https://bugzilla.suse.com/1117804 https://bugzilla.suse.com/1117805 https://bugzilla.suse.com/1117806 https://bugzilla.suse.com/1117807 https://bugzilla.suse.com/1117808 https://bugzilla.suse.com/1117815 https://bugzilla.suse.com/1117816 https://bugzilla.suse.com/1117817 https://bugzilla.suse.com/1117818 https://bugzilla.suse.com/1117819 https://bugzilla.suse.com/1117820 https://bugzilla.suse.com/1117821 https://bugzilla.suse.com/1117822 https://bugzilla.suse.com/1118102 https://bugzilla.suse.com/1118136 https://bugzilla.suse.com/1118137 https://bugzilla.suse.com/1118138 https://bugzilla.suse.com/1118140 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118316 From sle-security-updates at lists.suse.com Wed Dec 12 01:09:16 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Dec 2018 09:09:16 +0100 (CET) Subject: SUSE-SU-2018:4070-1: important: Security update for xen Message-ID: <20181212080916.6866CFF85@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4070-1 Rating: important References: #1027519 #1108940 #1114405 #1114423 #1115040 #1115045 #1115047 Cross-References: CVE-2018-18849 CVE-2018-18883 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin (bsc#1114423). - CVE-2018-18883: Fixed a NULL pointer dereference that could have been triggered by nested VT-x that where not properly restricted (XSA-278)(bsc#1114405). - CVE-2018-19965: Fixed denial of service issue from attempting to use INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045). - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused conflicts with shadow paging (XSA-280)(bsc#1115047). - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing / improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040). Non-security issues fixed: - Added upstream bug fixes (bsc#1027519). - Fixed XEN SLE12-SP1 domU hang on SLE12-SP3 HV (bsc#1108940). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2896=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2896=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2896=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): xen-debugsource-4.9.3_03-3.47.1 xen-devel-4.9.3_03-3.47.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): xen-4.9.3_03-3.47.1 xen-debugsource-4.9.3_03-3.47.1 xen-doc-html-4.9.3_03-3.47.1 xen-libs-32bit-4.9.3_03-3.47.1 xen-libs-4.9.3_03-3.47.1 xen-libs-debuginfo-32bit-4.9.3_03-3.47.1 xen-libs-debuginfo-4.9.3_03-3.47.1 xen-tools-4.9.3_03-3.47.1 xen-tools-debuginfo-4.9.3_03-3.47.1 xen-tools-domU-4.9.3_03-3.47.1 xen-tools-domU-debuginfo-4.9.3_03-3.47.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xen-4.9.3_03-3.47.1 xen-debugsource-4.9.3_03-3.47.1 xen-libs-32bit-4.9.3_03-3.47.1 xen-libs-4.9.3_03-3.47.1 xen-libs-debuginfo-32bit-4.9.3_03-3.47.1 xen-libs-debuginfo-4.9.3_03-3.47.1 - SUSE CaaS Platform ALL (x86_64): xen-debugsource-4.9.3_03-3.47.1 xen-libs-4.9.3_03-3.47.1 xen-libs-debuginfo-4.9.3_03-3.47.1 xen-tools-domU-4.9.3_03-3.47.1 xen-tools-domU-debuginfo-4.9.3_03-3.47.1 - SUSE CaaS Platform 3.0 (x86_64): xen-debugsource-4.9.3_03-3.47.1 xen-libs-4.9.3_03-3.47.1 xen-libs-debuginfo-4.9.3_03-3.47.1 xen-tools-domU-4.9.3_03-3.47.1 xen-tools-domU-debuginfo-4.9.3_03-3.47.1 References: https://www.suse.com/security/cve/CVE-2018-18849.html https://www.suse.com/security/cve/CVE-2018-18883.html https://www.suse.com/security/cve/CVE-2018-19961.html https://www.suse.com/security/cve/CVE-2018-19962.html https://www.suse.com/security/cve/CVE-2018-19965.html https://www.suse.com/security/cve/CVE-2018-19966.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1108940 https://bugzilla.suse.com/1114405 https://bugzilla.suse.com/1114423 https://bugzilla.suse.com/1115040 https://bugzilla.suse.com/1115045 https://bugzilla.suse.com/1115047 From sle-security-updates at lists.suse.com Wed Dec 12 01:13:05 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Dec 2018 09:13:05 +0100 (CET) Subject: SUSE-SU-2018:4072-1: important: Security update for the Linux Kernel Message-ID: <20181212081305.1EBA9FF85@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4072-1 Rating: important References: #1051510 #1055120 #1061840 #1065600 #1065729 #1066674 #1067906 #1068273 #1076830 #1078248 #1079524 #1082555 #1082653 #1083647 #1084760 #1084831 #1085535 #1086196 #1089350 #1091800 #1094825 #1095805 #1097755 #1100132 #1103356 #1103925 #1104124 #1104731 #1104824 #1105025 #1105428 #1106105 #1106110 #1106237 #1106240 #1107256 #1107385 #1107866 #1108377 #1108468 #1109330 #1109739 #1109772 #1109806 #1109818 #1109907 #1109911 #1109915 #1109919 #1109951 #1110006 #1110998 #1111040 #1111062 #1111174 #1111506 #1111696 #1111809 #1111921 #1111983 #1112128 #1112170 #1112173 #1112208 #1112219 #1112221 #1112246 #1112372 #1112514 #1112554 #1112708 #1112710 #1112711 #1112712 #1112713 #1112731 #1112732 #1112733 #1112734 #1112735 #1112736 #1112738 #1112739 #1112740 #1112741 #1112743 #1112745 #1112746 #1112878 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1112963 #1113257 #1113284 #1113295 #1113408 #1113412 #1113501 #1113667 #1113677 #1113722 #1113751 #1113769 #1113780 #1113972 #1114015 #1114178 #1114279 #1114385 #1114576 #1114577 #1114578 #1114579 #1114580 #1114581 #1114582 #1114583 #1114584 #1114585 #1114839 #1115074 #1115269 #1115431 #1115433 #1115440 #1115567 #1115709 #1115976 #1116183 #1116692 #1116693 #1116698 #1116699 #1116700 #1116701 #1116862 #1116863 #1116876 #1116877 #1116878 #1116891 #1116895 #1116899 #1116950 #1117168 #1117172 #1117174 #1117181 #1117184 #1117188 #1117189 #1117349 #1117561 #1117788 #1117789 #1117790 #1117791 #1117792 #1117794 #1117795 #1117796 #1117798 #1117799 #1117801 #1117802 #1117803 #1117804 #1117805 #1117806 #1117807 #1117808 #1117815 #1117816 #1117817 #1117818 #1117819 #1117820 #1117821 #1117822 #1118102 #1118136 #1118137 #1118138 #1118140 #1118152 #1118316 Cross-References: CVE-2017-16533 CVE-2017-18224 CVE-2018-18281 CVE-2018-18386 CVE-2018-18445 CVE-2018-18710 CVE-2018-19824 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 184 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removed entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry could remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permitted out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and consequently had a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). - ACPICA: Tables: Add WSMT support (bsc#1089350). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - ACPI, nfit: Fix ARS overflow continuation (bsc#1116895). - ACPI, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128). - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - ACPI / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - Add the cherry-picked dup id for PCI dwc fix - Add version information to KLP_SYMBOLS file - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - ALSA: control: Fix race between adding and removing a user element (bsc#1051510). - ALSA: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - ALSA: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - ALSA: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - ALSA: hda: fix unused variable warning (bsc#1051510). - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510). - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - ALSA: hda/realtek - Support ALC300 (bsc#1051510). - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - ALSA: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998). - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - Blacklist commit that modifies Scsi_Host/kabi (bsc#1114579) - Blacklist sd_zbc patch that is too invasive (bsc#1114583) - Blacklist virtio patch that uses bio_integrity_bytes() (bsc#1114585) - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: respect virtual boundary mask in bvecs (bsc#1113412). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - Bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - Btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - Btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - Btrfs: fix deadlock when writing out free space caches (bsc#1116700). - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - Btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - Btrfs: fix use-after-free during inode eviction (bsc#1116701). - Btrfs: fix use-after-free when dumping free space (bsc#1116862). - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - Btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - Btrfs: make sure we create all new block groups (bsc#1116699). - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - configfs: replace strncpy with memcpy (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - Enable LSPCON instead of blindly disabling HDMI - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev: fix broken menu dependencies (bsc#1113722) - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix kABI for "Ensure we commit after writeback is complete" (bsc#1111809). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwrng: core - document the quality field (bsc#1051510). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - Input: atakbd - fix Atari keymap (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - KABI fix for "NFSv4.1: Fix up replays of interrupted requests" (git-fixes). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840). - KABI: mask raw in struct bpf_reg_state (bsc#1083647). - KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - KABI: powerpc: Revert npu callback signature change (bsc#1055120). - KABI: protect struct fib_nh_exception (kabi). - KABI: protect struct rtable (kabi). - KABI/severities: ignore __xive_vm_h_* KVM internal symbols. - Kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: move "_all" target out of $(KBUILD_SRC) conditional (bsc#1114279). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - KVM: Make VM ioctl do valloc for some archs (bsc#1111506). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - KVM: PPC: Book3S HV: Do not use existing "prodded" flag for XIVE escalations (bsc#1061840). - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840). - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - KVM: s390: vsie: copy wrapping keys to right place (git-fixes). - KVM: SVM: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - KVM: VMX: re-add ple_gap module parameter (bsc#1106240). - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - KVM: x86: Add a framework for supporting MSR-based features (bsc#1106240). - KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240). - KVM/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - KVM: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: call into generic suspend code before turning off power (bsc#1051510). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libnvdimm, badrange: remove a WARN for list_empty (bsc#1112128). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm: Introduce locked DIMM capacity support (bsc#1112128). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: move poison list functions to a new 'badrange' file (bsc#1112128). - libnvdimm/nfit_test: add firmware download emulation (bsc#1112128). - libnvdimm/nfit_test: adding support for unit testing enable LSS status (bsc#1112128). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - libnvdimm, testing: Add emulation for smart injection commands (bsc#1112128). - libnvdimm, testing: update the default smart ctrl_temperature (bsc#1112128). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - livepatch: create and include UAPI headers (). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - lockd: fix "list_add double add" caused by legacy signal interface (git-fixes). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Always report TX status (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: rework memcg kernel stack accounting (bnc#1113677). - modpost: ignore livepatch unresolved relocations (). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - move changes without Git-commit out of sorted section - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfit_test: add error injection DSMs (bsc#1112128). - nfit_test: fix buffer overrun, add sanity check (bsc#1112128). - nfit_test: improve structure offset handling (bsc#1112128). - nfit_test: prevent parsing error of nfit_test.0 (bsc#1112128). - nfit_test: when clearing poison, also remove badrange entries (bsc#1112128). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - NFS: Avoid quadratic search when freeing delegations (bsc#1084760). - NFS: Avoid RCU usage in tracepoints (git-fixes). - NFS: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - NFS: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - NFS: Ensure we commit after writeback is complete (bsc#1111809). - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes). - NFS: Fix a typo in nfs_rename() (git-fixes). - NFS: Fix typo in nomigration mount option (git-fixes). - NFS: Fix unstable write completion (git-fixes). - NFSv4.0 fix client reference leak in callback (git-fixes). - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - NFSv4.1 fix infinite loop on I/O (git-fixes). - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - NFSv4.1: Fix up replays of interrupted requests (git-fixes). - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Include dependency (bsc#1114279). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme: Free ctrl device name on init failure (). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - of: add helper to lookup compatible child node (bsc#1106110) - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk (bsc#1051510). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510). - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510) - PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: imx6: Fix link training status detection in link up check (bsc#1109806). - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - PCI: Reprogram bridge prefetch registers on resume (bsc#1051510). - PCI: vmd: Assign vector zero to all bridges (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1109806). - PCI: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries: Fix "OF: ERROR: Bad of_node_put() on /cpus" during DLPAR (bsc#1113295). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rds: fix two RCU related problems (networking-stable-18_09_18). - README: Clean-up trailing whitespace - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - rename a hv patch to reduce conflicts in -AZURE - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert "powerpc/64: Fix checksum folding in csum_add()" (bsc#1065729). - Revert "rpm/kernel-binary.spec.in: allow unsupported modules for -extra" - Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" (bsc#1051510). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - skip LAYOUTRETURN if layout is invalid (git-fixes). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - test_firmware: fix error return getting clobbered (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools/testing/nvdimm: advertise a write cache for nfit_test (bsc#1112128). - tools/testing/nvdimm: allow custom error code injection (bsc#1112128). - tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#1112128). - tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (bsc#1112128). - tools/testing/nvdimm: Fix support for emulating controller temperature (bsc#1112128). - tools/testing/nvdimm: force nfit_test to depend on instrumented modules (bsc#1112128). - tools/testing/nvdimm: improve emulation of smart injection (bsc#1112128). - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() (bsc#1112128). - tools/testing/nvdimm: Make DSM failure code injection an override (bsc#1112128). - tools/testing/nvdimm: smart alarm/threshold control (bsc#1112128). - tools/testing/nvdimm: stricter bounds checking for error injection commands (bsc#1112128). - tools/testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: unit test clear-error commands (bsc#1112128). - tools/vm/page-types.c: fix "defined but not used" warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - Update config files. Enabled ENA (Amazon network driver) for arm64. - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20" Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - Use upstream version of pci-hyperv patch (35a88a1) - VFS: close race between getcwd() and d_move() (git-fixes). - VFS: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/eisa: Add missing include (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86, nfit_test: Add unit test for memcpy_mcsafe() (bsc#1112128). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2018-2894=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_3-default-1-7.1 References: https://www.suse.com/security/cve/CVE-2017-16533.html https://www.suse.com/security/cve/CVE-2017-18224.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18386.html https://www.suse.com/security/cve/CVE-2018-18445.html https://www.suse.com/security/cve/CVE-2018-18710.html https://www.suse.com/security/cve/CVE-2018-19824.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066674 https://bugzilla.suse.com/1067906 https://bugzilla.suse.com/1068273 https://bugzilla.suse.com/1076830 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1079524 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1082653 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1084760 https://bugzilla.suse.com/1084831 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1086196 https://bugzilla.suse.com/1089350 https://bugzilla.suse.com/1091800 https://bugzilla.suse.com/1094825 https://bugzilla.suse.com/1095805 https://bugzilla.suse.com/1097755 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1103356 https://bugzilla.suse.com/1103925 https://bugzilla.suse.com/1104124 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1104824 https://bugzilla.suse.com/1105025 https://bugzilla.suse.com/1105428 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1107256 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1108377 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109739 https://bugzilla.suse.com/1109772 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1109818 https://bugzilla.suse.com/1109907 https://bugzilla.suse.com/1109911 https://bugzilla.suse.com/1109915 https://bugzilla.suse.com/1109919 https://bugzilla.suse.com/1109951 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110998 https://bugzilla.suse.com/1111040 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111174 https://bugzilla.suse.com/1111506 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1111921 https://bugzilla.suse.com/1111983 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1112170 https://bugzilla.suse.com/1112173 https://bugzilla.suse.com/1112208 https://bugzilla.suse.com/1112219 https://bugzilla.suse.com/1112221 https://bugzilla.suse.com/1112246 https://bugzilla.suse.com/1112372 https://bugzilla.suse.com/1112514 https://bugzilla.suse.com/1112554 https://bugzilla.suse.com/1112708 https://bugzilla.suse.com/1112710 https://bugzilla.suse.com/1112711 https://bugzilla.suse.com/1112712 https://bugzilla.suse.com/1112713 https://bugzilla.suse.com/1112731 https://bugzilla.suse.com/1112732 https://bugzilla.suse.com/1112733 https://bugzilla.suse.com/1112734 https://bugzilla.suse.com/1112735 https://bugzilla.suse.com/1112736 https://bugzilla.suse.com/1112738 https://bugzilla.suse.com/1112739 https://bugzilla.suse.com/1112740 https://bugzilla.suse.com/1112741 https://bugzilla.suse.com/1112743 https://bugzilla.suse.com/1112745 https://bugzilla.suse.com/1112746 https://bugzilla.suse.com/1112878 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113257 https://bugzilla.suse.com/1113284 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1113408 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1113501 https://bugzilla.suse.com/1113667 https://bugzilla.suse.com/1113677 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113751 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1113780 https://bugzilla.suse.com/1113972 