SUSE-SU-2019:2071-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Aug 6 23:39:25 MDT 2019


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:2071-1
Rating:             important
References:         #1051510 #1055117 #1071995 #1083647 #1083710 
                    #1102247 #1119222 #1123080 #1127034 #1127315 
                    #1129770 #1130972 #1133021 #1134097 #1134390 
                    #1134399 #1135335 #1135642 #1137458 #1137534 
                    #1137535 #1137584 #1137609 #1137827 #1139358 
                    #1140133 #1140322 #1140652 #1140903 #1140945 
                    #1141401 #1141402 #1141452 #1141453 #1141454 
                    #1141478 #1142023 #1142112 #1142220 #1142221 
                    #1142254 #1142350 #1142351 #1142354 #1142359 
                    #1142450 #1142701 #1142868 #1143003 #1143045 
                    #1143105 #1143185 #1143189 #1143191 #1143507 
                    
Cross-References:   CVE-2018-20855 CVE-2019-1125 CVE-2019-11810
                    CVE-2019-13631 CVE-2019-13648 CVE-2019-14283
                    CVE-2019-14284
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15
                    SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
                    SUSE Linux Enterprise Module for Live Patching 15
                    SUSE Linux Enterprise Module for Legacy Software 15
                    SUSE Linux Enterprise Module for Development Tools 15
                    SUSE Linux Enterprise Module for Basesystem 15
                    SUSE Linux Enterprise High Availability 15
______________________________________________________________________________

   An update that solves 7 vulnerabilities and has 48 fixes is
   now available.

Description:


   The SUSE Linux Enterprise 15 kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2018-20855: An issue was discovered in the Linux kernel In
     create_qp_common in drivers/infiniband/hw/mlx5/qp.c,
     mlx5_ib_create_qp_resp was never initialized, resulting in a leak of
     stack memory to userspace(bsc#1143045).
   - CVE-2019-1125: Exclude ATOMs from speculation through  SWAPGS
     (bsc#1139358).
   - CVE-2019-14283: In the Linux kernel, set_geometry in
     drivers/block/floppy.c did not validate the sect and head fields, as
     demonstrated by an integer overflow and out-of-bounds read. It could be
     triggered by an unprivileged local user when a floppy disk was inserted.
     NOTE: QEMU creates the floppy device by default. (bnc#1143191)
   - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL
     pointer dereference could occur when megasas_create_frame_pool() failed
     in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.
     This caused a Denial of Service, related to a use-after-free
     (bnc#1134399).
   - CVE-2019-13648: In the Linux kernel on the powerpc platform, when
     hardware transactional memory was disabled, a local user could cause a
     denial of service (TM Bad Thing exception and system crash) via a
     sigreturn() system call that sent a crafted signal frame. (bnc#1142254)
   - CVE-2019-13631: In parse_hid_report_descriptor in
     drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device
     could send an HID report that triggered an out-of-bounds write during
     generation of debugging messages. (bnc#1142023)

