From sle-security-updates at lists.suse.com Fri Feb 1 13:09:00 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 1 Feb 2019 21:09:00 +0100 (CET) Subject: SUSE-SU-2019:0223-1: important: Security update for python Message-ID: <20190201200900.67091F7BB@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0223-1 Rating: important References: #1122191 #984751 #985177 #985348 #989523 Cross-References: CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2019-5010 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-223=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libpython2_7-1_0-2.7.9-16.7.2 libpython2_7-1_0-debuginfo-2.7.9-16.7.2 python-2.7.9-16.7.1 python-base-2.7.9-16.7.2 python-base-debuginfo-2.7.9-16.7.2 python-base-debugsource-2.7.9-16.7.2 python-curses-2.7.9-16.7.1 python-curses-debuginfo-2.7.9-16.7.1 python-debuginfo-2.7.9-16.7.1 python-debugsource-2.7.9-16.7.1 python-demo-2.7.9-16.7.1 python-gdbm-2.7.9-16.7.1 python-gdbm-debuginfo-2.7.9-16.7.1 python-idle-2.7.9-16.7.1 python-tk-2.7.9-16.7.1 python-tk-debuginfo-2.7.9-16.7.1 python-xml-2.7.9-16.7.2 python-xml-debuginfo-2.7.9-16.7.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.9-16.7.2 libpython2_7-1_0-debuginfo-32bit-2.7.9-16.7.2 python-32bit-2.7.9-16.7.1 python-base-32bit-2.7.9-16.7.2 python-base-debuginfo-32bit-2.7.9-16.7.2 python-debuginfo-32bit-2.7.9-16.7.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): python-doc-2.7.9-16.7.2 python-doc-pdf-2.7.9-16.7.2 References: https://www.suse.com/security/cve/CVE-2016-0772.html https://www.suse.com/security/cve/CVE-2016-1000110.html https://www.suse.com/security/cve/CVE-2016-5636.html https://www.suse.com/security/cve/CVE-2016-5699.html https://www.suse.com/security/cve/CVE-2019-5010.html https://bugzilla.suse.com/1122191 https://bugzilla.suse.com/984751 https://bugzilla.suse.com/985177 https://bugzilla.suse.com/985348 https://bugzilla.suse.com/989523 From sle-security-updates at lists.suse.com Fri Feb 1 13:10:35 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 1 Feb 2019 21:10:35 +0100 (CET) Subject: SUSE-SU-2019:0221-1: important: Security update for java-11-openjdk Message-ID: <20190201201035.BF8E5F7BB@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0221-1 Rating: important References: #1120431 #1122293 #1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for java-11-openjdk to version 11.0.2+7 fixes the following issues: Security issues fixed: - CVE-2019-2422: Better FileChannel transfer performance (bsc#1122293) - CVE-2019-2426: Improve web server connections - CVE-2018-11212: Improve JPEG processing (bsc#1122299) - Better route routing - Better interface enumeration - Better interface lists - Improve BigDecimal support - Improve robot support - Better icon support - Choose printer defaults - Proper allocation handling - Initial class initialization - More reliable p11 transactions - Improve NIO stability - Better loading of classloader classes - Strengthen Windows Access Bridge Support - Improved data set handling - Improved LSA authentication - Libsunmscapi improved interactions Non-security issues fix: - Do not resolve by default the added JavaEE modules (bsc#1120431) - ~2.5% regression on compression benchmark starting with 12-b11 - java.net.http.HttpClient hangs on 204 reply without Content-length 0 - Add additional TeliaSonera root certificate - Add more ld preloading related info to hs_error file on Linux - Add test to exercise server-side client hello processing - AES encrypt performance regression in jdk11b11 - AIX: ProcessBuilder: Piping between created processes does not work. - AIX: Some class library files are missing the Classpath exception - AppCDS crashes for some uses with JRuby - Automate vtable/itable stub size calculation - BarrierSetC1::generate_referent_check() confuses register allocator - Better HTTP Redirection - Catastrophic size_t underflow in BitMap::*_large methods - Clip.isRunning() may return true after Clip.stop() was called - Compiler thread creation should be bounded by available space in memory and Code Cache - com.sun.net.httpserver.HttpServer returns Content-length header for 204 response code - Default mask register for avx512 instructions - Delayed starting of debugging via jcmd - Disable all DES cipher suites - Disable anon and NULL cipher suites - Disable unsupported GCs for Zero - Epsilon alignment adjustments can overflow max TLAB size - Epsilon elastic TLAB sizing may cause misalignment - HotSpot update for vm_version.cpp to recognise updated VS2017 - HttpClient does not retrieve files with large sizes over HTTP/1.1 - IIOException "tEXt chunk length is not proper" on opening png file - Improve TLS connection stability again - InitialDirContext ctor sometimes throws NPE if the server has sent a disconnection - Inspect stack during error reporting - Instead of circle rendered in appl window, but ellipse is produced JEditor Pane - Introduce diagnostic flag to abort VM on failed JIT compilation - Invalid assert(HeapBaseMinAddress > 0) in ReservedHeapSpace::initialize_compressed_heap - jar has issues with UNC-path arguments for the jar -C parameter [windows] - java.net.http HTTP client should allow specifying Origin and Referer headers - java.nio.file.Files.writeString writes garbled UTF-16 instead of UTF-8 - JDK 11.0.1 l10n resource file update - JDWP Transport Listener: dt_socket thread crash - JVMTI ResourceExhausted should not be posted in CompilerThread - LDAPS communication failure with jdk 1.8.0_181 - linux: Poor StrictMath performance due to non-optimized compilation - Missing synchronization when reading counters for live threads and peak thread count - NPE in SupportedGroupsExtension - OpenDataException thrown when constructing CompositeData for StackTraceElement - Parent class loader may not have a referred ClassLoaderData instance when obtained in Klass::class_in_module_of_loader - Populate handlers while holding streamHandlerLock - ppc64: Enable POWER9 CPU detection - print_location is not reliable enough (printing register info) - Reconsider default option for ClassPathURLCheck change done in JDK-8195874 - Register to register spill may use AVX 512 move instruction on unsupported platform. - s390: Use of shift operators not covered by cpp standard - serviceability/sa/TestUniverse.java#id0 intermittently fails with assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded - SIGBUS in CodeHeapState::print_names() - SIGSEGV in MethodArityHistogram() with -XX:+CountCompiledCalls - Soft reference reclamation race in com.sun.xml.internal.stream.util.ThreadLocalBufferAllocator - Swing apps are slow if displaying from a remote source to many local displays - switch jtreg to 4.2b13 - Test library OSInfo.getSolarisVersion cannot determine Solaris version - TestOptionsWithRanges.java is very slow - TestOptionsWithRanges.java of '-XX:TLABSize=2147483648' fails intermittently - The Japanese message of FileNotFoundException garbled - The "supported_groups" extension in ServerHellos - ThreadInfoCompositeData.toCompositeData fails to map ThreadInfo to CompositeData - TimeZone.getDisplayName given Locale.US doesn't always honor the Locale. - TLS 1.2 Support algorithm in SunPKCS11 provider - TLS 1.3 handshake server name indication is missing on a session resume - TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and psk_key_exchange_modes - TLS 1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth - tz: Upgrade time-zone data to tzdata2018g - Undefined behaviour in ADLC - Update avx512 implementation - URLStreamHandler initialization race - UseCompressedOops requirement check fails fails on 32-bit system - windows: Update OS detection code to recognize Windows Server 2019 - x86: assert on unbound assembler Labels used as branch targets - x86: jck tests for ldc2_w bytecode fail - x86: sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization - "-XX:OnOutOfMemoryError" uses fork instead of vfork Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-221=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.2.0-3.18.1 java-11-openjdk-accessibility-11.0.2.0-3.18.1 java-11-openjdk-accessibility-debuginfo-11.0.2.0-3.18.1 java-11-openjdk-debuginfo-11.0.2.0-3.18.1 java-11-openjdk-debugsource-11.0.2.0-3.18.1 java-11-openjdk-demo-11.0.2.0-3.18.1 java-11-openjdk-devel-11.0.2.0-3.18.1 java-11-openjdk-headless-11.0.2.0-3.18.1 java-11-openjdk-jmods-11.0.2.0-3.18.1 java-11-openjdk-src-11.0.2.0-3.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): java-11-openjdk-javadoc-11.0.2.0-3.18.1 References: https://www.suse.com/security/cve/CVE-2018-11212.html https://www.suse.com/security/cve/CVE-2019-2422.html https://www.suse.com/security/cve/CVE-2019-2426.html https://bugzilla.suse.com/1120431 https://bugzilla.suse.com/1122293 https://bugzilla.suse.com/1122299 From sle-security-updates at lists.suse.com Fri Feb 1 13:11:47 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 1 Feb 2019 21:11:47 +0100 (CET) Subject: SUSE-SU-2019:0222-1: important: Security update for the Linux Kernel Message-ID: <20190201201147.BFF4EFCBE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0222-1 Rating: important References: #1024718 #1046299 #1050242 #1050244 #1051510 #1055120 #1055121 #1055186 #1058115 #1060463 #1065600 #1065729 #1068032 #1068273 #1074562 #1074578 #1074701 #1075006 #1075419 #1075748 #1078248 #1079935 #1080039 #1082387 #1082555 #1082653 #1083647 #1085535 #1086282 #1086283 #1086423 #1087082 #1087084 #1087939 #1087978 #1088386 #1089350 #1090888 #1091405 #1094244 #1097593 #1097755 #1102055 #1102875 #1102877 #1102879 #1102882 #1102896 #1103257 #1104353 #1104427 #1104824 #1104967 #1105168 #1106105 #1106110 #1106237 #1106240 #1106615 #1106913 #1107207 #1107256 #1107385 #1107866 #1108270 #1108468 #1109272 #1109772 #1109806 #1110006 #1110558 #1110998 #1111062 #1111174 #1111188 #1111469 #1111696 #1111795 #1111809 #1112128 #1112963 #1113295 #1113412 #1113501 #1113677 #1113722 #1113769 #1114015 #1114178 #1114279 #1114385 #1114576 #1114577 #1114578 #1114579 #1114580 #1114581 #1114582 #1114583 #1114584 #1114585 #1114648 #1114839 #1114871 #1115074 #1115269 #1115431 #1115433 #1115440 #1115567 #1115709 #1115976 #1116040 #1116183 #1116336 #1116692 #1116693 #1116698 #1116699 #1116700 #1116701 #1116803 #1116841 #1116862 #1116863 #1116876 #1116877 #1116878 #1116891 #1116895 #1116899 #1116950 #1117115 #1117162 #1117165 #1117168 #1117172 #1117174 #1117181 #1117184 #1117186 #1117188 #1117189 #1117349 #1117561 #1117656 #1117788 #1117789 #1117790 #1117791 #1117792 #1117794 #1117795 #1117796 #1117798 #1117799 #1117801 #1117802 #1117803 #1117804 #1117805 #1117806 #1117807 #1117808 #1117815 #1117816 #1117817 #1117818 #1117819 #1117820 #1117821 #1117822 #1117953 #1118102 #1118136 #1118137 #1118138 #1118140 #1118152 #1118215 #1118316 #1118319 #1118320 #1118428 #1118484 #1118505 #1118752 #1118760 #1118761 #1118762 #1118766 #1118767 #1118768 #1118769 #1118771 #1118772 #1118773 #1118774 #1118775 #1118787 #1118788 #1118798 #1118809 #1118962 #1119017 #1119086 #1119212 #1119322 #1119410 #1119714 #1119749 #1119804 #1119946 #1119947 #1119962 #1119968 #1119974 #1120036 #1120046 #1120053 #1120054 #1120055 #1120058 #1120088 #1120092 #1120094 #1120096 #1120097 #1120173 #1120214 #1120223 #1120228 #1120230 #1120232 #1120234 #1120235 #1120238 #1120594 #1120598 #1120600 #1120601 #1120602 #1120603 #1120604 #1120606 #1120612 #1120613 #1120614 #1120615 #1120616 #1120617 #1120618 #1120620 #1120621 #1120632 #1120633 #1120743 #1120954 #1121017 #1121058 #1121263 #1121273 #1121477 #1121483 #1121599 #1121621 #1121714 #1121715 #1121973 #1122019 #1122292 Cross-References: CVE-2017-5753 CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18397 CVE-2018-19407 CVE-2018-19824 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 258 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic was uninitialized (bnc#1116841). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319). - CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1074578) The following non-security bugs were fixed: - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). - ACPICA: Tables: Add WSMT support (bsc#1089350). - ACPI/CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115). - ACPI/CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - ACPI/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - ACPI/NFTI: Fix ARS overflow continuation (bsc#1116895). - ACPI/NFIT: x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - ACPI/NFIT: x86/mce: Validate a MCE's address before using it (bsc#1114279). - ACPI/platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - ACPI/watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - Add the cherry-picked dup id for PCI dwc fix - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - ALSA: control: Fix race between adding and removing a user element (bsc#1051510). - ALSA: cs46xx: Potential NULL dereference in probe (bsc#1051510). - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - ALSA: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - ALSA: fireface: fix for state to fetch PCM frames (bsc#1051510). - ALSA: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - ALSA: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - ALSA: hda: Add support for AMD Stoney Ridge (bsc#1051510). - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - ALSA: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - ALSA: hda: fix front speakers on Huawei MBXP (bsc#1051510). - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510). - ALSA: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - ALSA: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - ALSA: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - ALSA: hda/realtek - Support ALC300 (bsc#1051510). - ALSA: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - ALSA: hda/tegra: clear pending irq handlers (bsc#1051510). - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - ALSA: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - ALSA: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - ALSA: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - ALSA: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: trident: Suppress gcc string warning (bsc#1051510). - ALSA: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - ALSA: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - b43: Fix error in cordic routine (bsc#1051510). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block: respect virtual boundary mask in bvecs (bsc#1113412). - block/swim: Fix array bounds check (Git-fixes). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - Bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf: use per htab salt for bucket hash (git-fixes). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - Btrfs: Always try all copies when reading extent buffers (git-fixes). - Btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - Btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - Btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - Btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - Btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - Btrfs: fix deadlock when writing out free space caches (bsc#1116700). - Btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - Btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - Btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - Btrfs: fix fsync of files with multiple hard links in new directories (1120173). - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - Btrfs: Fix memory barriers usage with device stats counters (git-fixes). - Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - Btrfs: fix use-after-free during inode eviction (bsc#1116701). - Btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - Btrfs: fix use-after-free when dumping free space (bsc#1116862). - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - Btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - Btrfs: get rid of unused orphan infrastructure (bsc#1111469). - Btrfs: make sure we create all new block groups (bsc#1116699). - Btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - Btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - Btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - Btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - Btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - Btrfs: stop creating orphan items for truncate (bsc#1111469). - Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - Btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - configfs: replace strncpy with memcpy (bsc#1051510). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable INFINIBAND_USNIC - disable SERIAL_NONSTANDARD - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1107207). - Drivers: hv: vmbus: Add comments on ring buffer signaling (bsc#1107207). - Drivers: hv: vmbus: add numa_node to sysfs (bsc#1107207). - Drivers: hv: vmbus: Cleanup synic memory free path (bsc#1107207). - Drivers: hv: vmbus: enable VMBus protocol version 5.0 (bsc#1107207). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1107207). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1107207). - Drivers: hv: vmbus: Implement Direct Mode for stimer0 (bsc#1107207). - Drivers: hv: vmbus: Make TLFS #define names architecture neutral (bsc#1107207). - Drivers: hv: vmbus: Removed an unnecessary cast from void * (bsc#1107207). - Drivers: hv: vmbus: Remove use of slow_virt_to_phys() (bsc#1107207). - Drivers: hv: vmbus: Remove x86-isms from arch independent drivers (bsc#1107207). - Drivers: hv: vmbus: Remove x86 MSR refs in arch independent code (bsc#1107207). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1107207). - Drivers: hv: vmbus: respect what we get from hv_get_synint_state() (bsc#1107207). - Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() (bsc#1107207). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1107207). - Drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - Drivers/net/usb/r8152: remove the unneeded variable "ret" in rtl8152_system_suspend (bsc#1119749). - Drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix "compatible" prop description (git-fixes). - dt-bindings: pwm: Update STM32 timers clock names (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - enable CONFIG_SCSI_MQ_DEFAULT (bsc#1107207) - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fanotify: fix handling of events on child sub-directory (bsc#1122019). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - fbdev: fix broken menu dependencies (bsc#1113722) - filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787). - firmware: add firmware_request_nowarn() - load firmware without warnings (). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix kABI for "Ensure we commit after writeback is complete" (bsc#1111809). - Fix the breakage of KMP build on x86_64 (bsc#1121017) The backport of the commit 4cd24de3a098 broke KMP builds because of the failure of make kernelrelease call in spec file. Clear the blacklist and backport the fix from the upstream. - Fix tracing sample code warning (git-fixes). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - git_sort.py: Remove non-existent remote tj/libata - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - HID: Add quirk for Primax PIXART OEM mice (bsc#1119410). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - HID: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv: add SPDX license id to Kconfig (bsc#1107207). - hv: add SPDX license to trace (bsc#1107207). - hv_balloon: trace post_status (bsc#1107207). - hv_netvsc: Add handlers for ethtool get/set msg level (bsc#1107207). - hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (bsc#1107207). - hv_netvsc: Add per-cpu ethtool stats for netvsc (bsc#1107207). - hv_netvsc: Add range checking for rx packet offset and length (bsc#1107207). - hv_netvsc: add trace points (bsc#1107207). - hv_netvsc: Clean up extra parameter from rndis_filter_receive_data() (bsc#1107207). - hv_netvsc: fix bogus ifalias on network device (bsc#1107207). - hv_netvsc: fix network namespace issues with VF support (bsc#1107207). - hv_netvsc: Fix the return status in RX path (bsc#1107207). - hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload (bsc#1107207). - hv_netvsc: fix vf serial matching with pci slot info (bsc#1107207). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207). - hv_netvsc: pair VF based on serial number (bsc#1107207). - hv_netvsc: Pass net_device parameter to revoke and teardown functions (bsc#1107207). - hv_netvsc: pass netvsc_device to rndis halt (bsc#1107207). - hv_netvsc: propogate Hyper-V friendly name into interface alias (bsc#1107207). - hv_netvsc: select needed ucs2_string routine (bsc#1107207). - hv_netvsc: simplify receive side calling arguments (bsc#1107207). - hv_netvsc: typo in NDIS RSS parameters structure (bsc#1107207). - hv: Synthetic typo correction (bsc#1107207). - hv_vmbus: Correct the stale comments regarding cpu affinity (bsc#1107207). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - hyper-v: use GFP_KERNEL for hv_context.hv_numa_map (bsc#1107207). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - include modules.fips in kernel-binary as well as kernel-binary-base (). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - KABI fix for "NFSv4.1: Fix up replays of interrupted requests" (git-fixes). - KABI: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - KABI: mask raw in struct bpf_reg_state (bsc#1083647). - KABI: powerpc: Revert npu callback signature change (bsc#1055120). - KABI protect hnae_ae_ops (bsc#1104353). - KABI: protect struct fib_nh_exception (kabi). - KABI: protect struct rtable (kabi). - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: move "_all" target out of $(KBUILD_SRC) conditional (bsc#1114279). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - Kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h (Git-fixes). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - KVM: hyperv: idr_find needs RCU protection (bsc#1107207). - KVM: introduce kvm_make_vcpus_request_mask() API (bsc#1107207). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - KVM: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - KVM: s390: vsie: copy wrapping keys to right place (git-fixes). - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - KVM: VMX: re-add ple_gap module parameter (bsc#1106240). - KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd (bsc#1107207). - KVM: x86: factor out kvm.arch.hyperv (de)init (bsc#1107207). - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - KVM: x86: hyperv: delete dead code in kvm_hv_hypercall() (bsc#1107207). - KVM: x86: hyperv: do rep check for each hypercall separately (bsc#1107207). - KVM: x86: hyperv: guest->host event signaling via eventfd (bsc#1107207). - KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE}_EX implementation (bsc#1107207). - KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} implementation (bsc#1107207). - KVM: x86: hyperv: use defines when parsing hypercall parameters (bsc#1107207). - KVM: x86: VMX: hyper-v: Enlightened MSR-Bitmap support (bsc#1107207). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Always report TX status (bsc#1051510). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: rework memcg kernel stack accounting (bnc#1113677). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - Move dell_rbu fix to sorted section (bsc#1087978). - Move USB-audio UAF fix patch to sorted section - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - nfs: Avoid RCU usage in tracepoints (git-fixes). - nfs: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - nfs: Ensure we commit after writeback is complete (bsc#1111809). - nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes). - nfs: Fix a typo in nfs_rename() (git-fixes). - nfs: Fix typo in nomigration mount option (git-fixes). - nfs: Fix unstable write completion (git-fixes). - nfsv4.0 fix client reference leak in callback (git-fixes). - nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - nfsv4.1 fix infinite loop on I/O (git-fixes). - nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - nfsv4.1: Fix up replays of interrupted requests (git-fixes). - nfsv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Include <asm/barrier.h> dependency (bsc#1114279). - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme: Free ctrl device name on init failure (). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix "noreturn" detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - PCI: Add ACS quirk for Ampere root ports (bsc#1120058). - PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058). - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk (bsc#1051510). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - PCI: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - PCI: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510) - PCI: Export pcie_has_flr() (bsc#1120058). - PCI: hv: Convert remove_lock to refcount (bsc#1107207). - PCI: hv: Fix return value check in hv_pci_assign_slots() (bsc#1107207). - PCI: hv: Remove unused reason for refcount handler (bsc#1107207). - PCI: hv: Replace GFP_ATOMIC with GFP_KERNEL in new_pcichild_device() (bsc#1107207). - PCI: hv: support reporting serial number as slot information (bsc#1107207). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: hv: Use list_for_each_entry() (bsc#1107207). - PCI: imx6: Fix link training status detection in link up check (bsc#1109806). - PCI: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - PCI: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - PCI: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - PCI: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - PCI: vmd: Assign vector zero to all bridges (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1109806). - PCI: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - perf tools: Fix tracing_path_mount proper path (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - RDMA/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - RDMA/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - RDMA/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - RDMA/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - RDMA/RXE: make rxe work over 802.1q VLAN devices (bsc#1082387). - rds: fix two RCU related problems (networking-stable-18_09_18). - README: Clean-up trailing whitespace - Reenable support for KVM guest Earlier trimming of config-azure disabled also KVM. But since parts of QA are done within KVM guests, this flavor must be able to run within such guest type. - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes). - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert commit ef9209b642f "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c" (bsc#1051510). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1051510). - Revert "powerpc/64: Fix checksum folding in csum_add()" (bsc#1065729). - Revert "rpm/kernel-binary.spec.in: allow unsupported modules for -extra" This reverts commit 0d585a8c2d17de86869cc695fc7a5d10c6b96abb. - Revert "scsi: lpfc: ls_rjt erroneus FLOGIs" (bsc#1119322). - Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" (bsc#1051510). - Revert wlcore patch to follow stable tree develpment - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-${flavor}-devel packages if it exists. - rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ("kconfig: remove silentoldconfig target"), "make silentoldconfig" can be no longer used. Use "make syncconfig" instead if available. - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Git fixes (scheduler)). - sched/isolcpus: Fix "isolcpus=" boot parameter handling when !CONFIG_CPUMASK_OFFSTACK (bsc#1107207). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scripts/git-pre-commit: make executable. - scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue - scripts/git_sort/git_sort.py: change SCSI git repos to make series sorting more failsafe. - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: netvsc: Use the vmbus function to calculate ring buffer percentage (bsc#1107207). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: storsvc: do not set a bounce limit (bsc#1107207). - scsi: storvsc: Avoid allocating memory for temp cpumasks (bsc#1107207). - scsi: storvsc: Select channel based on available percentage of ring buffer to write (bsc#1107207). - scsi: storvsc: Set up correct queue depth values for IDE devices (bsc#1107207). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - scsi: vmbus: Add function to report available ring buffer to write in total ring size percentage (bsc#1107207). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - skip LAYOUTRETURN if layout is invalid (git-fixes). - soc: bcm2835: sync firmware properties with downstream () - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_firmware: fix error return getting clobbered (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (bsc#1107207). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - tools: hv: Fix a bug in the key delete code (bsc#1107207). - tools: hv: Fix a bug in the key delete code (git-fixes). - tools: hv: fix compiler warnings about major/target_fname (bsc#1107207). - tools/hv: Fix IP reporting by KVP daemon with SRIOV (bsc#1107207). - tools: hv: include string.h in hv_fcopy_daemon (bsc#1107207). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools: hv: update lsvmbus to be compatible with python3 (bsc#1107207). - tools/lib/lockdep: Rename "trywlock" into "trywrlock" (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - ubifs: Fixup compilation failure due to different ubifs_assert() prototype. - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio_hv_generic: fix subchannel ring mmap (bsc#1107207). - uio_hv_generic: make ring buffer attribute for primary channel (bsc#1107207). - uio_hv_generic: set size of ring buffer attribute (bsc#1107207). - uio_hv_generic: support sub-channels (bsc#1107207). - uio_hv_generic: use correct channel in isr (bsc#1107207). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27" Apple Cinema Display (bsc#1051510). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20" Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86/headers/UAPI: Use __u64 instead of u64 in <uapi/asm/hyperv.h> (bsc#1107207). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/hyperv: Add a function to read both TSC and TSC page value simulateneously (bsc#1107207). - x86/hyper-v: Add flush HvFlushGuestPhysicalAddressSpace hypercall support (bsc#1107207). - x86/hyper-v: Add hyperv_nested_flush_guest_mapping ftrace support (bsc#1107207). - x86/hyperv: Add interrupt handler annotations (bsc#1107207). - x86/hyper-v: allocate and use Virtual Processor Assist Pages (bsc#1107207). - x86/hyper-v: Allocate the IDT entry early in boot (bsc#1107207). - x86/hyper-v: Check cpumask_to_vpset() return value in hyperv_flush_tlb_others_ex() (bsc#1107207). - x86/hyper-v: Check for VP_INVAL in hyperv_flush_tlb_others() (bsc#1107207). - x86/hyper-v: Consolidate code for converting cpumask to vpset (bsc#1107207). - x86/hyper-v: Consolidate the allocation of the hypercall input page (bsc#1107207). - x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits (bsc#1107207). - x86/hyper-v: detect nested features (bsc#1107207). - x86/hyper-v: Enable IPI enlightenments (bsc#1107207). - x86/hyper-v: Enhanced IPI enlightenment (bsc#1107207). - x86/hyper-v: Enlighten APIC access (bsc#1107207). - x86/hyper-v: Fix the circular dependency in IPI enlightenment (bsc#1107207). - x86/hyper-v: Fix wrong merge conflict resolution (bsc#1107207). - x86/hyper-v/hv_apic: Build the Hyper-V APIC conditionally (bsc#1107207). - x86/hyper-v/hv_apic: Include asm/apic.h (bsc#1107207). - x86/hyper-v: Implement hv_do_fast_hypercall16 (bsc#1107207). - x86/hyper-v: move definitions from TLFS to hyperv-tlfs.h (bsc#1107207). - x86/hyper-v: move hyperv.h out of uapi (bsc#1107207). - x86/hyper-v: move struct hv_flush_pcpu{,ex} definitions to common header (bsc#1107207). - x86/hyperv: Redirect reenlightment notifications on CPU offlining (bsc#1107207). - x86/hyperv: Reenlightenment notifications support (bsc#1107207). - x86/hyper-v: rename ipi_arg_{ex,non_ex} structures (bsc#1107207). - x86/hyper-v: Trace PV IPI send (bsc#1107207). - x86/hyper-v: Use cheaper HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} hypercalls when possible (bsc#1107207). - x86/hyper-v: Use cheaper HVCALL_SEND_IPI hypercall when possible (bsc#1107207). - x86/hyper-v: Use 'fast' hypercall for HVCALL_SEND_IPI (bsc#1107207). - x86/irq: Count Hyper-V reenlightenment interrupts (bsc#1107207). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/kvm/hyper-v: add reenlightenment MSRs support (bsc#1107207). - x86/kvm/hyper-v: inject #GP only when invalid SINTx vector is unmasked (bsc#1107207). - x86/kvm/hyper-v: remove stale entries from vec_bitmap/auto_eoi_bitmap on vector change (bsc#1107207). - x86/kvm: rename HV_X64_MSR_APIC_ASSIST_PAGE to HV_X64_MSR_VP_ASSIST_PAGE (bsc#1107207). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/PCI: Add "pci=big_root_window" option for AMD 64-bit windows (bsc#1120058). - x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058). - x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058). - x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/netfront: tolerate frags with no data (bnc#1119804). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-222=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-azure-4.12.14-6.6.2 kernel-azure-base-4.12.14-6.6.2 kernel-azure-base-debuginfo-4.12.14-6.6.2 kernel-azure-debuginfo-4.12.14-6.6.2 kernel-azure-debugsource-4.12.14-6.6.2 kernel-azure-devel-4.12.14-6.6.2 kernel-syms-azure-4.12.14-6.6.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-azure-4.12.14-6.6.2 kernel-source-azure-4.12.14-6.6.2 References: https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2018-12232.html https://www.suse.com/security/cve/CVE-2018-14625.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18397.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19854.