https://bugzilla.suse.com/1114015 https://bugzilla.suse.com/1114178 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114385 https://bugzilla.suse.com/1114576 https://bugzilla.suse.com/1114577 https://bugzilla.suse.com/1114578 https://bugzilla.suse.com/1114579 https://bugzilla.suse.com/1114580 https://bugzilla.suse.com/1114581 https://bugzilla.suse.com/1114582 https://bugzilla.suse.com/1114583 https://bugzilla.suse.com/1114584 https://bugzilla.suse.com/1114585 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1115074 https://bugzilla.suse.com/1115269 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115567 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1115976 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116692 https://bugzilla.suse.com/1116693 https://bugzilla.suse.com/1116698 https://bugzilla.suse.com/1116699 https://bugzilla.suse.com/1116700 https://bugzilla.suse.com/1116701 https://bugzilla.suse.com/1116862 https://bugzilla.suse.com/1116863 https://bugzilla.suse.com/1116876 https://bugzilla.suse.com/1116877 https://bugzilla.suse.com/1116878 https://bugzilla.suse.com/1116891 https://bugzilla.suse.com/1116895 https://bugzilla.suse.com/1116899 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1117168 https://bugzilla.suse.com/1117172 https://bugzilla.suse.com/1117174 https://bugzilla.suse.com/1117181 https://bugzilla.suse.com/1117184 https://bugzilla.suse.com/1117188 https://bugzilla.suse.com/1117189 https://bugzilla.suse.com/1117349 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1117788 https://bugzilla.suse.com/1117789 https://bugzilla.suse.com/1117790 https://bugzilla.suse.com/1117791 https://bugzilla.suse.com/1117792 https://bugzilla.suse.com/1117794 https://bugzilla.suse.com/1117795 https://bugzilla.suse.com/1117796 https://bugzilla.suse.com/1117798 https://bugzilla.suse.com/1117799 https://bugzilla.suse.com/1117801 https://bugzilla.suse.com/1117802 https://bugzilla.suse.com/1117803 https://bugzilla.suse.com/1117804 https://bugzilla.suse.com/1117805 https://bugzilla.suse.com/1117806 https://bugzilla.suse.com/1117807 https://bugzilla.suse.com/1117808 https://bugzilla.suse.com/1117815 https://bugzilla.suse.com/1117816 https://bugzilla.suse.com/1117817 https://bugzilla.suse.com/1117818 https://bugzilla.suse.com/1117819 https://bugzilla.suse.com/1117820 https://bugzilla.suse.com/1117821 https://bugzilla.suse.com/1117822 https://bugzilla.suse.com/1118102 https://bugzilla.suse.com/1118136 https://bugzilla.suse.com/1118137 https://bugzilla.suse.com/1118138 https://bugzilla.suse.com/1118140 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118316 From sle-security-updates at lists.suse.com Wed Dec 12 07:08:55 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Dec 2018 15:08:55 +0100 (CET) Subject: SUSE-SU-2018:3770-2: moderate: Security update for postgresql10 Message-ID: <20181212140855.74F0CFF87@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3770-2 Rating: moderate References: #1114837 Cross-References: CVE-2018-16850 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2018-16850: Fixed improper quoting of transition table names when pg_dump emits CREATE TRIGGER could have caused privilege escalation (bsc#1114837). Non-security issues fixed: - Update to release 10.6: * https://www.postgresql.org/docs/current/static/release-10-6.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2662=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2662=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2662=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): postgresql10-devel-10.6-1.6.1 postgresql10-devel-debuginfo-10.6-1.6.1 postgresql10-libs-debugsource-10.6-1.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libecpg6-10.6-1.6.1 libecpg6-debuginfo-10.6-1.6.1 libpq5-10.6-1.6.1 libpq5-debuginfo-10.6-1.6.1 postgresql10-10.6-1.6.1 postgresql10-contrib-10.6-1.6.1 postgresql10-contrib-debuginfo-10.6-1.6.1 postgresql10-debuginfo-10.6-1.6.1 postgresql10-debugsource-10.6-1.6.1 postgresql10-libs-debugsource-10.6-1.6.1 postgresql10-server-10.6-1.6.1 postgresql10-server-debuginfo-10.6-1.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libpq5-32bit-10.6-1.6.1 libpq5-debuginfo-32bit-10.6-1.6.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): postgresql10-docs-10.6-1.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libecpg6-10.6-1.6.1 libecpg6-debuginfo-10.6-1.6.1 libpq5-10.6-1.6.1 libpq5-32bit-10.6-1.6.1 libpq5-debuginfo-10.6-1.6.1 libpq5-debuginfo-32bit-10.6-1.6.1 postgresql10-10.6-1.6.1 postgresql10-debuginfo-10.6-1.6.1 postgresql10-debugsource-10.6-1.6.1 postgresql10-libs-debugsource-10.6-1.6.1 References: https://www.suse.com/security/cve/CVE-2018-16850.html https://bugzilla.suse.com/1114837 From sle-security-updates at lists.suse.com Wed Dec 12 07:09:31 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Dec 2018 15:09:31 +0100 (CET) Subject: SUSE-SU-2018:4086-1: important: Security update for qemu Message-ID: <20181212140931.72643FF85@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4086-1 Rating: important References: #1108474 #1114529 Cross-References: CVE-2018-16847 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for qemu fixes the following issues: Security issue fixed: - CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb operations (bsc#1114529). Non-security issue fixed: - Fixed serial console issue in SLES 12 SP2 that triggered a qemu-kvm bug (bsc#1108474). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2913=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2913=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2913=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): qemu-2.11.2-9.17.1 qemu-block-curl-2.11.2-9.17.1 qemu-block-curl-debuginfo-2.11.2-9.17.1 qemu-block-iscsi-2.11.2-9.17.1 qemu-block-iscsi-debuginfo-2.11.2-9.17.1 qemu-block-rbd-2.11.2-9.17.1 qemu-block-rbd-debuginfo-2.11.2-9.17.1 qemu-block-ssh-2.11.2-9.17.1 qemu-block-ssh-debuginfo-2.11.2-9.17.1 qemu-debuginfo-2.11.2-9.17.1 qemu-debugsource-2.11.2-9.17.1 qemu-guest-agent-2.11.2-9.17.1 qemu-guest-agent-debuginfo-2.11.2-9.17.1 qemu-lang-2.11.2-9.17.1 - SUSE Linux Enterprise Module for Server Applications 15 (s390x x86_64): qemu-kvm-2.11.2-9.17.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64): qemu-arm-2.11.2-9.17.1 qemu-arm-debuginfo-2.11.2-9.17.1 - SUSE Linux Enterprise Module for Server Applications 15 (ppc64le): qemu-ppc-2.11.2-9.17.1 qemu-ppc-debuginfo-2.11.2-9.17.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): qemu-ipxe-1.0.0+-9.17.1 qemu-seabios-1.11.0-9.17.1 qemu-sgabios-8-9.17.1 qemu-vgabios-1.11.0-9.17.1 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): qemu-x86-2.11.2-9.17.1 qemu-x86-debuginfo-2.11.2-9.17.1 - SUSE Linux Enterprise Module for Server Applications 15 (s390x): qemu-s390-2.11.2-9.17.1 qemu-s390-debuginfo-2.11.2-9.17.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): qemu-block-dmg-2.11.2-9.17.1 qemu-block-dmg-debuginfo-2.11.2-9.17.1 qemu-debuginfo-2.11.2-9.17.1 qemu-debugsource-2.11.2-9.17.1 qemu-extra-2.11.2-9.17.1 qemu-extra-debuginfo-2.11.2-9.17.1 qemu-linux-user-2.11.2-9.17.1 qemu-linux-user-debuginfo-2.11.2-9.17.1 qemu-linux-user-debugsource-2.11.2-9.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-2.11.2-9.17.1 qemu-debugsource-2.11.2-9.17.1 qemu-tools-2.11.2-9.17.1 qemu-tools-debuginfo-2.11.2-9.17.1 References: https://www.suse.com/security/cve/CVE-2018-16847.html https://bugzilla.suse.com/1108474 https://bugzilla.suse.com/1114529 From sle-security-updates at lists.suse.com Wed Dec 12 10:09:10 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Dec 2018 18:09:10 +0100 (CET) Subject: SUSE-SU-2018:4087-1: important: Security update for ghostscript Message-ID: <20181212170910.7A7E1FF85@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4087-1 Rating: important References: #1109105 #1111479 #1111480 #1112229 #1117022 #1117274 #1117313 #1117327 #1117331 Cross-References: CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2914=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2914=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2914=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ghostscript-mini-9.26-3.9.3 ghostscript-mini-debuginfo-9.26-3.9.3 ghostscript-mini-debugsource-9.26-3.9.3 ghostscript-mini-devel-9.26-3.9.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libspectre-debugsource-0.2.8-3.4.3 libspectre-devel-0.2.8-3.4.3 libspectre1-0.2.8-3.4.3 libspectre1-debuginfo-0.2.8-3.4.3 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ghostscript-9.26-3.9.4 ghostscript-debuginfo-9.26-3.9.4 ghostscript-debugsource-9.26-3.9.4 ghostscript-devel-9.26-3.9.4 ghostscript-x11-9.26-3.9.4 ghostscript-x11-debuginfo-9.26-3.9.4 References: https://www.suse.com/security/cve/CVE-2018-17183.html https://www.suse.com/security/cve/CVE-2018-17961.html https://www.suse.com/security/cve/CVE-2018-18073.html https://www.suse.com/security/cve/CVE-2018-18284.html https://www.suse.com/security/cve/CVE-2018-19409.html https://www.suse.com/security/cve/CVE-2018-19475.html https://www.suse.com/security/cve/CVE-2018-19476.html https://www.suse.com/security/cve/CVE-2018-19477.html https://bugzilla.suse.com/1109105 https://bugzilla.suse.com/1111479 https://bugzilla.suse.com/1111480 https://bugzilla.suse.com/1112229 https://bugzilla.suse.com/1117022 https://bugzilla.suse.com/1117274 https://bugzilla.suse.com/1117313 https://bugzilla.suse.com/1117327 https://bugzilla.suse.com/1117331 From sle-security-updates at lists.suse.com Wed Dec 12 13:09:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Dec 2018 21:09:17 +0100 (CET) Subject: SUSE-SU-2018:4088-1: important: Security update for git Message-ID: <20181212200917.B29BCFD41@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4088-1 Rating: important References: #1110949 Cross-References: CVE-2018-17456 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issue: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-2918=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2918=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2918=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2918=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2918=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2918=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2918=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2918=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2918=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2918=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2918=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-2918=1 Package List: - SUSE OpenStack Cloud 8 (x86_64): git-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 - SUSE OpenStack Cloud 7 (s390x x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 - SUSE OpenStack Cloud 7 (noarch): git-doc-2.12.3-27.17.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): git-2.12.3-27.17.2 git-arch-2.12.3-27.17.2 git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-cvs-2.12.3-27.17.2 git-daemon-2.12.3-27.17.2 git-daemon-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 git-email-2.12.3-27.17.2 git-gui-2.12.3-27.17.2 git-svn-2.12.3-27.17.2 git-svn-debuginfo-2.12.3-27.17.2 git-web-2.12.3-27.17.2 gitk-2.12.3-27.17.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): git-doc-2.12.3-27.17.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): git-doc-2.12.3-27.17.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): git-doc-2.12.3-27.17.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): git-doc-2.12.3-27.17.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): git-doc-2.12.3-27.17.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 - SUSE Linux Enterprise Server 12-LTSS (noarch): git-doc-2.12.3-27.17.2 - SUSE Enterprise Storage 4 (x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 - SUSE Enterprise Storage 4 (noarch): git-doc-2.12.3-27.17.2 - SUSE CaaS Platform ALL (x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 - SUSE CaaS Platform 3.0 (x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 - HPE Helion Openstack 8 (x86_64): git-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 References: https://www.suse.com/security/cve/CVE-2018-17456.html https://bugzilla.suse.com/1110949 From sle-security-updates at lists.suse.com Wed Dec 12 13:09:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Dec 2018 21:09:58 +0100 (CET) Subject: SUSE-SU-2018:4089-1: important: Security update for cups Message-ID: <20181212200958.BCC4CFD41@maintenance.suse.de> SUSE Security Update: Security update for cups ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4089-1 Rating: important References: #1115750 Cross-References: CVE-2018-4700 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2917=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2917=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2917=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2917=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2917=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2917=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): cups-ddk-1.7.5-20.20.1 cups-ddk-debuginfo-1.7.5-20.20.1 cups-debuginfo-1.7.5-20.20.1 cups-debugsource-1.7.5-20.20.1 cups-devel-1.7.5-20.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): cups-ddk-1.7.5-20.20.1 cups-ddk-debuginfo-1.7.5-20.20.1 cups-debuginfo-1.7.5-20.20.1 cups-debugsource-1.7.5-20.20.1 cups-devel-1.7.5-20.20.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): cups-1.7.5-20.20.1 cups-client-1.7.5-20.20.1 cups-client-debuginfo-1.7.5-20.20.1 cups-debuginfo-1.7.5-20.20.1 cups-debugsource-1.7.5-20.20.1 cups-libs-1.7.5-20.20.1 cups-libs-debuginfo-1.7.5-20.20.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): cups-libs-32bit-1.7.5-20.20.1 cups-libs-debuginfo-32bit-1.7.5-20.20.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cups-1.7.5-20.20.1 cups-client-1.7.5-20.20.1 cups-client-debuginfo-1.7.5-20.20.1 cups-debuginfo-1.7.5-20.20.1 cups-debugsource-1.7.5-20.20.1 cups-libs-1.7.5-20.20.1 cups-libs-debuginfo-1.7.5-20.20.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): cups-libs-32bit-1.7.5-20.20.1 cups-libs-debuginfo-32bit-1.7.5-20.20.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): cups-1.7.5-20.20.1 cups-client-1.7.5-20.20.1 cups-client-debuginfo-1.7.5-20.20.1 cups-debuginfo-1.7.5-20.20.1 cups-debugsource-1.7.5-20.20.1 cups-libs-1.7.5-20.20.1 cups-libs-32bit-1.7.5-20.20.1 cups-libs-debuginfo-1.7.5-20.20.1 cups-libs-debuginfo-32bit-1.7.5-20.20.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cups-1.7.5-20.20.1 cups-client-1.7.5-20.20.1 cups-client-debuginfo-1.7.5-20.20.1 cups-debuginfo-1.7.5-20.20.1 cups-debugsource-1.7.5-20.20.1 cups-libs-1.7.5-20.20.1 cups-libs-32bit-1.7.5-20.20.1 cups-libs-debuginfo-1.7.5-20.20.1 cups-libs-debuginfo-32bit-1.7.5-20.20.1 References: https://www.suse.com/security/cve/CVE-2018-4700.html https://bugzilla.suse.com/1115750 From sle-security-updates at lists.suse.com Wed Dec 12 13:10:41 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Dec 2018 21:10:41 +0100 (CET) Subject: SUSE-SU-2018:4090-1: important: Security update for ghostscript Message-ID: <20181212201041.058ECFD41@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4090-1 Rating: important References: #1109105 #1111479 #1111480 #1112229 #1117022 #1117274 #1117313 #1117327 #1117331 Cross-References: CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2916=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2916=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2916=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2916=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2916=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2916=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2916=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2916=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2916=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2916=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2916=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2916=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2916=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): ghostscript-9.26-23.16.1 ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-x11-9.26-23.16.1 ghostscript-x11-debuginfo-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre1-0.2.7-12.4.1 libspectre1-debuginfo-0.2.7-12.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-devel-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre-devel-0.2.7-12.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-devel-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre-devel-0.2.7-12.4.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ghostscript-9.26-23.16.1 ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-x11-9.26-23.16.1 ghostscript-x11-debuginfo-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre1-0.2.7-12.4.1 libspectre1-debuginfo-0.2.7-12.4.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ghostscript-9.26-23.16.1 ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-x11-9.26-23.16.1 ghostscript-x11-debuginfo-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre1-0.2.7-12.4.1 libspectre1-debuginfo-0.2.7-12.4.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-9.26-23.16.1 ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-x11-9.26-23.16.1 ghostscript-x11-debuginfo-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre1-0.2.7-12.4.1 libspectre1-debuginfo-0.2.7-12.4.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ghostscript-9.26-23.16.1 ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-x11-9.26-23.16.1 ghostscript-x11-debuginfo-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre1-0.2.7-12.4.1 libspectre1-debuginfo-0.2.7-12.4.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ghostscript-9.26-23.16.1 ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-x11-9.26-23.16.1 ghostscript-x11-debuginfo-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre1-0.2.7-12.4.1 libspectre1-debuginfo-0.2.7-12.4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ghostscript-9.26-23.16.1 ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-x11-9.26-23.16.1 ghostscript-x11-debuginfo-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre1-0.2.7-12.4.1 libspectre1-debuginfo-0.2.7-12.4.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ghostscript-9.26-23.16.1 ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-x11-9.26-23.16.1 ghostscript-x11-debuginfo-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre1-0.2.7-12.4.1 libspectre1-debuginfo-0.2.7-12.4.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ghostscript-9.26-23.16.1 ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-x11-9.26-23.16.1 ghostscript-x11-debuginfo-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre1-0.2.7-12.4.1 libspectre1-debuginfo-0.2.7-12.4.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ghostscript-9.26-23.16.1 ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-x11-9.26-23.16.1 ghostscript-x11-debuginfo-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre1-0.2.7-12.4.1 libspectre1-debuginfo-0.2.7-12.4.1 - SUSE Enterprise Storage 4 (x86_64): ghostscript-9.26-23.16.1 ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-x11-9.26-23.16.1 ghostscript-x11-debuginfo-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre1-0.2.7-12.4.1 libspectre1-debuginfo-0.2.7-12.4.1 References: https://www.suse.com/security/cve/CVE-2018-17183.html https://www.suse.com/security/cve/CVE-2018-17961.html https://www.suse.com/security/cve/CVE-2018-18073.html https://www.suse.com/security/cve/CVE-2018-18284.html https://www.suse.com/security/cve/CVE-2018-19409.html https://www.suse.com/security/cve/CVE-2018-19475.html https://www.suse.com/security/cve/CVE-2018-19476.html https://www.suse.com/security/cve/CVE-2018-19477.html https://bugzilla.suse.com/1109105 https://bugzilla.suse.com/1111479 https://bugzilla.suse.com/1111480 https://bugzilla.suse.com/1112229 https://bugzilla.suse.com/1117022 https://bugzilla.suse.com/1117274 https://bugzilla.suse.com/1117313 https://bugzilla.suse.com/1117327 https://bugzilla.suse.com/1117331 From sle-security-updates at lists.suse.com Wed Dec 12 13:12:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Dec 2018 21:12:29 +0100 (CET) Subject: SUSE-SU-2018:3882-2: moderate: Security update for exiv2 Message-ID: <20181212201229.2EC68FD41@maintenance.suse.de> SUSE Security Update: Security update for exiv2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3882-2 Rating: moderate References: #1050257 #1051188 #1060995 #1060996 #1061000 #1072928 #1092952 #1093095 #1095070 Cross-References: CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 CVE-2017-17669 CVE-2018-10958 CVE-2018-10998 CVE-2018-11531 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for exiv2 fixes the following issues: - CVE-2017-11591: A floating point exception in the Exiv2::ValueType function could lead to a remote denial of service attack via crafted input. (bsc#1050257) - CVE-2017-14864: An invalid memory address dereference was discovered in Exiv2::getULong in types.