   The following non-security bugs were fixed:
   -  Correct the CVE and bug reference for a floppy security fix
      (CVE-2019-14284,bsc#1143189)  A dedicated CVE was already assigned
   - acpi/nfit: Always dump _DSM output payload (bsc#1142351).
   - Add back sibling paca poiter to paca (bsc#1055117).
   - Add support for crct10dif-vpmsum ().
   - af_unix: remove redundant lockdep class (git-fixes). alsa: compress: Be
     more restrictive about when a drain is allowed (bsc#1051510).
   - alsa: compress: Do not allow paritial drain operations on capture
     streams (bsc#1051510).
   - alsa: compress: Fix regression on compressed capture streams
     (bsc#1051510).
   - alsa: compress: Prevent bypasses of set_params (bsc#1051510).
   - alsa: hda - Add a conexant codec entry to let mute led work
     (bsc#1051510).
   - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine
     (bsc#1051510).
   - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform
     (bsc#1051510).
   - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510).
   - alsa: line6: Fix a typo (bsc#1051510).
   - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510).
   - alsa: seq: Break too long mutex context in the write loop (bsc#1051510).
   - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510).
   - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510).
   - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510).
   - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8
     (bsc#1051510).
   - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510).
   - asoc : cs4265 : readable register too low (bsc#1051510).
   - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510).
   - asoc: soc-pcm: BE dai needs prepare when pause release after resume
     (bsc#1051510).
   - ath6kl: add some bounds checking (bsc#1051510).
   - batman-adv: fix for leaked TVLV handler (bsc#1051510).
   - bcache: acquire bch_register_lock later in cached_dev_detach_finish()
     (bsc#1140652).
   - bcache: acquire bch_register_lock later in cached_dev_free()
     (bsc#1140652).
   - bcache: add code comments for journal_read_bucket() (bsc#1140652).
   - bcache: Add comments for blkdev_put() in registration code path
     (bsc#1140652).
   - bcache: add comments for closure_fn to be called in closure_queue()
     (bsc#1140652).
   - bcache: add comments for kobj release callback routine (bsc#1140652).
   - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652).
   - bcache: add error check for calling register_bdev() (bsc#1140652).
   - bcache: add failure check to run_cache_set() for journal replay
     (bsc#1140652).
   - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652).
   - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652).
   - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652).
   - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652).
   - bcache: add return value check to bch_cached_dev_run() (bsc#1140652).
   - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652).
   - bcache: avoid clang -Wunintialized warning (bsc#1140652).
   - bcache: avoid flushing btree node in cache_set_flush() if io disabled
     (bsc#1140652).
   - bcache: avoid potential memleak of list of journal_replay(s) in the
     CACHE_SYNC branch of run_cache_set (bsc#1140652).
   - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652).
   - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652).
   - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
     (bsc#1140652).
   - bcache: Clean up bch_get_congested() (bsc#1140652).
   - bcache: destroy dc->writeback_write_wq if failed to create
     dc->writeback_thread (bsc#1140652).
   - bcache: do not assign in if condition in bcache_device_init()
     (bsc#1140652).
   - bcache: do not set max writeback rate if gc is running (bsc#1140652).
   - bcache: fix a race between cache register and cacheset unregister
     (bsc#1140652).
   - bcache: fix crashes stopping bcache device before read miss done
     (bsc#1140652).
   - bcache: fix failure in journal relplay (bsc#1140652).
   - bcache: fix inaccurate result of unused buckets (bsc#1140652).
   - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652).
   - bcache: fix potential deadlock in cached_def_free() (bsc#1140652).
   - bcache: fix race in btree_flush_write() (bsc#1140652).
   - bcache: fix return value error in bch_journal_read() (bsc#1140652).
   - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652).
   - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce
     branch of btree_gc_coalesce (bsc#1140652).
   - bcache: ignore read-ahead request failure on backing device
     (bsc#1140652).
   - bcache: improve bcache_reboot() (bsc#1140652).
   - bcache: improve error message in bch_cached_dev_run() (bsc#1140652).
   - bcache: make bset_search_tree() be more understandable (bsc#1140652).
   - bcache: make is_discard_enabled() static (bsc#1140652).
   - bcache: more detailed error message to bcache_device_link()
     (bsc#1140652).
   - bcache: move definition of 'int ret' out of macro read_bucket()
     (bsc#1140652).
   - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
     (bsc#1140652).
   - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652).
   - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached
     (bsc#1140652).
   - bcache: performance improvement for btree_flush_write() (bsc#1140652).
   - bcache: remove redundant LIST_HEAD(journal) from run_cache_set()
     (bsc#1140652).
   - bcache: remove retry_flush_write from struct cache_set (bsc#1140652).
   - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652).
   - bcache: remove unnecessary prefetch() in bset_search_tree()