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1046299 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068273 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1074578 https://bugzilla.suse.com/1074701 https://bugzilla.suse.com/1075006 https://bugzilla.suse.com/1075419 https://bugzilla.suse.com/1075748 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1080039 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1082653 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086423 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1087084 https://bugzilla.suse.com/1087939 https://bugzilla.suse.com/1087978 https://bugzilla.suse.com/1088386 https://bugzilla.suse.com/1089350 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097593 https://bugzilla.suse.com/1097755 https://bugzilla.suse.com/1102055 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104824 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1105168 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106615 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1107207 https://bugzilla.suse.com/1107256 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1108270 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1109772 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110558 https://bugzilla.suse.com/1110998 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111174 https://bugzilla.suse.com/1111188 https://bugzilla.suse.com/1111469 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1111795 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1113501 https://bugzilla.suse.com/1113677 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1114015 https://bugzilla.suse.com/1114178 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114385 https://bugzilla.suse.com/1114576 https://bugzilla.suse.com/1114577 https://bugzilla.suse.com/1114578 https://bugzilla.suse.com/1114579 https://bugzilla.suse.com/1114580 https://bugzilla.suse.com/1114581 https://bugzilla.suse.com/1114582 https://bugzilla.suse.com/1114583 https://bugzilla.suse.com/1114584 https://bugzilla.suse.com/1114585 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1115074 https://bugzilla.suse.com/1115269 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115567 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1115976 https://bugzilla.suse.com/1116040 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116692 https://bugzilla.suse.com/1116693 https://bugzilla.suse.com/1116698 https://bugzilla.suse.com/1116699 https://bugzilla.suse.com/1116700 https://bugzilla.suse.com/1116701 https://bugzilla.suse.com/1116803 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1116862 https://bugzilla.suse.com/1116863 https://bugzilla.suse.com/1116876 https://bugzilla.suse.com/1116877 https://bugzilla.suse.com/1116878 https://bugzilla.suse.com/1116891 https://bugzilla.suse.com/1116895 https://bugzilla.suse.com/1116899 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1117115 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117168 https://bugzilla.suse.com/1117172 https://bugzilla.suse.com/1117174 https://bugzilla.suse.com/1117181 https://bugzilla.suse.com/1117184 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117188 https://bugzilla.suse.com/1117189 https://bugzilla.suse.com/1117349 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1117656 https://bugzilla.suse.com/1117788 https://bugzilla.suse.com/1117789 https://bugzilla.suse.com/1117790 https://bugzilla.suse.com/1117791 https://bugzilla.suse.com/1117792 https://bugzilla.suse.com/1117794 https://bugzilla.suse.com/1117795 https://bugzilla.suse.com/1117796 https://bugzilla.suse.com/1117798 https://bugzilla.suse.com/1117799 https://bugzilla.suse.com/1117801 https://bugzilla.suse.com/1117802 https://bugzilla.suse.com/1117803 https://bugzilla.suse.com/1117804 https://bugzilla.suse.com/1117805 https://bugzilla.suse.com/1117806 https://bugzilla.suse.com/1117807 https://bugzilla.suse.com/1117808 https://bugzilla.suse.com/1117815 https://bugzilla.suse.com/1117816 https://bugzilla.suse.com/1117817 https://bugzilla.suse.com/1117818 https://bugzilla.suse.com/1117819 https://bugzilla.suse.com/1117820 https://bugzilla.suse.com/1117821 https://bugzilla.suse.com/1117822 https://bugzilla.suse.com/1117953 https://bugzilla.suse.com/1118102 https://bugzilla.suse.com/1118136 https://bugzilla.suse.com/1118137 https://bugzilla.suse.com/1118138 https://bugzilla.suse.com/1118140 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118215 https://bugzilla.suse.com/1118316 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118320 https://bugzilla.suse.com/1118428 https://bugzilla.suse.com/1118484 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118752 https://bugzilla.suse.com/1118760 https://bugzilla.suse.com/1118761 https://bugzilla.suse.com/1118762 https://bugzilla.suse.com/1118766 https://bugzilla.suse.com/1118767 https://bugzilla.suse.com/1118768 https://bugzilla.suse.com/1118769 https://bugzilla.suse.com/1118771 https://bugzilla.suse.com/1118772 https://bugzilla.suse.com/1118773 https://bugzilla.suse.com/1118774 https://bugzilla.suse.com/1118775 https://bugzilla.suse.com/1118787 https://bugzilla.suse.com/1118788 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118809 https://bugzilla.suse.com/1118962 https://bugzilla.suse.com/1119017 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119212 https://bugzilla.suse.com/1119322 https://bugzilla.suse.com/1119410 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119749 https://bugzilla.suse.com/1119804 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119947 https://bugzilla.suse.com/1119962 https://bugzilla.suse.com/1119968 https://bugzilla.suse.com/1119974 https://bugzilla.suse.com/1120036 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120053 https://bugzilla.suse.com/1120054 https://bugzilla.suse.com/1120055 https://bugzilla.suse.com/1120058 https://bugzilla.suse.com/1120088 https://bugzilla.suse.com/1120092 https://bugzilla.suse.com/1120094 https://bugzilla.suse.com/1120096 https://bugzilla.suse.com/1120097 https://bugzilla.suse.com/1120173 https://bugzilla.suse.com/1120214 https://bugzilla.suse.com/1120223 https://bugzilla.suse.com/1120228 https://bugzilla.suse.com/1120230 https://bugzilla.suse.com/1120232 https://bugzilla.suse.com/1120234 https://bugzilla.suse.com/1120235 https://bugzilla.suse.com/1120238 https://bugzilla.suse.com/1120594 https://bugzilla.suse.com/1120598 https://bugzilla.suse.com/1120600 https://bugzilla.suse.com/1120601 https://bugzilla.suse.com/1120602 https://bugzilla.suse.com/1120603 https://bugzilla.suse.com/1120604 https://bugzilla.suse.com/1120606 https://bugzilla.suse.com/1120612 https://bugzilla.suse.com/1120613 https://bugzilla.suse.com/1120614 https://bugzilla.suse.com/1120615 https://bugzilla.suse.com/1120616 https://bugzilla.suse.com/1120617 https://bugzilla.suse.com/1120618 https://bugzilla.suse.com/1120620 https://bugzilla.suse.com/1120621 https://bugzilla.suse.com/1120632 https://bugzilla.suse.com/1120633 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120954 https://bugzilla.suse.com/1121017 https://bugzilla.suse.com/1121058 https://bugzilla.suse.com/1121263 https://bugzilla.suse.com/1121273 https://bugzilla.suse.com/1121477 https://bugzilla.suse.com/1121483 https://bugzilla.suse.com/1121599 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1121714 https://bugzilla.suse.com/1121715 https://bugzilla.suse.com/1121973 https://bugzilla.suse.com/1122019 https://bugzilla.suse.com/1122292 From sle-security-updates at lists.suse.com Fri Feb 1 16:10:06 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 2 Feb 2019 00:10:06 +0100 (CET) Subject: SUSE-SU-2019:0224-1: important: Security update for the Linux Kernel Message-ID: <20190201231006.A1519F7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0224-1 Rating: important References: #1024718 #1046299 #1050242 #1050244 #1051510 #1055120 #1055121 #1055186 #1058115 #1060463 #1061840 #1065600 #1065729 #1068273 #1078248 #1079935 #1082387 #1082555 #1082653 #1083647 #1085535 #1086196 #1086282 #1086283 #1086423 #1087978 #1088386 #1089350 #1090888 #1091405 #1091800 #1094244 #1097593 #1097755 #1100132 #1102875 #1102877 #1102879 #1102882 #1102896 #1103257 #1103356 #1103925 #1104124 #1104353 #1104427 #1104824 #1104967 #1105168 #1105428 #1106105 #1106110 #1106237 #1106240 #1106615 #1106913 #1107256 #1107385 #1107866 #1108270 #1108468 #1109272 #1109772 #1109806 #1110006 #1110558 #1110998 #1111040 #1111062 #1111174 #1111183 #1111188 #1111469 #1111696 #1111795 #1111809 #1111921 #1112878 #1112963 #1113295 #1113408 #1113412 #1113501 #1113667 #1113677 #1113722 #1113751 #1113769 #1113780 #1113972 #1114015 #1114178 #1114279 #1114385 #1114576 #1114577 #1114578 #1114579 #1114580 #1114581 #1114582 #1114583 #1114584 #1114585 #1114839 #1114871 #1115074 #1115269 #1115431 #1115433 #1115440 #1115567 #1115709 #1115976 #1116040 #1116183 #1116336 #1116692 #1116693 #1116698 #1116699 #1116700 #1116701 #1116803 #1116841 #1116862 #1116863 #1116876 #1116877 #1116878 #1116891 #1116895 #1116899 #1116950 #1117115 #1117162 #1117165 #1117168 #1117172 #1117174 #1117181 #1117184 #1117186 #1117188 #1117189 #1117349 #1117561 #1117656 #1117788 #1117789 #1117790 #1117791 #1117792 #1117794 #1117795 #1117796 #1117798 #1117799 #1117801 #1117802 #1117803 #1117804 #1117805 #1117806 #1117807 #1117808 #1117815 #1117816 #1117817 #1117818 #1117819 #1117820 #1117821 #1117822 #1117953 #1118102 #1118136 #1118137 #1118138 #1118140 #1118152 #1118215 #1118316 #1118319 #1118428 #1118484 #1118505 #1118752 #1118760 #1118761 #1118762 #1118766 #1118767 #1118768 #1118769 #1118771 #1118772 #1118773 #1118774 #1118775 #1118798 #1118809 #1118962 #1119017 #1119086 #1119212 #1119322 #1119410 #1119714 #1119749 #1119804 #1119946 #1119962 #1119968 #1120036 #1120046 #1120053 #1120054 #1120055 #1120058 #1120088 #1120092 #1120094 #1120096 #1120097 #1120173 #1120214 #1120223 #1120228 #1120230 #1120232 #1120234 #1120235 #1120238 #1120594 #1120598 #1120600 #1120601 #1120602 #1120603 #1120604 #1120606 #1120612 #1120613 #1120614 #1120615 #1120616 #1120617 #1120618 #1120620 #1120621 #1120632 #1120633 #1120743 #1120954 #1121017 #1121058 #1121263 #1121273 #1121477 #1121483 #1121599 #1121621 #1121714 #1121715 #1121973 Cross-References: CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18397 CVE-2018-18710 CVE-2018-19407 CVE-2018-19824 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 253 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. This update brings following features: - Support for Enhanced-IBRS on new Intel CPUs (fate#326564) The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - acpi/apei: Handle GSIV and GPIO notification types (bsc#1115567). - acpica: Tables: Add WSMT support (bsc#1089350). - acpi/cpcc: Check for valid PCC subspace only if PCC is used (bsc#1117115). - acpi/cpcc: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - acpi/iort: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - acpi/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - acpi/nfit: Fix ARS overflow continuation (bsc#1116895). - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - acpi/platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - acpi/watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - alsa: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - alsa: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - alsa: control: Fix race between adding and removing a user element (bsc#1051510). - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510). - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - alsa: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510). - alsa: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510). - alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - alsa: hda: fix unused variable warning (bsc#1051510). - alsa: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - alsa: hda/realtek - Add GPIO data update helper (bsc#1051510). - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - alsa: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - alsa: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - alsa: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - alsa: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - alsa: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - alsa: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - alsa: hda/realtek - Support ALC300 (bsc#1051510). - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - alsa: hda/tegra: clear pending irq handlers (bsc#1051510). - alsa: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - alsa: trident: Suppress gcc string warning (bsc#1051510). - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - alsa: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - alsa: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - alsa: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Enabled ENA (Amazon network driver) for arm64. - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: kvm: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: kvm: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: kvm: Tighten guest core register access from userspace (bsc#1110998). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - b43: Fix error in cordic routine (bsc#1051510). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block: respect virtual boundary mask in bvecs (bsc#1113412). - block/swim: Fix array bounds check (Git-fixes). - bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf: use per htab salt for bucket hash (git-fixes). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - btrfs: Always try all copies when reading extent buffers (git-fixes). - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - btrfs: fix deadlock when writing out free space caches (bsc#1116700). - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: fix fsync of files with multiple hard links in new directories (1120173). - btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - btrfs: fix use-after-free during inode eviction (bsc#1116701). - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - btrfs: fix use-after-free when dumping free space (bsc#1116862). - btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - btrfs: get rid of unused orphan infrastructure (bsc#1111469). - btrfs: make sure we create all new block groups (bsc#1116699). - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - btrfs: stop creating orphan items for truncate (bsc#1111469). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - configfs: replace strncpy with memcpy (bsc#1051510). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable "ret" in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix "compatible" prop description (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - fbdev: fix broken menu dependencies (bsc#1113722) - firmware: add firmware_request_nowarn() - load firmware without warnings (). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix the breakage of KMP build on x86_64 (bsc#1121017). - Fix tracing sample code warning (git-fixes). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs: Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - git_sort.py: Remove non-existent remote tj/libata - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - hid: Add quirk for Primax PIXART OEM mice (bsc#1119410). - hid: hiddev: fix potential Spectre v1 (bsc#1051510). - hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - hid: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - hwrng: core - document the quality field (bsc#1051510). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi: hide new member in struct iommu_table from genksyms (bsc#1061840). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi: mask raw in struct bpf_reg_state (bsc#1083647). - kabi: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - kabi: powerpc: Revert npu callback signature change (bsc#1055120). - kabi protect hnae_ae_ops (bsc#1104353). - kabi/severities: ignore __xive_vm_h_* KVM internal symbols. - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: move "_all" target out of $(KBUILD_SRC) conditional (bsc#1114279). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h (Git-fixes). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - kvm: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - kvm: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - kvm: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - kvm: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - kvm: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - kvm: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - kvm: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - kvm: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - kvm: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - kvm: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - kvm: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - kvm: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - kvm: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - kvm: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - kvm: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - kvm: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - kvm: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - kvm: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - kvm: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - kvm: PPC: Book3S HV: Do not use existing "prodded" flag for XIVE escalations (bsc#1061840). - kvm: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - kvm: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - kvm: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - kvm: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - kvm: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - kvm: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - kvm: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - kvm: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - kvm: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - kvm: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - kvm: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - kvm: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - kvm: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - kvm: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - kvm: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - kvm: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - kvm: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - kvm: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - kvm: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - kvm: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - kvm: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - kvm: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - kvm: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - kvm: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - kvm: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - kvm: PPC: Book3S HV: Remove useless statement (bsc#1061840). - kvm: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - kvm: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - kvm: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - kvm: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - kvm: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - kvm: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - kvm: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - kvm: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - kvm: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - kvm: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - kvm: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - kvm: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - kvm: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - kvm: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - kvm: s390: vsie: copy wrapping keys to right place (git-fixes). - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - kvm: VMX: re-add ple_gap module parameter (bsc#1106240). - kvm: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - livepatch: create and include UAPI headers (). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - lockd: fix "list_add double add" caused by legacy signal interface (git-fixes). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Always report TX status (bsc#1051510). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: rework memcg kernel stack accounting (bnc#1113677). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - modpost: ignore livepatch unresolved relocations (). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nfc: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - nfs: Avoid RCU usage in tracepoints (git-fixes). - nfs: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - nfs: Ensure we commit after writeback is complete (bsc#1111809). - nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes). - nfs: Fix a typo in nfs_rename() (git-fixes). - nfs: Fix typo in nomigration mount option (git-fixes). - nfs: Fix unstable write completion (git-fixes). - nfsv4.0 fix client reference leak in callback (git-fixes). - nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - nfsv4.1 fix infinite loop on I/O (git-fixes). - nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - nfsv4.1: Fix up replays of interrupted requests (git-fixes). - nfsv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Include dependency (bsc#1114279). - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme: Free ctrl device name on init failure (). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix "noreturn" detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - of: add helper to lookup compatible child node (bsc#1106110) - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - pci: Add ACS quirk for Ampere root ports (bsc#1120058). - pci: Add ACS quirk for APM X-Gene devices (bsc#1120058). - pci: Add Device IDs for Intel GPU "spurious interrupt" quirk (bsc#1051510). - pci/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - pci/ASPM: Fix link_state teardown on device removal (bsc#1051510). - pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - pci: dwc: remove duplicate fix (bsc#1115269) - pci: Export pcie_has_flr() (bsc#1120058). - pci: hv: Use effective affinity mask (bsc#1109772). - pci: imx6: Fix link training status detection in link up check (bsc#1109806). - pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - pci: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - pci/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - pci: vmd: Assign vector zero to all bridges (bsc#1109806). - pci: vmd: Detach resources after stopping root bus (bsc#1109806). - pci: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - perf tools: Fix tracing_path_mount proper path (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pnfs: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pnfs: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pnfs: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries: Fix "OF: ERROR: Bad of_node_put() on /cpus" during DLPAR (bsc#1113295). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - raid10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - rds: fix two RCU related problems (networking-stable-18_09_18). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - reset: remove remaining WARN_ON() in (Git-fixes). - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert "blacklist.conf: blacklist inapplicable commits" This reverts commit 88bd1b2b53990d5518b819968445522fb1392bee. We only build with VIRT_CPU_ACCOUNTING_NATIVE on s390 - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert commit ef9209b642f "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c" (bsc#1051510). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1051510). - Revert "powerpc/64: Fix checksum folding in csum_add()" (bsc#1065729). - Revert "scsi: lpfc: ls_rjt erroneus FLOGIs" (bsc#1119322). - Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" (bsc#1051510). - Revert wlcore patch to follow stable tree develpment - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - skip LAYOUTRETURN if layout is invalid (git-fixes). - soc: bcm2835: sync firmware properties with downstream () - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_firmware: fix error return getting clobbered (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename "trywlock" into "trywrlock" (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype. - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27" Apple Cinema Display (bsc#1051510). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20" Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vfs: close race between getcwd() and d_move() (git-fixes). - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/PCI: Add "pci=big_root_window" option for AMD 64-bit windows (bsc#1120058). - x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058). - x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058). - x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/netfront: tolerate frags with no data (bnc#1119804). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-224=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-224=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-224=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-224=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-224=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-224=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-default-extra-4.12.14-25.28.1 kernel-default-extra-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-25.28.1 kernel-default-base-debuginfo-4.12.14-25.28.1 kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-obs-qa-4.12.14-25.28.1 kselftests-kmp-default-4.12.14-25.28.1 kselftests-kmp-default-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 reiserfs-kmp-default-4.12.14-25.28.1 reiserfs-kmp-default-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.28.1 kernel-obs-build-debugsource-4.12.14-25.28.1 kernel-syms-4.12.14-25.28.1 kernel-vanilla-base-4.12.14-25.28.1 kernel-vanilla-base-debuginfo-4.12.14-25.28.1 kernel-vanilla-debuginfo-4.12.14-25.28.1 kernel-vanilla-debugsource-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.28.1 kernel-source-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.28.1 kernel-default-base-4.12.14-25.28.1 kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-default-devel-4.12.14-25.28.1 kernel-default-devel-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.28.1 kernel-macros-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.28.1 kernel-zfcpdump-4.12.14-25.28.1 kernel-zfcpdump-debuginfo-4.12.14-25.28.1 kernel-zfcpdump-debugsource-4.12.14-25.28.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.28.1 cluster-md-kmp-default-debuginfo-4.12.14-25.28.1 dlm-kmp-default-4.12.14-25.28.1 dlm-kmp-default-debuginfo-4.12.14-25.28.1 gfs2-kmp-default-4.12.14-25.28.1 gfs2-kmp-default-debuginfo-4.12.14-25.28.1 kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 ocfs2-kmp-default-4.12.14-25.28.1 ocfs2-kmp-default-debuginfo-4.12.14-25.28.1 References: https://www.suse.com/security/cve/CVE-2018-12232.html https://www.suse.com/security/cve/CVE-2018-14625.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18397.html https://www.suse.com/security/cve/CVE-2018-18710.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19854.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1046299 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1068273 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1082653 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1086196 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086423 https://bugzilla.suse.com/1087978 https://bugzilla.suse.com/1088386 https://bugzilla.suse.com/1089350 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1091800 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097593 https://bugzilla.suse.com/1097755 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1103356 https://bugzilla.suse.com/1103925 https://bugzilla.suse.com/1104124 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104824 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1105168 https://bugzilla.suse.com/1105428 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106615 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1107256 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1108270 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1109772 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110558 https://bugzilla.suse.com/1110998 https://bugzilla.suse.com/1111040 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111174 https://bugzilla.suse.com/1111183 https://bugzilla.suse.com/1111188 https://bugzilla.suse.com/1111469 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1111795 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1111921 https://bugzilla.suse.com/1112878 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1113408 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1113501 https://bugzilla.suse.com/1113667 https://bugzilla.suse.com/1113677 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113751 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1113780 https://bugzilla.suse.com/1113972 https://bugzilla.suse.com/1114015 https://bugzilla.suse.com/1114178 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114385 https://bugzilla.suse.com/1114576 https://bugzilla.suse.com/1114577 https://bugzilla.suse.com/1114578 https://bugzilla.suse.com/1114579 https://bugzilla.suse.com/1114580 https://bugzilla.suse.com/1114581 https://bugzilla.suse.com/1114582 https://bugzilla.suse.com/1114583 https://bugzilla.suse.com/1114584 https://bugzilla.suse.com/1114585 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1115074 https://bugzilla.suse.com/1115269 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115567 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1115976 https://bugzilla.suse.com/1116040 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116692 https://bugzilla.suse.com/1116693 https://bugzilla.suse.com/1116698 https://bugzilla.suse.com/1116699 https://bugzilla.suse.com/1116700 https://bugzilla.suse.com/1116701 https://bugzilla.suse.com/1116803 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1116862 https://bugzilla.suse.com/1116863 https://bugzilla.suse.com/1116876 https://bugzilla.suse.com/1116877 https://bugzilla.suse.com/1116878 https://bugzilla.suse.com/1116891 https://bugzilla.suse.com/1116895 https://bugzilla.suse.com/1116899 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1117115 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117168 https://bugzilla.suse.com/1117172 https://bugzilla.suse.com/1117174 https://bugzilla.suse.com/1117181 https://bugzilla.suse.com/1117184 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117188 https://bugzilla.suse.com/1117189 https://bugzilla.suse.com/1117349 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1117656 https://bugzilla.suse.com/1117788 https://bugzilla.suse.com/1117789 https://bugzilla.suse.com/1117790 https://bugzilla.suse.com/1117791 https://bugzilla.suse.com/1117792 https://bugzilla.suse.com/1117794 https://bugzilla.suse.com/1117795 https://bugzilla.suse.com/1117796 https://bugzilla.suse.com/1117798 https://bugzilla.suse.com/1117799 https://bugzilla.suse.com/1117801 https://bugzilla.suse.com/1117802 https://bugzilla.suse.com/1117803 https://bugzilla.suse.com/1117804 https://bugzilla.suse.com/1117805 https://bugzilla.suse.com/1117806 https://bugzilla.suse.com/1117807 https://bugzilla.suse.com/1117808 https://bugzilla.suse.com/1117815 https://bugzilla.suse.com/1117816 https://bugzilla.suse.com/1117817 https://bugzilla.suse.com/1117818 https://bugzilla.suse.com/1117819 https://bugzilla.suse.com/1117820 https://bugzilla.suse.com/1117821 https://bugzilla.suse.com/1117822 https://bugzilla.suse.com/1117953 https://bugzilla.suse.com/1118102 https://bugzilla.suse.com/1118136 https://bugzilla.suse.com/1118137 https://bugzilla.suse.com/1118138 https://bugzilla.suse.com/1118140 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118215 https://bugzilla.suse.com/1118316 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118428 https://bugzilla.suse.com/1118484 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118752 https://bugzilla.suse.com/1118760 https://bugzilla.suse.com/1118761 https://bugzilla.suse.com/1118762 https://bugzilla.suse.com/1118766 https://bugzilla.suse.com/1118767 https://bugzilla.suse.com/1118768 https://bugzilla.suse.com/1118769 https://bugzilla.suse.com/1118771 https://bugzilla.suse.com/1118772 https://bugzilla.suse.com/1118773 https://bugzilla.suse.com/1118774 https://bugzilla.suse.com/1118775 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118809 https://bugzilla.suse.com/1118962 https://bugzilla.suse.com/1119017 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119212 https://bugzilla.suse.com/1119322 https://bugzilla.suse.com/1119410 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119749 https://bugzilla.suse.com/1119804 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119962 https://bugzilla.suse.com/1119968 https://bugzilla.suse.com/1120036 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120053 https://bugzilla.suse.com/1120054 https://bugzilla.suse.com/1120055 https://bugzilla.suse.com/1120058 https://bugzilla.suse.com/1120088 https://bugzilla.suse.com/1120092 https://bugzilla.suse.com/1120094 https://bugzilla.suse.com/1120096 https://bugzilla.suse.com/1120097 https://bugzilla.suse.com/1120173 https://bugzilla.suse.com/1120214 https://bugzilla.suse.com/1120223 https://bugzilla.suse.com/1120228 https://bugzilla.suse.com/1120230 https://bugzilla.suse.com/1120232 https://bugzilla.suse.com/1120234 https://bugzilla.suse.com/1120235 https://bugzilla.suse.com/1120238 https://bugzilla.suse.com/1120594 https://bugzilla.suse.com/1120598 https://bugzilla.suse.com/1120600 https://bugzilla.suse.com/1120601 https://bugzilla.suse.com/1120602 https://bugzilla.suse.com/1120603 https://bugzilla.suse.com/1120604 https://bugzilla.suse.com/1120606 https://bugzilla.suse.com/1120612 https://bugzilla.suse.com/1120613 https://bugzilla.suse.com/1120614 https://bugzilla.suse.com/1120615 https://bugzilla.suse.com/1120616 https://bugzilla.suse.com/1120617 https://bugzilla.suse.com/1120618 https://bugzilla.suse.com/1120620 https://bugzilla.suse.com/1120621 https://bugzilla.suse.com/1120632 https://bugzilla.suse.com/1120633 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120954 https://bugzilla.suse.com/1121017 https://bugzilla.suse.com/1121058 https://bugzilla.suse.com/1121263 https://bugzilla.suse.com/1121273 https://bugzilla.suse.com/1121477 https://bugzilla.suse.com/1121483 https://bugzilla.suse.com/1121599 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1121714 https://bugzilla.suse.com/1121715 https://bugzilla.suse.com/1121973 From sle-security-updates at lists.suse.com Fri Feb 1 16:54:14 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 2 Feb 2019 00:54:14 +0100 (CET) Subject: SUSE-SU-2019:0224-1: important: Security update for the Linux Kernel Message-ID: <20190201235414.035FAF7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0224-1 Rating: important References: #1024718 #1046299 #1050242 #1050244 #1051510 #1055120 #1055121 #1055186 #1058115 #1060463 #1061840 #1065600 #1065729 #1068273 #1078248 #1079935 #1082387 #1082555 #1082653 #1083647 #1085535 #1086196 #1086282 #1086283 #1086423 #1087978 #1088386 #1089350 #1090888 #1091405 #1091800 #1094244 #1097593 #1097755 #1100132 #1102875 #1102877 #1102879 #1102882 #1102896 #1103257 #1103356 #1103925 #1104124 #1104353 #1104427 #1104824 #1104967 #1105168 #1105428 #1106105 #1106110 #1106237 #1106240 #1106615 #1106913 #1107256 #1107385 #1107866 #1108270 #1108468 #1109272 #1109772 #1109806 #1110006 #1110558 #1110998 #1111040 #1111062 #1111174 #1111183 #1111188 #1111469 #1111696 #1111795 #1111809 #1111921 #1112878 #1112963 #1113295 #1113408 #1113412 #1113501 #1113667 #1113677 #1113722 #1113751 #1113769 #1113780 #1113972 #1114015 #1114178 #1114279 #1114385 #1114576 #1114577 #1114578 #1114579 #1114580 #1114581 #1114582 #1114583 #1114584 #1114585 #1114839 #1114871 #1115074 #1115269 #1115431 #1115433 #1115440 #1115567 #1115709 #1115976 #1116040 #1116183 #1116336 #1116692 #1116693 #1116698 #1116699 #1116700 #1116701 #1116803 #1116841 #1116862 #1116863 #1116876 #1116877 #1116878 #1116891 #1116895 #1116899 #1116950 #1117115 #1117162 #1117165 #1117168 #1117172 #1117174 #1117181 #1117184 #1117186 #1117188 #1117189 #1117349 #1117561 #1117656 #1117788 #1117789 #1117790 #1117791 #1117792 #1117794 #1117795 #1117796 #1117798 #1117799 #1117801 #1117802 #1117803 #1117804 #1117805 #1117806 #1117807 #1117808 #1117815 #1117816 #1117817 #1117818 #1117819 #1117820 #1117821 #1117822 #1117953 #1118102 #1118136 #1118137 #1118138 #1118140 #1118152 #1118215 #1118316 #1118319 #1118428 #1118484 #1118505 #1118752 #1118760 #1118761 #1118762 #1118766 #1118767 #1118768 #1118769 #1118771 #1118772 #1118773 #1118774 #1118775 #1118798 #1118809 #1118962 #1119017 #1119086 #1119212 #1119322 #1119410 #1119714 #1119749 #1119804 #1119946 #1119962 #1119968 #1120036 #1120046 #1120053 #1120054 #1120055 #1120058 #1120088 #1120092 #1120094 #1120096 #1120097 #1120173 #1120214 #1120223 #1120228 #1120230 #1120232 #1120234 #1120235 #1120238 #1120594 #1120598 #1120600 #1120601 #1120602 #1120603 #1120604 #1120606 #1120612 #1120613 #1120614 #1120615 #1120616 #1120617 #1120618 #1120620 #1120621 #1120632 #1120633 #1120743 #1120954 #1121017 #1121058 #1121263 #1121273 #1121477 #1121483 #1121599 #1121621 #1121714 #1121715 #1121973 Cross-References: CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18397 CVE-2018-18710 CVE-2018-19407 CVE-2018-19824 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 253 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. This update brings following features: - Support for Enhanced-IBRS on new Intel CPUs (fate#326564) The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - acpi/apei: Handle GSIV and GPIO notification types (bsc#1115567). - acpica: Tables: Add WSMT support (bsc#1089350). - acpi/cpcc: Check for valid PCC subspace only if PCC is used (bsc#1117115). - acpi/cpcc: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - acpi/iort: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - acpi/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - acpi/nfit: Fix ARS overflow continuation (bsc#1116895). - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - acpi/platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - acpi/watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - alsa: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - alsa: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - alsa: control: Fix race between adding and removing a user element (bsc#1051510). - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510). - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - alsa: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510). - alsa: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510). - alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - alsa: hda: fix unused variable warning (bsc#1051510). - alsa: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - alsa: hda/realtek - Add GPIO data update helper (bsc#1051510). - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - alsa: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - alsa: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - alsa: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - alsa: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - alsa: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - alsa: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - alsa: hda/realtek - Support ALC300 (bsc#1051510). - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - alsa: hda/tegra: clear pending irq handlers (bsc#1051510). - alsa: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - alsa: trident: Suppress gcc string warning (bsc#1051510). - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - alsa: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - alsa: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - alsa: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Enabled ENA (Amazon network driver) for arm64. - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: kvm: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: kvm: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: kvm: Tighten guest core register access from userspace (bsc#1110998). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - b43: Fix error in cordic routine (bsc#1051510). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block: respect virtual boundary mask in bvecs (bsc#1113412). - block/swim: Fix array bounds check (Git-fixes). - bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf: use per htab salt for bucket hash (git-fixes). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - btrfs: Always try all copies when reading extent buffers (git-fixes). - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - btrfs: fix deadlock when writing out free space caches (bsc#1116700). - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: fix fsync of files with multiple hard links in new directories (1120173). - btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - btrfs: fix use-after-free during inode eviction (bsc#1116701). - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - btrfs: fix use-after-free when dumping free space (bsc#1116862). - btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - btrfs: get rid of unused orphan infrastructure (bsc#1111469). - btrfs: make sure we create all new block groups (bsc#1116699). - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - btrfs: stop creating orphan items for truncate (bsc#1111469). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - configfs: replace strncpy with memcpy (bsc#1051510). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable "ret" in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix "compatible" prop description (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - fbdev: fix broken menu dependencies (bsc#1113722) - firmware: add firmware_request_nowarn() - load firmware without warnings (). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix the breakage of KMP build on x86_64 (bsc#1121017). - Fix tracing sample code warning (git-fixes). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs: Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - git_sort.py: Remove non-existent remote tj/libata - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - hid: Add quirk for Primax PIXART OEM mice (bsc#1119410). - hid: hiddev: fix potential Spectre v1 (bsc#1051510). - hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - hid: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - hwrng: core - document the quality field (bsc#1051510). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi: hide new member in struct iommu_table from genksyms (bsc#1061840). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi: mask raw in struct bpf_reg_state (bsc#1083647). - kabi: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - kabi: powerpc: Revert npu callback signature change (bsc#1055120). - kabi protect hnae_ae_ops (bsc#1104353). - kabi/severities: ignore __xive_vm_h_* KVM internal symbols. - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: move "_all" target out of $(KBUILD_SRC) conditional (bsc#1114279). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h (Git-fixes). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - kvm: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - kvm: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - kvm: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - kvm: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - kvm: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - kvm: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - kvm: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - kvm: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - kvm: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - kvm: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - kvm: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - kvm: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - kvm: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - kvm: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - kvm: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - kvm: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - kvm: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - kvm: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - kvm: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - kvm: PPC: Book3S HV: Do not use existing "prodded" flag for XIVE escalations (bsc#1061840). - kvm: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - kvm: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - kvm: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - kvm: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - kvm: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - kvm: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - kvm: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - kvm: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - kvm: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - kvm: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - kvm: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - kvm: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - kvm: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - kvm: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - kvm: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - kvm: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - kvm: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - kvm: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - kvm: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - kvm: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - kvm: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - kvm: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - kvm: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - kvm: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - kvm: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - kvm: PPC: Book3S HV: Remove useless statement (bsc#1061840). - kvm: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - kvm: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - kvm: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - kvm: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - kvm: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - kvm: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - kvm: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - kvm: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - kvm: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - kvm: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - kvm: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - kvm: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - kvm: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - kvm: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - kvm: s390: vsie: copy wrapping keys to right place (git-fixes). - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - kvm: VMX: re-add ple_gap module parameter (bsc#1106240). - kvm: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - livepatch: create and include UAPI headers (). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - lockd: fix "list_add double add" caused by legacy signal interface (git-fixes). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Always report TX status (bsc#1051510). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: rework memcg kernel stack accounting (bnc#1113677). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - modpost: ignore livepatch unresolved relocations (). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nfc: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - nfs: Avoid RCU usage in tracepoints (git-fixes). - nfs: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - nfs: Ensure we commit after writeback is complete (bsc#1111809). - nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes). - nfs: Fix a typo in nfs_rename() (git-fixes). - nfs: Fix typo in nomigration mount option (git-fixes). - nfs: Fix unstable write completion (git-fixes). - nfsv4.0 fix client reference leak in callback (git-fixes). - nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - nfsv4.1 fix infinite loop on I/O (git-fixes). - nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - nfsv4.1: Fix up replays of interrupted requests (git-fixes). - nfsv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Include dependency (bsc#1114279). - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme: Free ctrl device name on init failure (). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix "noreturn" detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - of: add helper to lookup compatible child node (bsc#1106110) - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - pci: Add ACS quirk for Ampere root ports (bsc#1120058). - pci: Add ACS quirk for APM X-Gene devices (bsc#1120058). - pci: Add Device IDs for Intel GPU "spurious interrupt" quirk (bsc#1051510). - pci/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - pci/ASPM: Fix link_state teardown on device removal (bsc#1051510). - pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - pci: dwc: remove duplicate fix (bsc#1115269) - pci: Export pcie_has_flr() (bsc#1120058). - pci: hv: Use effective affinity mask (bsc#1109772). - pci: imx6: Fix link training status detection in link up check (bsc#1109806). - pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - pci: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - pci/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - pci: vmd: Assign vector zero to all bridges (bsc#1109806). - pci: vmd: Detach resources after stopping root bus (bsc#1109806). - pci: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - perf tools: Fix tracing_path_mount proper path (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pnfs: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pnfs: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pnfs: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries: Fix "OF: ERROR: Bad of_node_put() on /cpus" during DLPAR (bsc#1113295). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - raid10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - rds: fix two RCU related problems (networking-stable-18_09_18). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - reset: remove remaining WARN_ON() in (Git-fixes). - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert "blacklist.conf: blacklist inapplicable commits" This reverts commit 88bd1b2b53990d5518b819968445522fb1392bee. We only build with VIRT_CPU_ACCOUNTING_NATIVE on s390 - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert commit ef9209b642f "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c" (bsc#1051510). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1051510). - Revert "powerpc/64: Fix checksum folding in csum_add()" (bsc#1065729). - Revert "scsi: lpfc: ls_rjt erroneus FLOGIs" (bsc#1119322). - Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" (bsc#1051510). - Revert wlcore patch to follow stable tree develpment - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - skip LAYOUTRETURN if layout is invalid (git-fixes). - soc: bcm2835: sync firmware properties with downstream () - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_firmware: fix error return getting clobbered (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename "trywlock" into "trywrlock" (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype. - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27" Apple Cinema Display (bsc#1051510). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20" Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vfs: close race between getcwd() and d_move() (git-fixes). - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/PCI: Add "pci=big_root_window" option for AMD 64-bit windows (bsc#1120058). - x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058). - x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058). - x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/netfront: tolerate frags with no data (bnc#1119804). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-224=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-224=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-224=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-224=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-224=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-224=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-224=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-default-extra-4.12.14-25.28.1 kernel-default-extra-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-25.28.1 kernel-default-base-debuginfo-4.12.14-25.28.1 kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-obs-qa-4.12.14-25.28.1 kselftests-kmp-default-4.12.14-25.28.1 kselftests-kmp-default-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-default-livepatch-4.12.14-25.28.1 kernel-livepatch-4_12_14-25_28-default-1-1.3.1 kernel-livepatch-4_12_14-25_28-default-debuginfo-1-1.3.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 reiserfs-kmp-default-4.12.14-25.28.1 reiserfs-kmp-default-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-25.28.1 kernel-obs-build-debugsource-4.12.14-25.28.1 kernel-syms-4.12.14-25.28.1 kernel-vanilla-base-4.12.14-25.28.1 kernel-vanilla-base-debuginfo-4.12.14-25.28.1 kernel-vanilla-debuginfo-4.12.14-25.28.1 kernel-vanilla-debugsource-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-25.28.1 kernel-source-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-25.28.1 kernel-default-base-4.12.14-25.28.1 kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 kernel-default-devel-4.12.14-25.28.1 kernel-default-devel-debuginfo-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-25.28.1 kernel-macros-4.12.14-25.28.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-25.28.1 kernel-zfcpdump-4.12.14-25.28.1 kernel-zfcpdump-debuginfo-4.12.14-25.28.1 kernel-zfcpdump-debugsource-4.12.14-25.28.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-25.28.1 cluster-md-kmp-default-debuginfo-4.12.14-25.28.1 dlm-kmp-default-4.12.14-25.28.1 dlm-kmp-default-debuginfo-4.12.14-25.28.1 gfs2-kmp-default-4.12.14-25.28.1 gfs2-kmp-default-debuginfo-4.12.14-25.28.1 kernel-default-debuginfo-4.12.14-25.28.1 kernel-default-debugsource-4.12.14-25.28.1 ocfs2-kmp-default-4.12.14-25.28.1 ocfs2-kmp-default-debuginfo-4.12.14-25.28.1 References: https://www.suse.com/security/cve/CVE-2018-12232.html https://www.suse.com/security/cve/CVE-2018-14625.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18397.html https://www.suse.com/security/cve/CVE-2018-18710.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19854.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1046299 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1055120 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1060463 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1068273 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1082653 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1086196 https://bugzilla.suse.com/1086282 https://bugzilla.suse.com/1086283 https://bugzilla.suse.com/1086423 https://bugzilla.suse.com/1087978 https://bugzilla.suse.com/1088386 https://bugzilla.suse.com/1089350 https://bugzilla.suse.com/1090888 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1091800 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1097593 https://bugzilla.suse.com/1097755 https://bugzilla.suse.com/1100132 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1103356 https://bugzilla.suse.com/1103925 https://bugzilla.suse.com/1104124 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104824 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1105168 https://bugzilla.suse.com/1105428 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106110 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106615 https://bugzilla.suse.com/1106913 https://bugzilla.suse.com/1107256 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1108270 https://bugzilla.suse.com/1108468 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1109772 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1110006 https://bugzilla.suse.com/1110558 https://bugzilla.suse.com/1110998 https://bugzilla.suse.com/1111040 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111174 https://bugzilla.suse.com/1111183 https://bugzilla.suse.com/1111188 https://bugzilla.suse.com/1111469 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1111795 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1111921 https://bugzilla.suse.com/1112878 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1113408 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1113501 https://bugzilla.suse.com/1113667 https://bugzilla.suse.com/1113677 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113751 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1113780 https://bugzilla.suse.com/1113972 https://bugzilla.suse.com/1114015 https://bugzilla.suse.com/1114178 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114385 https://bugzilla.suse.com/1114576 https://bugzilla.suse.com/1114577 https://bugzilla.suse.com/1114578 https://bugzilla.suse.com/1114579 https://bugzilla.suse.com/1114580 https://bugzilla.suse.com/1114581 https://bugzilla.suse.com/1114582 https://bugzilla.suse.com/1114583 https://bugzilla.suse.com/1114584 https://bugzilla.suse.com/1114585 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1115074 https://bugzilla.suse.com/1115269 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115567 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1115976 https://bugzilla.suse.com/1116040 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116692 https://bugzilla.suse.com/1116693 https://bugzilla.suse.com/1116698 https://bugzilla.suse.com/1116699 https://bugzilla.suse.com/1116700 https://bugzilla.suse.com/1116701 https://bugzilla.suse.com/1116803 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1116862 https://bugzilla.suse.com/1116863 https://bugzilla.suse.com/1116876 https://bugzilla.suse.com/1116877 https://bugzilla.suse.com/1116878 https://bugzilla.suse.com/1116891 https://bugzilla.suse.com/1116895 https://bugzilla.suse.com/1116899 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1117115 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117168 https://bugzilla.suse.com/1117172 https://bugzilla.suse.com/1117174 https://bugzilla.suse.com/1117181 https://bugzilla.suse.com/1117184 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117188 https://bugzilla.suse.com/1117189 https://bugzilla.suse.com/1117349 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1117656 https://bugzilla.suse.com/1117788 https://bugzilla.suse.com/1117789 https://bugzilla.suse.com/1117790 https://bugzilla.suse.com/1117791 https://bugzilla.suse.com/1117792 https://bugzilla.suse.com/1117794 https://bugzilla.suse.com/1117795 https://bugzilla.suse.com/1117796 https://bugzilla.suse.com/1117798 https://bugzilla.suse.com/1117799 https://bugzilla.suse.com/1117801 https://bugzilla.suse.com/1117802 https://bugzilla.suse.com/1117803 https://bugzilla.suse.com/1117804 https://bugzilla.suse.com/1117805 https://bugzilla.suse.com/1117806 https://bugzilla.suse.com/1117807 https://bugzilla.suse.com/1117808 https://bugzilla.suse.com/1117815 https://bugzilla.suse.com/1117816 https://bugzilla.suse.com/1117817 https://bugzilla.suse.com/1117818 https://bugzilla.suse.com/1117819 https://bugzilla.suse.com/1117820 https://bugzilla.suse.com/1117821 https://bugzilla.suse.com/1117822 https://bugzilla.suse.com/1117953 https://bugzilla.suse.com/1118102 https://bugzilla.suse.com/1118136 https://bugzilla.suse.com/1118137 https://bugzilla.suse.com/1118138 https://bugzilla.suse.com/1118140 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118215 https://bugzilla.suse.com/1118316 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118428 https://bugzilla.suse.com/1118484 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118752 https://bugzilla.suse.com/1118760 https://bugzilla.suse.com/1118761 https://bugzilla.suse.com/1118762 https://bugzilla.suse.com/1118766 https://bugzilla.suse.com/1118767 https://bugzilla.suse.com/1118768 https://bugzilla.suse.com/1118769 https://bugzilla.suse.com/1118771 https://bugzilla.suse.com/1118772 https://bugzilla.suse.com/1118773 https://bugzilla.suse.com/1118774 https://bugzilla.suse.com/1118775 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118809 https://bugzilla.suse.com/1118962 https://bugzilla.suse.com/1119017 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119212 https://bugzilla.suse.com/1119322 https://bugzilla.suse.com/1119410 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119749 https://bugzilla.suse.com/1119804 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119962 https://bugzilla.suse.com/1119968 https://bugzilla.suse.com/1120036 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120053 https://bugzilla.suse.com/1120054 https://bugzilla.suse.com/1120055 https://bugzilla.suse.com/1120058 https://bugzilla.suse.com/1120088 https://bugzilla.suse.com/1120092 https://bugzilla.suse.com/1120094 https://bugzilla.suse.com/1120096 https://bugzilla.suse.com/1120097 https://bugzilla.suse.com/1120173 https://bugzilla.suse.com/1120214 https://bugzilla.suse.com/1120223 https://bugzilla.suse.com/1120228 https://bugzilla.suse.com/1120230 https://bugzilla.suse.com/1120232 https://bugzilla.suse.com/1120234 https://bugzilla.suse.com/1120235 https://bugzilla.suse.com/1120238 https://bugzilla.suse.com/1120594 https://bugzilla.suse.com/1120598 https://bugzilla.suse.com/1120600 https://bugzilla.suse.com/1120601 https://bugzilla.suse.com/1120602 https://bugzilla.suse.com/1120603 https://bugzilla.suse.com/1120604 https://bugzilla.suse.com/1120606 https://bugzilla.suse.com/1120612 https://bugzilla.suse.com/1120613 https://bugzilla.suse.com/1120614 https://bugzilla.suse.com/1120615 https://bugzilla.suse.com/1120616 https://bugzilla.suse.com/1120617 https://bugzilla.suse.com/1120618 https://bugzilla.suse.com/1120620 https://bugzilla.suse.com/1120621 https://bugzilla.suse.com/1120632 https://bugzilla.suse.com/1120633 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120954 https://bugzilla.suse.com/1121017 https://bugzilla.suse.com/1121058 https://bugzilla.suse.com/1121263 https://bugzilla.suse.com/1121273 https://bugzilla.suse.com/1121477 https://bugzilla.suse.com/1121483 https://bugzilla.suse.com/1121599 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1121714 https://bugzilla.suse.com/1121715 https://bugzilla.suse.com/1121973 From sle-security-updates at lists.suse.com Tue Feb 5 07:09:04 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Feb 2019 15:09:04 +0100 (CET) Subject: SUSE-SU-2019:0228-1: Security update for uriparser Message-ID: <20190205140904.B5471FF7D@maintenance.suse.de> SUSE Security Update: Security update for uriparser ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0228-1 Rating: low References: #1115722 #1115723 #1115724 #1122193 Cross-References: CVE-2018-19198 CVE-2018-19199 CVE-2018-19200 CVE-2018-20721 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for uriparser fixes the following issues: Security issues fixed: - CVE-2018-20721: Fixed an out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address (bsc#1122193). - CVE-2018-19198: Fixed an out-of-bounds write that was possible via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115722). - CVE-2018-19199: Fixed an integer overflow caused by an unchecked multiplication via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115723). - CVE-2018-19200: Fixed a operation attempted on NULL input via a uriResetUri* function (bsc#1115724). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-228=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): liburiparser1-0.8.5-3.5.1 liburiparser1-debuginfo-0.8.5-3.5.1 uriparser-0.8.5-3.5.1 uriparser-debuginfo-0.8.5-3.5.1 uriparser-debugsource-0.8.5-3.5.1 uriparser-devel-0.8.5-3.5.1 References: https://www.suse.com/security/cve/CVE-2018-19198.html https://www.suse.com/security/cve/CVE-2018-19199.html https://www.suse.com/security/cve/CVE-2018-19200.html https://www.suse.com/security/cve/CVE-2018-20721.html https://bugzilla.suse.com/1115722 https://bugzilla.suse.com/1115723 https://bugzilla.suse.com/1115724 https://bugzilla.suse.com/1122193 From sle-security-updates at lists.suse.com Tue Feb 5 07:10:49 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Feb 2019 15:10:49 +0100 (CET) Subject: SUSE-SU-2019:0230-1: important: Security update for spice Message-ID: <20190205141049.D4EA5FF7D@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0230-1 Rating: important References: #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-230=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-230=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-230=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-230=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-230=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): libspice-server1-0.12.7-10.6.1 libspice-server1-debuginfo-0.12.7-10.6.1 spice-debugsource-0.12.7-10.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libspice-server1-0.12.7-10.6.1 libspice-server1-debuginfo-0.12.7-10.6.1 spice-debugsource-0.12.7-10.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libspice-server1-0.12.7-10.6.1 libspice-server1-debuginfo-0.12.7-10.6.1 spice-debugsource-0.12.7-10.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libspice-server1-0.12.7-10.6.1 libspice-server1-debuginfo-0.12.7-10.6.1 spice-debugsource-0.12.7-10.6.1 - SUSE Enterprise Storage 4 (x86_64): libspice-server1-0.12.7-10.6.1 libspice-server1-debuginfo-0.12.7-10.6.1 spice-debugsource-0.12.7-10.6.1 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1122706 From sle-security-updates at lists.suse.com Tue Feb 5 07:43:04 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Feb 2019 15:43:04 +0100 (CET) Subject: SUSE-SU-2019:0231-1: important: Security update for spice Message-ID: <20190205144304.09173FF7D@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0231-1 Rating: important References: #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-231=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): libspice-server1-0.12.5-10.2.3.1 libspice-server1-debuginfo-0.12.5-10.2.3.1 spice-debugsource-0.12.5-10.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1122706 From sle-security-updates at lists.suse.com Tue Feb 5 07:43:36 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Feb 2019 15:43:36 +0100 (CET) Subject: SUSE-SU-2019:0232-1: important: Security update for haproxy Message-ID: <20190205144336.48B0CFF7D@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0232-1 Rating: important References: #1121283 Cross-References: CVE-2018-20615 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for haproxy version 1.8.17 fixes the following issues: Security issues fixed: - CVE-2018-20615: Fixed a denial of service, triggered by mishandling the priority flag on short HEADERS frame in the HTTP/2 decoder (bsc#1121283) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-232=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): haproxy-1.8.17~git0.e89d25b2-3.9.1 haproxy-debuginfo-1.8.17~git0.e89d25b2-3.9.1 haproxy-debugsource-1.8.17~git0.e89d25b2-3.9.1 References: https://www.suse.com/security/cve/CVE-2018-20615.html https://bugzilla.suse.com/1121283 From sle-security-updates at lists.suse.com Tue Feb 5 07:44:10 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Feb 2019 15:44:10 +0100 (CET) Subject: SUSE-SU-2019:0229-1: important: Security update for spice Message-ID: <20190205144410.7E444FF7D@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0229-1 Rating: important References: #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-229=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): libspice-server1-0.12.4-8.21.1 libspice-server1-debuginfo-0.12.4-8.21.1 spice-debugsource-0.12.4-8.21.1 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1122706 From sle-security-updates at lists.suse.com Tue Feb 5 10:09:41 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Feb 2019 18:09:41 +0100 (CET) Subject: SUSE-SU-2019:0236-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15) Message-ID: <20190205170941.90B23FF7D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0236-1 Rating: important References: #1119947 Cross-References: CVE-2018-16884 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-25_25 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-233=1 SUSE-SLE-Module-Live-Patching-15-2019-234=1 SUSE-SLE-Module-Live-Patching-15-2019-235=1 SUSE-SLE-Module-Live-Patching-15-2019-236=1 SUSE-SLE-Module-Live-Patching-15-2019-237=1 SUSE-SLE-Module-Live-Patching-15-2019-238=1 SUSE-SLE-Module-Live-Patching-15-2019-239=1 SUSE-SLE-Module-Live-Patching-15-2019-240=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-23-default-8-22.2 kernel-livepatch-4_12_14-23-default-debuginfo-8-22.2 kernel-livepatch-4_12_14-25_13-default-5-2.1 kernel-livepatch-4_12_14-25_13-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-25_16-default-4-2.1 kernel-livepatch-4_12_14-25_16-default-debuginfo-4-2.1 kernel-livepatch-4_12_14-25_19-default-4-2.1 kernel-livepatch-4_12_14-25_19-default-debuginfo-4-2.1 kernel-livepatch-4_12_14-25_22-default-3-2.1 kernel-livepatch-4_12_14-25_22-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-25_25-default-2-2.1 kernel-livepatch-4_12_14-25_25-default-debuginfo-2-2.1 kernel-livepatch-4_12_14-25_3-default-7-2.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-7-2.1 kernel-livepatch-4_12_14-25_6-default-7-2.1 kernel-livepatch-4_12_14-25_6-default-debuginfo-7-2.1 kernel-livepatch-SLE15_Update_0-debugsource-8-22.2 References: https://www.suse.com/security/cve/CVE-2018-16884.html https://bugzilla.suse.com/1119947 From sle-security-updates at lists.suse.com Tue Feb 5 10:10:18 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Feb 2019 18:10:18 +0100 (CET) Subject: SUSE-SU-2019:0242-1: important: Security update for spice Message-ID: <20190205171018.5C062FF7D@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0242-1 Rating: important References: #1109044 #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Non-security issue fixed: - Include spice-server tweak to compensate for performance issues with Windows guests (bsc#1109044). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-242=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.14.0-4.6.2 libspice-server1-0.14.0-4.6.2 libspice-server1-debuginfo-0.14.0-4.6.2 spice-debugsource-0.14.0-4.6.2 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1109044 https://bugzilla.suse.com/1122706 From sle-security-updates at lists.suse.com Tue Feb 5 10:11:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Feb 2019 18:11:05 +0100 (CET) Subject: SUSE-SU-2019:0241-1: important: Security update for spice Message-ID: <20190205171105.CF517FF7D@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0241-1 Rating: important References: #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-241=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-241=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-241=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-241=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-241=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-241=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.12.8-12.1 spice-debugsource-0.12.8-12.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.12.8-12.1 spice-debugsource-0.12.8-12.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libspice-server1-0.12.8-12.1 libspice-server1-debuginfo-0.12.8-12.1 spice-debugsource-0.12.8-12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libspice-server1-0.12.8-12.1 libspice-server1-debuginfo-0.12.8-12.1 spice-debugsource-0.12.8-12.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libspice-server1-0.12.8-12.1 libspice-server1-debuginfo-0.12.8-12.1 spice-debugsource-0.12.8-12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libspice-server1-0.12.8-12.1 libspice-server1-debuginfo-0.12.8-12.1 spice-debugsource-0.12.8-12.1 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1122706 From sle-security-updates at lists.suse.com Tue Feb 5 13:11:04 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Feb 2019 21:11:04 +0100 (CET) Subject: SUSE-SU-2019:0243-1: important: Security update for python3 Message-ID: <20190205201104.267C1FDF2@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0243-1 Rating: important References: #1120644 #1122191 Cross-References: CVE-2018-20406 CVE-2019-5010 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-243=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-243=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-243=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-243=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-243=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-243=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-243=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-243=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-243=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-243=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-243=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-243=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-243=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-243=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-dbm-3.4.6-25.21.1 python3-dbm-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 python3-devel-3.4.6-25.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-devel-3.4.6-25.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 - SUSE Enterprise Storage 4 (x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-curses-3.4.6-25.21.1 python3-curses-debuginfo-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 References: https://www.suse.com/security/cve/CVE-2018-20406.html https://www.suse.com/security/cve/CVE-2019-5010.html https://bugzilla.suse.com/1120644 https://bugzilla.suse.com/1122191 From sle-security-updates at lists.suse.com Wed Feb 6 04:10:43 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 6 Feb 2019 12:10:43 +0100 (CET) Subject: SUSE-SU-2019:0248-1: important: Security update for curl Message-ID: <20190206111043.EB812FDF2@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0248-1 Rating: important References: #1123371 #1123377 #1123378 Cross-References: CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-248=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-248=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): curl-mini-7.60.0-3.17.1 curl-mini-debuginfo-7.60.0-3.17.1 curl-mini-debugsource-7.60.0-3.17.1 libcurl-mini-devel-7.60.0-3.17.1 libcurl4-mini-7.60.0-3.17.1 libcurl4-mini-debuginfo-7.60.0-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.17.1 curl-debuginfo-7.60.0-3.17.1 curl-debugsource-7.60.0-3.17.1 libcurl-devel-7.60.0-3.17.1 libcurl4-7.60.0-3.17.1 libcurl4-debuginfo-7.60.0-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libcurl4-32bit-7.60.0-3.17.1 libcurl4-32bit-debuginfo-7.60.0-3.17.1 References: https://www.suse.com/security/cve/CVE-2018-16890.html https://www.suse.com/security/cve/CVE-2019-3822.html https://www.suse.com/security/cve/CVE-2019-3823.html https://bugzilla.suse.com/1123371 https://bugzilla.suse.com/1123377 https://bugzilla.suse.com/1123378 From sle-security-updates at lists.suse.com Wed Feb 6 07:12:37 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:12:37 +0100 (CET) Subject: SUSE-SU-2019:0247-1: moderate: Security update for lua53 Message-ID: <20190206141237.13B0FFD0B@maintenance.suse.de> SUSE Security Update: Security update for lua53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0247-1 Rating: moderate References: #1123043 Cross-References: CVE-2019-6706 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-247=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-247=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): lua53-doc-5.3.4-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): liblua5_3-5-5.3.4-3.3.2 liblua5_3-5-debuginfo-5.3.4-3.3.2 lua53-5.3.4-3.3.2 lua53-debuginfo-5.3.4-3.3.2 lua53-debugsource-5.3.4-3.3.2 lua53-devel-5.3.4-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): liblua5_3-5-32bit-5.3.4-3.3.2 liblua5_3-5-32bit-debuginfo-5.3.4-3.3.2 References: https://www.suse.com/security/cve/CVE-2019-6706.html https://bugzilla.suse.com/1123043 From sle-security-updates at lists.suse.com Wed Feb 6 07:54:23 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 6 Feb 2019 15:54:23 +0100 (CET) Subject: SUSE-SU-2019:0249-1: important: Security update for curl Message-ID: <20190206145423.74867FD0B@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0249-1 Rating: important References: #1123371 #1123377 #1123378 Cross-References: CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-249=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-249=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-249=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-249=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-249=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-249=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-249=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-249=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-249=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-249=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-249=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-32bit-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl-devel-7.37.0-37.34.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libcurl4-32bit-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libcurl4-32bit-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-32bit-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-32bit-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE Enterprise Storage 4 (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-32bit-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE CaaS Platform ALL (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - SUSE CaaS Platform 3.0 (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 References: https://www.suse.com/security/cve/CVE-2018-16890.html https://www.suse.com/security/cve/CVE-2019-3822.html https://www.suse.com/security/cve/CVE-2019-3823.html https://bugzilla.suse.com/1123371 https://bugzilla.suse.com/1123377 https://bugzilla.suse.com/1123378 From sle-security-updates at lists.suse.com Wed Feb 6 13:09:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 6 Feb 2019 21:09:19 +0100 (CET) Subject: SUSE-SU-2019:0271-1: moderate: Security update for python Message-ID: <20190206200919.31EA9FF79@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0271-1 Rating: moderate References: #1122191 Cross-References: CVE-2019-5010 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-271=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-271=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-271=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.6.1 python-debugsource-2.7.14-7.6.1 python-demo-2.7.14-7.6.1 python-idle-2.7.14-7.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-doc-2.7.14-7.6.1 python-doc-pdf-2.7.14-7.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.6.1 python-debugsource-2.7.14-7.6.1 python-tk-2.7.14-7.6.1 python-tk-debuginfo-2.7.14-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.6.1 libpython2_7-1_0-debuginfo-2.7.14-7.6.1 python-2.7.14-7.6.1 python-base-2.7.14-7.6.1 python-base-debuginfo-2.7.14-7.6.1 python-base-debugsource-2.7.14-7.6.1 python-curses-2.7.14-7.6.1 python-curses-debuginfo-2.7.14-7.6.1 python-debuginfo-2.7.14-7.6.1 python-debugsource-2.7.14-7.6.1 python-devel-2.7.14-7.6.1 python-gdbm-2.7.14-7.6.1 python-gdbm-debuginfo-2.7.14-7.6.1 python-xml-2.7.14-7.6.1 python-xml-debuginfo-2.7.14-7.6.1 References: https://www.suse.com/security/cve/CVE-2019-5010.html https://bugzilla.suse.com/1122191 From sle-security-updates at lists.suse.com Wed Feb 6 13:11:48 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 6 Feb 2019 21:11:48 +0100 (CET) Subject: SUSE-SU-2019:0272-1: moderate: Security update for rmt-server Message-ID: <20190206201148.C89A3FF79@maintenance.suse.de> SUSE Security Update: Security update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0272-1 Rating: moderate References: #1102046 #1102193 #1109307 #1113760 #1113969 #1114831 #1117106 #1118579 #1118584 Cross-References: CVE-2018-14404 CVE-2018-16468 CVE-2018-16470 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has 6 fixes is now available. Description: This update for rmt-server to version 1.1.1 fixes the following issues: The following issues have been fixed: - Fixed migration problems which caused some extensions / modules to be dropped (bsc#1118584, bsc#1118579) - Fixed listing of mirrored products (bsc#1102193) - Include online migration paths into offline migration (bsc#1117106) - Sync products that do not have a base product (bsc#1109307) - Fixed SLP auto discovery for RMT (bsc#1113760) Update dependencies for security fixes: - CVE-2018-16468: Update loofah to 2.2.3 (bsc#1113969) - CVE-2018-16470: Update rack to 2.0.6 (bsc#1114831) - CVE-2018-14404: Update nokogiri to 1.8.5 (bsc#1102046) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-272=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): rmt-server-1.1.1-3.13.1 rmt-server-debuginfo-1.1.1-3.13.1 References: https://www.suse.com/security/cve/CVE-2018-14404.html https://www.suse.com/security/cve/CVE-2018-16468.html https://www.suse.com/security/cve/CVE-2018-16470.html https://bugzilla.suse.com/1102046 https://bugzilla.suse.com/1102193 https://bugzilla.suse.com/1109307 https://bugzilla.suse.com/1113760 https://bugzilla.suse.com/1113969 https://bugzilla.suse.com/1114831 https://bugzilla.suse.com/1117106 https://bugzilla.suse.com/1118579 https://bugzilla.suse.com/1118584 From sle-security-updates at lists.suse.com Wed Feb 6 13:14:16 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 6 Feb 2019 21:14:16 +0100 (CET) Subject: SUSE-SU-2019:0273-1: important: Security update for MozillaFirefox Message-ID: <20190206201416.0FF27FF79@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0273-1 Rating: important References: #1119069 #1120374 #1122983 Cross-References: CVE-2018-12404 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issues fixed: - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: - Update to MozillaFirefox ESR 60.5.0 - Update to mozilla-nss 3.41.1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-273=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-273=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-273=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.5.0-3.24.2 MozillaFirefox-debuginfo-60.5.0-3.24.2 MozillaFirefox-debugsource-60.5.0-3.24.