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060995) - CVE-2017-14862: An invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060996) - CVE-2017-14859: An invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1061000) - CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp that could lead to a remote denial of service attack via crafted input. (bsc#1051188) - CVE-2017-17669: There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A crafted PNG file would lead to a remote denial of service attack. (bsc#1072928) - CVE-2018-10958: In types.cpp a large size value might have lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. (bsc#1092952) - CVE-2018-10998: readMetadata in jp2image.cpp allowed remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. (bsc#1093095) - CVE-2018-11531: Exiv2 had a heap-based buffer overflow in getData in preview.cpp. (bsc#1095070) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2772=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2772=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2772=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.23-12.5.1 exiv2-debugsource-0.23-12.5.1 libexiv2-devel-0.23-12.5.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.23-12.5.1 exiv2-debugsource-0.23-12.5.1 libexiv2-12-0.23-12.5.1 libexiv2-12-debuginfo-0.23-12.5.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): exiv2-debuginfo-0.23-12.5.1 exiv2-debugsource-0.23-12.5.1 libexiv2-12-0.23-12.5.1 libexiv2-12-debuginfo-0.23-12.5.1 References: https://www.suse.com/security/cve/CVE-2017-11591.html https://www.suse.com/security/cve/CVE-2017-11683.html https://www.suse.com/security/cve/CVE-2017-14859.html https://www.suse.com/security/cve/CVE-2017-14862.html https://www.suse.com/security/cve/CVE-2017-14864.html https://www.suse.com/security/cve/CVE-2017-17669.html https://www.suse.com/security/cve/CVE-2018-10958.html https://www.suse.com/security/cve/CVE-2018-10998.html https://www.suse.com/security/cve/CVE-2018-11531.html https://bugzilla.suse.com/1050257 https://bugzilla.suse.com/1051188 https://bugzilla.suse.com/1060995 https://bugzilla.suse.com/1060996 https://bugzilla.suse.com/1061000 https://bugzilla.suse.com/1072928 https://bugzilla.suse.com/1092952 https://bugzilla.suse.com/1093095 https://bugzilla.suse.com/1095070 From sle-security-updates at lists.suse.com Thu Dec 13 10:08:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Dec 2018 18:08:56 +0100 (CET) Subject: SUSE-SU-2018:3587-2: Security update for ntfs-3g_ntfsprogs Message-ID: <20181213170856.3DD41FCB3@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3587-2 Rating: low References: #1022500 Cross-References: CVE-2017-0358 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege (bsc#1022500) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2018-2543=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2543=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2543=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libntfs-3g84-2013.1.13-5.3.1 libntfs-3g84-debuginfo-2013.1.13-5.3.1 ntfs-3g-2013.1.13-5.3.1 ntfs-3g-debuginfo-2013.1.13-5.3.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.3.1 ntfsprogs-2013.1.13-5.3.1 ntfsprogs-debuginfo-2013.1.13-5.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2013.1.13-5.3.1 libntfs-3g84-2013.1.13-5.3.1 libntfs-3g84-debuginfo-2013.1.13-5.3.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libntfs-3g84-2013.1.13-5.3.1 libntfs-3g84-debuginfo-2013.1.13-5.3.1 ntfs-3g-2013.1.13-5.3.1 ntfs-3g-debuginfo-2013.1.13-5.3.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.3.1 ntfsprogs-2013.1.13-5.3.1 ntfsprogs-debuginfo-2013.1.13-5.3.1 References: https://www.suse.com/security/cve/CVE-2017-0358.html https://bugzilla.suse.com/1022500 From sle-security-updates at lists.suse.com Fri Dec 14 07:09:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Dec 2018 15:09:29 +0100 (CET) Subject: SUSE-SU-2018:4120-1: moderate: Security update for tiff Message-ID: <20181214140929.DC711FD4A@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4120-1 Rating: moderate References: #1017693 Cross-References: CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tiff-13910=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tiff-13910=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tiff-13910=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.169.26.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.169.26.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.169.26.1 tiff-3.8.2-141.169.26.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.169.26.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtiff3-x86-3.8.2-141.169.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.169.26.1 tiff-debugsource-3.8.2-141.169.26.1 References: https://www.suse.com/security/cve/CVE-2016-10092.html https://www.suse.com/security/cve/CVE-2016-10093.html https://www.suse.com/security/cve/CVE-2016-10094.html https://bugzilla.suse.com/1017693 From sle-security-updates at lists.suse.com Fri Dec 14 07:10:16 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Dec 2018 15:10:16 +0100 (CET) Subject: SUSE-SU-2018:4121-1: moderate: Security update for amanda Message-ID: <20181214141016.3EB45FD4A@maintenance.suse.de> SUSE Security Update: Security update for amanda ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4121-1 Rating: moderate References: #1112916 Cross-References: CVE-2016-10729 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for amanda fixes the following issues: Security issue fixed: - CVE-2016-10729: Fixed a local privilege escalation from amanda to root via unsafe tar command options (bsc#1112916). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-amanda-13911=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-amanda-13911=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): amanda-2.5.2.1-188.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): amanda-debuginfo-2.5.2.1-188.5.1 amanda-debugsource-2.5.2.1-188.5.1 References: https://www.suse.com/security/cve/CVE-2016-10729.html https://bugzilla.suse.com/1112916 From sle-security-updates at lists.suse.com Fri Dec 14 10:11:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Dec 2018 18:11:56 +0100 (CET) Subject: SUSE-SU-2018:4127-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) Message-ID: <20181214171156.CB02BFD43@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4127-1 Rating: important References: #1097356 Cross-References: CVE-2018-5848 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.103-92_56 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2930=1 SUSE-SLE-SAP-12-SP2-2018-2931=1 SUSE-SLE-SAP-12-SP2-2018-2932=1 SUSE-SLE-SAP-12-SP2-2018-2933=1 SUSE-SLE-SAP-12-SP2-2018-2934=1 SUSE-SLE-SAP-12-SP2-2018-2935=1 SUSE-SLE-SAP-12-SP2-2018-2936=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2930=1 SUSE-SLE-SERVER-12-SP2-2018-2931=1 SUSE-SLE-SERVER-12-SP2-2018-2932=1 SUSE-SLE-SERVER-12-SP2-2018-2933=1 SUSE-SLE-SERVER-12-SP2-2018-2934=1 SUSE-SLE-SERVER-12-SP2-2018-2935=1 SUSE-SLE-SERVER-12-SP2-2018-2936=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_103-92_53-default-12-2.1 kgraft-patch-4_4_103-92_56-default-12-2.1 kgraft-patch-4_4_114-92_64-default-10-2.1 kgraft-patch-4_4_114-92_67-default-10-2.1 kgraft-patch-4_4_120-92_70-default-9-2.1 kgraft-patch-4_4_121-92_73-default-8-2.1 kgraft-patch-4_4_121-92_80-default-8-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_103-92_53-default-12-2.1 kgraft-patch-4_4_103-92_56-default-12-2.1 kgraft-patch-4_4_114-92_64-default-10-2.1 kgraft-patch-4_4_114-92_67-default-10-2.1 kgraft-patch-4_4_120-92_70-default-9-2.1 kgraft-patch-4_4_121-92_73-default-8-2.1 kgraft-patch-4_4_121-92_80-default-8-2.1 References: https://www.suse.com/security/cve/CVE-2018-5848.html https://bugzilla.suse.com/1097356 From sle-security-updates at lists.suse.com Fri Dec 14 13:09:05 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Dec 2018 21:09:05 +0100 (CET) Subject: SUSE-SU-2018:4128-1: moderate: Security update for openvswitch Message-ID: <20181214200905.3CF0EFD85@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4128-1 Rating: moderate References: #1104467 Cross-References: CVE-2018-17204 CVE-2018-17205 CVE-2018-17206 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openvswitch to version 2.7.6 fixes the following issues: These security issues were fixed: - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit (bsc#1104467). - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding (bsc#1104467). - CVE-2018-17204:When decoding a group mod, it validated the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tried to use the type and command earlier, when it might still be invalid. This caused an assertion failure (via OVS_NOT_REACHED) (bsc#1104467). These non-security issues were fixed: - ofproto/bond: Fix bond reconfiguration race condition. - ofproto/bond: Fix bond post recirc rule leak. - ofproto/bond: fix interal flow leak of tcp-balance bond - systemd: Restart openvswitch service if a daemon crashes - conntrack: Fix checks for TCP, UDP, and IPv6 header sizes. - ofp-actions: Fix translation of set_field for nw_ecn - netdev-dpdk: Fix mempool segfault. - ofproto-dpif-upcall: Fix flow setup/delete race. - learn: Fix memory leak in learn_parse_sepc() - netdev-dpdk: fix mempool_configure error state - vswitchd: Add --cleanup option to the 'appctl exit' command - ofp-parse: Fix memory leak on error path in parse_ofp_group_mod_file(). - actions: Fix memory leak on error path in parse_ct_lb_action(). - dpif-netdev: Fix use-after-free error in reconfigure_datapath(). - bridge: Fix memory leak in bridge_aa_update_trunks(). - dpif-netlink: Fix multiple-free and fd leak on error path. - ofp-print: Avoid array overread in print_table_instruction_features(). - flow: Fix buffer overread in flow_hash_symmetric_l3l4(). - systemd: start vswitchd after udev - ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod(). - ovsdb-types: Fix memory leak on error path. - tnl-ports: Fix loss of tunneling upon removal of a single tunnel port. - netdev: check for NULL fields in netdev_get_addrs - netdev-dpdk: vhost get stats fix. - netdev-dpdk: use 64-bit arithmetic when converting rates. - ofp-util: Fix buffer overread in ofputil_decode_bundle_add(). - ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod(). - ofp-util: Fix memory leaks when parsing OF1.5 group properties. - ofp-actions: Fix buffer overread in decode_LEARN_specs(). - flow: Fix buffer overread for crafted IPv6 packets. - ofp-actions: Properly interpret "output:in_port". - ovs-ofctl: Avoid read overrun in ofperr_decode_msg(). - odp-util: Avoid misaligned references to ip6_hdr. - ofproto-dpif-upcall: Fix action attr iteration. - ofproto-dpif-upcall: Fix key attr iteration. - netdev-dpdk: vhost get stats fix. - netdev-dpdk: use 64-bit arithmetic when converting rates. - ofp-util: Fix buffer overread in ofputil_decode_bundle_add(). - ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod(). - ofp-util: Fix memory leaks when parsing OF1.5 group properties. - odp-util: Fix buffer overread in parsing string form of ODP flows. - ovs-vsctl: Fix segfault when attempting to del-port from parent bridge. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2942=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openvswitch-2.7.6-3.23.1 openvswitch-debuginfo-2.7.6-3.23.1 openvswitch-debugsource-2.7.6-3.23.1 References: https://www.suse.com/security/cve/CVE-2018-17204.html https://www.suse.com/security/cve/CVE-2018-17205.html https://www.suse.com/security/cve/CVE-2018-17206.html https://bugzilla.suse.com/1104467 From sle-security-updates at lists.suse.com Fri Dec 14 13:09:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Dec 2018 21:09:45 +0100 (CET) Subject: SUSE-SU-2018:4129-1: moderate: Security update for qemu Message-ID: <20181214200945.792F5FD85@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4129-1 Rating: moderate References: #1100408 #1106222 #1110910 #1111006 #1111010 #1111013 #1114422 Cross-References: CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Non-security issues fixed: - Improving disk performance for qemu on xen (bsc#1100408) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2944=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2944=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): qemu-2.9.1-6.22.3 qemu-block-curl-2.9.1-6.22.3 qemu-block-curl-debuginfo-2.9.1-6.22.3 qemu-block-iscsi-2.9.1-6.22.3 qemu-block-iscsi-debuginfo-2.9.1-6.22.3 qemu-block-ssh-2.9.1-6.22.3 qemu-block-ssh-debuginfo-2.9.1-6.22.3 qemu-debugsource-2.9.1-6.22.3 qemu-guest-agent-2.9.1-6.22.3 qemu-guest-agent-debuginfo-2.9.1-6.22.3 qemu-lang-2.9.1-6.22.3 qemu-tools-2.9.1-6.22.3 qemu-tools-debuginfo-2.9.1-6.22.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): qemu-block-rbd-2.9.1-6.22.3 qemu-block-rbd-debuginfo-2.9.1-6.22.3 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): qemu-kvm-2.9.1-6.22.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64): qemu-arm-2.9.1-6.22.3 qemu-arm-debuginfo-2.9.1-6.22.3 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): qemu-ppc-2.9.1-6.22.3 qemu-ppc-debuginfo-2.9.1-6.22.3 - SUSE Linux Enterprise Server 12-SP3 (noarch): qemu-ipxe-1.0.0+-6.22.3 qemu-seabios-1.10.2-6.22.3 qemu-sgabios-8-6.22.3 qemu-vgabios-1.10.2-6.22.3 - SUSE Linux Enterprise Server 12-SP3 (x86_64): qemu-x86-2.9.1-6.22.3 qemu-x86-debuginfo-2.9.1-6.22.3 - SUSE Linux Enterprise Server 12-SP3 (s390x): qemu-s390-2.9.1-6.22.3 qemu-s390-debuginfo-2.9.1-6.22.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): qemu-2.9.1-6.22.3 qemu-block-curl-2.9.1-6.22.3 qemu-block-curl-debuginfo-2.9.1-6.22.3 qemu-debugsource-2.9.1-6.22.3 qemu-kvm-2.9.1-6.22.3 qemu-tools-2.9.1-6.22.3 qemu-tools-debuginfo-2.9.1-6.22.3 qemu-x86-2.9.1-6.22.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): qemu-ipxe-1.0.0+-6.22.3 qemu-seabios-1.10.2-6.22.3 qemu-sgabios-8-6.22.3 qemu-vgabios-1.10.2-6.22.3 - SUSE CaaS Platform ALL (x86_64): qemu-debugsource-2.9.1-6.22.3 qemu-guest-agent-2.9.1-6.22.3 qemu-guest-agent-debuginfo-2.9.1-6.22.3 - SUSE CaaS Platform 3.0 (x86_64): qemu-debugsource-2.9.1-6.22.3 qemu-guest-agent-2.9.1-6.22.3 qemu-guest-agent-debuginfo-2.9.1-6.22.3 References: https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-15746.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18849.html https://bugzilla.suse.com/1100408 https://bugzilla.suse.com/1106222 https://bugzilla.suse.com/1110910 https://bugzilla.suse.com/1111006 https://bugzilla.suse.com/1111010 https://bugzilla.suse.com/1111013 https://bugzilla.suse.com/1114422 From sle-security-updates at lists.suse.com Fri Dec 14 13:11:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Dec 2018 21:11:19 +0100 (CET) Subject: SUSE-SU-2018:4130-1: moderate: Security update for ansible Message-ID: <20181214201119.8921DFD85@maintenance.suse.de> SUSE Security Update: Security update for ansible ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4130-1 Rating: moderate References: #1097775 #1099805 #1099808 Cross-References: CVE-2018-10855 CVE-2018-10874 CVE-2018-10875 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ansible fixes the following issues: Ansible was updated to ansible 2.4.6.0. The full release notes can be found on: https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md Security issues fixed: - CVE-2018-10875: ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. (bsc#1099808) - CVE-2018-10874: It was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. (bsc#1099805) - CVE-2018-10855: Ansible did not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. (bsc#1097775) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-2943=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-2943=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-2943=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): ansible-2.4.6.0-3.3.1 - SUSE OpenStack Cloud 8 (noarch): ansible-2.4.6.0-3.3.1 - HPE Helion Openstack 8 (noarch): ansible-2.4.6.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10855.html https://www.suse.com/security/cve/CVE-2018-10874.html https://www.suse.com/security/cve/CVE-2018-10875.html https://bugzilla.suse.com/1097775 https://bugzilla.suse.com/1099805 https://bugzilla.suse.com/1099808 From sle-security-updates at lists.suse.com Fri Dec 14 13:11:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Dec 2018 21:11:56 +0100 (CET) Subject: SUSE-SU-2018:4131-1: moderate: Security update for tcpdump Message-ID: <20181214201156.2687BFD8B@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4131-1 Rating: moderate References: #1117267 Cross-References: CVE-2018-19519 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2945=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-3.3.1 tcpdump-debuginfo-4.9.2-3.3.1 tcpdump-debugsource-4.9.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-19519.html https://bugzilla.suse.com/1117267 From sle-security-updates at lists.suse.com Mon Dec 17 04:11:57 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 17 Dec 2018 12:11:57 +0100 (CET) Subject: SUSE-SU-2018:4149-1: moderate: Security update for tcpdump Message-ID: <20181217111157.7883CFCA4@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4149-1 Rating: moderate References: #1117267 Cross-References: CVE-2018-19519 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2946=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2946=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2946=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2946=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-14.8.1 tcpdump-debuginfo-4.9.2-14.8.1 tcpdump-debugsource-4.9.2-14.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-14.8.1 tcpdump-debuginfo-4.9.2-14.8.1 tcpdump-debugsource-4.9.2-14.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): tcpdump-4.9.2-14.8.1 tcpdump-debuginfo-4.9.2-14.8.1 tcpdump-debugsource-4.9.2-14.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): tcpdump-4.9.2-14.8.1 tcpdump-debuginfo-4.9.2-14.8.1 tcpdump-debugsource-4.9.2-14.8.1 References: https://www.suse.com/security/cve/CVE-2018-19519.html https://bugzilla.suse.com/1117267 From sle-security-updates at lists.suse.com Mon Dec 17 04:12:43 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 17 Dec 2018 12:12:43 +0100 (CET) Subject: SUSE-SU-2018:4150-1: moderate: Security update for openldap2 Message-ID: <20181217111243.0F5EFFCA4@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4150-1 Rating: moderate References: #1073313 Cross-References: CVE-2017-17740 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2017-17740: When both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2947=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2947=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2947=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2947=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2947=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2947=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2947=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.43.1 openldap2-back-perl-debuginfo-2.4.41-18.43.1 openldap2-debuginfo-2.4.41-18.43.1 openldap2-debugsource-2.4.41-18.43.1 openldap2-devel-2.4.41-18.43.1 openldap2-devel-static-2.4.41-18.43.