     (bsc#1140652).
   - bcache: remove "XXX:" comment line from run_cache_set() (bsc#1140652).
   - bcache: return error immediately in bch_journal_replay() (bsc#1140652).
   - bcache: Revert "bcache: fix high CPU occupancy during journal"
     (bsc#1140652).
   - bcache: Revert "bcache: free heap cache_set->flush_btree in
     bch_journal_free" (bsc#1140652).
   - bcache: set largest seq to ja->seq[bucket_index] in
     journal_read_bucket() (bsc#1140652).
   - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652).
   - bcache: stop writeback kthread and kworker when bch_cached_dev_run()
     failed (bsc#1140652).
   - bcache: use sysfs_match_string() instead of __sysfs_match_string()
     (bsc#1140652).
   - be2net: Fix number of Rx queues used for flow hashing
     (networking-stable-19_06_18).
   - be2net: Signal that the device cannot transmit during reconfiguration
     (bsc#1127315).
   - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315).
   - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359).
   - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868).
   - bnxt_en: Fix aggregation buffer leak under OOM condition
     (networking-stable-19_05_31).
   - bonding: fix arp_validate toggling in active-backup mode
     (networking-stable-19_05_14).
   - bonding: Force slave speed check after link state recovery for 802.3ad
     (bsc#1137584).
   - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647).
   - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf
     (bsc#1083647).
   - bridge: Fix error path for kobject_init_and_add()
     (networking-stable-19_05_14).
   - btrfs: fix race between block group removal and block group allocation
     (bsc#1143003).
   - cgroup: Use css_tryget() instead of css_tryget_online() in
     task_get_css() (bsc#1141478).
   - clk: qcom: Fix -Wunused-const-variable (bsc#1051510).
   - clk: rockchip: Do not yell about bad mmc phases when getting
     (bsc#1051510).
   - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510).
   - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies
     (bsc#1051510).
   - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510).
   - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency
     (bsc#1051510).
   - cpufreq: check if policy is inactive early in __cpufreq_get()
     (bsc#1051510).
   - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510).
   - cpufreq/pasemi: fix possible object reference leak (bsc#1051510).
   - cpufreq: pmac32: fix possible object reference leak (bsc#1051510).
   - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510).
   - cpufreq: Use struct kobj_attribute instead of struct global_attr
     (bsc#1051510).
   - crypto: arm64/sha1-ce - correct digest for empty data in finup
     (bsc#1051510).
   - crypto: arm64/sha2-ce - correct digest for empty data in finup
     (bsc#1051510).
   - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510).
   - crypto: ccp - fix AES CFB error exposed by new test vectors
     (bsc#1051510).
   - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510).
   - crypto: ccp/gcm - use const time tag comparison (bsc#1051510).
   - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510).
   - crypto: ccp - Validate the the error value used to index error messages
     (bsc#1051510).
   - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
     (bsc#1051510).
   - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
     (bsc#1051510).
   - crypto: ghash - fix unaligned memory access in ghash_setkey()
     (bsc#1051510).
   - crypto: talitos - Align SEC1 accesses to 32 bits boundaries
     (bsc#1051510).
   - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510).
   - crypto: talitos - fix CTR alg blocksize (bsc#1051510).
   - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510).
   - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking
     (bsc#1051510).
   - crypto: talitos - properly handle split ICV (bsc#1051510).
   - crypto: talitos - reduce max key size for SEC1 (bsc#1051510).
   - crypto: talitos - rename alternative AEAD algos (bsc#1051510).
   - dasd_fba: Display '00000000' for zero page when dumping sense
     (bsc#1123080).
   - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" (bsc#1051510).
   - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14).
   - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510).
   - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510).
   - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510).
   - drm/rockchip: Properly adjust to a true clock in adjusted_mode
     (bsc#1051510).
   - e1000e: start network tx queue only when link is up (bsc#1051510).
   - ethtool: check the return value of get_regs_len (git-fixes).
   - ethtool: fix potential userspace buffer overflow
     (networking-stable-19_06_09).
   - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510).
   - Fix memory leak in sctp_process_init (networking-stable-19_06_09).
   - fork, memcg: fix cached_stacks case (bsc#1134097).
   - fork, memcg: fix crash in free_thread_stack on memcg charge fail
     (bsc#1134097).
   - hid: wacom: correct touch resolution x/y typo (bsc#1051510).
   - hid: wacom: generic: Correct pad syncing (bsc#1051510).
   - hid: wacom: generic: only switch the mode on devices with LEDs
     (bsc#1051510).
   - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report
     (bsc#1051510).
   - input: elantech - enable middle button support on 2 ThinkPads
     (bsc#1051510).
   - input: imx_keypad - make sure keyboard can always wake up system
     (bsc#1051510).
   - input: psmouse - fix build error of multiple definition (bsc#1051510).
   - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510).
   - input: tm2-touchkey - acknowledge that setting brightness is a blocking
     call (bsc#1129770).
   - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510).
   - ipv4: Fix raw socket lookup for local traffic
     (networking-stable-19_05_14).
   - ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
     (networking-stable-19_05_31).
   - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
     (networking-stable-19_05_31).
   - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while
     loop (git-fixes).
   - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
     (networking-stable-19_05_31).
   - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl
     (networking-stable-19_06_09).
   - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
     (networking-stable-19_06_18).
   - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
     (networking-stable-19_06_09).
   - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled
     (bsc#1071995).
   - kernel: jump label transformation performance (bsc#1137534
     bsc#1137535 			LTC#178058 LTC#178059).
   - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots
     (bsc#1133021).
   - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest
     memory (bsc#1133021).
   - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335).
   - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch
     (bsc#1135335).
   - kvm: polling: add architecture backend to disable polling (bsc#1119222).
   - kvm: s390: change default halt poll time to 50us (bsc#1119222).
   - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to
     enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222
   - kvm: s390: fix typo in parameter description (bsc#1119222).
   - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to
     kvm_vcpu_stat. Hide it from the kABI checker.
   - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222).
   - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222).
   - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133).
   - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354).
   - lapb: fixed leak of control-blocks (networking-stable-19_06_18).
   - lib: fix stall in __bitmap_parselist() (bsc#1051510).
   - libnvdimm/namespace: Fix label tracking error (bsc#1142350).
   - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster
     (bsc#1143507).
   - lib/scatterlist: Fix mapping iterator when sg->offset is greater than
     PAGE_SIZE (bsc#1051510).
   - livepatch: Remove duplicate warning about missing reliable stacktrace
     support (bsc#1071995).
   - livepatch: Use static buffer for debugging messages under rq lock
     (bsc#1071995).
   - llc: fix skb leak in llc_build_and_send_ui_pkt()
     (networking-stable-19_05_31).
   - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642).
   - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510).
   - media: s5p-mfc: Make additional clocks optional (bsc#1051510).
   - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
     (bsc#1051510).
   - media: vivid: fix incorrect assignment operation when setting video mode
     (bsc#1051510).
   - mei: bus: need to unlink client before freeing (bsc#1051510).
   - mei: me: add denverton innovation engine device IDs (bsc#1051510).
   - mei: me: add gemini lake devices id (bsc#1051510).
   - memory: tegra: Fix integer overflow on tick value calculation
     (bsc#1051510).
   - memstick: Fix error cleanup path of memstick_init (bsc#1051510).
   - mfd: intel-lpss: Release IDA resources (bsc#1051510).
   - mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL
     (bsc#1051510).
   - mm: migrate: Fix reference check race between __find_get_block() and
     migration (bnc#1137609).
   - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address
     (bsc#1140322 LTC#176270).
   - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034).
   - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270).
   - neigh: fix use-after-free read in pneigh_get_next
     (networking-stable-19_06_18).
   - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112
     bsc#1142221 LTC#179334 LTC#179332).
   - net: avoid weird emergency message (networking-stable-19_05_21).
   - net: fec: fix the clk mismatch in failed_reset path
     (networking-stable-19_05_31).
   - netfilter: conntrack: fix calculation of next bucket number in
     early_drop (git-fixes).
   - net-gro: fix use-after-free read in napi_gro_frags()
     (networking-stable-19_05_31).
   - net/mlx4_core: Change the error print to info print
     (networking-stable-19_05_21).
   - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
     (networking-stable-19_06_09).
   - net/mlx5: Allocate root ns memory using kzalloc to match kfree
     (networking-stable-19_05_31).
   - net/mlx5: Avoid double free in fs init error unwinding path
     (networking-stable-19_05_31).
   - net: mvneta: Fix err code path of probe (networking-stable-19_05_31).
   - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
     (networking-stable-19_05_31).
   - net: openvswitch: do not free vport if register_netdevice() is failed
     (networking-stable-19_06_18).
   - net/packet: fix memory leak in packet_set_ring() (git-fixes).
   - net: rds: fix memory leak in rds_ib_flush_mr_pool
     (networking-stable-19_06_09).
   - net: seeq: fix crash caused by not set dev.parent
     (networking-stable-19_05_14).
   - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31).
   - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions
     (networking-stable-19_05_21).
   - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185).