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.5.0-3.24.2 MozillaFirefox-debuginfo-60.5.0-3.24.2 MozillaFirefox-debugsource-60.5.0-3.24.2 MozillaFirefox-devel-60.5.0-3.24.2 MozillaFirefox-translations-common-60.5.0-3.24.2 MozillaFirefox-translations-other-60.5.0-3.24.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libfreebl3-3.41.1-3.13.1 libfreebl3-debuginfo-3.41.1-3.13.1 libfreebl3-hmac-3.41.1-3.13.1 libsoftokn3-3.41.1-3.13.1 libsoftokn3-debuginfo-3.41.1-3.13.1 libsoftokn3-hmac-3.41.1-3.13.1 mozilla-nss-3.41.1-3.13.1 mozilla-nss-certs-3.41.1-3.13.1 mozilla-nss-certs-debuginfo-3.41.1-3.13.1 mozilla-nss-debuginfo-3.41.1-3.13.1 mozilla-nss-debugsource-3.41.1-3.13.1 mozilla-nss-devel-3.41.1-3.13.1 mozilla-nss-sysinit-3.41.1-3.13.1 mozilla-nss-sysinit-debuginfo-3.41.1-3.13.1 mozilla-nss-tools-3.41.1-3.13.1 mozilla-nss-tools-debuginfo-3.41.1-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libfreebl3-32bit-3.41.1-3.13.1 libfreebl3-32bit-debuginfo-3.41.1-3.13.1 libfreebl3-hmac-32bit-3.41.1-3.13.1 libsoftokn3-32bit-3.41.1-3.13.1 libsoftokn3-32bit-debuginfo-3.41.1-3.13.1 libsoftokn3-hmac-32bit-3.41.1-3.13.1 mozilla-nss-32bit-3.41.1-3.13.1 mozilla-nss-32bit-debuginfo-3.41.1-3.13.1 mozilla-nss-certs-32bit-3.41.1-3.13.1 mozilla-nss-certs-32bit-debuginfo-3.41.1-3.13.1 References: https://www.suse.com/security/cve/CVE-2018-12404.html https://www.suse.com/security/cve/CVE-2018-18500.html https://www.suse.com/security/cve/CVE-2018-18501.html https://www.suse.com/security/cve/CVE-2018-18505.html https://bugzilla.suse.com/1119069 https://bugzilla.suse.com/1120374 https://bugzilla.suse.com/1122983 From sle-security-updates at lists.suse.com Thu Feb 7 10:09:07 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Feb 2019 18:09:07 +0100 (CET) Subject: SUSE-SU-2019:0285-1: moderate: Security update for avahi Message-ID: <20190207170907.E49F5FCB4@maintenance.suse.de> SUSE Security Update: Security update for avahi ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0285-1 Rating: moderate References: #1120281 Cross-References: CVE-2018-1000845 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-285=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-285=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-285=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-285=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.6.32-5.3.1 avahi-debugsource-0.6.32-5.3.1 python-avahi-0.6.32-5.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.6.32-5.3.1 avahi-debugsource-0.6.32-5.3.1 avahi-glib2-debugsource-0.6.32-5.3.1 python-avahi-0.6.32-5.3.1 python-avahi-gtk-0.6.32-5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): avahi-autoipd-0.6.32-5.3.1 avahi-autoipd-debuginfo-0.6.32-5.3.1 avahi-debuginfo-0.6.32-5.3.1 avahi-debugsource-0.6.32-5.3.1 avahi-glib2-debugsource-0.6.32-5.3.1 avahi-utils-gtk-0.6.32-5.3.1 avahi-utils-gtk-debuginfo-0.6.32-5.3.1 libavahi-gobject-devel-0.6.32-5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): avahi-32bit-debuginfo-0.6.32-5.3.1 libavahi-client3-32bit-0.6.32-5.3.1 libavahi-client3-32bit-debuginfo-0.6.32-5.3.1 libavahi-common3-32bit-0.6.32-5.3.1 libavahi-common3-32bit-debuginfo-0.6.32-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): avahi-0.6.32-5.3.1 avahi-compat-howl-devel-0.6.32-5.3.1 avahi-compat-mDNSResponder-devel-0.6.32-5.3.1 avahi-debuginfo-0.6.32-5.3.1 avahi-debugsource-0.6.32-5.3.1 avahi-glib2-debugsource-0.6.32-5.3.1 avahi-utils-0.6.32-5.3.1 avahi-utils-debuginfo-0.6.32-5.3.1 libavahi-client3-0.6.32-5.3.1 libavahi-client3-debuginfo-0.6.32-5.3.1 libavahi-common3-0.6.32-5.3.1 libavahi-common3-debuginfo-0.6.32-5.3.1 libavahi-core7-0.6.32-5.3.1 libavahi-core7-debuginfo-0.6.32-5.3.1 libavahi-devel-0.6.32-5.3.1 libavahi-glib-devel-0.6.32-5.3.1 libavahi-glib1-0.6.32-5.3.1 libavahi-glib1-debuginfo-0.6.32-5.3.1 libavahi-gobject0-0.6.32-5.3.1 libavahi-gobject0-debuginfo-0.6.32-5.3.1 libavahi-ui-gtk3-0-0.6.32-5.3.1 libavahi-ui-gtk3-0-debuginfo-0.6.32-5.3.1 libavahi-ui0-0.6.32-5.3.1 libavahi-ui0-debuginfo-0.6.32-5.3.1 libdns_sd-0.6.32-5.3.1 libdns_sd-debuginfo-0.6.32-5.3.1 libhowl0-0.6.32-5.3.1 libhowl0-debuginfo-0.6.32-5.3.1 typelib-1_0-Avahi-0_6-0.6.32-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): avahi-lang-0.6.32-5.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000845.html https://bugzilla.suse.com/1120281 From sle-security-updates at lists.suse.com Thu Feb 7 10:09:42 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Feb 2019 18:09:42 +0100 (CET) Subject: SUSE-SU-2019:0286-1: moderate: Security update for docker Message-ID: <20190207170942.04137FCB4@maintenance.suse.de> SUSE Security Update: Security update for docker ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0286-1 Rating: moderate References: #1001161 #1112980 #1115464 #1118897 #1118898 #1118899 #1118990 #1121412 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues: Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: - CVE-2018-16873: cmd/go: remote command execution during "go get -u" (bsc#1118897) - CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces in import paths (bsc#1118898) - CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899) Non-security issues fixed for docker: - Disable leap based builds for kubic flavor (bsc#1121412) - Allow users to explicitly specify the NIS domainname of a container (bsc#1001161) - Update docker.service to match upstream and avoid rlimit problems (bsc#1112980) - Allow docker images larger then 23GB (bsc#1118990) - Docker version update to version 18.09.0-ce (bsc#1115464) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-286=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-286=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): containerd-ctr-1.1.2-5.6.1 docker-debuginfo-18.09.0_ce-6.11.2 docker-debugsource-18.09.0_ce-6.11.2 docker-test-18.09.0_ce-6.11.2 docker-test-debuginfo-18.09.0_ce-6.11.2 golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): containerd-test-1.1.2-5.6.1 docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1 docker-zsh-completion-18.09.0_ce-6.11.2 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): containerd-1.1.2-5.6.1 docker-18.09.0_ce-6.11.2 docker-debuginfo-18.09.0_ce-6.11.2 docker-debugsource-18.09.0_ce-6.11.2 docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2704_6da50d197830-4.6.1 docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1 docker-runc-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1 - SUSE Linux Enterprise Module for Containers 15 (noarch): docker-bash-completion-18.09.0_ce-6.11.2 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://bugzilla.suse.com/1001161 https://bugzilla.suse.com/1112980 https://bugzilla.suse.com/1115464 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 https://bugzilla.suse.com/1118990 https://bugzilla.suse.com/1121412 From sle-security-updates at lists.suse.com Thu Feb 7 10:11:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Feb 2019 18:11:19 +0100 (CET) Subject: SUSE-SU-2019:13943-1: important: Security update for spice Message-ID: <20190207171119.13228FCB4@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13943-1 Rating: important References: #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed an out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-spice-13943=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-spice-13943=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-spice-13943=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libspice-server-devel-0.12.4-18.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): libspice-server1-0.12.4-18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): spice-debuginfo-0.12.4-18.1 spice-debugsource-0.12.4-18.1 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1122706 From sle-security-updates at lists.suse.com Thu Feb 7 10:11:55 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Feb 2019 18:11:55 +0100 (CET) Subject: SUSE-SU-2019:0284-1: moderate: Security update for libunwind Message-ID: <20190207171155.8254CFCD2@maintenance.suse.de> SUSE Security Update: Security update for libunwind ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0284-1 Rating: moderate References: #1122012 #936786 #976955 Cross-References: CVE-2015-3239 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libunwind fixes the following issues: Security issues fixed: - CVE-2015-3239: Fixed a off-by-one in the dwarf_to_unw_regnum function (bsc#936786) Non-security issues fixed: - Fixed a dependency issue with libzmq5 (bsc#1122012) - Fixed build on armv7 (bsc#976955) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-284=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-284=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-284=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-284=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-284=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-284=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le x86_64): libunwind-debuginfo-1.1-11.3.1 libunwind-debugsource-1.1-11.3.1 libunwind-devel-1.1-11.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le x86_64): libunwind-debuginfo-1.1-11.3.1 libunwind-debugsource-1.1-11.3.1 libunwind-devel-1.1-11.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le x86_64): libunwind-1.1-11.3.1 libunwind-debuginfo-1.1-11.3.1 libunwind-debugsource-1.1-11.3.1 libunwind-devel-1.1-11.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le x86_64): libunwind-1.1-11.3.1 libunwind-debuginfo-1.1-11.3.1 libunwind-debugsource-1.1-11.3.1 libunwind-devel-1.1-11.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libunwind-1.1-11.3.1 libunwind-debuginfo-1.1-11.3.1 libunwind-debugsource-1.1-11.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libunwind-1.1-11.3.1 libunwind-debuginfo-1.1-11.3.1 libunwind-debugsource-1.1-11.3.1 References: https://www.suse.com/security/cve/CVE-2015-3239.html https://bugzilla.suse.com/1122012 https://bugzilla.suse.com/936786 https://bugzilla.suse.com/976955 From sle-security-updates at lists.suse.com Thu Feb 7 10:12:48 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Feb 2019 18:12:48 +0100 (CET) Subject: SUSE-SU-2019:0283-1: critical: Security update for LibVNCServer Message-ID: <20190207171248.0D687FCB4@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0283-1 Rating: critical References: #1123823 #1123828 #1123832 Cross-References: CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-283=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-283=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-283=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): LibVNCServer-debugsource-0.9.10-4.6.1 libvncclient0-0.9.10-4.6.1 libvncclient0-debuginfo-0.9.10-4.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.6.1 libvncserver0-0.9.10-4.6.1 libvncserver0-debuginfo-0.9.10-4.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.6.1 LibVNCServer-devel-0.9.10-4.6.1 libvncserver0-0.9.10-4.6.1 libvncserver0-debuginfo-0.9.10-4.6.1 References: https://www.suse.com/security/cve/CVE-2018-20748.html https://www.suse.com/security/cve/CVE-2018-20749.html https://www.suse.com/security/cve/CVE-2018-20750.html https://bugzilla.suse.com/1123823 https://bugzilla.suse.com/1123828 https://bugzilla.suse.com/1123832 From sle-security-updates at lists.suse.com Fri Feb 8 10:19:57 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 8 Feb 2019 18:19:57 +0100 (CET) Subject: SUSE-SU-2019:13948-1: moderate: Security update for fuse Message-ID: <20190208171957.7E09CFD10@maintenance.suse.de> SUSE Security Update: Security update for fuse ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13948-1 Rating: moderate References: #1101797 Cross-References: CVE-2018-10906 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fuse fixes the following issues: Security issue fixed: - CVE-2018-10906: Fix a bypass of the user_allow_other restriction (bsc#1101797) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-fuse-13948=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-fuse-13948=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-fuse-13948=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): fuse-devel-2.8.7-0.11.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): fuse-2.8.7-0.11.3.1 libfuse2-2.8.7-0.11.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): fuse-debuginfo-2.8.7-0.11.3.1 fuse-debugsource-2.8.7-0.11.3.1 References: https://www.suse.com/security/cve/CVE-2018-10906.html https://bugzilla.suse.com/1101797 From sle-security-updates at lists.suse.com Fri Feb 8 10:20:32 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 8 Feb 2019 18:20:32 +0100 (CET) Subject: SUSE-SU-2019:13947-1: moderate: Security update for avahi Message-ID: <20190208172032.3FDAFFD10@maintenance.suse.de> SUSE Security Update: Security update for avahi ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13947-1 Rating: moderate References: #1120281 Cross-References: CVE-2018-1000845 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-avahi-13947=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-avahi-13947=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-avahi-13947=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): avahi-compat-howl-devel-0.6.23-35.6.2 avahi-compat-mDNSResponder-devel-0.6.23-35.6.2 libavahi-devel-0.6.23-35.6.2 libavahi-glib-devel-0.6.23-35.6.1 libavahi-gobject-devel-0.6.23-35.6.1 libavahi-gobject0-0.6.23-35.6.1 libavahi-ui0-0.6.23-35.6.1 libhowl0-0.6.23-35.6.2 python-avahi-0.6.23-35.6.2 python-avahi-gtk-0.6.23-35.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 s390x x86_64): avahi-mono-0.6.23-35.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): avahi-0.6.23-35.6.2 avahi-lang-0.6.23-35.6.2 avahi-utils-0.6.23-35.6.2 libavahi-client3-0.6.23-35.6.2 libavahi-common3-0.6.23-35.6.2 libavahi-core5-0.6.23-35.6.2 libavahi-glib1-0.6.23-35.6.1 libdns_sd-0.6.23-35.6.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libavahi-client3-32bit-0.6.23-35.6.2 libavahi-common3-32bit-0.6.23-35.6.2 libavahi-glib1-32bit-0.6.23-35.6.1 libdns_sd-32bit-0.6.23-35.6.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): libavahi-client3-x86-0.6.23-35.6.2 libavahi-common3-x86-0.6.23-35.6.2 libavahi-glib1-x86-0.6.23-35.6.1 libdns_sd-x86-0.6.23-35.6.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): avahi-debuginfo-0.6.23-35.6.2 avahi-debugsource-0.6.23-35.6.2 avahi-glib2-debuginfo-0.6.23-35.6.1 avahi-glib2-debugsource-0.6.23-35.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): avahi-debuginfo-32bit-0.6.23-35.6.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): avahi-debuginfo-x86-0.6.23-35.6.2 References: https://www.suse.com/security/cve/CVE-2018-1000845.html https://bugzilla.suse.com/1120281 From sle-security-updates at lists.suse.com Fri Feb 8 10:21:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 8 Feb 2019 18:21:05 +0100 (CET) Subject: SUSE-SU-2019:0298-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3) Message-ID: <20190208172105.F24DAFD10@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0298-1 Rating: important References: #1119947 Cross-References: CVE-2018-16884 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.120-94_17 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-293=1 SUSE-SLE-Live-Patching-12-SP4-2019-301=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-296=1 SUSE-SLE-Live-Patching-12-SP3-2019-297=1 SUSE-SLE-Live-Patching-12-SP3-2019-298=1 SUSE-SLE-Live-Patching-12-SP3-2019-300=1 SUSE-SLE-Live-Patching-12-SP3-2019-302=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-94_41-default-3-2.7.2 kgraft-patch-4_12_14-94_41-default-debuginfo-3-2.7.2 kgraft-patch-4_12_14-95_3-default-2-2.1 kgraft-patch-SLE12-SP4_Update_0-debugsource-3-2.7.2 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_114-94_11-default-11-2.1 kgraft-patch-4_4_114-94_11-default-debuginfo-11-2.1 kgraft-patch-4_4_114-94_14-default-11-2.1 kgraft-patch-4_4_114-94_14-default-debuginfo-11-2.1 kgraft-patch-4_4_120-94_17-default-10-2.1 kgraft-patch-4_4_120-94_17-default-debuginfo-10-2.1 kgraft-patch-4_4_126-94_22-default-10-2.1 kgraft-patch-4_4_126-94_22-default-debuginfo-10-2.1 kgraft-patch-4_4_131-94_29-default-8-2.1 kgraft-patch-4_4_131-94_29-default-debuginfo-8-2.1 References: https://www.suse.com/security/cve/CVE-2018-16884.html https://bugzilla.suse.com/1119947 From sle-security-updates at lists.suse.com Sat Feb 9 07:08:32 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 9 Feb 2019 15:08:32 +0100 (CET) Subject: SUSE-SU-2019:0313-1: critical: Security update for LibVNCServer Message-ID: <20190209140832.DC042FD10@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0313-1 Rating: critical References: #1123823 #1123828 #1123832 Cross-References: CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-313=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-313=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-313=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-313=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-313=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-313=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-313=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-313=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-313=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-313=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-313=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 LibVNCServer-devel-0.9.9-17.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 LibVNCServer-devel-0.9.9-17.11.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 - SUSE Enterprise Storage 4 (x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 References: https://www.suse.com/security/cve/CVE-2018-20748.html https://www.suse.com/security/cve/CVE-2018-20749.html https://www.suse.com/security/cve/CVE-2018-20750.html https://bugzilla.suse.com/1123823 https://bugzilla.suse.com/1123828 https://bugzilla.suse.com/1123832 From sle-security-updates at lists.suse.com Mon Feb 11 13:08:41 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 11 Feb 2019 21:08:41 +0100 (CET) Subject: SUSE-SU-2019:0320-1: important: Security update for the Linux Kernel Message-ID: <20190211200841.8048AFCB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0320-1 Rating: important References: #1012382 #1015336 #1015337 #1015340 #1019683 #1019695 #1020645 #1023175 #1027260 #1027457 #1031492 #1042286 #1043083 #1046264 #1047487 #1048916 #1065600 #1066223 #1068032 #1069702 #1070805 #1079935 #1086423 #1087082 #1091405 #1092100 #1093158 #1093641 #1093649 #1093653 #1093655 #1093657 #1093663 #1094244 #1094973 #1096242 #1096281 #1099523 #1100105 #1101557 #1102439 #1102660 #1103156 #1103257 #1103624 #1104098 #1104731 #1106105 #1106237 #1106240 #1106929 #1107385 #1108145 #1108240 #1109168 #1109272 #1109330 #1109806 #1110286 #1111062 #1111174 #1111809 #1112246 #1112963 #1113412 #1113766 #1114190 #1114417 #1114475 #1114648 #1114763 #1114839 #1114871 #1115431 #1115433 #1115440 #1115482 #1115587 #1115709 #1116027 #1116183 #1116285 #1116336 #1116345 #1116497 #1116841 #1116924 #1116950 #1116962 #1117162 #1117165 #1117186 #1117562 #1118152 #1118316 #1118319 #1118505 #1118790 #1118798 #1118915 #1118922 #1118926 #1118930 #1118936 #1119204 #1119445 #1119714 #1119877 #1119946 #1119967 #1119970 #1120046 #1120260 #1120743 #1120950 #1121239 #1121240 #1121241 #1121242 #1121275 #1121621 #985031 Cross-References: CVE-2017-16939 CVE-2018-1120 CVE-2018-16862 CVE-2018-16884 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 113 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 Realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bsc#1120743). - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). The following non-security bugs were fixed: - 9p: clear dangling pointers in p9stat_free (bnc#1012382). - 9p locks: fix glock.client_id leak in do_lock (bnc#1012382). - 9p/net: put a lower bound on msize (bnc#1012382). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1121239). - ACPI/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bnc#1012382). - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114648). - ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114648). - ACPI/platform: Add SMB0001 HID to forbidden_id_list (bnc#1012382). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bnc#1012382). - ahci: do not ignore result code of ahci_reset_controller() (bnc#1012382). - aio: fix spectre gadget in lookup_ioctx (bnc#1012382). - aio: hold an extra file reference over AIO read/write operations (bsc#1116027). - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bnc#1012382). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bnc#1012382). - ALSA: control: Fix race between adding and removing a user element (bnc#1012382). - ALSA: cs46xx: Potential NULL dereference in probe (bnc#1012382). - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - ALSA: emux: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bnc#1012382). - ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bnc#1012382). - ALSA: hda: Add support for AMD Stoney Ridge (bnc#1012382). - ALSA: hda: Check the non-cached stream buffers more explicitly (bnc#1012382). - ALSA: hda/tegra: clear pending irq handlers (bnc#1012382). - ALSA: isa/wavefront: prevent some out of bound writes (bnc#1012382). - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bnc#1012382). - ALSA: pcm: Fix interval evaluation with openmin/max (bnc#1012382). - ALSA: pcm: Fix potential Spectre v1 vulnerability (bnc#1012382). - ALSA: pcm: Fix starvation on down_write_nonblock() (bnc#1012382). - ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command (bnc#1012382). - ALSA: rme9652: Fix potential Spectre v1 vulnerability (bnc#1012382). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bnc#1012382). - ALSA: timer: Fix zero-division by continue of uninitialized instance (bnc#1012382). - ALSA: trident: Suppress gcc string warning (bnc#1012382). - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bnc#1012382). - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bnc#1012382). - ALSA: wss: Fix invalid snd_free_pages() at error path (bnc#1012382). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - ARC: change defconfig defaults to ARCv2 (bnc#1012382). - arc: [devboards] Add support of NFSv3 ACL (bnc#1012382). - arch/alpha, termios: implement BOTHER, IBSHIFT and termios2 (bnc#1012382). - ARC: io.h: Implement reads{x}()/writes{x}() (bnc#1012382). - arm64: Disable asm-operand-width warning for clang (bnc#1012382). - arm64: dts: stratix10: Correct System Manager register size (bnc#1012382). - arm64: hardcode rodata_enabled=true earlier in the series (bsc#1114763). - arm64: PCI: ACPI support for legacy IRQs parsing and consolidation with DT code (bsc#985031). - arm64: percpu: Initialize ret in the default case (bnc#1012382). - arm64: remove no-op -p linker flag (bnc#1012382). - arm: 8799/1: mm: fix pci_ioremap_io() offset check (bnc#1012382). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bnc#1012382). - arm: dts: apq8064: add ahci ports-implemented mask (bnc#1012382). - arm: dts: imx53-qsb: disable 1.2GHz OPP (bnc#1012382). - arm: fix mis-applied iommu identity check (bsc#1116924). - arm: imx: update the cpu power up timing setting on i.mx6sx (bnc#1012382). - arm: kvm: fix building with gcc-8 (bsc#1121241). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bnc#1012382). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bnc#1012382). - asix: Check for supported Wake-on-LAN modes (bnc#1012382). - ASoC: ak4613: Enable cache usage to fix crashes on resume (bnc#1012382). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bnc#1012382). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bnc#1012382). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bnc#1012382). - ASoC: spear: fix error return code in spdif_in_probe() (bnc#1012382). - ASoC: wm8940: Enable cache usage to fix crashes on resume (bnc#1012382). - ataflop: fix error handling during setup (bnc#1012382). - ath10k: fix kernel panic due to race in accessing arvif list (bnc#1012382). - ath10k: schedule hardware restart if WMI command times out (bnc#1012382). - ax25: fix a use-after-free in ax25_fillin_cb() (bnc#1012382). - ax88179_178a: Check for supported Wake-on-LAN modes (bnc#1012382). - b43: Fix error in cordic routine (bnc#1012382). - batman-adv: Expand merged fragment buffer for full packet (bnc#1012382). - bcache: fix miss key refill->end in writeback (bnc#1012382). - bfs: add sanity check at bfs_fill_super() (bnc#1012382). - binfmt_elf: fix calculations for bss padding (bnc#1012382). - bitops: protect variables in bit_clear_unless() macro (bsc#1116285). - block: fix inheriting request priority from bio (bsc#1116924). - block: respect virtual boundary mask in bvecs (bsc#1113412). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bnc#1012382). - Bluetooth: SMP: fix crash in unpairing (bnc#1012382). - bna: ethtool: Avoid reading past end of buffer (bnc#1012382). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bnc#1012382). - bonding: fix 802.3ad state sent to partner when unbinding slave (bnc#1012382). - bpf: fix check of allowed specifiers in bpf_trace_printk (bnc#1012382). - bpf: generally move prog destruction to RCU deferral (bnc#1012382). - bpf: support 8-byte metafield access (bnc#1012382). - bpf, trace: check event type in bpf_perf_event_read (bsc#1119970). - bpf, trace: use READ_ONCE for retrieving file ptr (bsc#1119967). - bpf/verifier: Add spi variable to check_stack_write() (bnc#1012382). - bpf/verifier: Pass instruction index to check_mem_access() and check_xadd() (bnc#1012382). - bridge: do not add port to router list when receives query with source 0.0.0.0 (bnc#1012382). - btrfs: Always try all copies when reading extent buffers (bnc#1012382). - btrfs: do not attempt to trim devices that do not support it (bnc#1012382). - btrfs: ensure path name is null terminated at btrfs_control_ioctl (bnc#1012382). - btrfs: fix backport error in submit_stripe_bio (bsc#1114763). - btrfs: fix data corruption due to cloning of eof block (bnc#1012382). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix null pointer dereference on compressed write path error (bnc#1012382). - btrfs: fix pinned underflow after transaction aborted (bnc#1012382). - btrfs: fix use-after-free when dumping free space (bnc#1012382). - btrfs: fix wrong dentries after fsync of file that got its parent replaced (bnc#1012382). - btrfs: Handle error from btrfs_uuid_tree_rem call in _btrfs_ioctl_set_received_subvol (git-fixes). - btrfs: Handle owner mismatch gracefully when walking up tree (bnc#1012382). - btrfs: iterate all devices during trim, instead of fs_devices::alloc_list (bnc#1012382). - btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock (bnc#1012382). - btrfs: make sure we create all new block groups (bnc#1012382). - btrfs: qgroup: Dirty all qgroups before rescan (bnc#1012382). - btrfs: release metadata before running delayed refs (bnc#1012382). - btrfs: reset max_extent_size on clear in a bitmap (bnc#1012382). - btrfs: send, fix infinite loop due to directory rename dependencies (bnc#1012382). - btrfs: set max_extent_size properly (bnc#1012382). - btrfs: wait on caching when putting the bg cache (bnc#1012382). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bnc#1012382). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bnc#1012382). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bnc#1012382). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bnc#1012382). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bnc#1012382). - can: rcar_can: Fix erroneous registration (bnc#1012382). - cdc-acm: correct counting of UART states in serial state notification (bnc#1012382). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bnc#1012382). - ceph: call setattr_prepare from ceph_setattr instead of inode_change_ok (bsc#1114763). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121275). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bnc#1012382). - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bnc#1012382). - cifs: Fix separator when building path from dentry (bnc#1012382). - CIFS: handle guest access errors to Windows shares (bnc#1012382). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bnc#1012382). - clk: mmp: Off by one in mmp_clk_add() (bnc#1012382). - clk: s2mps11: Add used attribute to s2mps11_dt_match (git-fixes). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bnc#1012382). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bnc#1012382). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bnc#1012382). - configfs: replace strncpy with memcpy (bnc#1012382). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq: imx6q: add return value check for voltage scale (bnc#1012382). - cpuidle: Do not access cpuidle_devices when !CONFIG_CPU_IDLE (bnc#1012382). - Cramfs: fix abad comparison when wrap-arounds occur (bnc#1012382). - crypto: arm64/sha - avoid non-standard inline asm tricks (bnc#1012382). - crypto: lrw - Fix out-of bounds access on counter overflow (bnc#1012382). - crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned (bnc#1012382). - crypto, x86: aesni - fix token pasting for clang (bnc#1012382). - crypto: x86/chacha20 - avoid sleeping with preemption disabled (bnc#1012382). - cw1200: Do not leak memory if krealloc failes (bnc#1012382). - cxgb4: Add support for new flash parts (bsc#1102439). - cxgb4: assume flash part size to be 4MB, if it can't be determined (bsc#1102439). - cxgb4: Fix FW flash errors (bsc#1102439). - cxgb4: fix missing break in switch and indent return statements (bsc#1102439). - cxgb4: support new ISSI flash parts (bsc#1102439). - debugobjects: avoid recursive calls with kmemleak (bnc#1012382). - disable stringop truncation warnings for now (bnc#1012382). - dlm: fixed memory leaks after failed ls_remove_names allocation (bnc#1012382). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bnc#1012382). - dlm: memory leaks on error path in dlm_user_request() (bnc#1012382). - dlm: possible memory leak on error path in create_lkb() (bnc#1012382). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bnc#1012382). - dmaengine: at_hdmac: fix module unloading (bnc#1012382). - dmaengine: dma-jz4780: Return error if not probed from DT (bnc#1012382). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (bnc#1012382). - dm-multipath: do not assign cmd_flags in setup_clone() (bsc#1103156). - dm raid: stop using BUG() in __rdev_sectors() (bsc#1046264). This syncs with the upstream fix which caught a case where it returning 0 may have caused incorrect behavior. - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dpaa_eth: fix dpaa_get_stats64 to match prototype (bsc#1114763). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bnc#1012382). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bnc#1012382). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bnc#1012382). - drivers/sbus/char: add of_node_put() (bnc#1012382). - drivers/tty: add missing of_node_put() (bnc#1012382). - drm/ast: change resolution may cause screen blurred (bnc#1012382). - drm/ast: fixed cursor may disappear sometimes (bnc#1012382). - drm/ast: fixed reading monitor EDID not stable issue (bnc#1012382). - drm/ast: Fix incorrect free on ioregs (bsc#1106929) - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bnc#1012382). - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106929) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113766) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113766) - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bnc#1012382). - drm/ioctl: Fix Spectre v1 vulnerabilities (bnc#1012382). - drm/msm: Grab a vblank reference when waiting for commit_done (bnc#1012382). - drm/nouveau/fbcon: fix oops without fbdev emulation (bnc#1012382). - drm/omap: fix memory barrier bug in DMM driver (bnc#1012382). - drm: rcar-du: Fix external clock error checks (bsc#1106929) - drm: rcar-du: Fix vblank initialization (bsc#1106929) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bnc#1012382). - e1000: avoid null pointer dereference on invalid stat type (bnc#1012382). - e1000: fix race condition between e1000_down() and e1000_watchdog (bnc#1012382). - efi/libstub/arm64: Force 'hidden' visibility for section markers (bnc#1012382). - efi/libstub/arm64: Set -fpie when building the EFI stub (bnc#1012382). - exec: avoid gcc-8 warning for get_task_comm (bnc#1012382). - exportfs: do not read dentry after free (bnc#1012382). - ext2: fix potential use after free (bnc#1012382). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bnc#1012382). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bnc#1012382). - ext4: add missing brelse() update_backups()'s error path (bnc#1012382). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bnc#1012382). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bnc#1012382). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bnc#1012382). - ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bnc#1012382). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bnc#1012382). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bnc#1012382). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bnc#1012382). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bnc#1012382). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bnc#1012382). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bnc#1012382). - ext4: fix possible use after free in ext4_quota_enable (bnc#1012382). - ext4: force inode writes when nfsd calls commit_metadata() (bnc#1012382). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bnc#1012382). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bnc#1012382). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bnc#1012382). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106929) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106929) - fcoe: remove duplicate debugging message in fcoe_ctlr_vn_add (bsc#1114763). - Fix kABI for "Ensure we commit after writeback is complete" (bsc#1111809). - floppy: fix race condition in __floppy_read_block_0() (Git-fixes). - flow_dissector: do not dissect l4 ports for fragments (bnc#1012382). - fork: record start_time late (bnc#1012382). - fscache, cachefiles: remove redundant variable 'cache' (bnc#1012382). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs, elf: make sure to page align bss in load_elf_library (bnc#1012382). - fs/exofs: fix potential memory leak in mount option parsing (bnc#1012382). - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() (bnc#1012382). - fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio (bnc#1012382). - fuse: fix blocked_waitq wakeup (bnc#1012382). - fuse: fix leaked notify reply (bnc#1012382). - fuse: Fix use-after-free in fuse_dev_do_read() (bnc#1012382). - fuse: Fix use-after-free in fuse_dev_do_write() (bnc#1012382). - fuse: set FR_SENT while locked (bnc#1012382). - genirq: Fix race on spurious interrupt detection (bnc#1012382). - genwqe: Fix size check (bnc#1012382). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bnc#1012382). - gfs2: Fix loop in gfs2_rbm_find (bnc#1012382). - gfs2_meta: ->mount() can get NULL dev_name (bnc#1012382). - gfs2: Put bitmap buffers in put_super (bnc#1012382). - git_sort.py: Remove non-existent remote tj/libata - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bnc#1012382). - gpio: msic: fix error return code in platform_msic_gpio_probe() (bnc#1012382). - gpu: host1x: fix error return code in host1x_probe() (bnc#1012382). - gro_cell: add napi_disable in gro_cells_destroy (bnc#1012382). - hfs: do not free node before using (bnc#1012382). - hfsplus: do not free node before using (bnc#1012382). - hfsplus: prevent btree data loss on root split (bnc#1012382). - hfs: prevent btree data loss on root split (bnc#1012382). - HID: hiddev: fix potential Spectre v1 (bnc#1012382). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bnc#1012382). - hpwdt add dynamic debugging (bsc#1114417). - hpwdt calculate reload value on each use (bsc#1114417). - hugetlbfs: dirty pages as they are added to pagecache (bnc#1012382). - hugetlbfs: fix bug in pgoff overflow checking (bnc#1012382). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (bnc#1012382). - hwmon: (ibmpowernv) Remove bogus __init annotations (bnc#1012382). - hwmon: (ina2xx) Fix current value calculation (bnc#1012382). - hwmon: (pmbus) Fix page count auto-detection (bnc#1012382). - hwmon: (w83795) temp4_type has writable permission (bnc#1012382). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bnc#1012382). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bnc#1012382). - IB/hfi1: Fix an out-of-bounds access in get_hw_stats (). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (bnc#1012382). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - IB/ucm: Fix Spectre v1 vulnerability (bnc#1012382). - ide: pmac: add of_node_put() (bnc#1012382). - ieee802154: lowpan_header_create check must check daddr (bnc#1012382). - igb: Remove superfluous reset to PHY and page 0 selection (bnc#1012382). - iio: adc: at91: fix acking DRDY irq on simple conversions (bnc#1012382). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bnc#1012382). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bnc#1012382). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bnc#1012382). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bnc#1012382). - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bnc#1012382). - Input: elan_i2c - add ELAN0620 to the ACPI table (bnc#1012382). - Input: elan_i2c - add support for ELAN0621 touchpad (bnc#1012382). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bnc#1012382). - Input: omap-keypad - fix idle configuration to not block SoC idle states (bnc#1012382). - Input: omap-keypad - fix keyboard debounce configuration (bnc#1012382). - Input: restore EV_ABS ABS_RESERVED (bnc#1012382). - Input: xpad - add GPD Win 2 Controller USB IDs (bnc#1012382). - Input: xpad - add Mad Catz FightStick TE 2 VID/PID (bnc#1012382). - Input: xpad - add more third-party controllers (bnc#1012382). - Input: xpad - add PDP device id 0x02a4 (bnc#1012382). - Input: xpad - add product ID for Xbox One S pad (bnc#1012382). - Input: xpad - add support for PDP Xbox One controllers (bnc#1012382). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bnc#1012382). - Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth (bnc#1012382). - Input: xpad - avoid using __set_bit() for capabilities (bnc#1012382). - Input: xpad - constify usb_device_id (bnc#1012382). - Input: xpad - correctly sort vendor id's (bnc#1012382). - Input: xpad - correct xbox one pad device name (bnc#1012382). - Input: xpad - do not depend on endpoint order (bnc#1012382). - Input: xpad - fix GPD Win 2 controller name (bnc#1012382). - Input: xpad - fix PowerA init quirk for some gamepad models (bnc#1012382). - Input: xpad - fix rumble on Xbox One controllers with 2015 firmware (bnc#1012382). - Input: xpad - fix some coding style issues (bnc#1012382). - Input: xpad - fix stuck mode button on Xbox One S pad (bnc#1012382). - Input: xpad - fix Xbox One rumble stopping after 2.5 secs (bnc#1012382). - Input: xpad - handle "present" and "gone" correctly (bnc#1012382). - Input: xpad - move reporting xbox one home button to common function (bnc#1012382). - Input: xpad - power off wireless 360 controllers on suspend (bnc#1012382). - Input: xpad - prevent spurious input from wired Xbox 360 controllers (bnc#1012382). - Input: xpad - quirk all PDP Xbox One gamepads (bnc#1012382). - Input: xpad - remove spurious events of wireless xpad 360 controller (bnc#1012382). - Input: xpad - remove unused function (bnc#1012382). - Input: xpad - restore LED state after device resume (bnc#1012382). - Input: xpad - simplify error condition in init_output (bnc#1012382). - Input: xpad - sort supported devices by USB ID (bnc#1012382). - Input: xpad - support some quirky Xbox One pads (bnc#1012382). - Input: xpad - sync supported devices with 360Controller (bnc#1012382). - Input: xpad - sync supported devices with XBCD (bnc#1012382). - Input: xpad - sync supported devices with xboxdrv (bnc#1012382). - Input: xpad - update Xbox One Force Feedback Support (bnc#1012382). - Input: xpad - use LED API when identifying wireless controllers (bnc#1012382). - Input: xpad - validate USB endpoint type during probe (bnc#1012382). - Input: xpad - workaround dead irq_out after suspend/ resume (bnc#1012382). - Input: xpad - xbox one elite controller support (bnc#1012382). - intel_th: msu: Fix an off-by-one in attribute store (bnc#1012382). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6mr: Fix potential Spectre v1 vulnerability (bnc#1012382). - ipmi: Fix timer race with module unload (bnc#1012382). - ip_tunnel: do not force DF when MTU is locked (bnc#1012382). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (bnc#1012382). - ipv4: Fix potential Spectre v1 vulnerability (bnc#1012382). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286). - ipv6: Check available headroom in ip6_xmit() even without options (bnc#1012382). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (bnc#1012382). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (bnc#1012382). - ipv6: mcast: fix a use-after-free in inet6_mc_check (bnc#1012382). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (bnc#1012382). - ipv6: orphan skbs in reassembly unit (bnc#1012382). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ipv6: suppress sparse warnings in IP6_ECN_set_ce() (bnc#1012382). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bnc#1012382). - iser: set sector for ambiguous mr status errors (bnc#1012382). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bnc#1012382). - iwlwifi: mvm: support sta_statistics() even on older firmware (bnc#1012382). - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105). - ixgbe: Add support for build_skb (bsc#1100105). - ixgbe: Add support for padding packet (bsc#1100105). - ixgbe: Break out Rx buffer page management (bsc#1100105). - ixgbe: Fix output from ixgbe_dump (bsc#1100105). - ixgbe: fix possible race in reset subtask (bsc#1101557). - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105). - ixgbe: Only DMA sync frame length (bsc#1100105). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bnc#1012382). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - ixgbe: Update code to better handle incrementing page count (bsc#1100105). - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105). - ixgbe: Use length to determine if descriptor is done (bsc#1100105). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bnc#1012382). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bnc#1012382). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kABI: protect get_vaddr_frames (kabi). - kABI: protect struct azx (kabi). - kABI: protect struct cfs_bandwidth (kabi). - kABI: protect struct esp (kabi). - kABI: protect struct fuse_io_priv (kabi). - kABI: protect __usb_get_extra_descriptor (kabi). - kABI: protect xen/xen-ops.h include in xlate_mmu.c (kabi). - kabi: revert sig change on pnfs_read_resend_pnfs (git-fixes). - kbuild: Add better clang cross build support (bnc#1012382). - kbuild: Add __cc-option macro (bnc#1012382). - kbuild: Add support to generate LLVM assembly files (bnc#1012382). - kbuild: allow to use GCC toolchain not in Clang search path (bnc#1012382). - kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS (bnc#1012382). - kbuild: clang: Disable 'address-of-packed-member' warning (bnc#1012382). - kbuild: clang: disable unused variable warnings only when constant (bnc#1012382). - kbuild: clang: fix build failures with sparse check (bnc#1012382). - kbuild: clang: remove crufty HOSTCFLAGS (bnc#1012382). - kbuild: Consolidate header generation from ASM offset information (bnc#1012382). - kbuild: consolidate redundant sed script ASM offset generation (bnc#1012382). - kbuild: drop -Wno-unknown-warning-option from clang options (bnc#1012382). - kbuild: fix asm-offset generation to work with clang (bnc#1012382). - kbuild: fix kernel/bounds.c 'W=1' warning (bnc#1012382). - kbuild: fix linker feature test macros when cross compiling with Clang (bnc#1012382). - kbuild, LLVMLinux: Add -Werror to cc-option to support clang (bnc#1012382). - kbuild: move cc-option and cc-disable-warning after incl. arch Makefile (bnc#1012382). - kbuild: Set KBUILD_CFLAGS before incl. arch Makefile (bnc#1012382). - kbuild: set no-integrated-as before incl. arch Makefile (bnc#1012382). - kbuild: use -Oz instead of -Os when using clang (bnc#1012382). - kdb: use memmove instead of overlapping memcpy (bnc#1012382). - kdb: Use strscpy with destination buffer size (bnc#1012382). - kernel-source.spec: Align source numbering. - kernfs: Replace strncpy with memcpy (bnc#1012382). - KEYS: put keyring if install_session_keyring_to_cred() fails (bnc#1012382). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bnc#1012382). - kgdboc: Fix restrict error (bnc#1012382). - kgdboc: Fix warning with module build (bnc#1012382). - kgdboc: Passing ekgdboc to command line causes panic (bnc#1012382). - kobject: Replace strncpy with memcpy (bnc#1012382). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bnc#1012382). - KVM: arm64: Fix caching of host MDCR_EL2 value (bsc#1121242). - KVM: arm: Restore banked registers and physical timer access on hyp_panic() (bsc#1121240). - KVM: mmu: Fix race in emulated page table writes (bnc#1012382). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: Eliminate vmcs02 pool (bnc#1012382). - KVM: nVMX: mark vmcs12 pages dirty on L2 exit (bnc#1012382). - KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE (bnc#1012382). - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032). - KVM/SVM: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114648). - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032 bsc#1096242 bsc#1096281). - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (bnc#1012382). - KVM/VMX: introduce alloc_loaded_vmcs (bnc#1012382). - KVM/VMX: make MSR bitmaps per-VCPU (bnc#1012382). - KVM/x86: Add IBPB support (bnc#1012382 bsc#1068032 bsc#1068032). - KVM/x86: fix empty-body warnings (bnc#1012382). - KVM/x86: Remove indirect MSR op calls from SPEC_CTRL (bnc#1012382). - KVM/x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bnc#1012382). - lan78xx: Check for supported Wake-on-LAN modes (bnc#1012382). - leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF (bnc#1012382). - leds: leds-gpio: Fix return value check in create_gpio_led() (bnc#1012382). - leds: turn off the LED and wait for completion on unregistering LED class device (bnc#1012382). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bnc#1012382). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libfc: sync strings with upstream versions (bsc#1114763). - lib/interval_tree_test.c: allow full tree search (bnc#1012382). - lib/interval_tree_test.c: allow users to limit scope of endpoint (bnc#1012382). - lib/interval_tree_test.c: make test options module parameters (bnc#1012382). - libnvdimm, {btt, blk}: do integrity setup before add_disk() (bsc#1118926). - libnvdimm, dimm: fix dpa reservation vs uninitialized label area (bsc#1118936). - libnvdimm: fix integer overflow static analysis warning (bsc#1118922). - libnvdimm: fix nvdimm_bus_lock() vs device_lock() ordering (bsc#1118915). - libnvdimm: Hold reference on parent while scheduling async init (bnc#1012382). - lib/raid6: Fix arm64 test build (bnc#1012382). - lib/rbtree_test.c: make input module parameters (bnc#1012382). - lib/rbtree-test: lower default params (bnc#1012382). - llc: do not use sk_eat_skb() (bnc#1012382). - lockd: fix access beyond unterminated strings in prints (bnc#1012382). - locking/lockdep: Fix debug_locks off performance problem (bnc#1012382). - mac80211: Always report TX status (bnc#1012382). - mac80211: Clear beacon_int in ieee80211_do_stop (bnc#1012382). - mac80211: fix reordering of buffered broadcast packets (bnc#1012382). - mac80211_hwsim: do not omit multicast announce of first added radio (bnc#1012382). - mac80211_hwsim: fix module init error paths for netlink (bnc#1012382). - mac80211_hwsim: Timer should be initialized before device registered (bnc#1012382). - mac80211: ignore NullFunc frames in the duplicate detection (bnc#1012382). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bnc#1012382). - mach64: fix display corruption on big endian machines (bnc#1012382). - mach64: fix image corruption due to reading accelerator registers (bnc#1012382). - matroxfb: fix size of memcpy (bnc#1012382). - MD: do not check MD_SB_CHANGE_CLEAN in md_allow_write (Git-fixes). - MD: fix invalid stored role for a disk (bnc#1012382). - MD: fix invalid stored role for a disk - try2 (bnc#1012382). - media: dvb-frontends: fix i2c access helpers for KASAN (bnc#1012382). - media: em28xx: fix input name for Terratec AV 350 (bnc#1012382). - media: em28xx: Fix use-after-free when disconnecting (bnc#1012382). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bnc#1012382). - media: em28xx: use a default format if TRY_FMT fails (bnc#1012382). - media: pci: cx23885: handle adding to list failure (bnc#1012382). - media: tvp5150: fix width alignment during set_selection() (bnc#1012382). - media: v4l: event: Add subscription to list before calling "add" operation (bnc#1012382). - media: vivid: free bitmap_cap when updating std/timings/etc (bnc#1012382). - MIPS: Align kernel load address to 64KB (bnc#1012382). - MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression (bnc#1012382). - MIPS: Ensure pmd_present() returns false after pmd_mknotpresent() (bnc#1012382). - MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue (bnc#1012382). - MIPS: fix mips_get_syscall_arg o32 check (bnc#1012382). - MIPS: Handle non word sized instructions when examining frame (bnc#1012382). - MIPS: kexec: Mark CPU offline before disabling local IRQ (bnc#1012382). - MIPS: Loongson-3: Fix BRIDGE irq delivery problem (bnc#1012382). - MIPS: Loongson-3: Fix CPU UART irq delivery problem (bnc#1012382). - MIPS: microMIPS: Fix decoding of swsp16 instruction (bnc#1012382). - MIPS: OCTEON: fix out of bounds array access on CN68XX (bnc#1012382). - MIPS: ralink: Fix mt7620 nd_sd pinmux (bnc#1012382). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bnc#1012382). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bnc#1012382). - MMC: core: Reset HPI enabled state during re-init and in case of errors (bnc#1012382). - mm: cleancache: fix corruption on missed inode invalidation (bnc#1012382). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bnc#1012382). - MMC: omap_hsmmc: fix DMA API warning (bnc#1012382). - MMC: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bnc#1012382). - mm, devm_memremap_pages: kill mapping "System RAM" support (bnc#1012382). - mm: do not bug_on on incorrect length in __mm_populate() (bnc#1012382). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm, elf: handle vm_brk error (bnc#1012382). - mm, hugetlb: fix huge_pte_alloc BUG_ON (bsc#1119204). - mm: hwpoison: call shake_page() after try_to_unmap() for mlocked page (bnc#1116336). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1012382). - mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT) (bnc#1012382). - mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages() (bnc#1012382). - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1118790). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: refuse wrapped vm_brk requests (bnc#1012382). - mm: remove write/force parameters from __get_user_pages_locked() (bnc#1012382 bsc#1027260). - mm: remove write/force parameters from __get_user_pages_unlocked() (bnc#1012382 bsc#1027260). - mm: replace __access_remote_vm() write parameter with gup_flags (bnc#1012382). - mm: replace access_remote_vm() write parameter with gup_flags (bnc#1012382). - mm: replace get_user_pages_locked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_user_pages_unlocked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_user_pages() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_vaddr_frames() write/force parameters with gup_flags (bnc#1012382). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - modules: mark __inittest/__exittest as __maybe_unused (bnc#1012382). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bnc#1012382). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bnc#1012382). - mount: Retest MNT_LOCKED in do_umount (bnc#1012382). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bnc#1012382). - mtd: spi-nor: Add support for is25wp series chips (bnc#1012382). - mv88e6060: disable hardware level MAC learning (bnc#1012382). - mwifiex: Fix NULL pointer dereference in skb_dequeue() (bnc#1012382). - mwifiex: fix p2p device does not find in scan problem (bnc#1012382). - namei: allow restricted O_CREAT of FIFOs and regular files (bnc#1012382). - neighbour: Avoid writing before skb->head in neigh_hh_output() (bnc#1012382). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (bnc#1012382). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114475, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114475, LTC#172679). - net: amd: add missing of_node_put() (bnc#1012382). - net: bcmgenet: fix OF child-node lookup (bnc#1012382). - net: bridge: remove ipv6 zero address check in mcast queries (bnc#1012382). - net: cxgb3_main: fix a missing-check bug (bnc#1012382). - net: drop skb on failure in ip_check_defrag() (bnc#1012382). - net: drop write-only stack variable (bnc#1012382). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1117562). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1117562). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1117562). - net: ena: complete host info to match latest ENA spec (bsc#1117562). - net: ena: enable Low Latency Queues (bsc#1117562). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1117562). - net: ena: fix auto casting to boolean (bsc#1117562). - net: ena: fix compilation error in xtensa architecture (bsc#1117562). - net: ena: fix crash during ena_remove() (bsc#1108240). - net: ena: fix crash during failed resume from hibernation (bsc#1117562). - net: ena: fix indentations in ena_defs for better readability (bsc#1117562). - net: ena: Fix Kconfig dependency on X86 (bsc#1117562). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1117562). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1117562). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1117562). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1117562). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1117562). - net: ena: minor performance improvement (bsc#1117562). - net: ena: remove ndo_poll_controller (bsc#1117562). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1117562). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1108240). - net: ena: update driver version to 2.0.1 (bsc#1117562). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1117562). - net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts (bnc#1012382). - netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net (bnc#1012382). - netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() (bnc#1012382). - netfilter: nf_tables: fix oops when inserting an element into a verdict map (bnc#1012382). - netfilter: xt_IDLETIMER: add sysfs filename checking routine (bnc#1012382). - net-gro: reset skb->pkt_type in napi_reuse_skb() (bnc#1012382). - net: hisilicon: remove unexpected free_netdev (bnc#1012382). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net/ipv4: defensive cipso option parsing (bnc#1012382). - net/ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (bnc#1012382). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1015336 bsc#1015337 bsc#1015340). - net/mlx4_core: Fix uninitialized variable compilation warning (bnc#1012382). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bnc#1012382). - net/mlx4: Fix UBSAN warning of signed integer overflow (bnc#1012382). - net: phy: do not allow __set_phy_supported to add unsupported modes (bnc#1012382). - net: Prevent invalid access to skb->prev in __qdisc_drop_all (bnc#1012382). - net: qla3xxx: Remove overflowing shift statement (bnc#1012382). - netrom: fix locking in nr_find_socket() (bnc#1012382). - net: sched: gred: pass the right attribute to gred_change_table_def() (bnc#1012382). - net: socket: fix a missing-check bug (bnc#1012382). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (bnc#1012382). - net: thunderx: fix NULL pointer dereference in nic_remove (bnc#1012382). - new helper: uaccess_kernel() (bnc#1012382). - NFC: nfcmrvl_uart: fix OF child-node lookup (bnc#1012382). - nfit: skip region registration for incomplete control regions (bsc#1118930). - nfsd: Fix an Oops in free_session() (bnc#1012382). - NFS: Ensure we commit after writeback is complete (bsc#1111809). - NFSv4.1: Fix the r/wsize checking (bnc#1012382). - NFSv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bnc#1012382). - ocfs2: fix deadlock caused by ocfs2_defrag_extent() (bnc#1012382). - ocfs2: fix potential use after free (bnc#1012382). - of: add helper to lookup compatible child node (bnc#1012382). - packet: validate address length (bnc#1012382). - packet: validate address length if non-zero (bnc#1012382). - parisc: Fix address in HPMC IVA (bnc#1012382). - parisc: Fix map_pages() to not overwrite existing pte entries (bnc#1012382). - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk (bnc#1012382). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1109806). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1106105). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bnc#1012382). - perf/bpf: Convert perf_event_array to use struct file (bsc#1119967). - perf/core: Do not leak event in the syscall error path (bnc#1012382). - perf pmu: Suppress potential format-truncation warning (bnc#1012382). - perf/ring_buffer: Prevent concurent ring buffer access (bnc#1012382). - perf tools: Cleanup trace-event-info 'tdata' leak (bnc#1012382). - perf tools: Disable parallelism for 'make clean' (bnc#1012382). - perf tools: Free temporary 'sys' string in read_event_files() (bnc#1012382). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bnc#1012382). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bnc#1012382). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bnc#1012382). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bnc#1012382). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bnc#1012382). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bnc#1012382). - PM/devfreq: tegra: fix error return code in tegra_devfreq_probe() (bnc#1012382). - pNFS: Fix a deadlock between read resends and layoutreturn (git-fixes). - pNFS/flexfiles: Fix up the ff_layout_write_pagelist failure path (git-fixes). - pNFS/flexfiles: When checking for available DSes, conditionally check for MDS io (git-fixes). - pnfs: set NFS_IOHDR_REDO in pnfs_read_resend_pnfs (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/boot: Ensure _zimage_start is a weak symbol (bnc#1012382). - powerpc/boot: Fix random libfdt related build errors (bnc#1012382). - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805). - powerpc: Fix COFF zImage booting on old powermacs (bnc#1012382). - powerpc/mm/radix: Use mm->task_size for boundary checking instead of addr_limit (bsc#1027457). - powerpc/msi: Fix compile error on mpc83xx (bnc#1012382). - powerpc/msi: Fix NULL pointer access in teardown code (bnc#1012382). - powerpc/nohash: fix undefined behaviour when testing page size support (bnc#1012382). - powerpc/numa: Suppress "VPHN is not supported" messages (bnc#1012382). - powerpc/powernv: Do not select the cpufreq governors (bsc#1066223). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1066223). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1066223). - powerpc/pseries: Fix DTL buffer registration (bsc#1066223). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1066223). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: olpc_battery: correct the temperature units (bnc#1012382). - printk: Fix panic caused by passing log_buf_len to command line (bnc#1012382). - Provide a temporary fix for STIBP on-by-default (bsc#1116497). - pstore: Convert console write to use ->write_buf (bnc#1012382). - ptp: fix Spectre v1 vulnerability (bnc#1012382). - pxa168fb: prepare the clock (bnc#1012382). - qed: Fix bitmap_weight() check (bsc#1019695). - qed: Fix PTT leak in qed_drain() (bnc#1012382). - qed: Fix QM getters to always return a valid pq (bsc#1019695 ). - qed: Fix reading wrong value in loop condition (bnc#1012382). - r8152: Check for supported Wake-on-LAN Modes (bnc#1012382). - r8169: fix NAPI handling under high load (bnc#1012382). - rapidio/rionet: do not free skb before reading its length (bnc#1012382). - RDMA/ucma: Fix Spectre v1 vulnerability (bnc#1012382). - reiserfs: propagate errors from fill_with_dentries() properly (bnc#1012382). - Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV" (bnc#1012382). - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" (bsc#1106929) - Revert "exec: avoid gcc-8 warning for get_task_comm" (kabi). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "media: v4l: event: Add subscription to list before calling "add" operation" (kabi). - Revert "media: videobuf2-core: do not call memop 'finish' when queueing" (bnc#1012382). - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1106105). - Revert "usb: musb: musb_host: Enable HCD_BH flag to handle urb return in bottom half" (bsc#1047487). - Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()" (bnc#1012382). - Revert "x86/kconfig: Fall back to ticket spinlocks" (kabi). - rocker: fix rocker_tlv_put_* functions for KASAN (bnc#1012382). - rpcrdma: Add RPCRDMA_HDRLEN_ERR (git-fixes). - rpm/kernel-binary.spec.in: Add missing export BRP_SIGN_FILES (bsc#1115587) The export line was accidentally dropped at merging scripts branch, which resulted in the invalid module signature. - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1042286 bsc#1108145). - rtc: hctosys: Add missing range error reporting (bnc#1012382). - rtc: snvs: add a missing write sync (bnc#1012382). - rtc: snvs: Add timeouts to avoid kernel lockups (bnc#1012382). - rtnetlink: Disallow FDB configuration for non-Ethernet device (bnc#1012382). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (bnc#1012382). - s390/cpum_cf: Reject request for sampling in event initialization (bnc#1012382). - s390/mm: Check for valid vma before zapping in gmap_discard (bnc#1012382). - s390/mm: Fix ERROR: "__node_distance" undefined! (bnc#1012382). - s390/qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114475, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1114475, LTC#172953). - s390/qeth: fix length check in SNMP processing (bnc#1012382). - s390/qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114475, LTC#172682). - s390/vdso: add missing FORCE to build targets (bnc#1012382). - sbus: char: add of_node_put() (bnc#1012382). - sc16is7xx: Fix for multi-channel stall (bnc#1012382). - sched/cgroup: Fix cgroup entity load tracking tear-down (bnc#1012382). - sched/fair: Fix throttle_list starvation with low CFS quota (bnc#1012382). - sch_red: update backlog as well (bnc#1012382). - scsi: aacraid: Fix typo in blink status (bnc#1012382). - scsi: bfa: convert to strlcpy/strlcat (bnc#1012382 bsc#1019683, ). - scsi: bnx2fc: Fix NULL dereference in error handling (bnc#1012382). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: Create two versions of scsi_internal_device_unblock() (bsc#1119877). - scsi: csiostor: Avoid content leaks and casts (bnc#1012382). - scsi: esp_scsi: Track residual for PIO transfers (bnc#1012382). - scsi: Introduce scsi_start_queue() (bsc#1119877). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1103624, bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (bnc#1012382). - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (bsc#1102660). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bnc#1012382). - scsi: lpfc: devloss timeout race condition caused null pointer reference (bsc#1102660). - scsi: lpfc: Fix abort error path for NVMET (bsc#1102660). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix driver crash when re-registering NVME rports (bsc#1102660). - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102660). - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102660). - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102660). - scsi: lpfc: Fix panic if driver unloaded when port is offline (bsc#1102660). - scsi: lpfc: update driver version to 11.4.0.7-5 (bsc#1102660). - scsi: Make __scsi_remove_device go straight from BLOCKED to DEL (bsc#1119877). - scsi: megaraid_sas: fix a missing-check bug (bnc#1012382). - scsi: Protect SCSI device state changes with a mutex (bsc#1119877). - scsi: qedi: Add ISCSI_BOOT_SYSFS to Kconfig (bsc#1043083). - scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure (bsc#1094973). - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters (bnc#1012382). - scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure (bsc#1094973). - scsi: Re-export scsi_internal_device_{,un}_block() (bsc#1119877). - scsi: Split scsi_internal_device_block() (bsc#1119877). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: ufs: fix bugs related to null pointer access and array size (bnc#1012382). - scsi: ufs: fix race between clock gating and devfreq scaling work (bnc#1012382). - scsi: ufshcd: Fix race between clk scaling and ungate work (bnc#1012382). - scsi: ufshcd: release resources if probe fails (bnc#1012382). - scsi: use 'inquiry_mutex' instead of 'state_mutex' (bsc#1119877). - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload (bnc#1012382). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bnc#1012382). - sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer (bnc#1012382). - sctp: fix race on sctp_id2asoc (bnc#1012382). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (bnc#1012382). - selftests: ftrace: Add synthetic event syntax testcase (bnc#1012382). - selftests: Move networking/timestamping from Documentation (bnc#1012382). - seq_file: fix incomplete reset on read from zero offset (Git-fixes). - ser_gigaset: use container_of() instead of detour (bnc#1012382). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (bnc#1012382). - signal/GenWQE: Fix sending of SIGKILL (bnc#1012382). - smb3: allow stats which track session and share reconnects to be reset (bnc#1012382). - smb3: do not attempt cifs operation in smb3 query info error path (bnc#1012382). - smb3: on kerberos mount if server does not specify auth type use krb5 (bnc#1012382). - smsc75xx: Check for Wake-on-LAN modes (bnc#1012382). - smsc95xx: Check for Wake-on-LAN modes (bnc#1012382). - sock: Make sock->sk_stamp thread-safe (bnc#1012382). - soc/tegra: pmc: Fix child-node lookup (bnc#1012382). - sparc64: Fix exception handling in UltraSPARC-III memcpy (bnc#1012382). - sparc64 mm: Fix more TSB sizing issues (bnc#1012382). - sparc: Fix single-pcr perf event counter management (bnc#1012382). - sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata (bnc#1012382). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bnc#1012382). - spi: bcm2835: Fix book-keeping of DMA termination (bnc#1012382). - spi: bcm2835: Fix race on DMA termination (bnc#1012382). - spi: bcm2835: Unbreak the build of esoteric configs (bnc#1012382). - spi/bcm63xx: fix error return code in bcm63xx_spi_probe() (bnc#1012382). - spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe() (bnc#1012382). - spi: xlp: fix error return code in xlp_spi_probe() (bnc#1012382). - sr9800: Check for supported Wake-on-LAN modes (bnc#1012382). - sr: pass down correctly sized SCSI sense buffer (bnc#1012382). - staging: rts5208: fix gcc-8 logic error warning (bnc#1012382). - staging: speakup: Replace strncpy with memcpy (bnc#1012382). - SUNRPC: correct the computation for page_ptr when truncating (bnc#1012382). - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() (bnc#1012382). - SUNRPC: Fix a bogus get/put in generic_key_to_expire() (bnc#1012382). - SUNRPC: Fix a potential race in xprt_connect() (git-fixes). - SUNRPC: fix cache_head leak due to queued request (bnc#1012382). - SUNRPC: Fix leak of krb5p encode pages (bnc#1012382). - svcrdma: Remove unused variable in rdma_copy_tail() (git-fixes). - swim: fix cleanup on setup error (bnc#1012382). - swiotlb: clean up reporting (bnc#1012382). - sysv: return 'err' instead of 0 in __sysv_write_inode (bnc#1012382). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: fix NULL ref in tail loss probe (bnc#1012382). - TC: Set DMA masks for devices (bnc#1012382). - termios, tty/tty_baudrate.c: fix buffer overrun (bnc#1012382). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (bnc#1012382). - thermal: allow spear-thermal driver to be a module (bnc#1012382). - thermal: allow u8500-thermal driver to be a module (bnc#1012382). - timer/debug: Change /proc/timer_list from 0444 to 0400 (bnc#1012382). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bnc#1012382). - tpm: fix response size validation in tpm_get_random() (bsc#1020645, git-fixes). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bnc#1012382). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix memory leak in set_trigger_filter() (bnc#1012382). - tracing: Fix memory leak of instance function hash filters (bnc#1012382). - tracing: Skip more functions when doing stack tracing of events (bnc#1012382). - tty: check name length in tty_find_polling_driver() (bnc#1012382). - tty: serial: 8250_mtk: always resume the device in probe (bnc#1012382). - tty: serial: sprd: fix error return code in sprd_probe() (bnc#1012382). - tty: wipe buffer (bnc#1012382). - tty: wipe buffer if not echoing data (bnc#1012382). - tun: Consistently configure generic netdev params via rtnetlink (bnc#1012382). - tun: forbid iface creation with rtnl ops (bnc#1012382). - uio: ensure class is registered before devices (bnc#1012382). - uio: Fix an Oops on load (bnc#1012382). - uio: make symbol 'uio_class_registered' static (git-fixes). - um: Avoid longjmp/setjmp symbol clashes with libpthread.a (bnc#1012382). - um: Give start_idle_thread() a return code (bnc#1012382). - unifdef: use memcpy instead of strncpy (bnc#1012382). - Update config files. Enabled ENA (Amazon network driver) for arm64 - Update config files (reenable lost BT_HCIUART_3WIRE). - Update ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bnc#1012382). - usb: appledisplay: Add 27" Apple Cinema Display (bnc#1012382). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bnc#1012382). - usb: check usb_get_extra_descriptor for proper size (bnc#1012382). - usb: chipidea: Prevent unbalanced IRQ disable (bnc#1012382). - usb: core: Fix hub port connection events lost (bnc#1012382). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bnc#1012382). - usb: dwc3: omap: fix error return code in dwc3_omap_probe() (bnc#1012382). - usb: ehci-omap: fix error return code in ehci_hcd_omap_probe() (bnc#1012382). - usb: fix the usbfs flag sanitization for control transfers (bnc#1012382). - usb: gadget: dummy: fix nonsensical comparisons (bnc#1012382). - usb: gadget: storage: Fix Spectre v1 vulnerability (bnc#1012382). - usb: imx21-hcd: fix error return code in imx21_probe() (bnc#1012382). - usb: misc: appledisplay: add 20" Apple Cinema Display (bnc#1012382). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (bnc#1012382). - usb: omap_udc: fix crashes on probe error and module removal (bnc#1012382). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bnc#1012382). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bnc#1012382). - usb: omap_udc: use devm_request_irq() (bnc#1012382). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bnc#1012382). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bnc#1012382). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bnc#1012382). - usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() (bnc#1012382). - usb: serial: option: add Fibocom NL668 series (bnc#1012382). - usb: serial: option: add Fibocom NL678 series (bnc#1012382). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bnc#1012382). - usb: serial: option: add HP lt4132 (bnc#1012382). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bnc#1012382). - usb: serial: option: add Telit LN940 series (bnc#1012382). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bnc#1012382). - usb-storage: fix bogus hardware error messages for ATA pass-thru devices (bnc#1012382). - usb: usb-storage: Add new IDs to ums-realtek (bnc#1012382). - usb: xhci: fix timeout for transition from RExit to U0 (bnc#1012382). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bnc#1012382). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bnc#1012382). - v9fs_dir_readdir: fix double-free on p9stat_read error (bnc#1012382). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vhost: Fix Spectre V1 vulnerability (bnc#1012382). - vhost: make sure used idx is seen before log in vhost_add_used_n() (bnc#1012382). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bnc#1012382). - video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe() (bnc#1012382). - virtio/s390: avoid race on vcdev->config (bnc#1012382). - virtio/s390: fix race in ccw_io_helper() (bnc#1012382). - VSOCK: Send reset control packet when socket is partially bound (bnc#1012382). - vti6: flush x-netns xfrm cache when vti interface is removed (bnc#1012382). - w1: omap-hdq: fix missing bus unregister at removal (bnc#1012382). - x86: boot: Fix EFI stub alignment (bnc#1012382). - x86/boot: #undef memcpy() et al in string.c (bnc#1012382). - x86/build: Fix stack alignment for CLang (bnc#1012382). - x86/build: Specify stack alignment for clang (bnc#1012382). - x86/build: Use __cc-option for boot code compiler options (bnc#1012382). - x86/build: Use cc-option to validate stack alignment parameter (bnc#1012382). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bnc#1012382). - x86/earlyprintk/efi: Fix infinite loop on some screen widths (bnc#1012382). - x86/entry: spell EBX register correctly in documentation (bnc#1012382). - x86/kbuild: Use cc-option to enable -falign-{jumps/loops} (bnc#1012382). - x86/kconfig: Fall back to ticket spinlocks (bnc#1012382). - x86/MCE: Export memory_error() (bsc#1114648). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114648). - x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang incompatibility (bnc#1012382). - x86/mm/pat: Prevent hang during boot when mapping pages (bnc#1012382). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bnc#1012382). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP (bnc#1012382). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1012382). - xen: fix xen_qlock_wait() (bnc#1012382). - xen: make xen_qlock_wait() nestable (bnc#1012382). - xen/netback: dont overflow meta array (bnc#1099523). - xen/netfront: tolerate frags with no data (bnc#1012382). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1012382). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xen: xlate_mmu: add missing header to fix 'W=1' warning (bnc#1012382). - xfrm6: call kfree_skb when skb is toobig (bnc#1012382). - xfrm: Clear sk_dst_cache when applying per-socket policy (bnc#1012382). - xfrm: Fix bucket count reported to userspace (bnc#1012382). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfrm: Validate address prefix lengths in the xfrm selector (bnc#1012382). - xfrm: validate template mode (bnc#1012382). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs/dmapi: restore event in xfs_getbmap (bsc#1114763). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bnc#1012382). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bnc#1012382). - xprtrdma: checking for NULL instead of IS_ERR() (git-fixes). - xprtrdma: Disable pad optimization by default (git-fixes). - xprtrdma: Disable RPC/RDMA backchannel debugging messages (git-fixes). - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock) (git-fixes). - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps (git-fixes). - xprtrdma: Fix Read chunk padding (git-fixes). - xprtrdma: Fix receive buffer accounting (git-fixes). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len (git-fixes). - xprtrdma: Serialize credit accounting again (git-fixes). - xprtrdma: xprt_rdma_free() must not release backchannel reqs (git-fixes). - xtensa: add NOTES section to the linker script (bnc#1012382). - xtensa: enable coprocessors that are being flushed (bnc#1012382). - xtensa: fix boot parameters address translation (bnc#1012382). - xtensa: fix coprocessor context offset definitions (bnc#1012382). - xtensa: make sure bFLT stack is 16 byte aligned (bnc#1012382). - zram: close udev startup race condition as default groups (bnc#1012382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP3: zypper in -t patch SUSE-SLE-RT-12-SP3-2019-320=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch): kernel-devel-rt-4.4.170-3.32.1 kernel-source-rt-4.4.170-3.32.1 - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64): cluster-md-kmp-rt-4.4.170-3.32.2 cluster-md-kmp-rt-debuginfo-4.4.170-3.32.2 dlm-kmp-rt-4.4.170-3.32.2 dlm-kmp-rt-debuginfo-4.4.170-3.32.2 gfs2-kmp-rt-4.4.170-3.32.2 gfs2-kmp-rt-debuginfo-4.4.170-3.32.2 kernel-rt-4.4.170-3.32.2 kernel-rt-base-4.4.170-3.32.2 kernel-rt-base-debuginfo-4.4.170-3.32.2 kernel-rt-debuginfo-4.4.170-3.32.2 kernel-rt-debugsource-4.4.170-3.32.2 kernel-rt-devel-4.4.170-3.32.2 kernel-rt_debug-debuginfo-4.4.170-3.32.2 kernel-rt_debug-debugsource-4.4.170-3.32.2 kernel-rt_debug-devel-4.4.170-3.32.2 kernel-rt_debug-devel-debuginfo-4.4.170-3.32.2 kernel-syms-rt-4.4.170-3.32.1 ocfs2-kmp-rt-4.4.170-3.32.2 ocfs2-kmp-rt-debuginfo-4.4.170-3.32.2 References: https://www.suse.com/security/cve/CVE-2017-16939.html https://www.suse.com/security/cve/CVE-2018-1120.html https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-19407.