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.43.1 openldap2-back-perl-debuginfo-2.4.41-18.43.1 openldap2-debuginfo-2.4.41-18.43.1 openldap2-debugsource-2.4.41-18.43.1 openldap2-devel-2.4.41-18.43.1 openldap2-devel-static-2.4.41-18.43.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.43.1 libldap-2_4-2-debuginfo-2.4.41-18.43.1 openldap2-2.4.41-18.43.1 openldap2-back-meta-2.4.41-18.43.1 openldap2-back-meta-debuginfo-2.4.41-18.43.1 openldap2-client-2.4.41-18.43.1 openldap2-client-debuginfo-2.4.41-18.43.1 openldap2-debuginfo-2.4.41-18.43.1 openldap2-debugsource-2.4.41-18.43.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.43.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.43.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.43.1 libldap-2_4-2-debuginfo-2.4.41-18.43.1 openldap2-2.4.41-18.43.1 openldap2-back-meta-2.4.41-18.43.1 openldap2-back-meta-debuginfo-2.4.41-18.43.1 openldap2-client-2.4.41-18.43.1 openldap2-client-debuginfo-2.4.41-18.43.1 openldap2-debuginfo-2.4.41-18.43.1 openldap2-debugsource-2.4.41-18.43.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.43.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.43.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libldap-2_4-2-2.4.41-18.43.1 libldap-2_4-2-32bit-2.4.41-18.43.1 libldap-2_4-2-debuginfo-2.4.41-18.43.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.43.1 openldap2-client-2.4.41-18.43.1 openldap2-client-debuginfo-2.4.41-18.43.1 openldap2-debuginfo-2.4.41-18.43.1 openldap2-debugsource-2.4.41-18.43.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libldap-2_4-2-2.4.41-18.43.1 libldap-2_4-2-32bit-2.4.41-18.43.1 libldap-2_4-2-debuginfo-2.4.41-18.43.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.43.1 openldap2-client-2.4.41-18.43.1 openldap2-client-debuginfo-2.4.41-18.43.1 openldap2-debuginfo-2.4.41-18.43.1 openldap2-debugsource-2.4.41-18.43.1 - SUSE CaaS Platform ALL (x86_64): libldap-2_4-2-2.4.41-18.43.1 libldap-2_4-2-debuginfo-2.4.41-18.43.1 openldap2-debuginfo-2.4.41-18.43.1 openldap2-debugsource-2.4.41-18.43.1 - SUSE CaaS Platform 3.0 (x86_64): libldap-2_4-2-2.4.41-18.43.1 libldap-2_4-2-debuginfo-2.4.41-18.43.1 openldap2-debuginfo-2.4.41-18.43.1 openldap2-debugsource-2.4.41-18.43.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libldap-2_4-2-2.4.41-18.43.1 libldap-2_4-2-debuginfo-2.4.41-18.43.1 openldap2-debuginfo-2.4.41-18.43.1 openldap2-debugsource-2.4.41-18.43.1 References: https://www.suse.com/security/cve/CVE-2017-17740.html https://bugzilla.suse.com/1073313 From sle-security-updates at lists.suse.com Mon Dec 17 13:10:33 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 17 Dec 2018 21:10:33 +0100 (CET) Subject: SUSE-SU-2018:4153-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP1) Message-ID: <20181217201033.CB11BFCB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4153-1 Rating: important References: #1097356 #1118319 Cross-References: CVE-2018-5848 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_88 fixes several issues. The following security issues were fixed: - CVE-2018-9568: Prevent possible memory corruption due to type confusion in sk_clone_lock. This could lead to local privilege escalation (bsc#1118319). - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2955=1 SUSE-SLE-SERVER-12-SP1-2018-2958=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_85-default-10-2.1 kgraft-patch-3_12_74-60_64_85-xen-10-2.1 kgraft-patch-3_12_74-60_64_88-default-8-2.1 kgraft-patch-3_12_74-60_64_88-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2018-5848.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1097356 https://bugzilla.suse.com/1118319 From sle-security-updates at lists.suse.com Mon Dec 17 13:11:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 17 Dec 2018 21:11:17 +0100 (CET) Subject: SUSE-SU-2018:4154-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) Message-ID: <20181217201117.29F4DFCB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4154-1 Rating: important References: #1118319 Cross-References: CVE-2018-9568 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.74-60_64_104 fixes one issue. The following security issue was fixed: - CVE-2018-9568: Prevent possible memory corruption due to type confusion in sk_clone_lock. This could lead to local privilege escalation (bsc#1118319). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2956=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_104-default-4-2.1 kgraft-patch-3_12_74-60_64_104-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1118319 From sle-security-updates at lists.suse.com Mon Dec 17 13:11:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 17 Dec 2018 21:11:48 +0100 (CET) Subject: SUSE-SU-2018:4155-1: moderate: Security update for ovmf Message-ID: <20181217201148.DE0F3FCB3@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4155-1 Rating: moderate References: #1115916 #1115917 #1117998 Cross-References: CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPEND_WRITE (bsc#1115916). - CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c (bsc#1115917). - CVE-2017-5732: Fixed privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (bsc#1115917). - CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5734: Fixed privilege escalation via stack-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow in Decode() function (bsc#1115917). Non security issues fixed: - Fixed an issue with the default owner of PK/KEK/db/dbx and make the auto-enrollment only happen at the very first time. (bsc#1117998) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2960=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-5.11.1 ovmf-tools-2017+git1510945757.b2662641d5-5.11.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.11.1 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.11.1 References: https://www.suse.com/security/cve/CVE-2017-5731.html https://www.suse.com/security/cve/CVE-2017-5732.html https://www.suse.com/security/cve/CVE-2017-5733.html https://www.suse.com/security/cve/CVE-2017-5734.html https://www.suse.com/security/cve/CVE-2017-5735.html https://www.suse.com/security/cve/CVE-2018-3613.html https://bugzilla.suse.com/1115916 https://bugzilla.suse.com/1115917 https://bugzilla.suse.com/1117998 From sle-security-updates at lists.suse.com Mon Dec 17 13:13:09 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 17 Dec 2018 21:13:09 +0100 (CET) Subject: SUSE-SU-2018:4157-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP1) Message-ID: <20181217201309.96F3AFCB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4157-1 Rating: important References: #1097356 #1115339 #1118319 #1118320 Cross-References: CVE-2018-5848 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.74-60_64_93 fixes several issues. The following security issues were fixed: - CVE-2018-9568: Prevent possible memory corruption due to type confusion in sk_clone_lock. This could lead to local privilege escalation (bsc#1118319). - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2952=1 SUSE-SLE-SERVER-12-SP1-2018-2954=1 SUSE-SLE-SERVER-12-SP1-2018-2959=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_69-default-10-2.1 kgraft-patch-3_12_74-60_64_69-xen-10-2.1 kgraft-patch-3_12_74-60_64_82-default-10-2.1 kgraft-patch-3_12_74-60_64_82-xen-10-2.1 kgraft-patch-3_12_74-60_64_93-default-7-2.1 kgraft-patch-3_12_74-60_64_93-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-5848.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1097356 https://bugzilla.suse.com/1115339 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118320 From sle-security-updates at lists.suse.com Mon Dec 17 13:14:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 17 Dec 2018 21:14:06 +0100 (CET) Subject: SUSE-SU-2018:4158-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP1) Message-ID: <20181217201406.DBA58FCB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4158-1 Rating: important References: #1118319 #1118320 Cross-References: CVE-2018-9568 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_107 fixes one issue. The following security issue was fixed: - CVE-2018-9568: Prevent possible memory corruption due to type confusion in sk_clone_lock. This could lead to local privilege escalation (bsc#1118319). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2951=1 SUSE-SLE-SERVER-12-SP1-2018-2953=1 SUSE-SLE-SERVER-12-SP1-2018-2957=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_107-default-4-2.1 kgraft-patch-3_12_74-60_64_107-xen-4-2.1 kgraft-patch-3_12_74-60_64_96-default-7-2.1 kgraft-patch-3_12_74-60_64_96-xen-7-2.1 kgraft-patch-3_12_74-60_64_99-default-6-2.1 kgraft-patch-3_12_74-60_64_99-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118320 From sle-security-updates at lists.suse.com Tue Dec 18 13:09:42 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Dec 2018 21:09:42 +0100 (CET) Subject: SUSE-SU-2018:4179-1: moderate: Security update for libqt5-qtbase Message-ID: <20181218200942.5C397FCA4@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4179-1 Rating: moderate References: #1118595 #1118596 Cross-References: CVE-2018-15518 CVE-2018-19873 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2977=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2977=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2977=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2977=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2977=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2977=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.6.2-6.15.2 libQt5Concurrent-devel-5.6.2-6.15.2 libQt5Core-devel-5.6.2-6.15.2 libQt5DBus-devel-5.6.2-6.15.2 libQt5DBus-devel-debuginfo-5.6.2-6.15.2 libQt5Gui-devel-5.6.2-6.15.2 libQt5Network-devel-5.6.2-6.15.2 libQt5OpenGL-devel-5.6.2-6.15.2 libQt5OpenGLExtensions-devel-static-5.6.2-6.15.2 libQt5PlatformHeaders-devel-5.6.2-6.15.2 libQt5PlatformSupport-devel-static-5.6.2-6.15.2 libQt5PrintSupport-devel-5.6.2-6.15.2 libQt5Sql-devel-5.6.2-6.15.2 libQt5Test-devel-5.6.2-6.15.2 libQt5Widgets-devel-5.6.2-6.15.2 libQt5Xml-devel-5.6.2-6.15.2 libqt5-qtbase-common-devel-5.6.2-6.15.2 libqt5-qtbase-common-devel-debuginfo-5.6.2-6.15.2 libqt5-qtbase-debugsource-5.6.2-6.15.2 libqt5-qtbase-devel-5.6.2-6.15.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): libQt5Core-private-headers-devel-5.6.2-6.15.2 libQt5DBus-private-headers-devel-5.6.2-6.15.2 libQt5Gui-private-headers-devel-5.6.2-6.15.2 libQt5Network-private-headers-devel-5.6.2-6.15.2 libQt5OpenGL-private-headers-devel-5.6.2-6.15.2 libQt5PlatformSupport-private-headers-devel-5.6.2-6.15.2 libQt5PrintSupport-private-headers-devel-5.6.2-6.15.2 libQt5Sql-private-headers-devel-5.6.2-6.15.2 libQt5Test-private-headers-devel-5.6.2-6.15.2 libQt5Widgets-private-headers-devel-5.6.2-6.15.2 libqt5-qtbase-private-headers-devel-5.6.2-6.15.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.6.2-6.15.2 libQt5Concurrent-devel-5.6.2-6.15.2 libQt5Core-devel-5.6.2-6.15.2 libQt5DBus-devel-5.6.2-6.15.2 libQt5DBus-devel-debuginfo-5.6.2-6.15.2 libQt5Gui-devel-5.6.2-6.15.2 libQt5Network-devel-5.6.2-6.15.2 libQt5OpenGL-devel-5.6.2-6.15.2 libQt5OpenGLExtensions-devel-static-5.6.2-6.15.2 libQt5PlatformHeaders-devel-5.6.2-6.15.2 libQt5PlatformSupport-devel-static-5.6.2-6.15.2 libQt5PrintSupport-devel-5.6.2-6.15.2 libQt5Sql-devel-5.6.2-6.15.2 libQt5Test-devel-5.6.2-6.15.2 libQt5Widgets-devel-5.6.2-6.15.2 libQt5Xml-devel-5.6.2-6.15.2 libqt5-qtbase-common-devel-5.6.2-6.15.2 libqt5-qtbase-common-devel-debuginfo-5.6.2-6.15.2 libqt5-qtbase-debugsource-5.6.2-6.15.2 libqt5-qtbase-devel-5.6.2-6.15.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): libQt5Core-private-headers-devel-5.6.2-6.15.2 libQt5DBus-private-headers-devel-5.6.2-6.15.2 libQt5Gui-private-headers-devel-5.6.2-6.15.2 libQt5Network-private-headers-devel-5.6.2-6.15.2 libQt5OpenGL-private-headers-devel-5.6.2-6.15.2 libQt5PlatformSupport-private-headers-devel-5.6.2-6.15.2 libQt5PrintSupport-private-headers-devel-5.6.2-6.15.2 libQt5Sql-private-headers-devel-5.6.2-6.15.2 libQt5Test-private-headers-devel-5.6.2-6.15.2 libQt5Widgets-private-headers-devel-5.6.2-6.15.2 libqt5-qtbase-private-headers-devel-5.6.2-6.15.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libQt5Concurrent5-5.6.2-6.15.2 libQt5Concurrent5-debuginfo-5.6.2-6.15.2 libQt5Core5-5.6.2-6.15.2 libQt5Core5-debuginfo-5.6.2-6.15.2 libQt5DBus5-5.6.2-6.15.2 libQt5DBus5-debuginfo-5.6.2-6.15.2 libQt5Gui5-5.6.2-6.15.2 libQt5Gui5-debuginfo-5.6.2-6.15.2 libQt5Network5-5.6.2-6.15.2 libQt5Network5-debuginfo-5.6.2-6.15.2 libQt5OpenGL5-5.6.2-6.15.2 libQt5OpenGL5-debuginfo-5.6.2-6.15.2 libQt5PrintSupport5-5.6.2-6.15.2 libQt5PrintSupport5-debuginfo-5.6.2-6.15.2 libQt5Sql5-5.6.2-6.15.2 libQt5Sql5-debuginfo-5.6.2-6.15.2 libQt5Sql5-mysql-5.6.2-6.15.2 libQt5Sql5-mysql-debuginfo-5.6.2-6.15.2 libQt5Sql5-postgresql-5.6.2-6.15.2 libQt5Sql5-postgresql-debuginfo-5.6.2-6.15.2 libQt5Sql5-sqlite-5.6.2-6.15.2 libQt5Sql5-sqlite-debuginfo-5.6.2-6.15.2 libQt5Sql5-unixODBC-5.6.2-6.15.2 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.15.2 libQt5Test5-5.6.2-6.15.2 libQt5Test5-debuginfo-5.6.2-6.15.2 libQt5Widgets5-5.6.2-6.15.2 libQt5Widgets5-debuginfo-5.6.2-6.15.2 libQt5Xml5-5.6.2-6.15.2 libQt5Xml5-debuginfo-5.6.2-6.15.2 libqt5-qtbase-debugsource-5.6.2-6.15.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libQt5Concurrent5-5.6.2-6.15.2 libQt5Concurrent5-debuginfo-5.6.2-6.15.2 libQt5Core5-5.6.2-6.15.2 libQt5Core5-debuginfo-5.6.2-6.15.2 libQt5DBus5-5.6.2-6.15.2 libQt5DBus5-debuginfo-5.6.2-6.15.2 libQt5Gui5-5.6.2-6.15.2 libQt5Gui5-debuginfo-5.6.2-6.15.2 libQt5Network5-5.6.2-6.15.2 libQt5Network5-debuginfo-5.6.2-6.15.2 libQt5OpenGL5-5.6.2-6.15.2 libQt5OpenGL5-debuginfo-5.6.2-6.15.2 libQt5PrintSupport5-5.6.2-6.15.2 libQt5PrintSupport5-debuginfo-5.6.2-6.15.2 libQt5Sql5-5.6.2-6.15.2 libQt5Sql5-debuginfo-5.6.2-6.15.2 libQt5Sql5-mysql-5.6.2-6.15.2 libQt5Sql5-mysql-debuginfo-5.6.2-6.15.2 libQt5Sql5-postgresql-5.6.2-6.15.2 libQt5Sql5-postgresql-debuginfo-5.6.2-6.15.2 libQt5Sql5-sqlite-5.6.2-6.15.2 libQt5Sql5-sqlite-debuginfo-5.6.2-6.15.2 libQt5Sql5-unixODBC-5.6.2-6.15.2 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.15.2 libQt5Test5-5.6.2-6.15.2 libQt5Test5-debuginfo-5.6.2-6.15.2 libQt5Widgets5-5.6.2-6.15.2 libQt5Widgets5-debuginfo-5.6.2-6.15.2 libQt5Xml5-5.6.2-6.15.2 libQt5Xml5-debuginfo-5.6.2-6.15.2 libqt5-qtbase-debugsource-5.6.2-6.15.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libQt5Concurrent5-5.6.2-6.15.2 libQt5Concurrent5-debuginfo-5.6.2-6.15.2 libQt5Core5-5.6.2-6.15.2 libQt5Core5-debuginfo-5.6.2-6.15.2 libQt5DBus5-5.6.2-6.15.2 libQt5DBus5-debuginfo-5.6.2-6.15.2 libQt5Gui5-5.6.2-6.15.2 libQt5Gui5-debuginfo-5.6.2-6.15.2 libQt5Network5-5.6.2-6.15.2 libQt5Network5-debuginfo-5.6.2-6.15.2 libQt5OpenGL5-5.6.2-6.15.2 libQt5OpenGL5-debuginfo-5.6.2-6.15.2 libQt5PrintSupport5-5.6.2-6.15.2 libQt5PrintSupport5-debuginfo-5.6.2-6.15.2 libQt5Sql5-5.6.2-6.15.2 libQt5Sql5-debuginfo-5.6.2-6.15.2 libQt5Sql5-mysql-5.6.2-6.15.2 libQt5Sql5-mysql-debuginfo-5.6.2-6.15.2 libQt5Sql5-postgresql-5.6.2-6.15.2 libQt5Sql5-postgresql-debuginfo-5.6.2-6.15.2 libQt5Sql5-sqlite-5.6.2-6.15.2 libQt5Sql5-sqlite-debuginfo-5.6.2-6.15.2 libQt5Sql5-unixODBC-5.6.2-6.15.2 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.15.2 libQt5Test5-5.6.2-6.15.2 libQt5Test5-debuginfo-5.6.2-6.15.2 libQt5Widgets5-5.6.2-6.15.2 libQt5Widgets5-debuginfo-5.6.2-6.15.2 libQt5Xml5-5.6.2-6.15.2 libQt5Xml5-debuginfo-5.6.2-6.15.2 libqt5-qtbase-debugsource-5.6.2-6.15.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libQt5Concurrent5-5.6.2-6.15.2 libQt5Concurrent5-debuginfo-5.6.2-6.15.2 libQt5Core5-5.6.2-6.15.2 libQt5Core5-debuginfo-5.6.2-6.15.2 libQt5DBus5-5.6.2-6.15.2 libQt5DBus5-debuginfo-5.6.2-6.15.2 libQt5Gui5-5.6.2-6.15.2 libQt5Gui5-debuginfo-5.6.2-6.15.2 libQt5Network5-5.6.2-6.15.2 libQt5Network5-debuginfo-5.6.2-6.15.2 libQt5OpenGL5-5.6.2-6.15.2 libQt5OpenGL5-debuginfo-5.6.2-6.15.2 libQt5PrintSupport5-5.6.2-6.15.2 libQt5PrintSupport5-debuginfo-5.6.2-6.15.2 libQt5Sql5-5.6.2-6.15.2 libQt5Sql5-debuginfo-5.6.2-6.15.2 libQt5Sql5-mysql-5.6.2-6.15.2 libQt5Sql5-mysql-debuginfo-5.6.2-6.15.2 libQt5Sql5-postgresql-5.6.2-6.15.2 libQt5Sql5-postgresql-debuginfo-5.6.2-6.15.2 libQt5Sql5-sqlite-5.6.2-6.15.2 libQt5Sql5-sqlite-debuginfo-5.6.2-6.15.2 libQt5Sql5-unixODBC-5.6.2-6.15.2 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.15.2 libQt5Test5-5.6.2-6.15.2 libQt5Test5-debuginfo-5.6.2-6.15.2 libQt5Widgets5-5.6.2-6.15.2 libQt5Widgets5-debuginfo-5.6.2-6.15.2 libQt5Xml5-5.6.2-6.15.2 libQt5Xml5-debuginfo-5.6.2-6.15.2 libqt5-qtbase-debugsource-5.6.2-6.15.2 References: https://www.suse.com/security/cve/CVE-2018-15518.html https://www.suse.com/security/cve/CVE-2018-19873.html https://bugzilla.suse.com/1118595 https://bugzilla.suse.com/1118596 From sle-security-updates at lists.suse.com Wed Dec 19 07:09:25 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Dec 2018 15:09:25 +0100 (CET) Subject: SUSE-SU-2018:4182-1: Security update for crash Message-ID: <20181219140925.3FA0BFCB3@maintenance.suse.de> SUSE Security Update: Security update for crash ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4182-1 Rating: low References: #1032471 #1075785 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for crash provides the following fix: - Update crash to support -bigmem kernel dumps for PPC64, including the ones that have extended process virtual address space support to 128TB (bsc#1075785, bsc#1032471). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-crash-13913=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-crash-13913=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-crash-13913=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): crash-devel-7.0.9-30.3.28 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): crash-7.0.9-30.3.28 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): crash-7.0.9-30.3.28 crash-eppic-7.0.9-30.3.28 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): crash-debuginfo-7.0.9-30.3.28 crash-debugsource-7.0.9-30.3.28 References: https://bugzilla.suse.com/1032471 https://bugzilla.suse.com/1075785 From sle-security-updates at lists.suse.com Wed Dec 19 07:10:25 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Dec 2018 15:10:25 +0100 (CET) Subject: SUSE-SU-2018:4183-1: moderate: Security update for libqt5-qtbase Message-ID: <20181219141025.456A1FCB3@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4183-1 Rating: moderate References: #1118595 #1118596 Cross-References: CVE-2018-15518 CVE-2018-19873 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2981=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2981=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2981=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2981=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2981=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libQt5Concurrent5-5.6.1-17.6.2 libQt5Concurrent5-debuginfo-5.6.1-17.6.2 libQt5Core5-5.6.1-17.6.2 libQt5Core5-debuginfo-5.6.1-17.6.2 libQt5DBus5-5.6.1-17.6.2 libQt5DBus5-debuginfo-5.6.1-17.6.2 libQt5Gui5-5.6.1-17.6.2 libQt5Gui5-debuginfo-5.6.1-17.6.2 libQt5Network5-5.6.1-17.6.2 libQt5Network5-debuginfo-5.6.1-17.6.2 libQt5OpenGL5-5.6.1-17.6.2 libQt5OpenGL5-debuginfo-5.6.1-17.6.2 libQt5PrintSupport5-5.6.1-17.6.2 libQt5PrintSupport5-debuginfo-5.6.1-17.6.2 libQt5Sql5-5.6.1-17.6.2 libQt5Sql5-debuginfo-5.6.1-17.6.2 libQt5Sql5-mysql-5.6.1-17.6.2 libQt5Sql5-mysql-debuginfo-5.6.1-17.6.2 libQt5Sql5-postgresql-5.6.1-17.6.2 libQt5Sql5-postgresql-debuginfo-5.6.1-17.6.2 libQt5Sql5-sqlite-5.6.1-17.6.2 libQt5Sql5-sqlite-debuginfo-5.6.1-17.6.2 libQt5Sql5-unixODBC-5.6.1-17.6.2 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.6.2 libQt5Test5-5.6.1-17.6.2 libQt5Test5-debuginfo-5.6.1-17.6.2 libQt5Widgets5-5.6.1-17.6.2 libQt5Widgets5-debuginfo-5.6.1-17.6.2 libQt5Xml5-5.6.1-17.6.2 libQt5Xml5-debuginfo-5.6.1-17.6.2 libqt5-qtbase-debugsource-5.6.1-17.6.