   - ocfs2: add first lock wait time in locking_state (bsc#1134390).
   - ocfs2: add last unlock times in locking_state (bsc#1134390).
   - ocfs2: add locking filter debugfs file (bsc#1134390).
   - packet: Fix error path in packet_init (networking-stable-19_05_14).
   - packet: in recvmsg msg_name return at least sizeof sockaddr_ll
     (git-fixes).
   - pci: Always allow probing with driver_override (bsc#1051510).
   - pci: hv: Add hv_pci_remove_slots() when we unload the driver
     (bsc#1142701).
   - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if
     necessary (bsc#1142701).
   - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701).
   - pci: hv: Fix a use-after-free bug in hv_eject_device_work()
     (bsc#1142701).
   - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701).
   - pci: hv: Remove unused reason for refcount handler (bsc#1142701).
   - pci: hv: support reporting serial number as slot information
     (bsc#1142701).
   - pci: Return error if cannot probe VF (bsc#1051510).
   - pkey: Indicate old mkvp only if old and current mkvp are different
     (bsc#1137827 LTC#178090).
   - pktgen: do not sleep with the thread lock held (git-fixes).
   - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ
     (bsc#1051510).
   - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys
     from asus_nb_wmi (bsc#1051510).
   - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms
     (jsc#SLE-5439).
   - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to
     critclk_systems DMI table (bsc#1051510).
   - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753,
     git-fixes).
   - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test ().
   - powerpc/mm: Change function prototype (bsc#1055117).
   - powerpc/mm: Consolidate numa_enable check and min_common_depth check
     (bsc#1140322 LTC#176270).
   - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0
     (bsc#1140322 LTC#176270).
   - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270).
   - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call
     __ptep_set_access_flags directly (bsc#1055117).
   - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang
     (bsc#1055117).
   - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c
     (bsc#1055117).
   - powerpc/watchpoint: Restore NV GPRs while returning from exception
     (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454
     LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195).
   - ppp: deflate: Fix possible crash in deflate_init
     (networking-stable-19_05_21).
   - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes).
   - Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()"
     (bsc#1140652).
   - Revert "e1000e: fix cyclic resets at link up with active tx"
     (bsc#1051510).
   - Revert "livepatch: Remove reliable stacktrace check in
     klp_try_switch_task()" (bsc#1071995).
   - Revert "serial: 8250: Do not service RX FIFO if interrupts are disabled"
     (bsc#1051510).
   - rtnetlink: always put IFLA_LINK for links with a link-netnsid
     (networking-stable-19_05_21).
   - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335).
   - s390/vtime: steal time exponential moving average (bsc#1119222).
   - scripts/git_sort/git_sort.py: Add mmots tree.
   - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458
     LTC#178093).
   - sctp: Free cookie before we memdup a new one
     (networking-stable-19_06_18).
   - sctp: silence warns on sctp_stream_init allocations (bsc#1083710).
   - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510).
   - serial: uartps: Fix long line over 80 chars (bsc#1051510).
   - serial: uartps: Fix multiple line dereference (bsc#1051510).
   - serial: uartps: Remove useless return from cdns_uart_poll_put_char
     (bsc#1051510).
   - staging: comedi: amplc_pci230: fix null pointer deref on interrupt
     (bsc#1051510).
   - staging: comedi: dt282x: fix a null pointer deref on interrupt
     (bsc#1051510).
   - staging: rtl8712: reduce stack usage, again (bsc#1051510).
   - sunhv: Fix device naming inconsistency between sunhv_console and
     sunhv_reg (networking-stable-19_06_18).
   - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes).
   - team: Always enable vlan tx offload (bsc#1051510).
   - tty: rocket: fix incorrect forward declaration of 'rp_init()'
     (bsc#1051510).
   - tty: serial_core: Set port active bit in uart_port_activate
     (bsc#1051510).
   - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510).
   - tuntap: synchronize through tfiles array instead of tun->numqueues
     (networking-stable-19_05_14).
   - usb: gadget: ether: Fix race between gether_disconnect and rx_submit
     (bsc#1051510).
   - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
     (bsc#1051510).
   - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
     (bsc#1051510).
   - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510).
   - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510).
   - usb: serial: option: add support for GosunCn ME3630 RNDIS mode
     (bsc#1051510).
   - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510).
   - vsock/virtio: free packets during the socket release
     (networking-stable-19_05_21).
   - vsock/virtio: set SOCK_DONE on peer shutdown
     (networking-stable-19_06_18).
   - wil6210: fix potential out-of-bounds read (bsc#1051510).
   - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality,
     bsc#1140903).
   - xen: let alloc_xenballooned_pages() fail if not enough memory free
     (bsc#1142450 XSA-300).
   - xfs: do not overflow xattr listent buffer (bsc#1143105).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 15:

      zypper in -t patch SUSE-SLE-Product-WE-15-2019-2071=1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2071=1

   - SUSE Linux Enterprise Module for Live Patching 15:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-2071=1

   - SUSE Linux Enterprise Module for Legacy Software 15:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-2071=1

   - SUSE Linux Enterprise Module for Development Tools 15:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2071=1

   - SUSE Linux Enterprise Module for Basesystem 15:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2071=1

   - SUSE Linux Enterprise High Availability 15:

      zypper in -t patch SUSE-SLE-Product-HA-15-2019-2071=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 15 (x86_64):

      kernel-default-debuginfo-4.12.14-150.32.1
      kernel-default-debugsource-4.12.14-150.32.1
      kernel-default-extra-4.12.14-150.32.1
      kernel-default-extra-debuginfo-4.12.14-150.32.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64):

      kernel-default-base-4.12.14-150.32.1
      kernel-default-base-debuginfo-4.12.14-150.32.1
      kernel-default-debuginfo-4.12.14-150.32.1
      kernel-default-debugsource-4.12.14-150.32.1
      kernel-obs-qa-4.12.14-150.32.1
      kselftests-kmp-default-4.12.14-150.32.1
      kselftests-kmp-default-debuginfo-4.12.14-150.32.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch):

      kernel-docs-html-4.12.14-150.32.1

   - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):

      kernel-default-debuginfo-4.12.14-150.32.1
      kernel-default-debugsource-4.12.14-150.32.1
      kernel-default-livepatch-4.12.14-150.32.1
      kernel-livepatch-4_12_14-150_32-default-1-1.5.1
      kernel-livepatch-4_12_14-150_32-default-debuginfo-1-1.5.1

   - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-150.32.1
      kernel-default-debugsource-4.12.14-150.32.1
      reiserfs-kmp-default-4.12.14-150.32.1
      reiserfs-kmp-default-debuginfo-4.12.14-150.32.1

   - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-150.32.1
      kernel-obs-build-debugsource-4.12.14-150.32.1
      kernel-syms-4.12.14-150.32.1
      kernel-vanilla-base-4.12.14-150.32.1
      kernel-vanilla-base-debuginfo-4.12.14-150.32.1
      kernel-vanilla-debuginfo-4.12.14-150.32.1
      kernel-vanilla-debugsource-4.12.14-150.32.1

   - SUSE Linux Enterprise Module for Development Tools 15 (noarch):

      kernel-docs-4.12.14-150.32.1
      kernel-source-4.12.14-150.32.1

   - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-150.32.1
      kernel-default-base-4.12.14-150.32.1
      kernel-default-debuginfo-4.12.14-150.32.1
      kernel-default-debugsource-4.12.14-150.32.1
      kernel-default-devel-4.12.14-150.32.1
      kernel-default-devel-debuginfo-4.12.14-150.32.1