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9568.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1015336 https://bugzilla.suse.com/1015337 https://bugzilla.suse.com/1015340 https://bugzilla.suse.com/1019683 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1027260 https://bugzilla.suse.com/1027457 https://bugzilla.suse.com/1031492 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1043083 https://bugzilla.suse.com/1046264 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1048916 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1069702 https://bugzilla.suse.com/1070805 https://bugzilla.suse.com/1079935 https://bugzilla.suse.com/1086423 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1091405 https://bugzilla.suse.com/1092100 https://bugzilla.suse.com/1093158 https://bugzilla.suse.com/1093641 https://bugzilla.suse.com/1093649 https://bugzilla.suse.com/1093653 https://bugzilla.suse.com/1093655 https://bugzilla.suse.com/1093657 https://bugzilla.suse.com/1093663 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1094973 https://bugzilla.suse.com/1096242 https://bugzilla.suse.com/1096281 https://bugzilla.suse.com/1099523 https://bugzilla.suse.com/1100105 https://bugzilla.suse.com/1101557 https://bugzilla.suse.com/1102439 https://bugzilla.suse.com/1102660 https://bugzilla.suse.com/1103156 https://bugzilla.suse.com/1103257 https://bugzilla.suse.com/1103624 https://bugzilla.suse.com/1104098 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106237 https://bugzilla.suse.com/1106240 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1108145 https://bugzilla.suse.com/1108240 https://bugzilla.suse.com/1109168 https://bugzilla.suse.com/1109272 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1109806 https://bugzilla.suse.com/1110286 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1111174 https://bugzilla.suse.com/1111809 https://bugzilla.suse.com/1112246 https://bugzilla.suse.com/1112963 https://bugzilla.suse.com/1113412 https://bugzilla.suse.com/1113766 https://bugzilla.suse.com/1114190 https://bugzilla.suse.com/1114417 https://bugzilla.suse.com/1114475 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114763 https://bugzilla.suse.com/1114839 https://bugzilla.suse.com/1114871 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1115482 https://bugzilla.suse.com/1115587 https://bugzilla.suse.com/1115709 https://bugzilla.suse.com/1116027 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116285 https://bugzilla.suse.com/1116336 https://bugzilla.suse.com/1116345 https://bugzilla.suse.com/1116497 https://bugzilla.suse.com/1116841 https://bugzilla.suse.com/1116924 https://bugzilla.suse.com/1116950 https://bugzilla.suse.com/1116962 https://bugzilla.suse.com/1117162 https://bugzilla.suse.com/1117165 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117562 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118316 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1118505 https://bugzilla.suse.com/1118790 https://bugzilla.suse.com/1118798 https://bugzilla.suse.com/1118915 https://bugzilla.suse.com/1118922 https://bugzilla.suse.com/1118926 https://bugzilla.suse.com/1118930 https://bugzilla.suse.com/1118936 https://bugzilla.suse.com/1119204 https://bugzilla.suse.com/1119445 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119877 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119967 https://bugzilla.suse.com/1119970 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120260 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120950 https://bugzilla.suse.com/1121239 https://bugzilla.suse.com/1121240 https://bugzilla.suse.com/1121241 https://bugzilla.suse.com/1121242 https://bugzilla.suse.com/1121275 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/985031 From sle-security-updates at lists.suse.com Mon Feb 11 13:29:14 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 11 Feb 2019 21:29:14 +0100 (CET) Subject: SUSE-SU-2019:0326-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12) Message-ID: <20190211202914.D8927FCB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 34 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0326-1 Rating: important References: #1119947 Cross-References: CVE-2018-16884 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.61-52_128 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-321=1 SUSE-SLE-SERVER-12-2019-322=1 SUSE-SLE-SERVER-12-2019-323=1 SUSE-SLE-SERVER-12-2019-324=1 SUSE-SLE-SERVER-12-2019-325=1 SUSE-SLE-SERVER-12-2019-326=1 SUSE-SLE-SERVER-12-2019-327=1 SUSE-SLE-SERVER-12-2019-328=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_119-default-12-2.1 kgraft-patch-3_12_61-52_119-xen-12-2.1 kgraft-patch-3_12_61-52_122-default-12-2.1 kgraft-patch-3_12_61-52_122-xen-12-2.1 kgraft-patch-3_12_61-52_125-default-11-2.1 kgraft-patch-3_12_61-52_125-xen-11-2.1 kgraft-patch-3_12_61-52_128-default-9-2.1 kgraft-patch-3_12_61-52_128-xen-9-2.1 kgraft-patch-3_12_61-52_133-default-8-2.1 kgraft-patch-3_12_61-52_133-xen-8-2.1 kgraft-patch-3_12_61-52_136-default-8-2.1 kgraft-patch-3_12_61-52_136-xen-8-2.1 kgraft-patch-3_12_61-52_141-default-7-2.1 kgraft-patch-3_12_61-52_141-xen-7-2.1 kgraft-patch-3_12_61-52_146-default-5-2.1 kgraft-patch-3_12_61-52_146-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2018-16884.html https://bugzilla.suse.com/1119947 From sle-security-updates at lists.suse.com Tue Feb 12 04:10:29 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 12 Feb 2019 12:10:29 +0100 (CET) Subject: SUSE-SU-2019:0330-1: important: Security update for etcd Message-ID: <20190212111029.A0623FCB4@maintenance.suse.de> SUSE Security Update: Security update for etcd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0330-1 Rating: important References: #1095184 #1118897 #1121850 Cross-References: CVE-2018-16873 CVE-2018-16886 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for etcd to version 3.3.11 fixes the following issues: Security vulnerabilities addressed: - CVE-2018-16886: Fixed an improper authentication issue when role-based access control (RBAC) was used and client-cert-auth were enabled. This allowed an remote attacker to authenticate as user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. (bsc#1121850) - CVE-2018-16873: Fixed an issue with the go get command, which allowed for remote code execution when being executed with the -u flag (bsc#1118897) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): etcd-3.3.11-3.6.1 etcdctl-3.3.11-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16886.html https://bugzilla.suse.com/1095184 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1121850 From sle-security-updates at lists.suse.com Tue Feb 12 10:08:57 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 12 Feb 2019 18:08:57 +0100 (CET) Subject: SUSE-SU-2019:13951-1: important: Security update for python-numpy Message-ID: <20190212170857.54FA9FCB4@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13951-1 Rating: important References: #1122208 Cross-References: CVE-2019-6446 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-python-numpy-13951=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-python-numpy-13951=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-python-numpy-13951=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-numpy-devel-1.8.0-6.4.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-numpy-1.8.0-6.4.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): python-numpy-debuginfo-1.8.0-6.4.1 python-numpy-debugsource-1.8.0-6.4.1 References: https://www.suse.com/security/cve/CVE-2019-6446.html https://bugzilla.suse.com/1122208 From sle-security-updates at lists.suse.com Tue Feb 12 10:09:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 12 Feb 2019 18:09:31 +0100 (CET) Subject: SUSE-SU-2019:0333-1: moderate: Security update for php7 Message-ID: <20190212170931.F0355FCB4@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0333-1 Rating: moderate References: #1118832 #1123354 #1123522 Cross-References: CVE-2018-19935 CVE-2019-6977 CVE-2019-6978 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). - CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-333=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-333=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-333=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.63.1 php7-debugsource-7.0.7-50.63.1 php7-devel-7.0.7-50.63.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.63.1 php7-debugsource-7.0.7-50.63.1 php7-devel-7.0.7-50.63.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.63.1 apache2-mod_php7-debuginfo-7.0.7-50.63.1 php7-7.0.7-50.63.1 php7-bcmath-7.0.7-50.63.1 php7-bcmath-debuginfo-7.0.7-50.63.1 php7-bz2-7.0.7-50.63.1 php7-bz2-debuginfo-7.0.7-50.63.1 php7-calendar-7.0.7-50.63.1 php7-calendar-debuginfo-7.0.7-50.63.1 php7-ctype-7.0.7-50.63.1 php7-ctype-debuginfo-7.0.7-50.63.1 php7-curl-7.0.7-50.63.1 php7-curl-debuginfo-7.0.7-50.63.1 php7-dba-7.0.7-50.63.1 php7-dba-debuginfo-7.0.7-50.63.1 php7-debuginfo-7.0.7-50.63.1 php7-debugsource-7.0.7-50.63.1 php7-dom-7.0.7-50.63.1 php7-dom-debuginfo-7.0.7-50.63.1 php7-enchant-7.0.7-50.63.1 php7-enchant-debuginfo-7.0.7-50.63.1 php7-exif-7.0.7-50.63.1 php7-exif-debuginfo-7.0.7-50.63.1 php7-fastcgi-7.0.7-50.63.1 php7-fastcgi-debuginfo-7.0.7-50.63.1 php7-fileinfo-7.0.7-50.63.1 php7-fileinfo-debuginfo-7.0.7-50.63.1 php7-fpm-7.0.7-50.63.1 php7-fpm-debuginfo-7.0.7-50.63.1 php7-ftp-7.0.7-50.63.1 php7-ftp-debuginfo-7.0.7-50.63.1 php7-gd-7.0.7-50.63.1 php7-gd-debuginfo-7.0.7-50.63.1 php7-gettext-7.0.7-50.63.1 php7-gettext-debuginfo-7.0.7-50.63.1 php7-gmp-7.0.7-50.63.1 php7-gmp-debuginfo-7.0.7-50.63.1 php7-iconv-7.0.7-50.63.1 php7-iconv-debuginfo-7.0.7-50.63.1 php7-imap-7.0.7-50.63.1 php7-imap-debuginfo-7.0.7-50.63.1 php7-intl-7.0.7-50.63.1 php7-intl-debuginfo-7.0.7-50.63.1 php7-json-7.0.7-50.63.1 php7-json-debuginfo-7.0.7-50.63.1 php7-ldap-7.0.7-50.63.1 php7-ldap-debuginfo-7.0.7-50.63.1 php7-mbstring-7.0.7-50.63.1 php7-mbstring-debuginfo-7.0.7-50.63.1 php7-mcrypt-7.0.7-50.63.1 php7-mcrypt-debuginfo-7.0.7-50.63.1 php7-mysql-7.0.7-50.63.1 php7-mysql-debuginfo-7.0.7-50.63.1 php7-odbc-7.0.7-50.63.1 php7-odbc-debuginfo-7.0.7-50.63.1 php7-opcache-7.0.7-50.63.1 php7-opcache-debuginfo-7.0.7-50.63.1 php7-openssl-7.0.7-50.63.1 php7-openssl-debuginfo-7.0.7-50.63.1 php7-pcntl-7.0.7-50.63.1 php7-pcntl-debuginfo-7.0.7-50.63.1 php7-pdo-7.0.7-50.63.1 php7-pdo-debuginfo-7.0.7-50.63.1 php7-pgsql-7.0.7-50.63.1 php7-pgsql-debuginfo-7.0.7-50.63.1 php7-phar-7.0.7-50.63.1 php7-phar-debuginfo-7.0.7-50.63.1 php7-posix-7.0.7-50.63.1 php7-posix-debuginfo-7.0.7-50.63.1 php7-pspell-7.0.7-50.63.1 php7-pspell-debuginfo-7.0.7-50.63.1 php7-shmop-7.0.7-50.63.1 php7-shmop-debuginfo-7.0.7-50.63.1 php7-snmp-7.0.7-50.63.1 php7-snmp-debuginfo-7.0.7-50.63.1 php7-soap-7.0.7-50.63.1 php7-soap-debuginfo-7.0.7-50.63.1 php7-sockets-7.0.7-50.63.1 php7-sockets-debuginfo-7.0.7-50.63.1 php7-sqlite-7.0.7-50.63.1 php7-sqlite-debuginfo-7.0.7-50.63.1 php7-sysvmsg-7.0.7-50.63.1 php7-sysvmsg-debuginfo-7.0.7-50.63.1 php7-sysvsem-7.0.7-50.63.1 php7-sysvsem-debuginfo-7.0.7-50.63.1 php7-sysvshm-7.0.7-50.63.1 php7-sysvshm-debuginfo-7.0.7-50.63.1 php7-tokenizer-7.0.7-50.63.1 php7-tokenizer-debuginfo-7.0.7-50.63.1 php7-wddx-7.0.7-50.63.1 php7-wddx-debuginfo-7.0.7-50.63.1 php7-xmlreader-7.0.7-50.63.1 php7-xmlreader-debuginfo-7.0.7-50.63.1 php7-xmlrpc-7.0.7-50.63.1 php7-xmlrpc-debuginfo-7.0.7-50.63.1 php7-xmlwriter-7.0.7-50.63.1 php7-xmlwriter-debuginfo-7.0.7-50.63.1 php7-xsl-7.0.7-50.63.1 php7-xsl-debuginfo-7.0.7-50.63.1 php7-zip-7.0.7-50.63.1 php7-zip-debuginfo-7.0.7-50.63.1 php7-zlib-7.0.7-50.63.1 php7-zlib-debuginfo-7.0.7-50.63.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.63.1 php7-pear-Archive_Tar-7.0.7-50.63.1 References: https://www.suse.com/security/cve/CVE-2018-19935.html https://www.suse.com/security/cve/CVE-2019-6977.html https://www.suse.com/security/cve/CVE-2019-6978.html https://bugzilla.suse.com/1118832 https://bugzilla.suse.com/1123354 https://bugzilla.suse.com/1123522 From sle-security-updates at lists.suse.com Tue Feb 12 10:10:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 12 Feb 2019 18:10:19 +0100 (CET) Subject: SUSE-SU-2019:0334-1: important: Security update for nginx Message-ID: <20190212171019.49B9DFCB4@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0334-1 Rating: important References: #1115015 #1115022 #1115025 Cross-References: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nginx to version 1.14.2 fixes the following issues: Security vulnerabilities addressed: - CVE-2018-16843 CVE-2018-16844: Fixed an issue whereby a client using HTTP/2 might cause excessive memory consumption and CPU usage (bsc#1115025 bsc#1115022). - CVE-2018-16845: Fixed an issue which might result in worker process memory disclosure whne processing of a specially crafted mp4 file with the ngx_http_mp4_module (bsc#1115015). Other bug fixes and changes made: - Fixed an issue with handling of client addresses when using unix domain listen sockets to work with datagrams on Linux. - The logging level of the "http request", "https proxy request", "unsupported protocol", "version too low", "no suitable key share", and "no suitable signature algorithm" SSL errors has been lowered from "crit" to "info". - Fixed an issue with using OpenSSL 1.1.0 or newer it was not possible to switch off "ssl_prefer_server_ciphers" in a virtual server if it was switched on in the default server. - Fixed an issue with TLS 1.3 always being enabled when built with OpenSSL 1.1.0 and used with 1.1.1 - Fixed an issue with sending a disk-buffered request body to a gRPC backend - Fixed an issue with connections of some gRPC backends might not be cached when using the "keepalive" directive. - Fixed a segmentation fault, which might occur in a worker process if the ngx_http_mp4_module was used on 32-bit platforms. - Fixed an issue, whereby working with gRPC backends might result in excessive memory consumption. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-334=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-334=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): nginx-1.14.2-3.3.1 nginx-debuginfo-1.14.2-3.3.1 nginx-debugsource-1.14.2-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): vim-plugin-nginx-1.14.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-16843.html https://www.suse.com/security/cve/CVE-2018-16844.html https://www.suse.com/security/cve/CVE-2018-16845.html https://bugzilla.suse.com/1115015 https://bugzilla.suse.com/1115022 https://bugzilla.suse.com/1115025 From sle-security-updates at lists.suse.com Tue Feb 12 10:11:11 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 12 Feb 2019 18:11:11 +0100 (CET) Subject: SUSE-SU-2019:13952-1: critical: Security update for LibVNCServer Message-ID: <20190212171111.981D0FCB4@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13952-1 Rating: critical References: #1123823 #1123828 #1123832 Cross-References: CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-LibVNCServer-13952=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-LibVNCServer-13952=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-LibVNCServer-13952=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-LibVNCServer-13952=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-LibVNCServer-13952=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-devel-0.9.1-160.9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-0.9.1-160.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): LibVNCServer-0.9.1-160.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-debuginfo-0.9.1-160.9.1 LibVNCServer-debugsource-0.9.1-160.9.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): LibVNCServer-debuginfo-0.9.1-160.9.1 LibVNCServer-debugsource-0.9.1-160.9.1 References: https://www.suse.com/security/cve/CVE-2018-20748.html https://www.suse.com/security/cve/CVE-2018-20749.html https://www.suse.com/security/cve/CVE-2018-20750.html https://bugzilla.suse.com/1123823 https://bugzilla.suse.com/1123828 https://bugzilla.suse.com/1123832 From sle-security-updates at lists.suse.com Tue Feb 12 10:12:06 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 12 Feb 2019 18:12:06 +0100 (CET) Subject: SUSE-SU-2019:0336-1: important: Security update for MozillaFirefox Message-ID: <20190212171206.541EFFCB4@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0336-1 Rating: important References: #1120374 #1122983 Cross-References: CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Security issues fixed: CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-336=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-336=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-336=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-336=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-336=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-336=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-336=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-336=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-336=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-336=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-336=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-336=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-336=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-devel-3.41.1-58.25.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-devel-3.41.1-58.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-devel-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-devel-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 - SUSE CaaS Platform ALL (x86_64): libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 - SUSE CaaS Platform 3.0 (x86_64): libfreebl3-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 References: https://www.suse.com/security/cve/CVE-2018-18500.html https://www.suse.com/security/cve/CVE-2018-18501.html https://www.suse.com/security/cve/CVE-2018-18505.html https://bugzilla.suse.com/1120374 https://bugzilla.suse.com/1122983 From sle-security-updates at lists.suse.com Tue Feb 12 13:08:36 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 12 Feb 2019 21:08:36 +0100 (CET) Subject: SUSE-SU-2019:0337-1: important: Security update for runc Message-ID: <20190212200836.DE077FDF2@maintenance.suse.de> SUSE Security Update: Security update for runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0337-1 Rating: important References: #1121967 Cross-References: CVE-2019-5736 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for runc fixes the following issues: Security issue fixed: - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): runc-1.0.0~rc5-3.6.1 runc-debuginfo-1.0.0~rc5-3.6.1 runc-debugsource-1.0.0~rc5-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-5736.html https://bugzilla.suse.com/1121967 From sle-security-updates at lists.suse.com Tue Feb 12 13:09:08 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 12 Feb 2019 21:09:08 +0100 (CET) Subject: SUSE-SU-2019:0338-1: important: Security update for MozillaThunderbird Message-ID: <20190212200908.BB67CFDF2@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0338-1 Rating: important References: #1119105 #1122983 Cross-References: CVE-2016-5824 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaThunderbird to version 60.5 fixes the following issues: Security vulnerabilities addressed (MSFA 2019-03 MSFA 2018-31 bsc#1122983 bsc#1119105): * CVE-2018-18500: Use-after-free parsing HTML5 stream * CVE-2018-18505: Privilege escalation through IPC channel messages * CVE-2016-5824 DoS (use-after-free) via a crafted ics file * CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 * CVE-2018-18492: Use-after-free with select element * CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia * CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs * CVE-2018-18498: Integer overflow when calculating buffer sizes for images * CVE-2018-12405: Memory safety bugs fixed in Firefox 64, 60.4, and Thunderbird 60.4 Other bug fixes and changes: * FileLink provider WeTransfer to upload large attachments * Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user interface: [+] button to select a file an add, [-] to remove. * More search engines: Google and DuckDuckGo available by default in some locales * During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol. * Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on * New WebExtensions FileLink API to facilitate add-ons * Fix decoding problems for messages with less common charsets (cp932, cp936) * New messages in the drafts folder (and other special or virtual folders) will no longer be included in the new messages notification * Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db, cert9.db). * Address book search and auto-complete slowness * Plain text markup with * for bold, / for italics, _ for underline and | for code did not work when the enclosed text contained non-ASCII characters * While composing a message, a link not removed when link location was removed in the link properties panel * Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding * If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was displayed. Now using date from "Received" header instead. * Body search/filtering didn't reliably ignore content of tags * Inappropriate warning "Thunderbird prevented the site (addons.thunderbird.net) from asking you to install software on your computer" when installing add-ons * Incorrect display of correspondents column since own email address was not always detected * Spurious (encoded newline) inserted into drafts and sent email * Double-clicking on a word in the Write window sometimes launched the Advanced Property Editor or Link Properties dialog * Fixe Cookie removal * "Download rest of message" was not working if global inbox was used * Fix Encoding problems for users (especially in Poland) when a file was sent via a folder using "Sent to > Mail recipient" due to a problem in the Thunderbird MAPI interface * According to RFC 4616 and RFC 5721, passwords containing non-ASCII characters are encoded using UTF-8 which can lead to problems with non-compliant providers, for example office365.com. The SMTP LOGIN and POP3 USER/PASS authentication methods are now using a Latin-1 encoding again to work around this issue * Fix shutdown crash/hang after entering an empty IMAP password Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-338=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.5.0-3.20.2 MozillaThunderbird-debuginfo-60.5.0-3.20.2 MozillaThunderbird-debugsource-60.5.0-3.20.2 MozillaThunderbird-translations-common-60.5.0-3.20.2 MozillaThunderbird-translations-other-60.5.0-3.20.2 References: https://www.suse.com/security/cve/CVE-2016-5824.html https://www.suse.com/security/cve/CVE-2018-12405.html https://www.suse.com/security/cve/CVE-2018-17466.html https://www.suse.com/security/cve/CVE-2018-18492.html https://www.suse.com/security/cve/CVE-2018-18493.html https://www.suse.com/security/cve/CVE-2018-18494.html https://www.suse.com/security/cve/CVE-2018-18498.html https://www.suse.com/security/cve/CVE-2018-18500.html https://www.suse.com/security/cve/CVE-2018-18501.html https://www.suse.com/security/cve/CVE-2018-18505.html https://bugzilla.suse.com/1119105 https://bugzilla.suse.com/1122983 From sle-security-updates at lists.suse.com Wed Feb 13 04:11:13 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Feb 2019 12:11:13 +0100 (CET) Subject: SUSE-SU-2019:0339-1: important: Security update for curl Message-ID: <20190213111113.042C8FDF2@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0339-1 Rating: important References: #1112758 #1113029 #1113660 #1123371 #1123377 #1123378 Cross-References: CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3822: Fixed a NTLMv2 type-3 header stack buffer overflow (bsc#1123377). - CVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response (bsc#1123378). - CVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 (bsc#1123371). - CVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c (bsc#1113660). - CVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029). - CVE-2018-16839: Fixed an SASL password overflow caused by an integer overflow (bsc#1112758). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-339=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-339=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-339=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-4.3.1 curl-debugsource-7.60.0-4.3.1 libcurl-devel-7.60.0-4.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): curl-7.60.0-4.3.1 curl-debuginfo-7.60.0-4.3.1 curl-debugsource-7.60.0-4.3.1 libcurl4-7.60.0-4.3.1 libcurl4-debuginfo-7.60.0-4.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libcurl4-32bit-7.60.0-4.3.1 libcurl4-debuginfo-32bit-7.60.0-4.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): curl-7.60.0-4.3.1 curl-debuginfo-7.60.0-4.3.1 curl-debugsource-7.60.0-4.3.1 libcurl4-32bit-7.60.0-4.3.1 libcurl4-7.60.0-4.3.1 libcurl4-debuginfo-32bit-7.60.0-4.3.1 libcurl4-debuginfo-7.60.0-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-16839.html https://www.suse.com/security/cve/CVE-2018-16840.html https://www.suse.com/security/cve/CVE-2018-16842.html https://www.suse.com/security/cve/CVE-2018-16890.html https://www.suse.com/security/cve/CVE-2019-3822.html https://www.suse.com/security/cve/CVE-2019-3823.html https://bugzilla.suse.com/1112758 https://bugzilla.suse.com/1113029 https://bugzilla.suse.com/1113660 https://bugzilla.suse.com/1123371 https://bugzilla.suse.com/1123377 https://bugzilla.suse.com/1123378 From sle-security-updates at lists.suse.com Wed Feb 13 07:20:49 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Feb 2019 15:20:49 +0100 (CET) Subject: SUSE-SU-2019:0341-1: moderate: Security update for SUSE Manager Server 3.2 Message-ID: <20190213142049.88DFEFDF2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0341-1 Rating: moderate References: #1089121 #1098826 #1099988 #1104680 #1105720 #1105791 #1110427 #1110757 #1110772 #1111191 #1111686 #1111910 #1111963 #1112121 #1114029 #1114059 #1114115 #1114268 #1114877 #1115029 #1115978 #1116365 #1116566 #1116610 #1116826 #1117759 #1118112 #1118478 #1118917 #1119233 #1119271 #1119320 #1119727 #1119807 #1121038 #1121424 #1122565 #1123902 #1123983 #1124794 #1125097 #987798 Cross-References: CVE-2018-17197 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves one vulnerability and has 41 fixes is now available. Description: This update fixes the following issues: branch-network-formula: - Netconfig update requires bind directory to exists for bind forward, ensure it (bsc#1116365) - Rework network update in branch-network formula (bsc#1116365) py26-compat-salt: - Remove arch from name when pkg.list_pkgs is called with 'attr' (bsc#1114029) python-susemanager-retail: - Force one python version for SLE12 (python2) and SLE15 (python3) - Add disklabel: none to migrated RAID saltboot-formula: - Use FTP active mode for image download - Always deploy image when image is specified in partitioning pillar (bsc#1119807) - Call blockdev.formatted with force=True - Allow RAID images to be defined by saltboot formula - image information can be provided directly for disk - allow "none" disk label in formula and in that case hide partitioning information smdba: - Tuning: add cpu_tuple_cost (bsc#1105791) spacecmd: - Fix importing state channels using configchannel_import - Fix getting file info for latest revision (via configchannel_filedetails) - Add functions to merge errata (softwarechannel_errata_merge) and packages (softwarechannel_mergepackages) through spacecmd (bsc#987798) spacewalk-admin: - Use a Salt engine to process return results (bsc#1099988) spacewalk-backend: - Move channel update close to commit to avoid long lock (bsc#1121424) - Adapt Inter Server Sync code to new SCC sync backend - Fix issue raising exceptions 'with_traceback' on Python 2 - Hide Python traceback and show only error message (bsc#1110427) - Honor renamed postgresql10 log directory for supportconfig spacewalk-branding: - Better label visualization when the input is disabled. (bsc#1110772) spacewalk-client-tools: - Fix XML-RPC type serialization (bsc#1116610) spacewalk-java: - Improve salt events processing performance (bsc#1125097) - Prevent an error when onboarding a RES 6 minion (bsc#1124794) - Support products with multiple base channels - Fix ordering of base channels to prevent synchronization errors (bsc#1123902) - Support products with multiple base channels - Avoid a NullPointerException error in Taskomatic (bsc#1119271) - Reset channel assignments when base channel changes on registration (bsc#1118917) - Allow bootstrapping minions with a pending minion key being present (bsc#1119727) - Hide 'unknown virtual host manager' when virtual host manager of all hosts is known (bsc#1119320) - Disable notification types with 'java.notifications_type_disabled' in rhn.conf (bsc#1111910) - Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies (bsc#1089121) - Read OEM Orderitems from DB instead of create always new items (bsc#1098826) - Fix mgr-sync refresh when subscription was removed (bsc#1105720) - XMLRPC API: Include init.sls in channel file list (bsc#1111191) - Fix the config channels assignment via SSM (bsc#1117759) - Install product packages during bootstrapping minions (bsc#1104680) - Fix cloning channels when managing the same errata for both vendor and private orgs (bsc#1111686) - Introduce Loggerhead-module.js to store logs from the frontend - Removed 'Manage Channels' shortcut for vendor channels (bsc#1115978) - Hide already applied errata and channel entries from the output list in audit.listSystemsByPatchStatus (bsc#1111963) - Prevent failing KickstartCommand when customPosition is null (bsc#1112121) - Automatically schedule an Action to refresh minion repos after deletion of an assigned channel (bsc#1115029) - Performance improvements in channel management functionalities (bsc#1114877) - Handle with an error message if state file fails to render (bsc#1110757) - When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772) - Add check for yast autoinstall profiles when setting kickstartTree (bsc#1114115) - Use a Salt engine to process return results (bsc#1099988) - Fix handling of CVEs including multiple patches in CVE audit (bsc#1111963) - Fix synchronizing Expanded Support Channel with missing architecture (bsc#1122565) spacewalk-setup: - Use a Salt engine to process return results (bsc#1099988) spacewalk-utils: - Exit with an error if spacewalk-common-channels does not match any channel spacewalk-web: - Show feedback messages after using the retry option on the notification messages page - Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies - Fix wording for taskotop (cosmetical only)(bsc#1118112) - When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772) subscription-matcher: - Old style hard bundle merging fix (bsc#1114059) susemanager: - Add bootstrap repo definition for OES 2018 SP1 (bsc#1116826) - Rhnlib was renamed to python2-rhnlib. Change bootstrap data accordingly. - Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies - Adapt mgr-create-bootstrap-repo for Uyuni and let it create bootstrap repos for openSUSE and CentOS - Fetch packages from correct channel when creating a bootstrap repository - Fix not found package on mgr-create-bootstrap-repo for SLE-15-s390x (bsc#1116566) - Add python3-six to bootstrap repo for SLES15 (bsc#1118478) susemanager-docs_en: - Update text and image files. - Enhance forms documentation (more attributes). - Proxy: for example, migration from traditional to Salt not supported. - RAM requirements for host running kiwi OS images. - Notification properties. - Update scalability documentation. susemanager-schema: - Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies - Performance improvements in channel management functionalities (bsc#1114877) - Use a Salt engine to process return results (bsc#1099988) susemanager-sls: - Improve salt events processing performance (bsc#1125097) - Allow bootstrapping minions with a pending minion key being present (bsc#1119727) - Use a Salt engine to process return results (bsc#1099988) susemanager-sync-data: - Make SUSE Manager Tools channel mandatory (bsc#1123983) - Add sle-module-web-scripting for OES2018 (bsc#1119233) - Add new set of data for the new SCC sync backend - Enable SLE15 SP1 family (bsc#1114268) - Enable OES2018 SP1 (bsc#1116826) tika-core: - CVE-2018-17197: Fixed an infinite loop in the SQLite3Parser of Apache Tika (bsc#1121038) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-341=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-341=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): smdba-1.6.3-0.3.6.13 spacewalk-branding-2.8.5.13-3.13.14 susemanager-3.2.15-3.16.13 susemanager-tools-3.2.15-3.16.13 - SUSE Manager Server 3.2 (noarch): branch-network-formula-0.1.1545038754.c983fa6-3.6.13 netty-4.1.8.Final-2.7.4 py26-compat-salt-2016.11.10-6.18.14 python-susemanager-retail-1.0.1544459934.07229ad-2.9.13 python2-spacewalk-client-tools-2.8.22.4-3.3.13 saltboot-formula-0.1.1546527519.591e925-3.9.13 spacecmd-2.8.25.8-3.12.13 spacewalk-admin-2.8.4.3-3.3.13 spacewalk-backend-2.8.57.8-3.10.14 spacewalk-backend-app-2.8.57.8-3.10.14 spacewalk-backend-applet-2.8.57.8-3.10.14 spacewalk-backend-config-files-2.8.57.8-3.10.14 spacewalk-backend-config-files-common-2.8.57.8-3.10.14 spacewalk-backend-config-files-tool-2.8.57.8-3.10.14 spacewalk-backend-iss-2.8.57.8-3.10.14 spacewalk-backend-iss-export-2.8.57.8-3.10.14 spacewalk-backend-libs-2.8.57.8-3.10.14 spacewalk-backend-package-push-server-2.8.57.8-3.10.14 spacewalk-backend-server-2.8.57.8-3.10.14 spacewalk-backend-sql-2.8.57.8-3.10.14 spacewalk-backend-sql-oracle-2.8.57.8-3.10.14 spacewalk-backend-sql-postgresql-2.8.57.8-3.10.14 spacewalk-backend-tools-2.8.57.8-3.10.14 spacewalk-backend-xml-export-libs-2.8.57.8-3.10.14 spacewalk-backend-xmlrpc-2.8.57.8-3.10.14 spacewalk-base-2.8.7.12-3.16.12 spacewalk-base-minimal-2.8.7.12-3.16.12 spacewalk-base-minimal-config-2.8.7.12-3.16.12 spacewalk-client-tools-2.8.22.4-3.3.13 spacewalk-html-2.8.7.12-3.16.12 spacewalk-java-2.8.78.18-3.21.1 spacewalk-java-config-2.8.78.18-3.21.1 spacewalk-java-lib-2.8.78.18-3.21.1 spacewalk-java-oracle-2.8.78.18-3.21.1 spacewalk-java-postgresql-2.8.78.18-3.21.1 spacewalk-setup-2.8.7.6-3.13.13 spacewalk-taskomatic-2.8.78.18-3.21.1 spacewalk-utils-2.8.18.4-3.6.13 subscription-matcher-0.22-4.9.13 susemanager-advanced-topics_en-pdf-3.2-11.15.12 susemanager-best-practices_en-pdf-3.2-11.15.12 susemanager-docs_en-3.2-11.15.12 susemanager-getting-started_en-pdf-3.2-11.15.12 susemanager-jsp_en-3.2-11.15.12 susemanager-reference_en-pdf-3.2-11.15.12 susemanager-retail-tools-1.0.1544459934.07229ad-2.9.13 susemanager-schema-3.2.16-3.16.13 susemanager-sls-3.2.20-3.18.1 susemanager-sync-data-3.2.12-3.14.2 susemanager-web-libs-2.8.7.12-3.16.12 tika-core-1.20-3.6.13 - SUSE Manager Proxy 3.2 (noarch): python2-spacewalk-check-2.8.22.4-3.3.13 python2-spacewalk-client-setup-2.8.22.4-3.3.13 python2-spacewalk-client-tools-2.8.22.4-3.3.13 spacewalk-backend-2.8.57.8-3.10.14 spacewalk-backend-libs-2.8.57.8-3.10.14 spacewalk-base-minimal-2.8.7.12-3.16.12 spacewalk-base-minimal-config-2.8.7.12-3.16.12 spacewalk-check-2.8.22.4-3.3.13 spacewalk-client-setup-2.8.22.4-3.3.13 spacewalk-client-tools-2.8.22.4-3.3.13 spacewalk-proxy-installer-2.8.6.4-3.6.13 susemanager-web-libs-2.8.7.12-3.16.12 References: https://www.suse.com/security/cve/CVE-2018-17197.html https://bugzilla.suse.com/1089121 https://bugzilla.suse.com/1098826 https://bugzilla.suse.com/1099988 https://bugzilla.suse.com/1104680 https://bugzilla.suse.com/1105720 https://bugzilla.suse.com/1105791 https://bugzilla.suse.com/1110427 https://bugzilla.suse.com/1110757 https://bugzilla.suse.com/1110772 https://bugzilla.suse.com/1111191 https://bugzilla.suse.com/1111686 https://bugzilla.suse.com/1111910 https://bugzilla.suse.com/1111963 https://bugzilla.suse.com/1112121 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114059 https://bugzilla.suse.com/1114115 https://bugzilla.suse.com/1114268 https://bugzilla.suse.com/1114877 https://bugzilla.suse.com/1115029 https://bugzilla.suse.com/1115978 https://bugzilla.suse.com/1116365 https://bugzilla.suse.com/1116566 https://bugzilla.suse.com/1116610 https://bugzilla.suse.com/1116826 https://bugzilla.suse.com/1117759 https://bugzilla.suse.com/1118112 https://bugzilla.suse.com/1118478 https://bugzilla.suse.com/1118917 https://bugzilla.suse.com/1119233 https://bugzilla.suse.com/1119271 https://bugzilla.suse.com/1119320 https://bugzilla.suse.com/1119727 https://bugzilla.suse.com/1119807 https://bugzilla.suse.com/1121038 https://bugzilla.suse.com/1121424 https://bugzilla.suse.com/1122565 https://bugzilla.suse.com/1123902 https://bugzilla.suse.com/1123983 https://bugzilla.suse.com/1124794 https://bugzilla.suse.com/1125097 https://bugzilla.suse.com/987798 From sle-security-updates at lists.suse.com Wed Feb 13 10:10:45 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Feb 2019 18:10:45 +0100 (CET) Subject: SUSE-SU-2019:0362-1: important: Security update for docker-runc Message-ID: <20190213171045.4AC8EFDF2@maintenance.suse.de> SUSE Security Update: Security update for docker-runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0362-1 Rating: important References: #1121967 Cross-References: CVE-2019-5736 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for docker-runc fixes the following issues: Security issue fixed: - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-362=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-362=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-6.9.1 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.9.1 docker-runc-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-6.9.1 References: https://www.suse.com/security/cve/CVE-2019-5736.html https://bugzilla.suse.com/1121967 From sle-security-updates at lists.suse.com Wed Feb 13 13:10:44 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Feb 2019 21:10:44 +0100 (CET) Subject: SUSE-SU-2019:0385-1: important: Security update for docker-runc Message-ID: <20190213201044.DB0E6FE02@maintenance.suse.de> SUSE Security Update: Security update for docker-runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0385-1 Rating: important References: #1121967 Cross-References: CVE-2019-5736 Affected Products: SUSE OpenStack Cloud 6-LTSS SUSE Linux Enterprise Module for Containers 12 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for docker-runc fixes the following issues: Security issue fixed: - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6-LTSS: zypper in -t patch SUSE-OpenStack-Cloud-6-LTSS-2019-385=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-385=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-385=1 Package List: - SUSE OpenStack Cloud 6-LTSS (x86_64): docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-1.9.1 - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-1.9.