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libQt5Concurrent5-5.6.1-17.6.2 libQt5Concurrent5-debuginfo-5.6.1-17.6.2 libQt5Core5-5.6.1-17.6.2 libQt5Core5-debuginfo-5.6.1-17.6.2 libQt5DBus5-5.6.1-17.6.2 libQt5DBus5-debuginfo-5.6.1-17.6.2 libQt5Gui5-5.6.1-17.6.2 libQt5Gui5-debuginfo-5.6.1-17.6.2 libQt5Network5-5.6.1-17.6.2 libQt5Network5-debuginfo-5.6.1-17.6.2 libQt5OpenGL5-5.6.1-17.6.2 libQt5OpenGL5-debuginfo-5.6.1-17.6.2 libQt5PrintSupport5-5.6.1-17.6.2 libQt5PrintSupport5-debuginfo-5.6.1-17.6.2 libQt5Sql5-5.6.1-17.6.2 libQt5Sql5-debuginfo-5.6.1-17.6.2 libQt5Sql5-mysql-5.6.1-17.6.2 libQt5Sql5-mysql-debuginfo-5.6.1-17.6.2 libQt5Sql5-postgresql-5.6.1-17.6.2 libQt5Sql5-postgresql-debuginfo-5.6.1-17.6.2 libQt5Sql5-sqlite-5.6.1-17.6.2 libQt5Sql5-sqlite-debuginfo-5.6.1-17.6.2 libQt5Sql5-unixODBC-5.6.1-17.6.2 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.6.2 libQt5Test5-5.6.1-17.6.2 libQt5Test5-debuginfo-5.6.1-17.6.2 libQt5Widgets5-5.6.1-17.6.2 libQt5Widgets5-debuginfo-5.6.1-17.6.2 libQt5Xml5-5.6.1-17.6.2 libQt5Xml5-debuginfo-5.6.1-17.6.2 libqt5-qtbase-debugsource-5.6.1-17.6.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libQt5Concurrent5-5.6.1-17.6.2 libQt5Concurrent5-debuginfo-5.6.1-17.6.2 libQt5Core5-5.6.1-17.6.2 libQt5Core5-debuginfo-5.6.1-17.6.2 libQt5DBus5-5.6.1-17.6.2 libQt5DBus5-debuginfo-5.6.1-17.6.2 libQt5Gui5-5.6.1-17.6.2 libQt5Gui5-debuginfo-5.6.1-17.6.2 libQt5Network5-5.6.1-17.6.2 libQt5Network5-debuginfo-5.6.1-17.6.2 libQt5OpenGL5-5.6.1-17.6.2 libQt5OpenGL5-debuginfo-5.6.1-17.6.2 libQt5PrintSupport5-5.6.1-17.6.2 libQt5PrintSupport5-debuginfo-5.6.1-17.6.2 libQt5Sql5-5.6.1-17.6.2 libQt5Sql5-debuginfo-5.6.1-17.6.2 libQt5Sql5-mysql-5.6.1-17.6.2 libQt5Sql5-mysql-debuginfo-5.6.1-17.6.2 libQt5Sql5-postgresql-5.6.1-17.6.2 libQt5Sql5-postgresql-debuginfo-5.6.1-17.6.2 libQt5Sql5-sqlite-5.6.1-17.6.2 libQt5Sql5-sqlite-debuginfo-5.6.1-17.6.2 libQt5Sql5-unixODBC-5.6.1-17.6.2 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.6.2 libQt5Test5-5.6.1-17.6.2 libQt5Test5-debuginfo-5.6.1-17.6.2 libQt5Widgets5-5.6.1-17.6.2 libQt5Widgets5-debuginfo-5.6.1-17.6.2 libQt5Xml5-5.6.1-17.6.2 libQt5Xml5-debuginfo-5.6.1-17.6.2 libqt5-qtbase-debugsource-5.6.1-17.6.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libQt5Concurrent5-5.6.1-17.6.2 libQt5Concurrent5-debuginfo-5.6.1-17.6.2 libQt5Core5-5.6.1-17.6.2 libQt5Core5-debuginfo-5.6.1-17.6.2 libQt5DBus5-5.6.1-17.6.2 libQt5DBus5-debuginfo-5.6.1-17.6.2 libQt5Gui5-5.6.1-17.6.2 libQt5Gui5-debuginfo-5.6.1-17.6.2 libQt5Network5-5.6.1-17.6.2 libQt5Network5-debuginfo-5.6.1-17.6.2 libQt5OpenGL5-5.6.1-17.6.2 libQt5OpenGL5-debuginfo-5.6.1-17.6.2 libQt5PrintSupport5-5.6.1-17.6.2 libQt5PrintSupport5-debuginfo-5.6.1-17.6.2 libQt5Sql5-5.6.1-17.6.2 libQt5Sql5-debuginfo-5.6.1-17.6.2 libQt5Sql5-mysql-5.6.1-17.6.2 libQt5Sql5-mysql-debuginfo-5.6.1-17.6.2 libQt5Sql5-postgresql-5.6.1-17.6.2 libQt5Sql5-postgresql-debuginfo-5.6.1-17.6.2 libQt5Sql5-sqlite-5.6.1-17.6.2 libQt5Sql5-sqlite-debuginfo-5.6.1-17.6.2 libQt5Sql5-unixODBC-5.6.1-17.6.2 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.6.2 libQt5Test5-5.6.1-17.6.2 libQt5Test5-debuginfo-5.6.1-17.6.2 libQt5Widgets5-5.6.1-17.6.2 libQt5Widgets5-debuginfo-5.6.1-17.6.2 libQt5Xml5-5.6.1-17.6.2 libQt5Xml5-debuginfo-5.6.1-17.6.2 libqt5-qtbase-debugsource-5.6.1-17.6.2 - SUSE Enterprise Storage 4 (x86_64): libQt5Concurrent5-5.6.1-17.6.2 libQt5Concurrent5-debuginfo-5.6.1-17.6.2 libQt5Core5-5.6.1-17.6.2 libQt5Core5-debuginfo-5.6.1-17.6.2 libQt5DBus5-5.6.1-17.6.2 libQt5DBus5-debuginfo-5.6.1-17.6.2 libQt5Gui5-5.6.1-17.6.2 libQt5Gui5-debuginfo-5.6.1-17.6.2 libQt5Network5-5.6.1-17.6.2 libQt5Network5-debuginfo-5.6.1-17.6.2 libQt5OpenGL5-5.6.1-17.6.2 libQt5OpenGL5-debuginfo-5.6.1-17.6.2 libQt5PrintSupport5-5.6.1-17.6.2 libQt5PrintSupport5-debuginfo-5.6.1-17.6.2 libQt5Sql5-5.6.1-17.6.2 libQt5Sql5-debuginfo-5.6.1-17.6.2 libQt5Sql5-mysql-5.6.1-17.6.2 libQt5Sql5-mysql-debuginfo-5.6.1-17.6.2 libQt5Sql5-postgresql-5.6.1-17.6.2 libQt5Sql5-postgresql-debuginfo-5.6.1-17.6.2 libQt5Sql5-sqlite-5.6.1-17.6.2 libQt5Sql5-sqlite-debuginfo-5.6.1-17.6.2 libQt5Sql5-unixODBC-5.6.1-17.6.2 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.6.2 libQt5Test5-5.6.1-17.6.2 libQt5Test5-debuginfo-5.6.1-17.6.2 libQt5Widgets5-5.6.1-17.6.2 libQt5Widgets5-debuginfo-5.6.1-17.6.2 libQt5Xml5-5.6.1-17.6.2 libQt5Xml5-debuginfo-5.6.1-17.6.2 libqt5-qtbase-debugsource-5.6.1-17.6.2 References: https://www.suse.com/security/cve/CVE-2018-15518.html https://www.suse.com/security/cve/CVE-2018-19873.html https://bugzilla.suse.com/1118595 https://bugzilla.suse.com/1118596 From sle-security-updates at lists.suse.com Wed Dec 19 07:12:54 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Dec 2018 15:12:54 +0100 (CET) Subject: SUSE-SU-2018:4185-1: moderate: Security update for qemu Message-ID: <20181219141254.AC212FCB3@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4185-1 Rating: moderate References: #1106222 #1108474 #1110910 #1111006 #1111010 #1111013 #1114422 #1114529 Cross-References: CVE-2018-10839 CVE-2018-15746 CVE-2018-16847 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). - CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb operations (bsc#1114529). Non-security issue fixed: - Fixed a condition when retry logic does not have been executed in case of data transmit failure or connection hungup (bsc#1108474). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2983=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2983=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): qemu-2.11.2-5.5.1 qemu-block-curl-2.11.2-5.5.1 qemu-block-curl-debuginfo-2.11.2-5.5.1 qemu-block-iscsi-2.11.2-5.5.1 qemu-block-iscsi-debuginfo-2.11.2-5.5.1 qemu-block-ssh-2.11.2-5.5.1 qemu-block-ssh-debuginfo-2.11.2-5.5.1 qemu-debugsource-2.11.2-5.5.1 qemu-guest-agent-2.11.2-5.5.1 qemu-guest-agent-debuginfo-2.11.2-5.5.1 qemu-lang-2.11.2-5.5.1 qemu-tools-2.11.2-5.5.1 qemu-tools-debuginfo-2.11.2-5.5.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): qemu-block-rbd-2.11.2-5.5.1 qemu-block-rbd-debuginfo-2.11.2-5.5.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): qemu-kvm-2.11.2-5.5.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le): qemu-ppc-2.11.2-5.5.1 qemu-ppc-debuginfo-2.11.2-5.5.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64): qemu-arm-2.11.2-5.5.1 qemu-arm-debuginfo-2.11.2-5.5.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): qemu-ipxe-1.0.0+-5.5.1 qemu-seabios-1.11.0-5.5.1 qemu-sgabios-8-5.5.1 qemu-vgabios-1.11.0-5.5.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): qemu-x86-2.11.2-5.5.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): qemu-s390-2.11.2-5.5.1 qemu-s390-debuginfo-2.11.2-5.5.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): qemu-ipxe-1.0.0+-5.5.1 qemu-seabios-1.11.0-5.5.1 qemu-sgabios-8-5.5.1 qemu-vgabios-1.11.0-5.5.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): qemu-2.11.2-5.5.1 qemu-block-curl-2.11.2-5.5.1 qemu-block-curl-debuginfo-2.11.2-5.5.1 qemu-debugsource-2.11.2-5.5.1 qemu-kvm-2.11.2-5.5.1 qemu-tools-2.11.2-5.5.1 qemu-tools-debuginfo-2.11.2-5.5.1 qemu-x86-2.11.2-5.5.1 References: https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-15746.html https://www.suse.com/security/cve/CVE-2018-16847.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18849.html https://bugzilla.suse.com/1106222 https://bugzilla.suse.com/1108474 https://bugzilla.suse.com/1110910 https://bugzilla.suse.com/1111006 https://bugzilla.suse.com/1111010 https://bugzilla.suse.com/1111013 https://bugzilla.suse.com/1114422 https://bugzilla.suse.com/1114529 From sle-security-updates at lists.suse.com Wed Dec 19 07:15:01 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Dec 2018 15:15:01 +0100 (CET) Subject: SUSE-SU-2018:4187-1: moderate: Security update for perl Message-ID: <20181219141501.4328AFD4B@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4187-1 Rating: moderate References: #1114674 #1114675 #1114681 #1114686 Cross-References: CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for perl fixes the following issues: Secuirty issues fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2984=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2984=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (noarch): perl-doc-5.26.1-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): perl-5.26.1-7.6.1 perl-base-5.26.1-7.6.1 perl-base-debuginfo-5.26.1-7.6.1 perl-debuginfo-5.26.1-7.6.1 perl-debugsource-5.26.1-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): perl-32bit-debuginfo-5.26.1-7.6.1 perl-base-32bit-5.26.1-7.6.1 perl-base-32bit-debuginfo-5.26.1-7.6.1 References: https://www.suse.com/security/cve/CVE-2018-18311.html https://www.suse.com/security/cve/CVE-2018-18312.html https://www.suse.com/security/cve/CVE-2018-18313.html https://www.suse.com/security/cve/CVE-2018-18314.html https://bugzilla.suse.com/1114674 https://bugzilla.suse.com/1114675 https://bugzilla.suse.com/1114681 https://bugzilla.suse.com/1114686 From sle-security-updates at lists.suse.com Wed Dec 19 10:09:33 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Dec 2018 18:09:33 +0100 (CET) Subject: SUSE-SU-2018:4188-1: moderate: Security update for bluez Message-ID: <20181219170933.63C2EFCB3@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4188-1 Rating: moderate References: #1013721 #1013732 Cross-References: CVE-2016-9800 CVE-2016-9801 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bluez fixes the following issues: Security issues fixed: - CVE-2016-9800: Fixed a buffer overflow in the pin_code_reply_dump function (bsc#1013721) - CVE-2016-9801: Fixed a buffer overflow in the set_ext_ctrl function (bsc#1013732) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2018-2987=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2987=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2987=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2987=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2987=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2987=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2987=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2987=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): bluez-cups-5.13-5.7.1 bluez-cups-debuginfo-5.13-5.7.1 bluez-debuginfo-5.13-5.7.1 bluez-debugsource-5.13-5.7.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): bluez-cups-5.13-5.7.1 bluez-cups-debuginfo-5.13-5.7.1 bluez-debuginfo-5.13-5.7.1 bluez-debugsource-5.13-5.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.13-5.7.1 bluez-debugsource-5.13-5.7.1 bluez-devel-5.13-5.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.13-5.7.1 bluez-debugsource-5.13-5.7.1 bluez-devel-5.13-5.7.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): bluez-5.13-5.7.1 bluez-debuginfo-5.13-5.7.1 bluez-debugsource-5.13-5.7.1 libbluetooth3-5.13-5.7.1 libbluetooth3-debuginfo-5.13-5.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): bluez-5.13-5.7.1 bluez-debuginfo-5.13-5.7.1 bluez-debugsource-5.13-5.7.1 libbluetooth3-5.13-5.7.1 libbluetooth3-debuginfo-5.13-5.7.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): bluez-5.13-5.7.1 bluez-cups-5.13-5.7.1 bluez-cups-debuginfo-5.13-5.7.1 bluez-debuginfo-5.13-5.7.1 bluez-debugsource-5.13-5.7.1 libbluetooth3-5.13-5.7.1 libbluetooth3-debuginfo-5.13-5.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): bluez-5.13-5.7.1 bluez-cups-5.13-5.7.1 bluez-cups-debuginfo-5.13-5.7.1 bluez-debuginfo-5.13-5.7.1 bluez-debugsource-5.13-5.7.1 libbluetooth3-5.13-5.7.1 libbluetooth3-debuginfo-5.13-5.7.1 References: https://www.suse.com/security/cve/CVE-2016-9800.html https://www.suse.com/security/cve/CVE-2016-9801.html https://bugzilla.suse.com/1013721 https://bugzilla.suse.com/1013732 From sle-security-updates at lists.suse.com Wed Dec 19 10:10:21 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Dec 2018 18:10:21 +0100 (CET) Subject: SUSE-SU-2018:4189-1: moderate: Security update for bluez Message-ID: <20181219171021.1702FFCB3@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4189-1 Rating: moderate References: #1013721 #1013732 Cross-References: CVE-2016-9800 CVE-2016-9801 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bluez fixes the following issues: Security issues fixed: - CVE-2016-9800: Fixed a buffer overflow in pin_code_reply_dump function (bsc#1013721) - CVE-2016-9801: Fixed a buffer overflow in set_ext_ctrl function (bsc#1013732) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-2988=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2988=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2988=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2988=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): bluez-cups-5.48-5.8.1 bluez-cups-debuginfo-5.48-5.8.1 bluez-debuginfo-5.48-5.8.1 bluez-debugsource-5.48-5.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.48-5.8.1 bluez-debugsource-5.48-5.8.1 bluez-test-5.48-5.8.1 bluez-test-debuginfo-5.48-5.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): bluez-auto-enable-devices-5.48-5.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): bluez-5.48-5.8.1 bluez-debuginfo-5.48-5.8.1 bluez-debugsource-5.48-5.8.1 bluez-devel-5.48-5.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.48-5.8.1 bluez-debugsource-5.48-5.8.1 libbluetooth3-5.48-5.8.1 libbluetooth3-debuginfo-5.48-5.8.1 References: https://www.suse.com/security/cve/CVE-2016-9800.html https://www.suse.com/security/cve/CVE-2016-9801.html https://bugzilla.suse.com/1013721 https://bugzilla.suse.com/1013732 From sle-security-updates at lists.suse.com Wed Dec 19 10:11:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Dec 2018 18:11:02 +0100 (CET) Subject: SUSE-SU-2018:4190-1: moderate: Security update for git Message-ID: <20181219171102.53439FCB3@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4190-1 Rating: moderate References: #1117257 Cross-References: CVE-2018-19486 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issues: Security issue fixed: - CVE-2018-19486: Fixed git that executed commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was (bsc#1117257). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2990=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2990=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2990=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): git-credential-gnome-keyring-2.16.4-3.9.2 git-credential-gnome-keyring-debuginfo-2.16.4-3.9.2 git-credential-libsecret-2.16.4-3.9.2 git-credential-libsecret-debuginfo-2.16.4-3.9.2 git-debuginfo-2.16.4-3.9.2 git-debugsource-2.16.4-3.9.2 git-p4-2.16.4-3.9.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): git-2.16.4-3.9.2 git-arch-2.16.4-3.9.2 git-cvs-2.16.4-3.9.2 git-daemon-2.16.4-3.9.2 git-daemon-debuginfo-2.16.4-3.9.2 git-debuginfo-2.16.4-3.9.2 git-debugsource-2.16.4-3.9.2 git-email-2.16.4-3.9.2 git-gui-2.16.4-3.9.2 git-svn-2.16.4-3.9.2 git-svn-debuginfo-2.16.4-3.9.2 git-web-2.16.4-3.9.2 gitk-2.16.4-3.9.2 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): git-doc-2.16.4-3.9.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): git-core-2.16.4-3.9.2 git-core-debuginfo-2.16.4-3.9.2 git-debuginfo-2.16.4-3.9.2 git-debugsource-2.16.4-3.9.2 References: https://www.suse.com/security/cve/CVE-2018-19486.html https://bugzilla.suse.com/1117257 From sle-security-updates at lists.suse.com Wed Dec 19 10:11:46 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Dec 2018 18:11:46 +0100 (CET) Subject: SUSE-SU-2018:4191-1: moderate: Security update for tiff Message-ID: <20181219171146.C356DFCB3@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4191-1 Rating: moderate References: #1017693 #1054594 #1115717 #990460 Cross-References: CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-6223 CVE-2017-12944 CVE-2018-19210 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function (bsc#1115717). - CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function (bsc#1054594). - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). - CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2991=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2991=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2991=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2991=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2991=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2991=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.30.1 tiff-debuginfo-4.0.9-44.30.1 tiff-debugsource-4.0.9-44.30.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.30.1 tiff-debuginfo-4.0.9-44.30.1 tiff-debugsource-4.0.9-44.30.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.30.1 libtiff5-debuginfo-4.0.9-44.30.1 tiff-4.0.9-44.30.1 tiff-debuginfo-4.0.9-44.30.1 tiff-debugsource-4.0.9-44.30.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libtiff5-32bit-4.0.9-44.30.1 libtiff5-debuginfo-32bit-4.0.9-44.30.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.30.1 libtiff5-debuginfo-4.0.9-44.30.1 tiff-4.0.9-44.30.1 tiff-debuginfo-4.0.9-44.30.1 tiff-debugsource-4.0.9-44.30.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libtiff5-32bit-4.0.9-44.30.1 libtiff5-debuginfo-32bit-4.0.9-44.30.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libtiff5-32bit-4.0.9-44.30.1 libtiff5-4.0.9-44.30.1 libtiff5-debuginfo-32bit-4.0.9-44.30.1 libtiff5-debuginfo-4.0.9-44.30.1 tiff-debuginfo-4.0.9-44.30.1 tiff-debugsource-4.0.9-44.30.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libtiff5-32bit-4.0.9-44.30.1 libtiff5-4.0.9-44.30.1 libtiff5-debuginfo-32bit-4.0.9-44.30.1 libtiff5-debuginfo-4.0.9-44.30.1 tiff-debuginfo-4.0.9-44.30.1 tiff-debugsource-4.0.9-44.30.1 References: https://www.suse.com/security/cve/CVE-2016-10092.html https://www.suse.com/security/cve/CVE-2016-10093.html https://www.suse.com/security/cve/CVE-2016-10094.html https://www.suse.com/security/cve/CVE-2016-6223.html https://www.suse.com/security/cve/CVE-2017-12944.html https://www.suse.com/security/cve/CVE-2018-19210.html https://bugzilla.suse.com/1017693 https://bugzilla.suse.com/1054594 https://bugzilla.suse.com/1115717 https://bugzilla.suse.com/990460 From sle-security-updates at lists.suse.com Wed Dec 19 10:13:35 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Dec 2018 18:13:35 +0100 (CET) Subject: SUSE-SU-2018:4193-1: moderate: Security update for libnettle Message-ID: <20181219171335.9477AFCB3@maintenance.suse.de> SUSE Security Update: Security update for libnettle ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4193-1 Rating: moderate References: #1118086 Cross-References: CVE-2018-16869 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libnettle fixes the following issues: Security issues fixed: - CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2986=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2986=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2986=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libnettle-debugsource-3.4-4.3.1 nettle-3.4-4.3.1 nettle-debuginfo-3.4-4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): libhogweed4-32bit-3.4-4.3.1 libhogweed4-32bit-debuginfo-3.4-4.3.1 libnettle-debugsource-3.4-4.3.1 libnettle6-32bit-3.4-4.3.1 libnettle6-32bit-debuginfo-3.4-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libhogweed4-3.4-4.3.1 libhogweed4-debuginfo-3.4-4.3.1 libnettle-debugsource-3.4-4.3.1 libnettle-devel-3.4-4.3.1 libnettle6-3.4-4.3.1 libnettle6-debuginfo-3.4-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-16869.html https://bugzilla.suse.com/1118086 From sle-security-updates at lists.suse.com Wed Dec 19 10:14:10 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Dec 2018 18:14:10 +0100 (CET) Subject: SUSE-SU-2018:4194-1: moderate: Security update for ovmf Message-ID: <20181219171410.04468FCB3@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4194-1 Rating: moderate References: #1115916 #1115917 #1117998 Cross-References: CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPEND_WRITE (bsc#1115916). - CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c (bsc#1115917). - CVE-2017-5732: Fixed privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (bsc#1115917). - CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5734: Fixed privilege escalation via stack-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow in Decode() function (bsc#1115917). Non security issues fixed: - Fixed an issue with the default owner of PK/KEK/db/dbx and make the auto-enrollment only happen at the very first time. (bsc#1117998) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2989=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2989=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-3.5.1 ovmf-tools-2017+git1510945757.b2662641d5-3.5.