   - SUSE Linux Enterprise Module for Basesystem 15 (noarch):

      kernel-devel-4.12.14-150.32.1
      kernel-macros-4.12.14-150.32.1

   - SUSE Linux Enterprise Module for Basesystem 15 (s390x):

      kernel-default-man-4.12.14-150.32.1
      kernel-zfcpdump-4.12.14-150.32.1
      kernel-zfcpdump-debuginfo-4.12.14-150.32.1
      kernel-zfcpdump-debugsource-4.12.14-150.32.1

   - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-150.32.1
      cluster-md-kmp-default-debuginfo-4.12.14-150.32.1
      dlm-kmp-default-4.12.14-150.32.1
      dlm-kmp-default-debuginfo-4.12.14-150.32.1
      gfs2-kmp-default-4.12.14-150.32.1
      gfs2-kmp-default-debuginfo-4.12.14-150.32.1
      kernel-default-debuginfo-4.12.14-150.32.1
      kernel-default-debugsource-4.12.14-150.32.1
      ocfs2-kmp-default-4.12.14-150.32.1
      ocfs2-kmp-default-debuginfo-4.12.14-150.32.1


References:

   https://www.suse.com/security/cve/CVE-2018-20855.html
   https://www.suse.com/security/cve/CVE-2019-1125.html
   https://www.suse.com/security/cve/CVE-2019-11810.html
   https://www.suse.com/security/cve/CVE-2019-13631.html
   https://www.suse.com/security/cve/CVE-2019-13648.html
   https://www.suse.com/security/cve/CVE-2019-14283.html
   https://www.suse.com/security/cve/CVE-2019-14284.html
   https://bugzilla.suse.com/1051510
   https://bugzilla.suse.com/1055117
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1083647
   https://bugzilla.suse.com/1083710
   https://bugzilla.suse.com/1102247
   https://bugzilla.suse.com/1119222
   https://bugzilla.suse.com/1123080
   https://bugzilla.suse.com/1127034
   https://bugzilla.suse.com/1127315
   https://bugzilla.suse.com/1129770
   https://bugzilla.suse.com/1130972
   https://bugzilla.suse.com/1133021
   https://bugzilla.suse.com/1134097
   https://bugzilla.suse.com/1134390
   https://bugzilla.suse.com/1134399
   https://bugzilla.suse.com/1135335
   https://bugzilla.suse.com/1135642
   https://bugzilla.suse.com/1137458
   https://bugzilla.suse.com/1137534
   https://bugzilla.suse.com/1137535
   https://bugzilla.suse.com/1137584
   https://bugzilla.suse.com/1137609
   https://bugzilla.suse.com/1137827
   https://bugzilla.suse.com/1139358
   https://bugzilla.suse.com/1140133
   https://bugzilla.suse.com/1140322
   https://bugzilla.suse.com/1140652
   https://bugzilla.suse.com/1140903
   https://bugzilla.suse.com/1140945
   https://bugzilla.suse.com/1141401
   https://bugzilla.suse.com/1141402
   https://bugzilla.suse.com/1141452
   https://bugzilla.suse.com/1141453
   https://bugzilla.suse.com/1141454
   https://bugzilla.suse.com/1141478
   https://bugzilla.suse.com/1142023
   https://bugzilla.suse.com/1142112
   https://bugzilla.suse.com/1142220
   https://bugzilla.suse.com/1142221
   https://bugzilla.suse.com/1142254
   https://bugzilla.suse.com/1142350
   https://bugzilla.suse.com/1142351
   https://bugzilla.suse.com/1142354
   https://bugzilla.suse.com/1142359
   https://bugzilla.suse.com/1142450
   https://bugzilla.suse.com/1142701
   https://bugzilla.suse.com/1142868
   https://bugzilla.suse.com/1143003
   https://bugzilla.suse.com/1143045
   https://bugzilla.suse.com/1143105
   https://bugzilla.suse.com/1143185
   https://bugzilla.suse.com/1143189
   https://bugzilla.suse.com/1143191
   https://bugzilla.suse.com/1143507



More information about the sle-security-updates mailing list