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-1.9.1 References: https://www.suse.com/security/cve/CVE-2019-5736.html https://bugzilla.suse.com/1121967 From sle-security-updates at lists.suse.com Wed Feb 13 13:12:14 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Feb 2019 21:12:14 +0100 (CET) Subject: SUSE-SU-2019:0356-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) Message-ID: <20190213201214.A3FDAFE02@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0356-1 Rating: important References: #1119947 Cross-References: CVE-2018-16884 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.74-60_64_104 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-353=1 SUSE-SLE-SAP-12-SP2-2019-354=1 SUSE-SLE-SAP-12-SP2-2019-355=1 SUSE-SLE-SAP-12-SP2-2019-356=1 SUSE-SLE-SAP-12-SP2-2019-357=1 SUSE-SLE-SAP-12-SP2-2019-358=1 SUSE-SLE-SAP-12-SP2-2019-359=1 SUSE-SLE-SAP-12-SP2-2019-360=1 SUSE-SLE-SAP-12-SP2-2019-361=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-353=1 SUSE-SLE-SERVER-12-SP2-2019-354=1 SUSE-SLE-SERVER-12-SP2-2019-355=1 SUSE-SLE-SERVER-12-SP2-2019-356=1 SUSE-SLE-SERVER-12-SP2-2019-357=1 SUSE-SLE-SERVER-12-SP2-2019-358=1 SUSE-SLE-SERVER-12-SP2-2019-359=1 SUSE-SLE-SERVER-12-SP2-2019-360=1 SUSE-SLE-SERVER-12-SP2-2019-361=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-376=1 SUSE-SLE-SERVER-12-SP1-2019-377=1 SUSE-SLE-SERVER-12-SP1-2019-378=1 SUSE-SLE-SERVER-12-SP1-2019-379=1 SUSE-SLE-SERVER-12-SP1-2019-380=1 SUSE-SLE-SERVER-12-SP1-2019-381=1 SUSE-SLE-SERVER-12-SP1-2019-382=1 SUSE-SLE-SERVER-12-SP1-2019-383=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_95-default-4-2.1 kgraft-patch-4_4_121-92_98-default-3-2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_114-92_64-default-11-2.1 kgraft-patch-4_4_114-92_67-default-11-2.1 kgraft-patch-4_4_120-92_70-default-10-2.1 kgraft-patch-4_4_121-92_73-default-9-2.1 kgraft-patch-4_4_121-92_80-default-9-2.1 kgraft-patch-4_4_121-92_85-default-6-2.1 kgraft-patch-4_4_121-92_92-default-5-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_95-default-4-2.1 kgraft-patch-4_4_121-92_98-default-3-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_114-92_64-default-11-2.1 kgraft-patch-4_4_114-92_67-default-11-2.1 kgraft-patch-4_4_120-92_70-default-10-2.1 kgraft-patch-4_4_121-92_73-default-9-2.1 kgraft-patch-4_4_121-92_80-default-9-2.1 kgraft-patch-4_4_121-92_85-default-6-2.1 kgraft-patch-4_4_121-92_92-default-5-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_104-default-5-2.1 kgraft-patch-3_12_74-60_64_104-xen-5-2.1 kgraft-patch-3_12_74-60_64_107-default-5-2.1 kgraft-patch-3_12_74-60_64_107-xen-5-2.1 kgraft-patch-3_12_74-60_64_82-default-11-2.1 kgraft-patch-3_12_74-60_64_82-xen-11-2.1 kgraft-patch-3_12_74-60_64_85-default-11-2.1 kgraft-patch-3_12_74-60_64_85-xen-11-2.1 kgraft-patch-3_12_74-60_64_88-default-9-2.1 kgraft-patch-3_12_74-60_64_88-xen-9-2.1 kgraft-patch-3_12_74-60_64_93-default-8-2.1 kgraft-patch-3_12_74-60_64_93-xen-8-2.1 kgraft-patch-3_12_74-60_64_96-default-8-2.1 kgraft-patch-3_12_74-60_64_96-xen-8-2.1 kgraft-patch-3_12_74-60_64_99-default-7-2.1 kgraft-patch-3_12_74-60_64_99-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-16884.html https://bugzilla.suse.com/1119947 From sle-security-updates at lists.suse.com Thu Feb 14 07:14:47 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Feb 2019 15:14:47 +0100 (CET) Subject: SUSE-SU-2019:0387-1: moderate: Security update for build Message-ID: <20190214141447.24FC2FFD7@maintenance.suse.de> SUSE Security Update: Security update for build ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0387-1 Rating: moderate References: #1069904 #1122895 Cross-References: CVE-2017-14804 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for build version 20190128 fixes the following issues: Security issue fixed: - CVE-2017-14804: Improve file name check extractbuild (bsc#1069904) Non-security issue fixed: - Add initial SLE 15 SP1 config (bsc#1122895) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-387=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-387=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): build-mkdrpms-20190128-3.3.2 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): build-20190128-3.3.2 build-mkbaselibs-20190128-3.3.2 References: https://www.suse.com/security/cve/CVE-2017-14804.html https://bugzilla.suse.com/1069904 https://bugzilla.suse.com/1122895 From sle-security-updates at lists.suse.com Thu Feb 14 10:09:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:09:38 +0100 (CET) Subject: SUSE-SU-2019:0393-1: moderate: Security update for podofo Message-ID: <20190214170938.324A910015@maintenance.suse.de> SUSE Security Update: Security update for podofo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0393-1 Rating: moderate References: #1027779 #1032020 #1032021 #1032022 #1075021 #1075026 #1075322 #1075772 #1076962 #1096889 #1096890 Cross-References: CVE-2017-6845 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-8054 CVE-2018-11256 CVE-2018-5295 CVE-2018-5296 CVE-2018-5308 CVE-2018-5309 CVE-2018-5783 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for podofo fixes the following issues: These security issues were fixed: - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772) - CVE-2018-5295: Prevent integer overflow in the PdfXRefStreamParserObject::ParseStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075026). - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5309: Prevent integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075322). - CVE-2018-5296: Prevent uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075021). - CVE-2017-7381: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032020). - CVE-2017-7382: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032021). - CVE-2017-7383: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032022). - CVE-2018-11256: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1096889). - CVE-2018-5783: Prevent uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function that allowed remote attackers to cause a denial of service via a crafted pdf file (bsc#1076962). These non-security issues were fixed: - Prevent regression caused by the fix for CVE-2017-8054. - Prevent NULL dereferences when "Kids" array is missing (bsc#1096890) - Added to detect cycles and recursions in XRef tables Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-393=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-393=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-393=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-393=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-393=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-393=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libpodofo0_9_2-0.9.2-3.6.3 libpodofo0_9_2-debuginfo-0.9.2-3.6.3 podofo-debuginfo-0.9.2-3.6.3 podofo-debugsource-0.9.2-3.6.3 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libpodofo0_9_2-0.9.2-3.6.3 libpodofo0_9_2-debuginfo-0.9.2-3.6.3 podofo-debuginfo-0.9.2-3.6.3 podofo-debugsource-0.9.2-3.6.3 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.2-3.6.3 podofo-debuginfo-0.9.2-3.6.3 podofo-debugsource-0.9.2-3.6.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.2-3.6.3 podofo-debuginfo-0.9.2-3.6.3 podofo-debugsource-0.9.2-3.6.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpodofo0_9_2-0.9.2-3.6.3 libpodofo0_9_2-debuginfo-0.9.2-3.6.3 podofo-debuginfo-0.9.2-3.6.3 podofo-debugsource-0.9.2-3.6.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpodofo0_9_2-0.9.2-3.6.3 libpodofo0_9_2-debuginfo-0.9.2-3.6.3 podofo-debuginfo-0.9.2-3.6.3 podofo-debugsource-0.9.2-3.6.3 References: https://www.suse.com/security/cve/CVE-2017-6845.html https://www.suse.com/security/cve/CVE-2017-7381.html https://www.suse.com/security/cve/CVE-2017-7382.html https://www.suse.com/security/cve/CVE-2017-7383.html https://www.suse.com/security/cve/CVE-2017-8054.html https://www.suse.com/security/cve/CVE-2018-11256.html https://www.suse.com/security/cve/CVE-2018-5295.html https://www.suse.com/security/cve/CVE-2018-5296.html https://www.suse.com/security/cve/CVE-2018-5308.html https://www.suse.com/security/cve/CVE-2018-5309.html https://www.suse.com/security/cve/CVE-2018-5783.html https://bugzilla.suse.com/1027779 https://bugzilla.suse.com/1032020 https://bugzilla.suse.com/1032021 https://bugzilla.suse.com/1032022 https://bugzilla.suse.com/1075021 https://bugzilla.suse.com/1075026 https://bugzilla.suse.com/1075322 https://bugzilla.suse.com/1075772 https://bugzilla.suse.com/1076962 https://bugzilla.suse.com/1096889 https://bugzilla.suse.com/1096890 From sle-security-updates at lists.suse.com Thu Feb 14 10:13:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:13:05 +0100 (CET) Subject: SUSE-SU-2019:0390-1: important: Security update for util-linux Message-ID: <20190214171305.C15BB10015@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0390-1 Rating: important References: #1072947 #1078662 #1080740 #1084300 Cross-References: CVE-2018-7738 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for util-linux fixes the following issues: This non-security issue was fixed: - CVE-2018-7738: bash-completion/umount allowed local users to gain privileges by embedding shell commands in a mountpoint name, which was mishandled during a umount command by a different user (bsc#1084300). These non-security issues were fixed: - Fixed crash loop in lscpu (bsc#1072947). - Fixed possible segfault of umount -a - Fixed mount -a on NFS bind mounts (bsc#1080740). - Fixed lsblk on NVMe (bsc#1078662). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-390=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-390=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-390=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-390=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-390=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-390=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libblkid1-2.28-44.18.18 libblkid1-32bit-2.28-44.18.18 libblkid1-debuginfo-2.28-44.18.18 libblkid1-debuginfo-32bit-2.28-44.18.18 libfdisk1-2.28-44.18.18 libfdisk1-debuginfo-2.28-44.18.18 libmount1-2.28-44.18.18 libmount1-32bit-2.28-44.18.18 libmount1-debuginfo-2.28-44.18.18 libmount1-debuginfo-32bit-2.28-44.18.18 libsmartcols1-2.28-44.18.18 libsmartcols1-debuginfo-2.28-44.18.18 libuuid1-2.28-44.18.18 libuuid1-32bit-2.28-44.18.18 libuuid1-debuginfo-2.28-44.18.18 libuuid1-debuginfo-32bit-2.28-44.18.18 python-libmount-2.28-44.18.38 python-libmount-debuginfo-2.28-44.18.38 python-libmount-debugsource-2.28-44.18.38 util-linux-2.28-44.18.18 util-linux-debuginfo-2.28-44.18.18 util-linux-debugsource-2.28-44.18.18 util-linux-systemd-2.28-44.18.25 util-linux-systemd-debuginfo-2.28-44.18.25 util-linux-systemd-debugsource-2.28-44.18.25 uuidd-2.28-44.18.25 uuidd-debuginfo-2.28-44.18.25 - SUSE OpenStack Cloud 7 (noarch): util-linux-lang-2.28-44.18.18 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libblkid1-2.28-44.18.18 libblkid1-debuginfo-2.28-44.18.18 libfdisk1-2.28-44.18.18 libfdisk1-debuginfo-2.28-44.18.18 libmount1-2.28-44.18.18 libmount1-debuginfo-2.28-44.18.18 libsmartcols1-2.28-44.18.18 libsmartcols1-debuginfo-2.28-44.18.18 libuuid1-2.28-44.18.18 libuuid1-debuginfo-2.28-44.18.18 python-libmount-2.28-44.18.38 python-libmount-debuginfo-2.28-44.18.38 python-libmount-debugsource-2.28-44.18.38 util-linux-2.28-44.18.18 util-linux-debuginfo-2.28-44.18.18 util-linux-debugsource-2.28-44.18.18 util-linux-systemd-2.28-44.18.25 util-linux-systemd-debuginfo-2.28-44.18.25 util-linux-systemd-debugsource-2.28-44.18.25 uuidd-2.28-44.18.25 uuidd-debuginfo-2.28-44.18.25 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libblkid1-32bit-2.28-44.18.18 libblkid1-debuginfo-32bit-2.28-44.18.18 libmount1-32bit-2.28-44.18.18 libmount1-debuginfo-32bit-2.28-44.18.18 libuuid1-32bit-2.28-44.18.18 libuuid1-debuginfo-32bit-2.28-44.18.18 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): util-linux-lang-2.28-44.18.18 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libblkid1-2.28-44.18.18 libblkid1-debuginfo-2.28-44.18.18 libfdisk1-2.28-44.18.18 libfdisk1-debuginfo-2.28-44.18.18 libmount1-2.28-44.18.18 libmount1-debuginfo-2.28-44.18.18 libsmartcols1-2.28-44.18.18 libsmartcols1-debuginfo-2.28-44.18.18 libuuid1-2.28-44.18.18 libuuid1-debuginfo-2.28-44.18.18 python-libmount-2.28-44.18.38 python-libmount-debuginfo-2.28-44.18.38 python-libmount-debugsource-2.28-44.18.38 util-linux-2.28-44.18.18 util-linux-debuginfo-2.28-44.18.18 util-linux-debugsource-2.28-44.18.18 util-linux-systemd-2.28-44.18.25 util-linux-systemd-debuginfo-2.28-44.18.25 util-linux-systemd-debugsource-2.28-44.18.25 uuidd-2.28-44.18.25 uuidd-debuginfo-2.28-44.18.25 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libblkid1-32bit-2.28-44.18.18 libblkid1-debuginfo-32bit-2.28-44.18.18 libmount1-32bit-2.28-44.18.18 libmount1-debuginfo-32bit-2.28-44.18.18 libuuid1-32bit-2.28-44.18.18 libuuid1-debuginfo-32bit-2.28-44.18.18 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): util-linux-lang-2.28-44.18.18 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): util-linux-lang-2.28-44.18.18 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libblkid1-2.28-44.18.18 libblkid1-32bit-2.28-44.18.18 libblkid1-debuginfo-2.28-44.18.18 libblkid1-debuginfo-32bit-2.28-44.18.18 libfdisk1-2.28-44.18.18 libfdisk1-debuginfo-2.28-44.18.18 libmount1-2.28-44.18.18 libmount1-32bit-2.28-44.18.18 libmount1-debuginfo-2.28-44.18.18 libmount1-debuginfo-32bit-2.28-44.18.18 libsmartcols1-2.28-44.18.18 libsmartcols1-debuginfo-2.28-44.18.18 libuuid1-2.28-44.18.18 libuuid1-32bit-2.28-44.18.18 libuuid1-debuginfo-2.28-44.18.18 libuuid1-debuginfo-32bit-2.28-44.18.18 python-libmount-2.28-44.18.38 python-libmount-debuginfo-2.28-44.18.38 python-libmount-debugsource-2.28-44.18.38 util-linux-2.28-44.18.18 util-linux-debuginfo-2.28-44.18.18 util-linux-debugsource-2.28-44.18.18 util-linux-systemd-2.28-44.18.25 util-linux-systemd-debuginfo-2.28-44.18.25 util-linux-systemd-debugsource-2.28-44.18.25 uuidd-2.28-44.18.25 uuidd-debuginfo-2.28-44.18.25 - SUSE Enterprise Storage 4 (x86_64): libblkid1-2.28-44.18.18 libblkid1-32bit-2.28-44.18.18 libblkid1-debuginfo-2.28-44.18.18 libblkid1-debuginfo-32bit-2.28-44.18.18 libfdisk1-2.28-44.18.18 libfdisk1-debuginfo-2.28-44.18.18 libmount1-2.28-44.18.18 libmount1-32bit-2.28-44.18.18 libmount1-debuginfo-2.28-44.18.18 libmount1-debuginfo-32bit-2.28-44.18.18 libsmartcols1-2.28-44.18.18 libsmartcols1-debuginfo-2.28-44.18.18 libuuid1-2.28-44.18.18 libuuid1-32bit-2.28-44.18.18 libuuid1-debuginfo-2.28-44.18.18 libuuid1-debuginfo-32bit-2.28-44.18.18 python-libmount-2.28-44.18.38 python-libmount-debuginfo-2.28-44.18.38 python-libmount-debugsource-2.28-44.18.38 util-linux-2.28-44.18.18 util-linux-debuginfo-2.28-44.18.18 util-linux-debugsource-2.28-44.18.18 util-linux-systemd-2.28-44.18.25 util-linux-systemd-debuginfo-2.28-44.18.25 util-linux-systemd-debugsource-2.28-44.18.25 uuidd-2.28-44.18.25 uuidd-debuginfo-2.28-44.18.25 - SUSE Enterprise Storage 4 (noarch): util-linux-lang-2.28-44.18.18 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libblkid1-2.28-44.18.18 libblkid1-debuginfo-2.28-44.18.18 libfdisk1-2.28-44.18.18 libfdisk1-debuginfo-2.28-44.18.18 libmount1-2.28-44.18.18 libmount1-debuginfo-2.28-44.18.18 libsmartcols1-2.28-44.18.18 libsmartcols1-debuginfo-2.28-44.18.18 libuuid1-2.28-44.18.18 libuuid1-debuginfo-2.28-44.18.18 util-linux-2.28-44.18.18 util-linux-debuginfo-2.28-44.18.18 util-linux-debugsource-2.28-44.18.18 util-linux-systemd-2.28-44.18.25 util-linux-systemd-debuginfo-2.28-44.18.25 util-linux-systemd-debugsource-2.28-44.18.25 References: https://www.suse.com/security/cve/CVE-2018-7738.html https://bugzilla.suse.com/1072947 https://bugzilla.suse.com/1078662 https://bugzilla.suse.com/1080740 https://bugzilla.suse.com/1084300 From sle-security-updates at lists.suse.com Thu Feb 14 10:14:07 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:14:07 +0100 (CET) Subject: SUSE-SU-2019:0391-1: moderate: Security update for python-PyKMIP Message-ID: <20190214171407.A792510015@maintenance.suse.de> SUSE Security Update: Security update for python-PyKMIP ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0391-1 Rating: moderate References: #1120767 Cross-References: CVE-2018-1000872 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-PyKMIP fixes the following issues: Security issue fixed: - CVE-2018-1000872: Fixed a denial-of-service vulnerability which was caused by exhausting the available sockets. To mitigate the issue server socket timeout was decreased (bsc#1120767). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-391=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-391=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-391=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-PyKMIP-0.6.0-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-PyKMIP-0.6.0-3.3.1 - HPE Helion Openstack 8 (noarch): python-PyKMIP-0.6.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000872.html https://bugzilla.suse.com/1120767 From sle-security-updates at lists.suse.com Thu Feb 14 10:17:32 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:17:32 +0100 (CET) Subject: SUSE-SU-2019:0392-1: important: Security update for couchdb Message-ID: <20190214171732.7011510016@maintenance.suse.de> SUSE Security Update: Security update for couchdb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0392-1 Rating: important References: #1104204 Cross-References: CVE-2018-11769 Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for couchdb fixes the following issues: Security issue fixed: - CVE-2018-11769: Fixed a remote code execution vulnerability by removing the _config route from default.ini (bsc#1104204) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-392=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): couchdb-1.7.2-3.6.1 couchdb-debuginfo-1.7.2-3.6.1 couchdb-debugsource-1.7.2-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-11769.html https://bugzilla.suse.com/1104204 From sle-security-updates at lists.suse.com Thu Feb 14 10:19:11 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:19:11 +0100 (CET) Subject: SUSE-SU-2019:0395-1: important: Security update for nodejs6 Message-ID: <20190214171911.CC25510016@maintenance.suse.de> SUSE Security Update: Security update for nodejs6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0395-1 Rating: important References: #1113534 #1113652 #1117625 #1117626 #1117627 #1117629 #1117630 Cross-References: CVE-2018-0734 CVE-2018-12116 CVE-2018-12120 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123 CVE-2018-5407 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for nodejs6 to version 6.16.0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka "PortSmash") (bsc#1113534) - CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625) - CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626) - CVE-2018-12122: Fixed the "Slowloris" HTTP Denial of Service (bsc#1117627) - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630) - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-395=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-395=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-395=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-395=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): nodejs6-6.16.0-11.21.1 nodejs6-debuginfo-6.16.0-11.21.1 nodejs6-debugsource-6.16.0-11.21.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): nodejs6-6.16.0-11.21.1 nodejs6-debuginfo-6.16.0-11.21.1 nodejs6-debugsource-6.16.0-11.21.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs6-6.16.0-11.21.1 nodejs6-debuginfo-6.16.0-11.21.1 nodejs6-debugsource-6.16.0-11.21.1 nodejs6-devel-6.16.0-11.21.1 npm6-6.16.0-11.21.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs6-docs-6.16.0-11.21.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs6-6.16.0-11.21.1 nodejs6-debuginfo-6.16.0-11.21.1 nodejs6-debugsource-6.16.0-11.21.1 References: https://www.suse.com/security/cve/CVE-2018-0734.html https://www.suse.com/security/cve/CVE-2018-12116.html https://www.suse.com/security/cve/CVE-2018-12120.html https://www.suse.com/security/cve/CVE-2018-12121.html https://www.suse.com/security/cve/CVE-2018-12122.html https://www.suse.com/security/cve/CVE-2018-12123.html https://www.suse.com/security/cve/CVE-2018-5407.html https://bugzilla.suse.com/1113534 https://bugzilla.suse.com/1113652 https://bugzilla.suse.com/1117625 https://bugzilla.suse.com/1117626 https://bugzilla.suse.com/1117627 https://bugzilla.suse.com/1117629 https://bugzilla.suse.com/1117630 From sle-security-updates at lists.suse.com Thu Feb 14 10:22:14 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Feb 2019 18:22:14 +0100 (CET) Subject: SUSE-SU-2019:0394-1: moderate: Security update for rubygem-loofah Message-ID: <20190214172214.1D1DA10016@maintenance.suse.de> SUSE Security Update: Security update for rubygem-loofah ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0394-1 Rating: moderate References: #1085967 #1113969 Cross-References: CVE-2018-16468 CVE-2018-8048 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-loofah fixes the following issues: Security issues fixed: - CVE-2018-16468: Fixed XXS by removing the svg animate attribute `from` from the allowlist (bsc#1113969). - CVE-2018-8048: Fixed XSS vulnerability due to unescaped characters by libcxml2 (bsc#1085967). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-394=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-394=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-394=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-loofah-2.0.2-3.5.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-loofah-2.0.2-3.5.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): ruby2.1-rubygem-loofah-2.0.2-3.5.1 References: https://www.suse.com/security/cve/CVE-2018-16468.html https://www.suse.com/security/cve/CVE-2018-8048.html https://bugzilla.suse.com/1085967 https://bugzilla.suse.com/1113969 From sle-security-updates at lists.suse.com Thu Feb 14 13:09:02 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Feb 2019 21:09:02 +0100 (CET) Subject: SUSE-SU-2019:13961-1: moderate: Security update for php53 Message-ID: <20190214200902.AD79F10015@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13961-1 Rating: moderate References: #1123354 #1123522 Cross-References: CVE-2019-6977 CVE-2019-6978 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-13961=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-13961=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-13961=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-112.53.1 php53-imap-5.3.17-112.53.1 php53-posix-5.3.17-112.53.1 php53-readline-5.3.17-112.53.1 php53-sockets-5.3.17-112.53.1 php53-sqlite-5.3.17-112.53.1 php53-tidy-5.3.17-112.53.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.53.1 php53-5.3.17-112.53.1 php53-bcmath-5.3.17-112.53.1 php53-bz2-5.3.17-112.53.1 php53-calendar-5.3.17-112.53.1 php53-ctype-5.3.17-112.53.1 php53-curl-5.3.17-112.53.1 php53-dba-5.3.17-112.53.1 php53-dom-5.3.17-112.53.1 php53-exif-5.3.17-112.53.1 php53-fastcgi-5.3.17-112.53.1 php53-fileinfo-5.3.17-112.53.1 php53-ftp-5.3.17-112.53.1 php53-gd-5.3.17-112.53.1 php53-gettext-5.3.17-112.53.1 php53-gmp-5.3.17-112.53.1 php53-iconv-5.3.17-112.53.1 php53-intl-5.3.17-112.53.1 php53-json-5.3.17-112.53.1 php53-ldap-5.3.17-112.53.1 php53-mbstring-5.3.17-112.53.1 php53-mcrypt-5.3.17-112.53.1 php53-mysql-5.3.17-112.53.1 php53-odbc-5.3.17-112.53.1 php53-openssl-5.3.17-112.53.1 php53-pcntl-5.3.17-112.53.1 php53-pdo-5.3.17-112.53.1 php53-pear-5.3.17-112.53.1 php53-pgsql-5.3.17-112.53.1 php53-pspell-5.3.17-112.53.1 php53-shmop-5.3.17-112.53.1 php53-snmp-5.3.17-112.53.1 php53-soap-5.3.17-112.53.1 php53-suhosin-5.3.17-112.53.1 php53-sysvmsg-5.3.17-112.53.1 php53-sysvsem-5.3.17-112.53.1 php53-sysvshm-5.3.17-112.53.1 php53-tokenizer-5.3.17-112.53.1 php53-wddx-5.3.17-112.53.1 php53-xmlreader-5.3.17-112.53.1 php53-xmlrpc-5.3.17-112.53.1 php53-xmlwriter-5.3.17-112.53.1 php53-xsl-5.3.17-112.53.1 php53-zip-5.3.17-112.53.1 php53-zlib-5.3.17-112.53.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.53.1 php53-debugsource-5.3.17-112.53.1 References: https://www.suse.com/security/cve/CVE-2019-6977.html https://www.suse.com/security/cve/CVE-2019-6978.html https://bugzilla.suse.com/1123354 https://bugzilla.suse.com/1123522 From sle-security-updates at lists.suse.com Fri Feb 15 04:10:28 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 15 Feb 2019 12:10:28 +0100 (CET) Subject: SUSE-SU-2019:0414-1: moderate: Security update for dovecot23 Message-ID: <20190215111028.57EED10015@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0414-1 Rating: moderate References: #1119850 #1123022 #1124356 Cross-References: CVE-2019-3814 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for dovecot23 fixes the following issues: dovecot was updated to 2.3.3 release, bringing lots of bugfixes (bsc#1124356). Also the following security issue was fixed: - CVE-2019-3814: A vulnerability in Dovecot related to SSL client certificate authentication was fixed (bsc#1123022) The package changes: Updated pigeonhole to 0.5.3: - Fix assertion panic occurring when managesieve service fails to open INBOX while saving a Sieve script. This was caused by a lack of cleanup after failure. - Fix specific messages causing an assert panic with actions that compose a reply (e.g. vacation). With some rather weird input from the original message, the header folding algorithm (as used for composing the References header for the reply) got confused, causing the panic. - IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command parsing. After finishing reading the Sieve script, the command parsing sometimes didn't continue with the search arguments. This is a time- critical bug that likely only occurs when the Sieve script is sent in the next TCP frame. dovecot23 was updated to 2.3.3: - doveconf hides more secrets now in the default output. - ssl_dh setting is no longer enforced at startup. If it's not set and non-ECC DH key exchange happens, error is logged and client is disconnected. - Added log_debug= setting. - Added log_core_filter= setting. - quota-clone: Write to dict asynchronously - --enable-hardening attempts to use retpoline Spectre 2 mitigations - lmtp proxy: Support source_ip passdb extra field. - doveadm stats dump: Support more fields and output stddev by default. - push-notification: Add SSL support for OX backend. - NUL bytes in mail headers can cause truncated replies when fetched. - director: Conflicting host up/down state changes may in some rare situations ended up in a loop of two directors constantly overwriting each others' changes. - director: Fix hang/crash when multiple doveadm commands are being handled concurrently. - director: Fix assert-crash if doveadm disconnects too early - virtual plugin: Some searches used 100% CPU for many seconds - dsync assert-crashed with acl plugin in some situations. (bsc#1119850) - mail_attachment_detection_options=add-flags-on-save assert-crashed with some specific Sieve scripts. - Mail snippet generation crashed with mails containing invalid Content-Type:multipart header. - Log prefix ordering was different for some log lines. - quota: With noenforcing option current quota usage wasn't updated. - auth: Kerberos authentication against Samba assert-crashed. - stats clients were unnecessarily chatty with the stats server. - imapc: Fixed various assert-crashes when reconnecting to server. - lmtp, submission: Fix potential crash if client disconnects while handling a command. - quota: Fixed compiling with glibc-2.26 / support libtirpc. - fts-solr: Empty search values resulted in 400 Bad Request errors - fts-solr: default_ns parameter couldn't be used - submission server crashed if relay server returned over 7 lines in a reply (e.g. to EHLO) dovecot was updated to 2.3.2.1: - SSL/TLS servers may have crashed during client disconnection - lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have sometimes assert-crashed. - v2.3.2: "make check" may have crashed with 32bit systems dovecot was updated to 2.3.2: - old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while opening /proc/self/io. This may still cause security problems if the process is ptrace()d at the same time. Instead, open it while still running as root. - doveadm: Added mailbox cache decision&remove commands. See doveadm-mailbox(1) man page for details. - doveadm: Added rebuild attachments command for rebuilding $HasAttachment or $HasNoAttachment flags for matching mails. See doveadm-rebuild(1) man page for details. - cassandra: Use fallback_consistency on more types of errors - lmtp proxy: Support outgoing SSL/TLS connections - lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings. - submission: Add support for rawlog_dir - submission: Add submission_client_workarounds setting. - lua auth: Add password_verify() function and additional fields in auth request. - doveadm-server: TCP connections are hanging when there is a lot of network output. This especially caused hangs in dsync-replication. - Using multiple type=shared mdbox namespaces crashed - mail_fsync setting was ignored. It was always set to "optimized". - lua auth: Fix potential crash at deinit - SSL/TLS servers may have crashed if client disconnected during handshake. - SSL/TLS servers: Don't send extraneous certificates to client when alt certs are used. - lda, lmtp: Return-Path header without '<' may have assert-crashed. - lda, lmtp: Unencoded UTF-8 in email address headers may assert-crash - lda: -f parameter didn't allow empty/null/domainless address - lmtp, submission: Message size limit was hardcoded to 40 MB. Exceeding it caused the connection to get dropped during transfer. - lmtp: Fix potential crash when delivery fails at DATA stage - lmtp: login_greeting setting was ignored - Fix to work with OpenSSL v1.0.2f - systemd unit restrictions were too strict by default - Fix potential crashes when a lot of log output was produced - SMTP client may have assert-crashed when sending mail - IMAP COMPRESS: Send "end of compression" marker when disconnecting. - cassandra: Fix consistency=quorum to work - dsync: Lock file generation failed if home directory didn't exist - Snippet generation for HTML mails didn't ignore &entities inside blockquotes, producing strange looking snippets. - imapc: Fix assert-crash if getting disconnected and after reconnection all mails in the selected mailbox are gone. - pop3c: Handle unexpected server disconnections without assert-crash - fts: Fixes to indexing mails via virtual mailboxes. - fts: If mails contained NUL characters, the text around it wasn't indexed. - Obsolete dovecot.index.cache offsets were sometimes used. Trying to fetch a field that was just added to cache file may not have always found it. pigeonhole was updated to 0.5.2: - Implement plugin for the a vendor-defined IMAP capability called "FILTER=SIEVE". It adds the ability to manually invoke Sieve filtering in IMAP. More information can be found in doc/plugins/imap_filter_sieve.txt. - The Sieve addess test caused an assertion panic for invalid addresses with UTF-8 codepoints in the localpart. Fixed by properly detecting invalid addresses with UTF-8 codepoints in the localpart and skipping these like other invalid addresses while iterating addresses for the address test. - Make the length of the subject header for the vacation response configurable and enforce the limit in UTF-8 codepoints rather than bytes. The subject header for a vacation response was statically truncated to 256 bytes, which is too limited for multi-byte UTF-8 characters. - Sieve editheader extension: Fix assertion panic occurring when it is used to manipulate a message header with a very large header field. - Properly abort execution of the sieve_discard script upon error. Before, the LDA Sieve plugin attempted to execute the sieve_discard script when an error occurs. This can lead to the message being lost. - Fix the interaction between quota and the sieve_discard script. When quota was used together with a sieve_discard script, the message delivery did not bounce when the quota was exceeded. - Fix crash for over quota users Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-414=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.3-4.7.4 dovecot23-backend-mysql-2.3.3-4.7.4 dovecot23-backend-mysql-debuginfo-2.3.3-4.7.4 dovecot23-backend-pgsql-2.3.3-4.7.4 dovecot23-backend-pgsql-debuginfo-2.3.3-4.7.4 dovecot23-backend-sqlite-2.3.3-4.7.4 dovecot23-backend-sqlite-debuginfo-2.3.3-4.7.4 dovecot23-debuginfo-2.3.3-4.7.4 dovecot23-debugsource-2.3.3-4.7.4 dovecot23-devel-2.3.3-4.7.4 dovecot23-fts-2.3.3-4.7.4 dovecot23-fts-debuginfo-2.3.3-4.7.4 dovecot23-fts-lucene-2.3.3-4.7.4 dovecot23-fts-lucene-debuginfo-2.3.3-4.7.4 dovecot23-fts-solr-2.3.3-4.7.4 dovecot23-fts-solr-debuginfo-2.3.3-4.7.4 dovecot23-fts-squat-2.3.3-4.7.4 dovecot23-fts-squat-debuginfo-2.3.3-4.7.4 References: https://www.suse.com/security/cve/CVE-2019-3814.html https://bugzilla.suse.com/1119850 https://bugzilla.suse.com/1123022 https://bugzilla.suse.com/1124356 From sle-security-updates at lists.suse.com Fri Feb 15 07:11:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 15 Feb 2019 15:11:05 +0100 (CET) Subject: SUSE-SU-2019:0416-1: important: Security update for velum Message-ID: <20190215141105.6648910015@maintenance.suse.de> SUSE Security Update: Security update for velum ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0416-1 Rating: important References: #1114832 #1121146 #1121147 #1121148 #1121447 #1122439 #1123291 #1123650 Cross-References: CVE-2019-3682 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This update provides the following fixes: kubernetes-salt: - Force basename on the system certificate name to prevent path traversal (bsc#1121147) - CVE-2019-3682: Disable insecure port in kube-apiserver (bsc#1121148) - Insecure API port exposed to all Master Node guest containers (bsc#1121148) - Fixes included in this change: * bsc#1121146 - Kubernetes ??? Kubelet Service allows unauthenticated access to Kubelet API * bsc#1122439 - failed to parse bool none (bsc#1122439) * bsc#1123291 - CaasP 3.0 Update Admin node, worker and master failed * bsc#1123650 - ExperimentalCriticalPodAnnotation feature not enabled * bsc#1114832 - Running supportconfig on any node can take lots of resources, even fill the hard disk on big/long-running clusters velum: - Do not allow '.' or '/' symbols in system certificate names. (bsc#1121447) - Reverting ignore_vol_az option back to Velum CPI (bsc#1122439) - Adding LDAP support to Velum that will create the requisite org units in LDAP if they are missing sles12sp3-velum-image: - Release 3.1.9 to include a fix (bsc#1122439,bsc#1121447) docker-kubic: - Add daemon.json file with rotation logs configuration (bsc#1114832) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): docker-kubic-17.09.1_ce-7.6.1 docker-kubic-debuginfo-17.09.1_ce-7.6.1 docker-kubic-debugsource-17.09.1_ce-7.6.1 sles12-velum-image-3.1.9-3.33.4 - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r931_9cdca5a-3.47.1 References: https://www.suse.com/security/cve/CVE-2019-3682.html https://bugzilla.suse.com/1114832 https://bugzilla.suse.com/1121146 https://bugzilla.suse.com/1121147 https://bugzilla.suse.com/1121148 https://bugzilla.suse.com/1121447 https://bugzilla.suse.com/1122439 https://bugzilla.suse.com/1123291 https://bugzilla.suse.com/1123650 From sle-security-updates at lists.suse.com Fri Feb 15 07:13:25 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 15 Feb 2019 15:13:25 +0100 (CET) Subject: SUSE-SU-2019:13962-1: important: Security update for kvm Message-ID: <20190215141325.B751510015@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:13962-1 Rating: important References: #1109544 #1116717 #1117275 #1123156 Cross-References: CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for kvm fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). Non-security issue fixed: - Fixed LAPIC TSC deadline timer save/restore (bsc#1109544) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-13962=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-60.21.1 References: https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1109544 https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1123156 From sle-security-updates at lists.suse.com Sat Feb 16 07:08:53 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 16 Feb 2019 15:08:53 +0100 (CET) Subject: SUSE-SU-2019:0418-1: important: Security update for python-numpy Message-ID: <20190216140853.22A0DFD28@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0418-1 Rating: important References: #1122208 Cross-References: CVE-2019-6446 Affected Products: SUSE Linux Enterprise Module for HPC 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2019-418=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-418=1 Package List: - SUSE Linux Enterprise Module for HPC 15 (aarch64 x86_64): python-numpy_1_14_0-gnu-hpc-debuginfo-1.14.0-4.5.1 python-numpy_1_14_0-gnu-hpc-debugsource-1.14.0-4.5.1 python2-numpy-gnu-hpc-1.14.0-4.5.1 python2-numpy-gnu-hpc-devel-1.14.0-4.5.1 python2-numpy_1_14_0-gnu-hpc-1.14.0-4.5.1 python2-numpy_1_14_0-gnu-hpc-debuginfo-1.14.0-4.5.1 python2-numpy_1_14_0-gnu-hpc-devel-1.14.0-4.5.1 python3-numpy-gnu-hpc-1.14.0-4.5.1 python3-numpy-gnu-hpc-devel-1.14.0-4.5.1 python3-numpy_1_14_0-gnu-hpc-1.14.0-4.5.1 python3-numpy_1_14_0-gnu-hpc-debuginfo-1.14.0-4.5.1 python3-numpy_1_14_0-gnu-hpc-devel-1.14.0-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python-numpy-debuginfo-1.14.0-4.5.1 python-numpy-debugsource-1.14.0-4.5.1 python2-numpy-1.14.0-4.5.1 python2-numpy-debuginfo-1.14.0-4.5.1 python2-numpy-devel-1.14.0-4.5.1 python3-numpy-1.14.0-4.5.1 python3-numpy-debuginfo-1.14.0-4.5.1 python3-numpy-devel-1.14.0-4.5.1 References: https://www.suse.com/security/cve/CVE-2019-6446.html https://bugzilla.suse.com/1122208 From sle-security-updates at lists.suse.com Mon Feb 18 07:10:50 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 18 Feb 2019 15:10:50 +0100 (CET) Subject: SUSE-SU-2019:0419-1: important: Security update for python-numpy Message-ID: <20190218141050.5B9E0FFF0@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0419-1 Rating: important References: #1122208 Cross-References: CVE-2019-6446 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-419=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-419=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-419=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-419=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-419=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-419=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python-numpy-debuginfo-1.8.0-5.8.1 python-numpy-debugsource-1.8.0-5.8.1 python-numpy-devel-1.8.0-5.