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.5.1 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.5.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.5.1 References: https://www.suse.com/security/cve/CVE-2017-5731.html https://www.suse.com/security/cve/CVE-2017-5732.html https://www.suse.com/security/cve/CVE-2017-5733.html https://www.suse.com/security/cve/CVE-2017-5734.html https://www.suse.com/security/cve/CVE-2017-5735.html https://www.suse.com/security/cve/CVE-2018-3613.html https://bugzilla.suse.com/1115916 https://bugzilla.suse.com/1115917 https://bugzilla.suse.com/1117998 From sle-security-updates at lists.suse.com Wed Dec 19 13:09:03 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Dec 2018 21:09:03 +0100 (CET) Subject: SUSE-SU-2018:4195-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 12) Message-ID: <20181219200903.B0272FCA4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4195-1 Rating: important References: #1115339 #1118320 Cross-References: CVE-2018-5848 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_111 fixes several issues. The following security issues were fixed: - CVE-2018-9568: Prevent possible memory corruption due to type confusion in sk_clone_lock. This could lead to local privilege escalation (bsc#1118319). - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2995=1 SUSE-SLE-SERVER-12-2018-2996=1 SUSE-SLE-SERVER-12-2018-2997=1 SUSE-SLE-SERVER-12-2018-2998=1 SUSE-SLE-SERVER-12-2018-2999=1 SUSE-SLE-SERVER-12-2018-3001=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_111-default-11-2.1 kgraft-patch-3_12_61-52_111-xen-11-2.1 kgraft-patch-3_12_61-52_119-default-11-2.1 kgraft-patch-3_12_61-52_119-xen-11-2.1 kgraft-patch-3_12_61-52_122-default-11-2.1 kgraft-patch-3_12_61-52_122-xen-11-2.1 kgraft-patch-3_12_61-52_125-default-10-2.1 kgraft-patch-3_12_61-52_125-xen-10-2.1 kgraft-patch-3_12_61-52_128-default-8-2.1 kgraft-patch-3_12_61-52_128-xen-8-2.1 kgraft-patch-3_12_61-52_133-default-7-2.1 kgraft-patch-3_12_61-52_133-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-5848.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1115339 https://bugzilla.suse.com/1118320 From sle-security-updates at lists.suse.com Wed Dec 19 13:09:45 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Dec 2018 21:09:45 +0100 (CET) Subject: SUSE-SU-2018:4196-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 12) Message-ID: <20181219200945.022CFFCA4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 37 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4196-1 Rating: important References: #1118320 Cross-References: CVE-2018-9568 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.61-52_141 fixes one issue. The following security issue was fixed: - CVE-2018-9568: Prevent possible memory corruption due to type confusion in sk_clone_lock. This could lead to local privilege escalation (bsc#1118319). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2993=1 SUSE-SLE-SERVER-12-2018-2994=1 SUSE-SLE-SERVER-12-2018-3000=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_136-default-7-2.1 kgraft-patch-3_12_61-52_136-xen-7-2.1 kgraft-patch-3_12_61-52_141-default-6-2.1 kgraft-patch-3_12_61-52_141-xen-6-2.1 kgraft-patch-3_12_61-52_146-default-4-2.1 kgraft-patch-3_12_61-52_146-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1118320 From sle-security-updates at lists.suse.com Thu Dec 20 07:08:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Dec 2018 15:08:56 +0100 (CET) Subject: SUSE-SU-2018:4207-1: moderate: Security update for ovmf Message-ID: <20181220140856.D747FFCA4@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4207-1 Rating: moderate References: #1115916 #1115917 Cross-References: CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPEND_WRITE (bsc#1115916). - CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c (bsc#1115917). - CVE-2017-5732: Fixed privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (bsc#1115917). - CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5734: Fixed privilege escalation via stack-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow in Decode() function (bsc#1115917). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-3010=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): ovmf-2017+git1492060560.b6d11d7c46-4.17.1 ovmf-tools-2017+git1492060560.b6d11d7c46-4.17.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.17.1 qemu-uefi-aarch64-2017+git1492060560.b6d11d7c46-4.17.1 References: https://www.suse.com/security/cve/CVE-2017-5731.html https://www.suse.com/security/cve/CVE-2017-5732.html https://www.suse.com/security/cve/CVE-2017-5733.html https://www.suse.com/security/cve/CVE-2017-5734.html https://www.suse.com/security/cve/CVE-2017-5735.html https://www.suse.com/security/cve/CVE-2018-3613.html https://bugzilla.suse.com/1115916 https://bugzilla.suse.com/1115917 From sle-security-updates at lists.suse.com Thu Dec 20 19:08:44 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Dec 2018 03:08:44 +0100 (CET) Subject: SUSE-SU-2018:4208-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP3) Message-ID: <20181221020844.67E1FFD43@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4208-1 Rating: important References: #1115339 Cross-References: CVE-2018-5848 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.132-94_33 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-3014=1 SUSE-SLE-Live-Patching-12-SP3-2018-3015=1 SUSE-SLE-Live-Patching-12-SP3-2018-3016=1 SUSE-SLE-Live-Patching-12-SP3-2018-3017=1 SUSE-SLE-Live-Patching-12-SP3-2018-3018=1 SUSE-SLE-Live-Patching-12-SP3-2018-3019=1 SUSE-SLE-Live-Patching-12-SP3-2018-3020=1 SUSE-SLE-Live-Patching-12-SP3-2018-3021=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_33-default-12-2.1 kgraft-patch-4_4_103-6_33-default-debuginfo-12-2.1 kgraft-patch-4_4_103-6_38-default-12-2.1 kgraft-patch-4_4_103-6_38-default-debuginfo-12-2.1 kgraft-patch-4_4_114-94_11-default-10-2.1 kgraft-patch-4_4_114-94_11-default-debuginfo-10-2.1 kgraft-patch-4_4_114-94_14-default-10-2.1 kgraft-patch-4_4_114-94_14-default-debuginfo-10-2.1 kgraft-patch-4_4_120-94_17-default-9-2.1 kgraft-patch-4_4_120-94_17-default-debuginfo-9-2.1 kgraft-patch-4_4_126-94_22-default-9-2.1 kgraft-patch-4_4_126-94_22-default-debuginfo-9-2.1 kgraft-patch-4_4_131-94_29-default-7-2.1 kgraft-patch-4_4_131-94_29-default-debuginfo-7-2.1 kgraft-patch-4_4_132-94_33-default-7-2.1 kgraft-patch-4_4_132-94_33-default-debuginfo-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-5848.html https://bugzilla.suse.com/1115339 From sle-security-updates at lists.suse.com Thu Dec 20 19:09:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Dec 2018 03:09:19 +0100 (CET) Subject: SUSE-SU-2018:4209-1: important: Security update for yast2-rmt Message-ID: <20181221020919.6E237FD43@maintenance.suse.de> SUSE Security Update: Security update for yast2-rmt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4209-1 Rating: important References: #1117602 Cross-References: CVE-2018-17957 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for yast2-rmt to version 1.1.12 fixes the following issues: Security issue fixed: - CVE-2018-17957: Secure MySQL credentials by not exposing them on the command line (bsc#1117602) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-3012=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): yast2-rmt-1.1.2-3.11.1 References: https://www.suse.com/security/cve/CVE-2018-17957.html https://bugzilla.suse.com/1117602 From sle-security-updates at lists.suse.com Thu Dec 20 19:09:51 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Dec 2018 03:09:51 +0100 (CET) Subject: SUSE-SU-2018:4210-1: moderate: Security update for libqt5-qtbase Message-ID: <20181221020951.6D3BFFD43@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4210-1 Rating: moderate References: #1118595 #1118596 Cross-References: CVE-2018-15518 CVE-2018-19873 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-3013=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libQt5Core5-5.5.1-8.3.1 libQt5Core5-debuginfo-5.5.1-8.3.1 libQt5DBus5-5.5.1-8.3.1 libQt5DBus5-debuginfo-5.5.1-8.3.1 libQt5Gui5-5.5.1-8.3.1 libQt5Gui5-debuginfo-5.5.1-8.3.1 libQt5Network5-5.5.1-8.3.1 libQt5Network5-debuginfo-5.5.1-8.3.1 libQt5Widgets5-5.5.1-8.3.1 libQt5Widgets5-debuginfo-5.5.1-8.3.1 libqt5-qtbase-debugsource-5.5.1-8.3.1 References: https://www.suse.com/security/cve/CVE-2018-15518.html https://www.suse.com/security/cve/CVE-2018-19873.html https://bugzilla.suse.com/1118595 https://bugzilla.suse.com/1118596 From sle-security-updates at lists.suse.com Thu Dec 20 19:10:36 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Dec 2018 03:10:36 +0100 (CET) Subject: SUSE-SU-2018:4211-1: important: Security update for mariadb Message-ID: <20181221021036.9626AFD43@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4211-1 Rating: important References: #1013882 #1101676 #1101677 #1101678 #1103342 #1112368 #1112397 #1112417 #1112421 #1112432 #1116686 #1118754 Cross-References: CVE-2016-9843 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for mariadb fixes the following issues: Update to MariaDB 10.0.37 GA (bsc#1116686). Security issues fixed: - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: - Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency) Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10037-release-notes - https://kb.askmonty.org/en/mariadb-10037-changelog - https://kb.askmonty.org/en/mariadb-10036-release-notes - https://kb.askmonty.org/en/mariadb-10036-changelog Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2018-3022=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-3022=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-3022=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-3022=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libmysqlclient_r18-10.0.37-2.3.1 libmysqlclient_r18-32bit-10.0.37-2.3.1 mariadb-100-debuginfo-10.0.37-2.3.1 mariadb-100-debugsource-10.0.37-2.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.37-2.3.1 libmysqlclient_r18-10.0.37-2.3.1 libmysqld-devel-10.0.37-2.3.1 libmysqld18-10.0.37-2.3.1 libmysqld18-debuginfo-10.0.37-2.3.1 mariadb-100-debuginfo-10.0.37-2.3.1 mariadb-100-debugsource-10.0.37-2.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libmysqlclient18-10.0.37-2.3.1 libmysqlclient18-debuginfo-10.0.37-2.3.1 mariadb-100-debuginfo-10.0.37-2.3.1 mariadb-100-debugsource-10.0.37-2.3.1 mariadb-100-errormessages-10.0.37-2.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libmysqlclient18-32bit-10.0.37-2.3.1 libmysqlclient18-debuginfo-32bit-10.0.37-2.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libmysqlclient18-10.0.37-2.3.1 libmysqlclient18-32bit-10.0.37-2.3.1 libmysqlclient18-debuginfo-10.0.37-2.3.1 libmysqlclient18-debuginfo-32bit-10.0.37-2.3.1 libmysqlclient_r18-10.0.37-2.3.1 libmysqlclient_r18-32bit-10.0.37-2.3.1 mariadb-100-debuginfo-10.0.37-2.3.1 mariadb-100-debugsource-10.0.37-2.3.1 mariadb-100-errormessages-10.0.37-2.3.1 References: https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2018-3058.html https://www.suse.com/security/cve/CVE-2018-3063.html https://www.suse.com/security/cve/CVE-2018-3064.html https://www.suse.com/security/cve/CVE-2018-3066.html https://www.suse.com/security/cve/CVE-2018-3143.html https://www.suse.com/security/cve/CVE-2018-3156.html https://www.suse.com/security/cve/CVE-2018-3174.html https://www.suse.com/security/cve/CVE-2018-3251.html https://www.suse.com/security/cve/CVE-2018-3282.html https://bugzilla.suse.com/1013882 https://bugzilla.suse.com/1101676 https://bugzilla.suse.com/1101677 https://bugzilla.suse.com/1101678 https://bugzilla.suse.com/1103342 https://bugzilla.suse.com/1112368 https://bugzilla.suse.com/1112397 https://bugzilla.suse.com/1112417 https://bugzilla.suse.com/1112421 https://bugzilla.suse.com/1112432 https://bugzilla.suse.com/1116686 https://bugzilla.suse.com/1118754 From sle-security-updates at lists.suse.com Fri Dec 21 04:11:16 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Dec 2018 12:11:16 +0100 (CET) Subject: SUSE-SU-2018:4214-1: important: Security update for netatalk Message-ID: <20181221111116.37875FD43@maintenance.suse.de> SUSE Security Update: Security update for netatalk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4214-1 Rating: important References: #1119540 Cross-References: CVE-2018-1160 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for netatalk fixes the following issues: Security issue fixed: - CVE-2018-1160 Fixed a missing bounds check in the handling of the DSI OPEN SESSION request, which allowed an unauthenticated to overwrite memory with data of their choice leading for arbitrary code execution with root privileges. (bsc#1119540) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-netatalk-13915=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-netatalk-13915=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): netatalk-2.0.3-249.23.3.1 netatalk-devel-2.0.3-249.23.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): netatalk-debuginfo-2.0.3-249.23.3.1 netatalk-debugsource-2.0.3-249.23.3.1 References: https://www.suse.com/security/cve/CVE-2018-1160.html https://bugzilla.suse.com/1119540 From sle-security-updates at lists.suse.com Fri Dec 21 07:08:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Dec 2018 15:08:56 +0100 (CET) Subject: SUSE-SU-2018:4215-1: moderate: Security update for enigmail Message-ID: <20181221140856.7B687FD43@maintenance.suse.de> SUSE Security Update: Security update for enigmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4215-1 Rating: moderate References: #1118935 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for enigmail to version 2.0.9 fixes the following issues: Security issue fixed: - When using Web Key Discovery, a HTTP authentication may be triggered. This may trick users into possibly sending e-mail credentials (bsc#1118935). Non-security issues fixed: - pEp - PGP/MIME signed-only messages are ignored - Autocrypt overrules manually created Per-Recipient Rules - "Re:" prefix on subject line disappears when editing encrypted, saved draft Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2018-3024=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): enigmail-2.0.9-3.13.1 References: https://bugzilla.suse.com/1118935 From sle-security-updates at lists.suse.com Fri Dec 21 10:09:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Dec 2018 18:09:17 +0100 (CET) Subject: SUSE-SU-2018:4217-1: important: Security update for netatalk Message-ID: <20181221170917.A268CFD43@maintenance.suse.de> SUSE Security Update: Security update for netatalk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4217-1 Rating: important References: #1119540 Cross-References: CVE-2018-1160 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for netatalk fixes the following issues: Security issue fixed: - CVE-2018-1160 Fixed a missing bounds check in the handling of the DSI OPEN SESSION request, which allowed an unauthenticated to overwrite memory with data of their choice leading to arbitrary code execution with root privileges. (bsc#1119540) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2018-3027=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-3027=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-3027=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-3027=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-3027=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-3027=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libatalk12-3.1.0-3.3.1 libatalk12-debuginfo-3.1.0-3.3.1 netatalk-3.1.0-3.3.1 netatalk-debuginfo-3.1.0-3.3.1 netatalk-debugsource-3.1.0-3.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libatalk12-3.1.0-3.3.1 libatalk12-debuginfo-3.1.0-3.3.1 netatalk-3.1.0-3.3.1 netatalk-debuginfo-3.1.0-3.3.1 netatalk-debugsource-3.1.0-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libatalk12-3.1.0-3.3.1 libatalk12-debuginfo-3.1.0-3.3.1 netatalk-3.1.0-3.3.1 netatalk-debuginfo-3.1.0-3.3.1 netatalk-debugsource-3.1.0-3.3.1 netatalk-devel-3.1.0-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libatalk12-3.1.0-3.3.1 libatalk12-debuginfo-3.1.0-3.3.1 netatalk-3.1.0-3.3.1 netatalk-debuginfo-3.1.0-3.3.1 netatalk-debugsource-3.1.0-3.3.1 netatalk-devel-3.1.0-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libatalk12-3.1.0-3.3.1 libatalk12-debuginfo-3.1.0-3.3.1 netatalk-3.1.0-3.3.1 netatalk-debuginfo-3.1.0-3.3.1 netatalk-debugsource-3.1.0-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libatalk12-3.1.0-3.3.1 libatalk12-debuginfo-3.1.0-3.3.1 netatalk-3.1.0-3.3.1 netatalk-debuginfo-3.1.0-3.3.1 netatalk-debugsource-3.1.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-1160.html https://bugzilla.suse.com/1119540 From sle-security-updates at lists.suse.com Fri Dec 21 10:09:53 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Dec 2018 18:09:53 +0100 (CET) Subject: SUSE-SU-2018:4218-1: important: Security update for buildah, caasp-cli, caasp-dex, cni-plugins, container-feeder, containerd-kubic, cri-o, cri-tools, docker-kubic, docker-runc-kubic, etcd, flannel, golang-github-docker-libnetwork-kubic, helm, kubernetes, kubernetes-dns, libcontainers-storage, podman, runc, skopeo, umoci Message-ID: <20181221170953.90228FD43@maintenance.suse.de> SUSE Security Update: Security update for buildah, caasp-cli, caasp-dex, cni-plugins, container-feeder, containerd-kubic, cri-o, cri-tools, docker-kubic, docker-runc-kubic, etcd, flannel, golang-github-docker-libnetwork-kubic, helm, kubernetes, kubernetes-dns, libcontainers-storage, podman, runc, skopeo, umoci ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4218-1 Rating: important References: #1118897 #1118898 #1118899 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for buildah, caasp-cli, caasp-dex, cni-plugins, container-feeder, containerd-kubic, cri-o, cri-tools, docker-kubic, docker-runc-kubic, etcd, flannel, golang-github-docker-libnetwork-kubic, helm, kubernetes, kubernetes-dns, libcontainers-storage, podman, runc, skopeo, umoci fixes the following issues: - Require golang = 1.10 to fix: * bsc#1118897 CVE-2018-16873 go#29230 cmd/go: remote command execution during "go get -u" * bsc#1118898 CVE-2018-16874 go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths * bsc#1118899 CVE-2018-16875 go#29233 crypto/x509: CPU denial of service Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): caasp-cli-3.0.0+20180515.git_r38_7843d12-3.3.1 cni-plugins-0.6.0-4.3.1 container-feeder-3.0.0+20181105.git_r90_c54fd18-3.9.1 containerd-kubic-0.2.9+gitr706_06b9cb351610-5.3.1 containerd-kubic-debuginfo-0.2.9+gitr706_06b9cb351610-5.3.1 containerd-kubic-debugsource-0.2.9+gitr706_06b9cb351610-5.3.1 cri-o-1.10.6-4.11.1 cri-tools-1.0.0beta2-3.6.1 docker-kubic-17.09.1_ce-7.3.1 docker-kubic-debuginfo-17.09.1_ce-7.3.1 docker-kubic-debugsource-17.09.1_ce-7.3.1 docker-libnetwork-kubic-0.7.0.1+gitr2066_7b2b1feb1de4-3.3.1 docker-libnetwork-kubic-debuginfo-0.7.0.1+gitr2066_7b2b1feb1de4-3.3.1 docker-runc-kubic-1.0.0rc4+gitr3338_3f2f8b84a77f-5.3.1 docker-runc-kubic-debuginfo-1.0.0rc4+gitr3338_3f2f8b84a77f-5.3.1 docker-runc-kubic-debugsource-1.0.0rc4+gitr3338_3f2f8b84a77f-5.3.1 etcd-3.3.1-3.3.1 etcdctl-3.3.1-3.3.1 golang-github-docker-libnetwork-kubic-debugsource-0.7.0.1+gitr2066_7b2b1feb1de4-3.3.1 helm-2.8.2-3.3.1 kubernetes-client-1.10.11-4.11.1 kubernetes-common-1.10.11-4.11.1 kubernetes-kubelet-1.10.11-4.11.1 kubernetes-master-1.10.11-4.11.1 kubernetes-node-1.10.11-4.11.1 libcontainers-storage-0+git26204-3.3.1 podman-0.8.5-3.6.1 runc-1.0.0~rc5-3.3.1 runc-debuginfo-1.0.0~rc5-3.3.1 runc-debugsource-1.0.0~rc5-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 From sle-security-updates at lists.suse.com Fri Dec 21 16:09:10 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 22 Dec 2018 00:09:10 +0100 (CET) Subject: SUSE-SU-2018:4235-1: important: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Message-ID: <20181221230910.858D9FD43@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4235-1 Rating: important References: #1097410 #1106873 #1119069 #1119105 Cross-References: CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-3044=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-3044=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-3044=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.4.0-3.21.1 MozillaFirefox-debuginfo-60.4.0-3.21.1 MozillaFirefox-debugsource-60.4.0-3.21.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.4.0-3.21.1 MozillaFirefox-debuginfo-60.4.0-3.21.1 MozillaFirefox-debugsource-60.4.0-3.21.1 MozillaFirefox-devel-60.4.0-3.21.1 MozillaFirefox-translations-common-60.4.0-3.21.1 MozillaFirefox-translations-other-60.4.0-3.21.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libfreebl3-3.40.1-3.7.2 libfreebl3-debuginfo-3.40.1-3.7.2 libsoftokn3-3.40.1-3.7.2 libsoftokn3-debuginfo-3.40.1-3.7.2 mozilla-nspr-4.20-3.3.2 mozilla-nspr-debuginfo-4.20-3.3.2 mozilla-nspr-debugsource-4.20-3.3.2 mozilla-nspr-devel-4.20-3.3.2 mozilla-nss-3.40.1-3.7.2 mozilla-nss-certs-3.40.1-3.7.2 mozilla-nss-certs-debuginfo-3.40.1-3.7.2 mozilla-nss-debuginfo-3.40.1-3.7.2 mozilla-nss-debugsource-3.40.1-3.7.2 mozilla-nss-devel-3.40.1-3.7.2 mozilla-nss-sysinit-3.40.1-3.7.2 mozilla-nss-sysinit-debuginfo-3.40.1-3.7.2 mozilla-nss-tools-3.40.1-3.7.2 mozilla-nss-tools-debuginfo-3.40.1-3.7.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libfreebl3-32bit-3.40.1-3.7.2 libfreebl3-32bit-debuginfo-3.40.1-3.7.2 libsoftokn3-32bit-3.40.1-3.7.2 libsoftokn3-32bit-debuginfo-3.40.1-3.7.2 mozilla-nspr-32bit-4.20-3.3.2 mozilla-nspr-32bit-debuginfo-4.20-3.3.2 mozilla-nss-32bit-3.40.1-3.7.2 mozilla-nss-32bit-debuginfo-3.40.1-3.7.2 mozilla-nss-certs-32bit-3.40.1-3.7.2 mozilla-nss-certs-32bit-debuginfo-3.40.1-3.7.2 References: https://www.suse.com/security/cve/CVE-2018-0495.html https://www.suse.com/security/cve/CVE-2018-12384.html https://www.suse.com/security/cve/CVE-2018-12404.html https://www.suse.com/security/cve/CVE-2018-12405.html https://www.suse.com/security/cve/CVE-2018-17466.html https://www.suse.com/security/cve/CVE-2018-18492.html https://www.suse.com/security/cve/CVE-2018-18493.html https://www.suse.com/security/cve/CVE-2018-18494.html https://www.suse.com/security/cve/CVE-2018-18498.html https://bugzilla.suse.com/1097410 https://bugzilla.suse.com/1106873 https://bugzilla.suse.com/1119069 https://bugzilla.suse.com/1119105 From sle-security-updates at lists.suse.com Fri Dec 21 16:10:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 22 Dec 2018 00:10:19 +0100 (CET) Subject: SUSE-SU-2018:4236-1: important: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Message-ID: <20181221231019.7E363FD43@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4236-1 Rating: important References: #1097410 #1106873 #1119069 #1119105 Cross-References: CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-3045=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-3045=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-3045=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-3045=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-3045=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-3045=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-3045=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-3045=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-3045=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-3045=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-3045=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-3045=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-3045=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.4.0esr-109.55.1 MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-devel-60.4.0esr-109.55.1 MozillaFirefox-translations-common-60.4.0esr-109.55.1 libfreebl3-3.40.1-58.18.1 libfreebl3-32bit-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libfreebl3-debuginfo-32bit-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-32bit-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 libsoftokn3-debuginfo-32bit-3.40.1-58.18.1 mozilla-nspr-32bit-4.20-19.6.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-32bit-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-32bit-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-32bit-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-sysinit-3.40.1-58.18.1 mozilla-nss-sysinit-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-tools-3.40.1-58.18.1 mozilla-nss-tools-debuginfo-3.40.1-58.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-devel-60.4.0esr-109.55.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nspr-devel-4.20-19.6.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-devel-3.40.1-58.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-devel-60.4.0esr-109.55.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nspr-devel-4.20-19.6.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-devel-3.40.1-58.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.4.0esr-109.55.1 MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-devel-60.4.0esr-109.55.1 MozillaFirefox-translations-common-60.4.0esr-109.55.1 libfreebl3-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-sysinit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1 mozilla-nss-tools-3.40.1-58.18.1 mozilla-nss-tools-debuginfo-3.40.1-58.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libfreebl3-32bit-3.40.1-58.18.1 libfreebl3-debuginfo-32bit-3.40.1-58.18.1 libsoftokn3-32bit-3.40.1-58.18.1 libsoftokn3-debuginfo-32bit-3.40.1-58.18.1 mozilla-nspr-32bit-4.20-19.6.1 mozilla-nspr-debuginfo-32bit-4.20-19.6.1 mozilla-nss-32bit-3.40.1-58.18.1 mozilla-nss-certs-32bit-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.4.0esr-109.55.1 MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-translations-common-60.4.0esr-109.55.1 libfreebl3-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-sysinit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1 mozilla-nss-tools-3.40.1-58.18.1 mozilla-nss-tools-debuginfo-3.40.1-58.18.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libfreebl3-32bit-3.40.1-58.18.1 libfreebl3-debuginfo-32bit-3.40.1-58.18.1 libsoftokn3-32bit-3.40.1-58.18.1 libsoftokn3-debuginfo-32bit-3.40.1-58.18.1 mozilla-nspr-32bit-4.20-19.6.1 mozilla-nspr-debuginfo-32bit-4.20-19.6.1 mozilla-nss-32bit-3.40.1-58.18.1 mozilla-nss-certs-32bit-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.4.0esr-109.55.1 MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-translations-common-60.4.0esr-109.55.1 libfreebl3-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-sysinit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1 mozilla-nss-tools-3.40.1-58.18.1 mozilla-nss-tools-debuginfo-3.40.1-58.18.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libfreebl3-32bit-3.40.1-58.18.1 libfreebl3-debuginfo-32bit-3.40.1-58.18.1 libsoftokn3-32bit-3.40.1-58.18.1 libsoftokn3-debuginfo-32bit-3.40.1-58.18.1 mozilla-nspr-32bit-4.20-19.6.1 mozilla-nspr-debuginfo-32bit-4.20-19.6.1 mozilla-nss-32bit-3.40.1-58.18.1 mozilla-nss-certs-32bit-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.4.0esr-109.55.1 MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-devel-60.4.0esr-109.55.1 MozillaFirefox-translations-common-60.4.0esr-109.55.1 libfreebl3-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-sysinit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1 mozilla-nss-tools-3.40.1-58.18.1 mozilla-nss-tools-debuginfo-3.40.1-58.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.40.1-58.18.1 libfreebl3-debuginfo-32bit-3.40.1-58.18.1 libsoftokn3-32bit-3.40.1-58.18.1 libsoftokn3-debuginfo-32bit-3.40.1-58.18.1 mozilla-nspr-32bit-4.20-19.6.1 mozilla-nspr-debuginfo-32bit-4.20-19.6.1 mozilla-nss-32bit-3.40.1-58.18.1 mozilla-nss-certs-32bit-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-60.4.0esr-109.55.1 MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-devel-60.4.0esr-109.55.1 MozillaFirefox-translations-common-60.4.0esr-109.55.1 libfreebl3-3.40.1-58.18.1 libfreebl3-32bit-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libfreebl3-debuginfo-32bit-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-32bit-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 libsoftokn3-debuginfo-32bit-3.40.1-58.18.1 mozilla-nspr-32bit-4.20-19.6.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-32bit-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-32bit-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-32bit-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-sysinit-3.40.1-58.18.1 mozilla-nss-sysinit-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-tools-3.40.1-58.18.1 mozilla-nss-tools-debuginfo-3.40.1-58.18.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.4.0esr-109.55.1 MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-devel-60.4.0esr-109.55.1 MozillaFirefox-translations-common-60.4.0esr-109.55.1 libfreebl3-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nspr-devel-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-devel-3.40.1-58.18.1 mozilla-nss-sysinit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1 mozilla-nss-tools-3.40.1-58.18.1 mozilla-nss-tools-debuginfo-3.40.1-58.18.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libfreebl3-32bit-3.40.1-58.18.1 libfreebl3-debuginfo-32bit-3.40.1-58.18.1 libsoftokn3-32bit-3.40.1-58.18.1 libsoftokn3-debuginfo-32bit-3.40.1-58.18.1 mozilla-nspr-32bit-4.20-19.6.1 mozilla-nspr-debuginfo-32bit-4.20-19.6.1 mozilla-nss-32bit-3.40.1-58.18.1 mozilla-nss-certs-32bit-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.4.0esr-109.55.1 MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-devel-60.4.0esr-109.55.1 MozillaFirefox-translations-common-60.4.0esr-109.55.1 libfreebl3-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nspr-devel-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-devel-3.40.1-58.18.1 mozilla-nss-sysinit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1 mozilla-nss-tools-3.40.1-58.18.1 mozilla-nss-tools-debuginfo-3.40.1-58.18.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libfreebl3-32bit-3.40.1-58.18.1 libfreebl3-debuginfo-32bit-3.40.1-58.18.1 libsoftokn3-32bit-3.40.1-58.18.1 libsoftokn3-debuginfo-32bit-3.40.1-58.18.1 mozilla-nspr-32bit-4.20-19.6.1 mozilla-nspr-debuginfo-32bit-4.20-19.6.1 mozilla-nss-32bit-3.40.1-58.18.1 mozilla-nss-certs-32bit-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.4.0esr-109.55.1 MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-translations-common-60.4.0esr-109.55.1 libfreebl3-3.40.1-58.18.1 libfreebl3-32bit-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libfreebl3-debuginfo-32bit-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-32bit-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 libsoftokn3-debuginfo-32bit-3.40.1-58.18.1 mozilla-nspr-32bit-4.20-19.6.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-32bit-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-32bit-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-32bit-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-sysinit-3.40.1-58.18.1 mozilla-nss-sysinit-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-tools-3.40.1-58.18.1 mozilla-nss-tools-debuginfo-3.40.1-58.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-60.4.0esr-109.55.1 MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-translations-common-60.4.0esr-109.55.1 libfreebl3-3.40.1-58.18.1 libfreebl3-32bit-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libfreebl3-debuginfo-32bit-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-32bit-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 libsoftokn3-debuginfo-32bit-3.40.1-58.18.1 mozilla-nspr-32bit-4.20-19.6.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-32bit-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-32bit-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-32bit-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-sysinit-3.40.1-58.18.1 mozilla-nss-sysinit-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-tools-3.40.1-58.18.1 mozilla-nss-tools-debuginfo-3.40.1-58.18.1 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.4.0esr-109.55.1 MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-devel-60.4.0esr-109.55.1 MozillaFirefox-translations-common-60.4.0esr-109.55.1 libfreebl3-3.40.1-58.18.1 libfreebl3-32bit-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libfreebl3-debuginfo-32bit-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-32bit-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 libsoftokn3-debuginfo-32bit-3.40.1-58.18.1 mozilla-nspr-32bit-4.20-19.6.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-32bit-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-32bit-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-32bit-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-sysinit-3.40.1-58.18.1 mozilla-nss-sysinit-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-tools-3.40.1-58.18.1 mozilla-nss-tools-debuginfo-3.40.1-58.18.1 - SUSE CaaS Platform ALL (x86_64): libfreebl3-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 - SUSE CaaS Platform 3.0 (x86_64): libfreebl3-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 References: https://www.suse.com/security/cve/CVE-2018-0495.html https://www.suse.com/security/cve/CVE-2018-12384.html https://www.suse.com/security/cve/CVE-2018-12404.html https://www.suse.com/security/cve/CVE-2018-12405.html https://www.suse.com/security/cve/CVE-2018-17466.html https://www.suse.com/security/cve/CVE-2018-18492.html https://www.suse.com/security/cve/CVE-2018-18493.html https://www.suse.com/security/cve/CVE-2018-18494.html https://www.suse.com/security/cve/CVE-2018-18498.html https://bugzilla.suse.com/1097410 https://bugzilla.suse.com/1106873 https://bugzilla.suse.com/1119069 https://bugzilla.suse.com/1119105 From sle-security-updates at lists.suse.com Sat Dec 22 07:09:07 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 22 Dec 2018 15:09:07 +0100 (CET) Subject: SUSE-SU-2018:4237-1: moderate: Security update for qemu Message-ID: <20181222140907.EB7F0FD43@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4237-1 Rating: moderate References: #1106222 #1110910 #1111006 #1111010 #1111013 #1114422 Cross-References: CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-3047=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-3047=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-3047=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-3047=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-3047=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): qemu-2.6.2-41.46.2 qemu-block-curl-2.6.2-41.46.2 qemu-block-curl-debuginfo-2.6.2-41.46.2 qemu-block-ssh-2.6.2-41.46.2 qemu-block-ssh-debuginfo-2.6.2-41.46.2 qemu-debugsource-2.6.2-41.46.2 qemu-guest-agent-2.6.2-41.46.2 qemu-guest-agent-debuginfo-2.6.2-41.46.2 qemu-kvm-2.6.2-41.46.2 qemu-lang-2.6.2-41.46.2 qemu-tools-2.6.2-41.46.2 qemu-tools-debuginfo-2.6.2-41.46.2 - SUSE OpenStack Cloud 7 (x86_64): qemu-block-rbd-2.6.2-41.46.2 qemu-block-rbd-debuginfo-2.6.2-41.46.2 qemu-x86-2.6.2-41.46.2 qemu-x86-debuginfo-2.6.2-41.46.2 - SUSE OpenStack Cloud 7 (noarch): qemu-ipxe-1.0.0-41.46.2 qemu-seabios-1.9.1-41.46.2 qemu-sgabios-8-41.46.2 qemu-vgabios-1.9.1-41.46.2 - SUSE OpenStack Cloud 7 (s390x): qemu-s390-2.6.2-41.46.2 qemu-s390-debuginfo-2.6.2-41.46.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): qemu-2.6.2-41.46.2 qemu-block-curl-2.6.2-41.46.2 qemu-block-curl-debuginfo-2.6.2-41.46.2 qemu-block-ssh-2.6.2-41.46.2 qemu-block-ssh-debuginfo-2.6.2-41.46.2 qemu-debugsource-2.6.2-41.46.2 qemu-guest-agent-2.6.2-41.46.2 qemu-guest-agent-debuginfo-2.6.2-41.46.2 qemu-lang-2.6.2-41.46.2 qemu-tools-2.6.2-41.46.2 qemu-tools-debuginfo-2.6.2-41.46.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): qemu-ppc-2.6.2-41.46.2 qemu-ppc-debuginfo-2.6.2-41.46.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): qemu-block-rbd-2.6.2-41.46.2 qemu-block-rbd-debuginfo-2.6.2-41.46.2 qemu-kvm-2.6.2-41.46.2 qemu-x86-2.6.2-41.46.2 qemu-x86-debuginfo-2.6.2-41.46.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): qemu-ipxe-1.0.0-41.46.2 qemu-seabios-1.9.1-41.46.2 qemu-sgabios-8-41.46.2 qemu-vgabios-1.9.1-41.46.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): qemu-2.6.2-41.46.2 qemu-block-curl-2.6.2-41.46.2 qemu-block-curl-debuginfo-2.6.2-41.46.2 qemu-block-ssh-2.6.2-41.46.2 qemu-block-ssh-debuginfo-2.6.2-41.46.2 qemu-debugsource-2.6.2-41.46.2 qemu-guest-agent-2.6.2-41.46.2 qemu-guest-agent-debuginfo-2.6.2-41.46.2 qemu-lang-2.6.2-41.46.2 qemu-tools-2.6.2-41.46.2 qemu-tools-debuginfo-2.6.2-41.46.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): qemu-kvm-2.6.2-41.46.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le): qemu-ppc-2.6.2-41.46.2 qemu-ppc-debuginfo-2.6.2-41.46.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): qemu-ipxe-1.0.0-41.46.2 qemu-seabios-1.9.1-41.46.2 qemu-sgabios-8-41.46.2 qemu-vgabios-1.9.1-41.46.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): qemu-block-rbd-2.6.2-41.46.2 qemu-block-rbd-debuginfo-2.6.2-41.46.2 qemu-x86-2.6.2-41.46.2 qemu-x86-debuginfo-2.6.2-41.46.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): qemu-s390-2.6.2-41.46.2 qemu-s390-debuginfo-2.6.2-41.46.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): qemu-ipxe-1.0.0-41.46.2 qemu-seabios-1.9.1-41.46.2 qemu-sgabios-8-41.46.2 qemu-vgabios-1.9.1-41.46.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): qemu-2.6.2-41.46.2 qemu-block-curl-2.6.2-41.46.2 qemu-block-curl-debuginfo-2.6.2-41.46.2 qemu-block-rbd-2.6.2-41.46.2 qemu-block-rbd-debuginfo-2.6.2-41.46.2 qemu-block-ssh-2.6.2-41.46.2 qemu-block-ssh-debuginfo-2.6.2-41.46.2 qemu-debugsource-2.6.2-41.46.2 qemu-guest-agent-2.6.2-41.46.2 qemu-guest-agent-debuginfo-2.6.2-41.46.2 qemu-kvm-2.6.2-41.46.2 qemu-lang-2.6.2-41.46.2 qemu-tools-2.6.2-41.46.2 qemu-tools-debuginfo-2.6.2-41.46.2 qemu-x86-2.6.2-41.46.2 qemu-x86-debuginfo-2.6.2-41.46.2 - SUSE Enterprise Storage 4 (x86_64): qemu-2.6.2-41.46.2 qemu-block-curl-2.6.2-41.46.2 qemu-block-curl-debuginfo-2.6.2-41.46.2 qemu-block-rbd-2.6.2-41.46.2 qemu-block-rbd-debuginfo-2.6.2-41.46.2 qemu-block-ssh-2.6.2-41.46.2 qemu-block-ssh-debuginfo-2.6.2-41.46.2 qemu-debugsource-2.6.2-41.46.2 qemu-guest-agent-2.6.2-41.46.2 qemu-guest-agent-debuginfo-2.6.2-41.46.2 qemu-kvm-2.6.2-41.46.2 qemu-lang-2.6.2-41.46.2 qemu-tools-2.6.2-41.46.2 qemu-tools-debuginfo-2.6.2-41.46.2 qemu-x86-2.6.2-41.46.2 qemu-x86-debuginfo-2.6.2-41.46.2 - SUSE Enterprise Storage 4 (noarch): qemu-ipxe-1.0.0-41.46.2 qemu-seabios-1.9.1-41.46.2 qemu-sgabios-8-41.46.2 qemu-vgabios-1.9.1-41.46.2 References: https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-15746.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18849.html https://bugzilla.suse.com/1106222 https://bugzilla.suse.com/1110910 https://bugzilla.suse.com/1111006 https://bugzilla.suse.com/1111010 https://bugzilla.suse.com/1111013 https://bugzilla.suse.com/1114422 From sle-security-updates at lists.suse.com Sat Dec 22 07:10:28 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 22 Dec 2018 15:10:28 +0100 (CET) Subject: SUSE-SU-2018:4238-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15) Message-ID: <20181222141028.72837FD43@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4238-1 Rating: important References: #1097356 #1118319 Cross-References: CVE-2018-5848 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-23 fixes several issues. The following security issues were fixed: - CVE-2018-9568: Prevent possible memory corruption due to type confusion in sk_clone_lock. This could lead to local privilege escalation (bsc#1118319). - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-3046=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-23-default-7-19.2 kernel-livepatch-4_12_14-23-default-debuginfo-7-19.2 kernel-livepatch-SLE15_Update_0-debugsource-7-19.2 References: https://www.suse.com/security/cve/CVE-2018-5848.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1097356 https://bugzilla.suse.com/1118319 From sle-security-updates at lists.suse.com Thu Dec 27 04:09:48 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 27 Dec 2018 12:09:48 +0100 (CET) Subject: SUSE-SU-2018:4274-1: moderate: Security update for openssl Message-ID: <20181227110948.5818EFD43@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4274-1 Rating: moderate References: #1104789 #1110018 #1113534 #1113652 Cross-References: CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the "One and Done" side-channel attack on RSA (bsc#1104789). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-openssl-13918=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openssl-13918=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssl-13918=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openssl-13918=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-13918=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-13918=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-13918=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.106.18.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.106.18.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libopenssl-devel-32bit-0.9.8j-0.106.18.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.106.18.1 libopenssl0_9_8-hmac-0.9.8j-0.106.18.1 openssl-0.9.8j-0.106.18.1 openssl-doc-0.9.8j-0.106.18.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.106.18.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libopenssl0_9_8-x86-0.9.8j-0.106.18.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.106.18.1 libopenssl0_9_8-0.9.8j-0.106.18.1 libopenssl0_9_8-hmac-0.9.8j-0.106.18.1 openssl-0.9.8j-0.106.18.1 openssl-doc-0.9.8j-0.106.18.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.106.18.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libopenssl-devel-0.9.8j-0.106.18.1 libopenssl0_9_8-0.9.8j-0.106.18.1 libopenssl0_9_8-hmac-0.9.8j-0.106.18.1 openssl-0.9.8j-0.106.18.1 openssl-doc-0.9.8j-0.106.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.18.1 openssl-debugsource-0.9.8j-0.106.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.18.1 openssl-debugsource-0.9.8j-0.106.18.1 References: https://www.suse.com/security/cve/CVE-2016-8610.html https://www.suse.com/security/cve/CVE-2018-0734.html https://www.suse.com/security/cve/CVE-2018-5407.html https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1110018 https://bugzilla.suse.com/1113534 https://bugzilla.suse.com/1113652 From sle-security-updates at lists.suse.com Fri Dec 28 16:08:56 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 29 Dec 2018 00:08:56 +0100 (CET) Subject: SUSE-SU-2018:4294-1: moderate: Security update for libqt5-qtbase Message-ID: <20181228230856.392FCFD4B@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4294-1 Rating: moderate References: #1118595 #1118596 Cross-References: CVE-2018-15518 CVE-2018-19873 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-3065=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libQt5Core5-5.3.1-4.7.2 libQt5Core5-debuginfo-5.3.1-4.7.2 libQt5DBus5-5.3.1-4.7.2 libQt5DBus5-debuginfo-5.3.1-4.7.2 libQt5Gui5-5.3.1-4.7.2 libQt5Gui5-debuginfo-5.3.1-4.7.2 libQt5Widgets5-5.3.1-4.7.2 libQt5Widgets5-debuginfo-5.3.1-4.7.2 libqt5-qtbase-debugsource-5.3.1-4.7.2 References: https://www.suse.com/security/cve/CVE-2018-15518.html https://www.suse.com/security/cve/CVE-2018-19873.html https://bugzilla.suse.com/1118595 https://bugzilla.suse.com/1118596 From sle-security-updates at lists.suse.com Fri Dec 28 16:09:39 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 29 Dec 2018 00:09:39 +0100 (CET) Subject: SUSE-SU-2018:4295-1: moderate: Security update for wireshark Message-ID: <20181228230939.D8A21FD4B@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4295-1 Rating: moderate References: #1117740 Cross-References: CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Update to Wireshark 2.4.11 (bsc#1117740). Security issues fixed: - CVE-2018-19625: The Wireshark dissection engine could crash (wnpa-sec-2018-51) - CVE-2018-19626: The DCOM dissector could crash (wnpa-sec-2018-52) - CVE-2018-19623: The LBMPDM dissector could crash (wnpa-sec-2018-53) - CVE-2018-19622: The MMSE dissector could go into an infinite loop (wnpa-sec-2018-54) - CVE-2018-19627: The IxVeriWave file parser could crash (wnpa-sec-2018-55) - CVE-2018-19624: The PVFS dissector could crash (wnpa-sec-2018-56) Further bug fixes and updated protocol support as listed in: - https://www.wireshark.org/docs/relnotes/wireshark-2.4.11.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-3066=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-3066=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.11-3.15.1 wireshark-debugsource-2.4.11-3.15.1 wireshark-devel-2.4.11-3.15.1 wireshark-ui-qt-2.4.11-3.15.1 wireshark-ui-qt-debuginfo-2.4.11-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.11-3.15.1 libwireshark9-debuginfo-2.4.11-3.15.1 libwiretap7-2.4.11-3.15.1 libwiretap7-debuginfo-2.4.11-3.15.1 libwscodecs1-2.4.11-3.15.1 libwscodecs1-debuginfo-2.4.11-3.15.1 libwsutil8-2.4.11-3.15.1 libwsutil8-debuginfo-2.4.11-3.15.1 wireshark-2.4.11-3.15.1 wireshark-debuginfo-2.4.11-3.15.1 wireshark-debugsource-2.4.11-3.15.1 References: https://www.suse.com/security/cve/CVE-2018-19622.html https://www.suse.com/security/cve/CVE-2018-19623.html https://www.suse.com/security/cve/CVE-2018-19624.html https://www.suse.com/security/cve/CVE-2018-19625.html https://www.suse.com/security/cve/CVE-2018-19626.html https://www.suse.com/security/cve/CVE-2018-19627.html https://bugzilla.suse.com/1117740 From sle-security-updates at lists.suse.com Fri Dec 28 16:10:17 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 29 Dec 2018 00:10:17 +0100 (CET) Subject: SUSE-SU-2018:4296-1: important: Security update for mailman Message-ID: <20181228231017.DB3EFFD4B@maintenance.suse.de> SUSE Security Update: Security update for mailman ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4296-1 Rating: important References: #1077358 #1099510 #1101288 #925502 #995352 Cross-References: CVE-2015-2775 CVE-2016-6893 CVE-2018-0618 CVE-2018-13796 CVE-2018-5950 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-3062=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-3062=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-3062=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-3062=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-3062=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-3062=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-3062=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-3062=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-3062=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-3062=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): mailman-2.1.17-3.3.3 mailman-debuginfo-2.1.17-3.3.3 mailman-debugsource-2.1.17-3.3.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): mailman-2.1.17-3.3.3 mailman-debuginfo-2.1.17-3.3.3 mailman-debugsource-2.1.17-3.3.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): mailman-2.1.17-3.3.3 mailman-debuginfo-2.1.17-3.3.3 mailman-debugsource-2.1.17-3.3.3 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): mailman-2.1.17-3.3.3 mailman-debuginfo-2.1.17-3.3.3 mailman-debugsource-2.1.17-3.3.3 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): mailman-2.1.17-3.3.3 mailman-debuginfo-2.1.17-3.3.3 mailman-debugsource-2.1.17-3.3.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): mailman-2.1.17-3.3.3 mailman-debuginfo-2.1.17-3.3.3 mailman-debugsource-2.1.17-3.3.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): mailman-2.1.17-3.3.3 mailman-debuginfo-2.1.17-3.3.3 mailman-debugsource-2.1.17-3.3.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): mailman-2.1.17-3.3.3 mailman-debuginfo-2.1.17-3.3.3 mailman-debugsource-2.1.17-3.3.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): mailman-2.1.17-3.3.3 mailman-debuginfo-2.1.17-3.3.3 mailman-debugsource-2.1.17-3.3.3 - SUSE Enterprise Storage 4 (x86_64): mailman-2.1.17-3.3.3 mailman-debuginfo-2.1.17-3.3.3 mailman-debugsource-2.1.17-3.3.3 References: https://www.suse.com/security/cve/CVE-2015-2775.html https://www.suse.com/security/cve/CVE-2016-6893.html https://www.suse.com/security/cve/CVE-2018-0618.html https://www.suse.com/security/cve/CVE-2018-13796.html https://www.suse.com/security/cve/CVE-2018-5950.html https://bugzilla.suse.com/1077358 https://bugzilla.suse.com/1099510 https://bugzilla.suse.com/1101288 https://bugzilla.suse.com/925502 https://bugzilla.suse.com/995352 From sle-security-updates at lists.suse.com Fri Dec 28 16:11:39 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 29 Dec 2018 00:11:39 +0100 (CET) Subject: SUSE-SU-2018:4297-1: important: Security update for containerd, docker and go Message-ID: <20181228231139.66638FD4B@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker and go ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4297-1 Rating: important References: #1047218 #1074971 #1080978 #1081495 #1084533 #1086185 #1094680 #1095817 #1098017 #1102522 #1104821 #1105000 #1108038 #1113313 #1113978 #1114209 #1118897 #1118898 #1118899 #1119634 #1119706 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2018-7187 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 17 fixes is now available. Description: This update for containerd, docker and go fixes the following issues: containerd and docker: - Add backport for building containerd (bsc#1102522, bsc#1113313) - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) - Enable seccomp support on SLE12 (fate#325877) - Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) - Put containerd under the podruntime slice (bsc#1086185) - 3rd party registries used the default Docker certificate (bsc#1084533) - Handle build breakage due to missing 'export GOPATH' (caused by resolution of boo#1119634). I believe Docker is one of the only packages with this problem. go: - golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634) - Fix a regression that broke go get for import path patterns containing "..." (bsc#1119706) Additionally, the package go1.10 has been added. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-3064=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2018-3064=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): containerd-ctr-1.1.2-5.3.4 docker-debuginfo-18.06.1_ce-6.8.2 docker-debugsource-18.06.1_ce-6.8.2 docker-test-18.06.1_ce-6.8.2 docker-test-debuginfo-18.06.1_ce-6.8.2 go-1.10.4-3.6.2 go-doc-1.10.4-3.6.2 go1.10-1.10.7-1.5.3 go1.10-doc-1.10.7-1.5.3 golang-github-docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): containerd-test-1.1.2-5.3.4 docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4 docker-zsh-completion-18.06.1_ce-6.8.2 golang-packaging-15.0.11-3.3.2 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): containerd-1.1.2-5.3.4 docker-18.06.1_ce-6.8.2 docker-debuginfo-18.06.1_ce-6.8.2 docker-debugsource-18.06.1_ce-6.8.2 docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5 docker-libnetwork-debuginfo-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5 docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4 docker-runc-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4 - SUSE Linux Enterprise Module for Containers 15 (noarch): docker-bash-completion-18.06.1_ce-6.8.2 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://www.suse.com/security/cve/CVE-2018-7187.html https://bugzilla.suse.com/1047218 https://bugzilla.suse.com/1074971 https://bugzilla.suse.com/1080978 https://bugzilla.suse.com/1081495 https://bugzilla.suse.com/1084533 https://bugzilla.suse.com/1086185 https://bugzilla.suse.com/1094680 https://bugzilla.suse.com/1095817 https://bugzilla.suse.com/1098017 https://bugzilla.suse.com/1102522 https://bugzilla.suse.com/1104821 https://bugzilla.suse.com/1105000 https://bugzilla.suse.com/1108038 https://bugzilla.suse.com/1113313 https://bugzilla.suse.com/1113978 https://bugzilla.suse.com/1114209 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 https://bugzilla.suse.com/1119634 https://bugzilla.suse.com/1119706 From sle-security-updates at lists.suse.com Fri Dec 28 16:15:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 29 Dec 2018 00:15:29 +0100 (CET) Subject: SUSE-SU-2018:4298-1: moderate: Security update for wireshark Message-ID: <20181228231529.35B3CFD4B@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4298-1 Rating: moderate References: #1117740 Cross-References: CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Update to Wireshark 2.4.11 (bsc#1117740). Security issues fixed: - CVE-2018-19625: The Wireshark dissection engine could crash (wnpa-sec-2018-51) - CVE-2018-19626: The DCOM dissector could crash (wnpa-sec-2018-52) - CVE-2018-19623: The LBMPDM dissector could crash (wnpa-sec-2018-53) - CVE-2018-19622: The MMSE dissector could go into an infinite loop (wnpa-sec-2018-54) - CVE-2018-19627: The IxVeriWave file parser could crash (wnpa-sec-2018-55) - CVE-2018-19624: The PVFS dissector could crash (wnpa-sec-2018-56) Further bug fixes and updated protocol support as listed in: - https://www.wireshark.org/docs/relnotes/wireshark-2.4.11.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-3067=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-3067=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-3067=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-3067=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-3067=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-3067=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.11-48.35.1 wireshark-debugsource-2.4.11-48.35.1 wireshark-devel-2.4.11-48.35.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.11-48.35.1 wireshark-debugsource-2.4.11-48.35.1 wireshark-devel-2.4.11-48.35.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.11-48.35.1 libwireshark9-debuginfo-2.4.11-48.35.1 libwiretap7-2.4.11-48.35.1 libwiretap7-debuginfo-2.4.11-48.35.1 libwscodecs1-2.4.11-48.35.1 libwscodecs1-debuginfo-2.4.11-48.35.1 libwsutil8-2.4.11-48.35.1 libwsutil8-debuginfo-2.4.11-48.35.1 wireshark-2.4.11-48.35.1 wireshark-debuginfo-2.4.11-48.35.1 wireshark-debugsource-2.4.11-48.35.1 wireshark-gtk-2.4.11-48.35.1 wireshark-gtk-debuginfo-2.4.11-48.35.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.11-48.35.1 libwireshark9-debuginfo-2.4.11-48.35.1 libwiretap7-2.4.11-48.35.1 libwiretap7-debuginfo-2.4.11-48.35.1 libwscodecs1-2.4.11-48.35.1 libwscodecs1-debuginfo-2.4.11-48.35.1 libwsutil8-2.4.11-48.35.1 libwsutil8-debuginfo-2.4.11-48.35.1 wireshark-2.4.11-48.35.1 wireshark-debuginfo-2.4.11-48.35.1 wireshark-debugsource-2.4.11-48.35.1 wireshark-gtk-2.4.11-48.35.1 wireshark-gtk-debuginfo-2.4.11-48.35.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libwireshark9-2.4.11-48.35.1 libwireshark9-debuginfo-2.4.11-48.35.1 libwiretap7-2.4.11-48.35.1 libwiretap7-debuginfo-2.4.11-48.35.1 libwscodecs1-2.4.11-48.35.1 libwscodecs1-debuginfo-2.4.11-48.35.1 libwsutil8-2.4.11-48.35.1 libwsutil8-debuginfo-2.4.11-48.35.1 wireshark-2.4.11-48.35.1 wireshark-debuginfo-2.4.11-48.35.1 wireshark-debugsource-2.4.11-48.35.1 wireshark-gtk-2.4.11-48.35.1 wireshark-gtk-debuginfo-2.4.11-48.35.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwireshark9-2.4.11-48.35.1 libwireshark9-debuginfo-2.4.11-48.35.1 libwiretap7-2.4.11-48.35.1 libwiretap7-debuginfo-2.4.11-48.35.1 libwscodecs1-2.4.11-48.35.1 libwscodecs1-debuginfo-2.4.11-48.35.1 libwsutil8-2.4.11-48.35.1 libwsutil8-debuginfo-2.4.11-48.35.1 wireshark-2.4.11-48.35.1 wireshark-debuginfo-2.4.11-48.35.1 wireshark-debugsource-2.4.11-48.35.1 wireshark-gtk-2.4.11-48.35.1 wireshark-gtk-debuginfo-2.4.11-48.35.1 References: https://www.suse.com/security/cve/CVE-2018-19622.html https://www.suse.com/security/cve/CVE-2018-19623.html https://www.suse.com/security/cve/CVE-2018-19624.html https://www.suse.com/security/cve/CVE-2018-19625.html https://www.suse.com/security/cve/CVE-2018-19626.html https://www.suse.com/security/cve/CVE-2018-19627.html https://bugzilla.suse.com/1117740 From sle-security-updates at lists.suse.com Fri Dec 28 16:17:00 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 29 Dec 2018 00:17:00 +0100 (CET) Subject: SUSE-SU-2018:4300-1: important: Security update for xen Message-ID: <20181228231700.306AFFD4B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4300-1 Rating: important References: #1027519 #1078292 #1091107 #1094508 #1103275 #1103276 #1103279 #1105528 #1108940 #1114405 #1115040 #1115045 #1115047 Cross-References: CVE-2018-15468 CVE-2018-15469 CVE-2018-15470 CVE-2018-18883 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 CVE-2018-3646 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has four fixes is now available. Description: This update for xen fixes the following issues: Update to Xen 4.10.2 bug fix release (bsc#1027519). Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047) - CVE-2018-18883: Fixed an issue related to inproper restriction of nested VT-x, which allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-278) (bsc#1114405) - CVE-2018-15468: Fixed incorrect MSR_DEBUGCTL handling, which allowed guests to enable Branch Trace Store and may cause a Denial of Service (DoS) of the entire host. (XSA-269) (bsc#1103276) - CVE-2018-15469: Fixed use of v2 grant tables on ARM, which were not properly implemented and may cause a Denial of Service (DoS). (XSA-268) (bsc#1103275) - CVE-2018-15470: Fixed an issue in the logic in oxenstored for handling writes, which allowed a guest to write memory unbounded leading to system-wide Denial of Service (DoS). (XSA-272) (bsc#1103279) - CVE-2018-3646: Mitigations for VMM aspects of L1 Terminal Fault (XSA-273) (bsc#1091107) Other bugs fixed: - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528) - Fixed a kernel oops related to fs/dcache.c called by d_materialise_unique() (bsc#1094508) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-3063=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-3063=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): xen-4.10.2_04-3.9.1 xen-debugsource-4.10.2_04-3.9.1 xen-devel-4.10.2_04-3.9.1 xen-tools-4.10.2_04-3.9.1 xen-tools-debuginfo-4.10.2_04-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): xen-debugsource-4.10.2_04-3.9.1 xen-libs-4.10.2_04-3.9.1 xen-libs-debuginfo-4.10.2_04-3.9.1 xen-tools-domU-4.10.2_04-3.9.1 xen-tools-domU-debuginfo-4.10.2_04-3.9.1 References: https://www.suse.com/security/cve/CVE-2018-15468.html https://www.suse.com/security/cve/CVE-2018-15469.html https://www.suse.com/security/cve/CVE-2018-15470.html https://www.suse.com/security/cve/CVE-2018-18883.html https://www.suse.com/security/cve/CVE-2018-19961.html https://www.suse.com/security/cve/CVE-2018-19962.html https://www.suse.com/security/cve/CVE-2018-19965.html https://www.suse.com/security/cve/CVE-2018-19966.html https://www.suse.com/security/cve/CVE-2018-3646.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1078292 https://bugzilla.suse.com/1091107 https://bugzilla.suse.com/1094508 https://bugzilla.suse.com/1103275 https://bugzilla.suse.com/1103276 https://bugzilla.suse.com/1103279 https://bugzilla.suse.com/1105528 https://bugzilla.suse.com/1108940 https://bugzilla.suse.com/1114405 https://bugzilla.suse.com/1115040 https://bugzilla.suse.com/1115045 https://bugzilla.suse.com/1115047