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python-numpy-debuginfo-1.8.0-5.8.1 python-numpy-debugsource-1.8.0-5.8.1 python-numpy-devel-1.8.0-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): python-numpy-1.8.0-5.8.1 python-numpy-debuginfo-1.8.0-5.8.1 python-numpy-debugsource-1.8.0-5.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): python-numpy-1.8.0-5.8.1 python-numpy-debuginfo-1.8.0-5.8.1 python-numpy-debugsource-1.8.0-5.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): python-numpy-1.8.0-5.8.1 python-numpy-debuginfo-1.8.0-5.8.1 python-numpy-debugsource-1.8.0-5.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): python-numpy-1.8.0-5.8.1 python-numpy-debuginfo-1.8.0-5.8.1 python-numpy-debugsource-1.8.0-5.8.1 References: https://www.suse.com/security/cve/CVE-2019-6446.html https://bugzilla.suse.com/1122208 From sle-security-updates at lists.suse.com Mon Feb 18 13:09:34 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 18 Feb 2019 21:09:34 +0100 (CET) Subject: SUSE-SU-2019:0422-1: important: Security update for kernel-firmware Message-ID: <20190218200934.80C44FF2D@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0422-1 Rating: important References: #1104301 Cross-References: CVE-2018-5383 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-422=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-firmware-20140807git-5.11.1 ucode-amd-20140807git-5.11.1 References: https://www.suse.com/security/cve/CVE-2018-5383.html https://bugzilla.suse.com/1104301 From sle-security-updates at lists.suse.com Mon Feb 18 13:11:16 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 18 Feb 2019 21:11:16 +0100 (CET) Subject: SUSE-SU-2019:0424-1: important: Security update for systemd Message-ID: <20190218201116.B9060FF2D@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0424-1 Rating: important References: #1125352 Cross-References: CVE-2019-6454 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-424=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libgudev-1_0-0-210-70.77.1 libgudev-1_0-0-debuginfo-210-70.77.1 libgudev-1_0-devel-210-70.77.1 libudev-devel-210-70.77.1 libudev1-210-70.77.1 libudev1-debuginfo-210-70.77.1 systemd-210-70.77.1 systemd-debuginfo-210-70.77.1 systemd-debugsource-210-70.77.1 systemd-devel-210-70.77.1 systemd-sysvinit-210-70.77.1 typelib-1_0-GUdev-1_0-210-70.77.1 udev-210-70.77.1 udev-debuginfo-210-70.77.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libgudev-1_0-0-32bit-210-70.77.1 libgudev-1_0-0-debuginfo-32bit-210-70.77.1 libudev1-32bit-210-70.77.1 libudev1-debuginfo-32bit-210-70.77.1 systemd-32bit-210-70.77.1 systemd-debuginfo-32bit-210-70.77.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): systemd-bash-completion-210-70.77.1 References: https://www.suse.com/security/cve/CVE-2019-6454.html https://bugzilla.suse.com/1125352 From sle-security-updates at lists.suse.com Mon Feb 18 13:11:48 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 18 Feb 2019 21:11:48 +0100 (CET) Subject: SUSE-SU-2019:0425-1: important: Security update for systemd Message-ID: <20190218201148.D1F87FF2D@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0425-1 Rating: important References: #1125352 Cross-References: CVE-2019-6454 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-425=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libgudev-1_0-0-210-116.22.1 libgudev-1_0-0-debuginfo-210-116.22.1 libgudev-1_0-devel-210-116.22.1 libudev-devel-210-116.22.1 libudev1-210-116.22.1 libudev1-debuginfo-210-116.22.1 systemd-210-116.22.1 systemd-debuginfo-210-116.22.1 systemd-debugsource-210-116.22.1 systemd-devel-210-116.22.1 systemd-sysvinit-210-116.22.1 typelib-1_0-GUdev-1_0-210-116.22.1 udev-210-116.22.1 udev-debuginfo-210-116.22.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libgudev-1_0-0-32bit-210-116.22.1 libgudev-1_0-0-debuginfo-32bit-210-116.22.1 libudev1-32bit-210-116.22.1 libudev1-debuginfo-32bit-210-116.22.1 systemd-32bit-210-116.22.1 systemd-debuginfo-32bit-210-116.22.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): systemd-bash-completion-210-116.22.1 References: https://www.suse.com/security/cve/CVE-2019-6454.html https://bugzilla.suse.com/1125352 From sle-security-updates at lists.suse.com Mon Feb 18 13:12:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 18 Feb 2019 21:12:19 +0100 (CET) Subject: SUSE-SU-2019:0423-1: important: Security update for qemu Message-ID: <20190218201219.EE964FF2D@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0423-1 Rating: important References: #1063993 #1079730 #1100408 #1101982 #1112646 #1114957 #1116717 #1117275 #1119493 #1121600 #1123156 #1123179 Cross-References: CVE-2018-16872 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 7 fixes is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-18954: Fixed a denial of service vulnerability related to PowerPC PowerNV memory operations (bsc#1114957). Non-security issues fixed: - Improved disk performance for qemu on xen (bsc#1100408). - Fixed xen offline migration (bsc#1079730, bsc#1101982, bsc#1063993). - Fixed pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600). - Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646). - Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-423=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-423=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-423=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): qemu-2.11.2-9.20.1 qemu-block-curl-2.11.2-9.20.1 qemu-block-curl-debuginfo-2.11.2-9.20.1 qemu-block-iscsi-2.11.2-9.20.1 qemu-block-iscsi-debuginfo-2.11.2-9.20.1 qemu-block-rbd-2.11.2-9.20.1 qemu-block-rbd-debuginfo-2.11.2-9.20.1 qemu-block-ssh-2.11.2-9.20.1 qemu-block-ssh-debuginfo-2.11.2-9.20.1 qemu-debuginfo-2.11.2-9.20.1 qemu-debugsource-2.11.2-9.20.1 qemu-guest-agent-2.11.2-9.20.1 qemu-guest-agent-debuginfo-2.11.2-9.20.1 qemu-lang-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (s390x x86_64): qemu-kvm-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (ppc64le): qemu-ppc-2.11.2-9.20.1 qemu-ppc-debuginfo-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64): qemu-arm-2.11.2-9.20.1 qemu-arm-debuginfo-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): qemu-x86-2.11.2-9.20.1 qemu-x86-debuginfo-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): qemu-ipxe-1.0.0+-9.20.1 qemu-seabios-1.11.0-9.20.1 qemu-sgabios-8-9.20.1 qemu-vgabios-1.11.0-9.20.1 - SUSE Linux Enterprise Module for Server Applications 15 (s390x): qemu-s390-2.11.2-9.20.1 qemu-s390-debuginfo-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): qemu-block-dmg-2.11.2-9.20.1 qemu-block-dmg-debuginfo-2.11.2-9.20.1 qemu-debuginfo-2.11.2-9.20.1 qemu-debugsource-2.11.2-9.20.1 qemu-extra-2.11.2-9.20.1 qemu-extra-debuginfo-2.11.2-9.20.1 qemu-linux-user-2.11.2-9.20.1 qemu-linux-user-debuginfo-2.11.2-9.20.1 qemu-linux-user-debugsource-2.11.2-9.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-2.11.2-9.20.1 qemu-debugsource-2.11.2-9.20.1 qemu-tools-2.11.2-9.20.1 qemu-tools-debuginfo-2.11.2-9.20.1 References: https://www.suse.com/security/cve/CVE-2018-16872.html https://www.suse.com/security/cve/CVE-2018-18954.html https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1063993 https://bugzilla.suse.com/1079730 https://bugzilla.suse.com/1100408 https://bugzilla.suse.com/1101982 https://bugzilla.suse.com/1112646 https://bugzilla.suse.com/1114957 https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1119493 https://bugzilla.suse.com/1121600 https://bugzilla.suse.com/1123156 https://bugzilla.suse.com/1123179 From sle-security-updates at lists.suse.com Mon Feb 18 13:14:45 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 18 Feb 2019 21:14:45 +0100 (CET) Subject: SUSE-SU-2019:0426-1: important: Security update for systemd Message-ID: <20190218201445.CF086FF2D@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0426-1 Rating: important References: #1117025 #1121563 #1122000 #1123333 #1123727 #1123892 #1124153 #1125352 Cross-References: CVE-2019-6454 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352) - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - logind: fix bad error propagation - login: log session state "closing" (as well as New/Removed) - logind: fix borked r check - login: don't remove all devices from PID1 when only one was removed - login: we only allow opening character devices - login: correct comment in session_device_free() - login: remember that fds received from PID1 need to be removed eventually - login: fix FDNAME in call to sd_pid_notify_with_fds() - logind: fd 0 is a valid fd - logind: rework sd_eviocrevoke() - logind: check file is device node before using .st_rdev - logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153) - core: add a new sd_notify() message for removing fds from the FD store again - logind: make sure we don't trip up on half-initialized session devices (bsc#1123727) - fd-util: accept that kcmp might fail with EPERM/EACCES - core: Fix use after free case in load_from_path() (bsc#1121563) - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - core: free lines after reading them (bsc#1123892) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-426=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-426=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libsystemd0-mini-234-24.25.1 libsystemd0-mini-debuginfo-234-24.25.1 libudev-mini-devel-234-24.25.1 libudev-mini1-234-24.25.1 libudev-mini1-debuginfo-234-24.25.1 nss-myhostname-234-24.25.1 nss-myhostname-debuginfo-234-24.25.1 nss-mymachines-234-24.25.1 nss-mymachines-debuginfo-234-24.25.1 nss-systemd-234-24.25.1 nss-systemd-debuginfo-234-24.25.1 systemd-debuginfo-234-24.25.1 systemd-debugsource-234-24.25.1 systemd-logger-234-24.25.1 systemd-mini-234-24.25.1 systemd-mini-container-mini-234-24.25.1 systemd-mini-container-mini-debuginfo-234-24.25.1 systemd-mini-coredump-mini-234-24.25.1 systemd-mini-coredump-mini-debuginfo-234-24.25.1 systemd-mini-debuginfo-234-24.25.1 systemd-mini-debugsource-234-24.25.1 systemd-mini-devel-234-24.25.1 systemd-mini-sysvinit-234-24.25.1 udev-mini-234-24.25.1 udev-mini-debuginfo-234-24.25.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): systemd-mini-bash-completion-234-24.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.25.1 libsystemd0-debuginfo-234-24.25.1 libudev-devel-234-24.25.1 libudev1-234-24.25.1 libudev1-debuginfo-234-24.25.1 systemd-234-24.25.1 systemd-container-234-24.25.1 systemd-container-debuginfo-234-24.25.1 systemd-coredump-234-24.25.1 systemd-coredump-debuginfo-234-24.25.1 systemd-debuginfo-234-24.25.1 systemd-debugsource-234-24.25.1 systemd-devel-234-24.25.1 systemd-sysvinit-234-24.25.1 udev-234-24.25.1 udev-debuginfo-234-24.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): systemd-bash-completion-234-24.25.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libsystemd0-32bit-234-24.25.1 libsystemd0-32bit-debuginfo-234-24.25.1 libudev1-32bit-234-24.25.1 libudev1-32bit-debuginfo-234-24.25.1 systemd-32bit-234-24.25.1 systemd-32bit-debuginfo-234-24.25.1 References: https://www.suse.com/security/cve/CVE-2019-6454.html https://bugzilla.suse.com/1117025 https://bugzilla.suse.com/1121563 https://bugzilla.suse.com/1122000 https://bugzilla.suse.com/1123333 https://bugzilla.suse.com/1123727 https://bugzilla.suse.com/1123892 https://bugzilla.suse.com/1124153 https://bugzilla.suse.com/1125352 From sle-security-updates at lists.suse.com Tue Feb 19 07:10:51 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 19 Feb 2019 15:10:51 +0100 (CET) Subject: SUSE-SU-2019:0427-1: important: Security update for kernel-firmware Message-ID: <20190219141051.51B6EFF2D@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0427-1 Rating: important References: #1104301 Cross-References: CVE-2018-5383 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-427=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-firmware-20160516git-10.16.1 ucode-amd-20160516git-10.16.1 References: https://www.suse.com/security/cve/CVE-2018-5383.html https://bugzilla.suse.com/1104301 From sle-security-updates at lists.suse.com Tue Feb 19 07:12:28 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 19 Feb 2019 15:12:28 +0100 (CET) Subject: SUSE-SU-2019:0428-1: important: Security update for systemd Message-ID: <20190219141228.ED8A4FF2D@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0428-1 Rating: important References: #1111498 #1117025 #1117382 #1120658 #1122000 #1122344 #1123333 #1123892 #1125352 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Other bug fixes and changes: - journal-remote: set a limit on the number of fields in a message - journal-remote: verify entry length from header - journald: set a limit on the number of fields (1k) - journald: do not store the iovec entry for process commandline on stack - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - manager: don't skip sigchld handler for main and control pid for services (#3738) - core: Add helper functions unit_{main, control}_pid - manager: Fixing a debug printf formatting mistake (#3640) - manager: Only invoke a single sigchld per unit within a cleanup cycle (bsc#1117382) - core: update invoke_sigchld_event() to handle NULL ->sigchld_event() - sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#3631) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (bsc#1122344) - core: when restarting services, don't close fds - cryptsetup: Add dependency on loopback setup to generated units - journal-gateway: use localStorage["cursor"] only when it has valid value - journal-gateway: explicitly declare local variables - analyze: actually select longest activated-time of services - sd-bus: fix implicit downcast of bitfield reported by LGTM - core: free lines after reading them (bsc#1123892) - pam_systemd: reword message about not creating a session (bsc#1111498) - pam_systemd: suppress LOG_DEBUG log messages if debugging is off (bsc#1111498) - main: improve RLIMIT_NOFILE handling (#5795) (bsc#1120658) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) (bsc#1123333) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-428=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-428=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-428=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-428=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-428=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-428=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-428=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-428=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-428=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-428=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-428=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-428=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libsystemd0-228-150.63.1 libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE OpenStack Cloud 7 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-devel-228-150.63.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-devel-228-150.63.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsystemd0-228-150.63.1 libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsystemd0-228-150.63.1 libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsystemd0-228-150.63.1 libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Enterprise Storage 4 (noarch): systemd-bash-completion-228-150.63.1 - SUSE Enterprise Storage 4 (x86_64): libsystemd0-228-150.63.1 libsystemd0-32bit-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libsystemd0-debuginfo-32bit-228-150.63.1 libudev1-228-150.63.1 libudev1-32bit-228-150.63.1 libudev1-debuginfo-228-150.63.1 libudev1-debuginfo-32bit-228-150.63.1 systemd-228-150.63.1 systemd-32bit-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debuginfo-32bit-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE CaaS Platform ALL (x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - SUSE CaaS Platform 3.0 (x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsystemd0-228-150.63.1 libsystemd0-debuginfo-228-150.63.1 libudev1-228-150.63.1 libudev1-debuginfo-228-150.63.1 systemd-228-150.63.1 systemd-debuginfo-228-150.63.1 systemd-debugsource-228-150.63.1 systemd-sysvinit-228-150.63.1 udev-228-150.63.1 udev-debuginfo-228-150.63.1 References: https://bugzilla.suse.com/1111498 https://bugzilla.suse.com/1117025 https://bugzilla.suse.com/1117382 https://bugzilla.suse.com/1120658 https://bugzilla.suse.com/1122000 https://bugzilla.suse.com/1122344 https://bugzilla.suse.com/1123333 https://bugzilla.suse.com/1123892 https://bugzilla.suse.com/1125352 From sle-security-updates at lists.suse.com Tue Feb 19 10:12:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 19 Feb 2019 18:12:38 +0100 (CET) Subject: SUSE-SU-2019:0435-1: important: Security update for qemu Message-ID: <20190219171238.56C49FF2D@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0435-1 Rating: important References: #1063993 #1079730 #1100408 #1101982 #1112646 #1114957 #1116717 #1117275 #1119493 #1121600 #1123156 #1123179 Cross-References: CVE-2018-16872 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 7 fixes is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-18954: Fixed a denial of service vulnerability related to PowerPC PowerNV memory operations (bsc#1114957). Non-security issues fixed: - Improved disk performance for qemu on xen (bsc#1100408). - Fixed xen offline migration (bsc#1079730, bsc#1101982, bsc#1063993). - Fixed pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600). - Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646). - Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-435=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-435=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): qemu-2.11.2-5.8.1 qemu-block-curl-2.11.2-5.8.1 qemu-block-curl-debuginfo-2.11.2-5.8.1 qemu-block-iscsi-2.11.2-5.8.1 qemu-block-iscsi-debuginfo-2.11.2-5.8.1 qemu-block-ssh-2.11.2-5.8.1 qemu-block-ssh-debuginfo-2.11.2-5.8.1 qemu-debugsource-2.11.2-5.8.1 qemu-guest-agent-2.11.2-5.8.1 qemu-guest-agent-debuginfo-2.11.2-5.8.1 qemu-lang-2.11.2-5.8.1 qemu-tools-2.11.2-5.8.1 qemu-tools-debuginfo-2.11.2-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): qemu-block-rbd-2.11.2-5.8.1 qemu-block-rbd-debuginfo-2.11.2-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): qemu-kvm-2.11.2-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64): qemu-arm-2.11.2-5.8.1 qemu-arm-debuginfo-2.11.2-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le): qemu-ppc-2.11.2-5.8.1 qemu-ppc-debuginfo-2.11.2-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): qemu-x86-2.11.2-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): qemu-ipxe-1.0.0+-5.8.1 qemu-seabios-1.11.0-5.8.1 qemu-sgabios-8-5.8.1 qemu-vgabios-1.11.0-5.8.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): qemu-s390-2.11.2-5.8.1 qemu-s390-debuginfo-2.11.2-5.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): qemu-2.11.2-5.8.1 qemu-block-curl-2.11.2-5.8.1 qemu-block-curl-debuginfo-2.11.2-5.8.1 qemu-debugsource-2.11.2-5.8.1 qemu-kvm-2.11.2-5.8.1 qemu-tools-2.11.2-5.8.1 qemu-tools-debuginfo-2.11.2-5.8.1 qemu-x86-2.11.2-5.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): qemu-ipxe-1.0.0+-5.8.1 qemu-seabios-1.11.0-5.8.1 qemu-sgabios-8-5.8.1 qemu-vgabios-1.11.0-5.8.1 References: https://www.suse.com/security/cve/CVE-2018-16872.html https://www.suse.com/security/cve/CVE-2018-18954.html https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1063993 https://bugzilla.suse.com/1079730 https://bugzilla.suse.com/1100408 https://bugzilla.suse.com/1101982 https://bugzilla.suse.com/1112646 https://bugzilla.suse.com/1114957 https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1119493 https://bugzilla.suse.com/1121600 https://bugzilla.suse.com/1123156 https://bugzilla.suse.com/1123179 From sle-security-updates at lists.suse.com Tue Feb 19 13:09:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 19 Feb 2019 21:09:38 +0100 (CET) Subject: SUSE-SU-2019:0438-1: important: Security update for gvfs Message-ID: <20190219200938.40EB8F7BB@maintenance.suse.de> SUSE Security Update: Security update for gvfs ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0438-1 Rating: important References: #1125084 Cross-References: CVE-2019-3827 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gvfs fixes the following issues: Security vulnerability fixed: - CVE-2019-3827: Fixed an issue whereby an unprivileged user was not prompted to give a password when acessing root owned files. (bsc#1125084) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-438=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gvfs-1.34.2.1-4.6.1 gvfs-backend-afc-1.34.2.1-4.6.1 gvfs-backend-afc-debuginfo-1.34.2.1-4.6.1 gvfs-backend-samba-1.34.2.1-4.6.1 gvfs-backend-samba-debuginfo-1.34.2.1-4.6.1 gvfs-backends-1.34.2.1-4.6.1 gvfs-backends-debuginfo-1.34.2.1-4.6.1 gvfs-debuginfo-1.34.2.1-4.6.1 gvfs-debugsource-1.34.2.1-4.6.1 gvfs-devel-1.34.2.1-4.6.1 gvfs-fuse-1.34.2.1-4.6.1 gvfs-fuse-debuginfo-1.34.2.1-4.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gvfs-lang-1.34.2.1-4.6.1 References: https://www.suse.com/security/cve/CVE-2019-3827.html https://bugzilla.suse.com/1125084 From sle-security-updates at lists.suse.com Tue Feb 19 13:10:12 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 19 Feb 2019 21:10:12 +0100 (CET) Subject: SUSE-SU-2019:0439-1: important: Security update for the Linux Kernel Message-ID: <20190219201012.25CA5F7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0439-1 Rating: important References: #1012382 #1023175 #1042286 #1065600 #1065726 #1070805 #1084721 #1086095 #1086535 #1091158 #1091171 #1091197 #1094825 #1095344 #1098996 #1099523 #1099597 #1100105 #1101555 #1103624 #1104731 #1105025 #1105931 #1106293 #1107256 #1107299 #1107385 #1107866 #1108145 #1108498 #1109330 #1110286 #1110837 #1111062 #1113192 #1113751 #1113769 #1114190 #1114648 #1114763 #1115433 #1115440 #1116027 #1116183 #1116345 #1117186 #1117187 #1118152 #1118319 #1119714 #1119946 #1119947 #1120743 #1120758 #1121621 #1123161 Cross-References: CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18386 CVE-2018-18690 CVE-2018-18710 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9516 CVE-2018-9568 CVE-2019-3459 CVE-2019-3460 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 43 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bnc#1108498). - CVE-2019-3459, CVE-2019-3460: The Blutooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). The following non-security bugs were fixed: - aio: hold an extra file reference over AIO read/write operations (bsc#1116027). - ata: Fix racy link clearance (bsc#1107866). - btrfs: Fix wrong first_key parameter in replace_path (follow up fixes for bsc#1084721). - cgroup, netclassid: add a preemption point to write_classid (bnc#1098996). - cifs: Fix infinite loop when using hard mount option (bsc#1091171). - dm round robin: revert "use percpu 'repeat_count' and 'current_path'" (bsc#1113192) - fscache: fix race between enablement and dropping of object (bsc#1107385). - ibmvnic: fix index in release_rx_pools (bsc#1115440). - ip: hash fragments consistently (bsc#1042286 bsc#1108145). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105). - ixgbe: Add support for build_skb (bsc#1100105). - ixgbe: Add support for padding packet (bsc#1100105). - ixgbe: Break out Rx buffer page management (bsc#1100105). - ixgbe: Fix output from ixgbe_dump (bsc#1100105). - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105). - ixgbe: Only DMA sync frame length (bsc#1100105). - ixgbe: Update code to better handle incrementing page count (bsc#1100105). - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105). - ixgbe: Use length to determine if descriptor is done (bsc#1100105). - libfc: sync strings with upstream versions (bsc#1114763). - md: reorder flag_bits to match upstream commits The ordering in the patches was backward. - mm: add support for releasing multiple instances of a page (bsc#1100105). - mm: rename __page_frag functions to __page_frag_cache, drop order from drain (bsc#1100105). - net: ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - NFS: add nostatflush mount option (bsc#1065726). - nospec: Include dependency (bsc#1114648). - ovl: after setting xattributes, you need to copy the attributes in order to make sure the mode and ctime/mtime is set (bsc#1107299). - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805). - Revert "kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)" This reverts commit 54da5757cbbb39ab15b3cd09cf922a8a9e32209c. - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1042286 bsc#1108145). - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1091197). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1103624, bsc#1104731). - sd: disable logical block provisioning if 'lpbme' is not set (bsc#1086095). - tcp: prevent bogus FRTO undos with non-SACK flows (bsc#1086535). - Update ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433). - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bsc#1105931). - x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface (bsc#1105931). - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bsc#1105931). - x86/entry/64: sanitize extra registers on syscall entry (bsc#1105931). - x86/kaiser: Avoid loosing NMIs when using trampoline stack (bsc#1106293 bsc#1099597). - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158, bsc#1101555, bsc#1117187). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen/blkfront: correct purging of persistent grants (bnc#1065600). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netback: dont overflow meta array (bnc#1099523). - xen/netfront: do not bug in case of too many frags (bnc#1012382). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs/dmapi: restore event in xfs_getbmap (bsc#1095344, bsc#1114763). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-439=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-439=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-439=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-439=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-439=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-439=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-439=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.101.1 kernel-default-base-4.4.121-92.101.1 kernel-default-base-debuginfo-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 kernel-default-devel-4.4.121-92.101.1 kernel-syms-4.4.121-92.101.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.101.1 kernel-macros-4.4.121-92.101.1 kernel-source-4.4.121-92.101.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_101-default-1-3.3.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.101.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.101.1 kernel-default-base-4.4.121-92.101.1 kernel-default-base-debuginfo-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 kernel-default-devel-4.4.121-92.101.1 kernel-syms-4.4.121-92.101.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.101.1 kernel-macros-4.4.121-92.101.1 kernel-source-4.4.121-92.101.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_101-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.101.1 kernel-default-base-4.4.121-92.101.1 kernel-default-base-debuginfo-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 kernel-default-devel-4.4.121-92.101.1 kernel-syms-4.4.121-92.101.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_101-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.101.1 kernel-macros-4.4.121-92.101.1 kernel-source-4.4.121-92.101.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.101.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.101.1 kernel-default-base-4.4.121-92.101.1 kernel-default-base-debuginfo-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 kernel-default-devel-4.4.121-92.101.1 kernel-syms-4.4.121-92.101.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.101.1 kernel-macros-4.4.121-92.101.1 kernel-source-4.4.121-92.101.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.101.1 cluster-md-kmp-default-debuginfo-4.4.121-92.101.1 cluster-network-kmp-default-4.4.121-92.101.1 cluster-network-kmp-default-debuginfo-4.4.121-92.101.1 dlm-kmp-default-4.4.121-92.101.1 dlm-kmp-default-debuginfo-4.4.121-92.101.1 gfs2-kmp-default-4.4.121-92.101.1 gfs2-kmp-default-debuginfo-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 ocfs2-kmp-default-4.4.121-92.101.1 ocfs2-kmp-default-debuginfo-4.4.121-92.101.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.101.1 kernel-default-base-4.4.121-92.101.1 kernel-default-base-debuginfo-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 kernel-default-devel-4.4.121-92.101.1 kernel-syms-4.4.121-92.101.1 kgraft-patch-4_4_121-92_101-default-1-3.3.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.101.1 kernel-macros-4.4.121-92.101.1 kernel-source-4.4.121-92.101.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.121-92.101.1 kernel-default-debuginfo-4.4.121-92.101.1 kernel-default-debugsource-4.4.121-92.101.1 References: https://www.suse.com/security/cve/CVE-2018-16862.html https://www.suse.com/security/cve/CVE-2018-16884.html https://www.suse.com/security/cve/CVE-2018-18281.html https://www.suse.com/security/cve/CVE-2018-18386.html https://www.suse.com/security/cve/CVE-2018-18690.html https://www.suse.com/security/cve/CVE-2018-18710.html https://www.suse.com/security/cve/CVE-2018-19824.html https://www.suse.com/security/cve/CVE-2018-19985.html https://www.suse.com/security/cve/CVE-2018-20169.html https://www.suse.com/security/cve/CVE-2018-9516.html https://www.suse.com/security/cve/CVE-2018-9568.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065726 https://bugzilla.suse.com/1070805 https://bugzilla.suse.com/1084721 https://bugzilla.suse.com/1086095 https://bugzilla.suse.com/1086535 https://bugzilla.suse.com/1091158 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1091197 https://bugzilla.suse.com/1094825 https://bugzilla.suse.com/1095344 https://bugzilla.suse.com/1098996 https://bugzilla.suse.com/1099523 https://bugzilla.suse.com/1099597 https://bugzilla.suse.com/1100105 https://bugzilla.suse.com/1101555 https://bugzilla.suse.com/1103624 https://bugzilla.suse.com/1104731 https://bugzilla.suse.com/1105025 https://bugzilla.suse.com/1105931 https://bugzilla.suse.com/1106293 https://bugzilla.suse.com/1107256 https://bugzilla.suse.com/1107299 https://bugzilla.suse.com/1107385 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1108145 https://bugzilla.suse.com/1108498 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1110286 https://bugzilla.suse.com/1110837 https://bugzilla.suse.com/1111062 https://bugzilla.suse.com/1113192 https://bugzilla.suse.com/1113751 https://bugzilla.suse.com/1113769 https://bugzilla.suse.com/1114190 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114763 https://bugzilla.suse.com/1115433 https://bugzilla.suse.com/1115440 https://bugzilla.suse.com/1116027 https://bugzilla.suse.com/1116183 https://bugzilla.suse.com/1116345 https://bugzilla.suse.com/1117186 https://bugzilla.suse.com/1117187 https://bugzilla.suse.com/1118152 https://bugzilla.suse.com/1118319 https://bugzilla.suse.com/1119714 https://bugzilla.suse.com/1119946 https://bugzilla.suse.com/1119947 https://bugzilla.suse.com/1120743 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1121621 https://bugzilla.suse.com/1123161 From sle-security-updates at lists.suse.com Wed Feb 20 04:10:29 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Feb 2019 12:10:29 +0100 (CET) Subject: SUSE-SU-2019:0447-1: moderate: Security update for libqt5-qtbase Message-ID: <20190220111029.A3D75FFF0@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0447-1 Rating: moderate References: #1096328 #1099874 #1108889 #1118595 #1118596 #1120639 Cross-References: CVE-2018-15518 CVE-2018-19873 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for libqt5-qtbase provides the following fixes: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Non-security issues fixed: - Fix dynamic loading of libGL. (bsc#1099874) - Make sure printer settings are properly remembered. (bsc#1096328) - Add patch to fix fails to load pixmap cursors on XRender less system (bsc#1108889) - Fix krita pop-up palette not working properly (bsc#1120639) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-447=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-447=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-447=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.9.4-8.11.13 libqt5-qtbase-debugsource-5.9.4-8.11.13 libqt5-qtbase-examples-5.9.4-8.11.13 libqt5-qtbase-examples-debuginfo-5.9.4-8.11.13 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libQt5OpenGLExtensions-devel-static-5.9.4-8.11.13 libQt5Sql5-mysql-5.9.4-8.11.13 libQt5Sql5-mysql-debuginfo-5.9.4-8.11.13 libQt5Sql5-postgresql-5.9.4-8.11.13 libQt5Sql5-postgresql-debuginfo-5.9.4-8.11.13 libQt5Sql5-unixODBC-5.9.4-8.11.13 libQt5Sql5-unixODBC-debuginfo-5.9.4-8.11.13 libqt5-qtbase-debugsource-5.9.4-8.11.13 libqt5-qtbase-platformtheme-gtk3-5.9.4-8.11.13 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-8.11.13 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libQt5Concurrent-devel-5.9.4-8.11.13 libQt5Concurrent5-5.9.4-8.11.13 libQt5Concurrent5-debuginfo-5.9.4-8.11.13 libQt5Core-devel-5.9.4-8.11.13 libQt5Core5-5.9.4-8.11.13 libQt5Core5-debuginfo-5.9.4-8.11.13 libQt5DBus-devel-5.9.4-8.11.13 libQt5DBus-devel-debuginfo-5.9.4-8.11.13 libQt5DBus5-5.9.4-8.11.13 libQt5DBus5-debuginfo-5.9.4-8.11.13 libQt5Gui-devel-5.9.4-8.11.13 libQt5Gui5-5.9.4-8.11.13 libQt5Gui5-debuginfo-5.9.4-8.11.13 libQt5KmsSupport-devel-static-5.9.4-8.11.13 libQt5Network-devel-5.9.4-8.11.13 libQt5Network5-5.9.4-8.11.13 libQt5Network5-debuginfo-5.9.4-8.11.13 libQt5OpenGL-devel-5.9.4-8.11.13 libQt5OpenGL5-5.9.4-8.11.13 libQt5OpenGL5-debuginfo-5.9.4-8.11.13 libQt5PlatformHeaders-devel-5.9.4-8.11.13 libQt5PlatformSupport-devel-static-5.9.4-8.11.13 libQt5PrintSupport-devel-5.9.4-8.11.13 libQt5PrintSupport5-5.9.4-8.11.13 libQt5PrintSupport5-debuginfo-5.9.4-8.11.13 libQt5Sql-devel-5.9.4-8.11.13 libQt5Sql5-5.9.4-8.11.13 libQt5Sql5-debuginfo-5.9.4-8.11.13 libQt5Sql5-sqlite-5.9.4-8.11.13 libQt5Sql5-sqlite-debuginfo-5.9.4-8.11.13 libQt5Test-devel-5.9.4-8.11.13 libQt5Test5-5.9.4-8.11.13 libQt5Test5-debuginfo-5.9.4-8.11.13 libQt5Widgets-devel-5.9.4-8.11.13 libQt5Widgets5-5.9.4-8.11.13 libQt5Widgets5-debuginfo-5.9.4-8.11.13 libQt5Xml-devel-5.9.4-8.11.13 libQt5Xml5-5.9.4-8.11.13 libQt5Xml5-debuginfo-5.9.4-8.11.13 libqt5-qtbase-common-devel-5.9.4-8.11.13 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.11.13 libqt5-qtbase-debugsource-5.9.4-8.11.13 libqt5-qtbase-devel-5.9.4-8.11.13 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libQt5Core-private-headers-devel-5.9.4-8.11.13 libQt5DBus-private-headers-devel-5.9.4-8.11.13 libQt5Gui-private-headers-devel-5.9.4-8.11.13 libQt5KmsSupport-private-headers-devel-5.9.4-8.11.13 libQt5Network-private-headers-devel-5.9.4-8.11.13 libQt5OpenGL-private-headers-devel-5.9.4-8.11.13 libQt5PlatformSupport-private-headers-devel-5.9.4-8.11.13 libQt5PrintSupport-private-headers-devel-5.9.4-8.11.13 libQt5Sql-private-headers-devel-5.9.4-8.11.13 libQt5Test-private-headers-devel-5.9.4-8.11.13 libQt5Widgets-private-headers-devel-5.9.4-8.11.13 libqt5-qtbase-private-headers-devel-5.9.4-8.11.13 References: https://www.suse.com/security/cve/CVE-2018-15518.html https://www.suse.com/security/cve/CVE-2018-19873.html https://bugzilla.suse.com/1096328 https://bugzilla.suse.com/1099874 https://bugzilla.suse.com/1108889 https://bugzilla.suse.com/1118595 https://bugzilla.suse.com/1118596 https://bugzilla.suse.com/1120639 From sle-security-updates at lists.suse.com Wed Feb 20 04:13:22 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Feb 2019 12:13:22 +0100 (CET) Subject: SUSE-SU-2019:0448-1: important: Security update for python-numpy Message-ID: <20190220111322.DA36DFFD0@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0448-1 Rating: important References: #1122208 Cross-References: CVE-2019-6446 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2019-448=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): python-numpy_1_13_3-gnu-hpc-1.13.3-4.9.1 python-numpy_1_13_3-gnu-hpc-debuginfo-1.13.3-4.9.1 python-numpy_1_13_3-gnu-hpc-debugsource-1.13.3-4.9.1 python-numpy_1_13_3-gnu-hpc-devel-1.13.3-4.9.1 python2-numpy-gnu-hpc-1.13.3-4.9.1 python2-numpy-gnu-hpc-devel-1.13.3-4.9.1 python3-numpy-gnu-hpc-1.13.3-4.9.1 python3-numpy-gnu-hpc-devel-1.13.3-4.9.1 python3-numpy_1_13_3-gnu-hpc-1.13.3-4.9.1 python3-numpy_1_13_3-gnu-hpc-debuginfo-1.13.3-4.9.1 python3-numpy_1_13_3-gnu-hpc-devel-1.13.3-4.9.1 References: https://www.suse.com/security/cve/CVE-2019-6446.html https://bugzilla.suse.com/1122208 From sle-security-updates at lists.suse.com Wed Feb 20 10:09:33 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Feb 2019 18:09:33 +0100 (CET) Subject: SUSE-SU-2019:0449-1: moderate: Security update for php5 Message-ID: <20190220170933.A691CFD0B@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0449-1 Rating: moderate References: #1123354 Cross-References: CVE-2019-6977 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php5 fixes the following issues: Security vulnerability fixed: - CVE-2019-6977: Fixed a heap buffer overflow in gdImageColorMatch in gd_color_match.c (bsc#1123354) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-449=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-449=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-449=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.48.1 php5-debugsource-5.5.14-109.48.1 php5-devel-5.5.14-109.48.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.48.1 php5-debugsource-5.5.14-109.48.1 php5-devel-5.5.14-109.48.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.48.1 apache2-mod_php5-debuginfo-5.5.14-109.48.1 php5-5.5.14-109.48.1 php5-bcmath-5.5.14-109.48.1 php5-bcmath-debuginfo-5.5.14-109.48.1 php5-bz2-5.5.14-109.48.1 php5-bz2-debuginfo-5.5.14-109.48.1 php5-calendar-5.5.14-109.48.1 php5-calendar-debuginfo-5.5.14-109.48.1 php5-ctype-5.5.14-109.48.1 php5-ctype-debuginfo-5.5.14-109.48.1 php5-curl-5.5.14-109.48.1 php5-curl-debuginfo-5.5.14-109.48.1 php5-dba-5.5.14-109.48.1 php5-dba-debuginfo-5.5.14-109.48.1 php5-debuginfo-5.5.14-109.48.1 php5-debugsource-5.5.14-109.48.1 php5-dom-5.5.14-109.48.1 php5-dom-debuginfo-5.5.14-109.48.1 php5-enchant-5.5.14-109.48.1 php5-enchant-debuginfo-5.5.14-109.48.1 php5-exif-5.5.14-109.48.1 php5-exif-debuginfo-5.5.14-109.48.1 php5-fastcgi-5.5.14-109.48.1 php5-fastcgi-debuginfo-5.5.14-109.48.1 php5-fileinfo-5.5.14-109.48.1 php5-fileinfo-debuginfo-5.5.14-109.48.1 php5-fpm-5.5.14-109.48.1 php5-fpm-debuginfo-5.5.14-109.48.1 php5-ftp-5.5.14-109.48.1 php5-ftp-debuginfo-5.5.14-109.48.1 php5-gd-5.5.14-109.48.1 php5-gd-debuginfo-5.5.14-109.48.1 php5-gettext-5.5.14-109.48.1 php5-gettext-debuginfo-5.5.14-109.48.1 php5-gmp-5.5.14-109.48.1 php5-gmp-debuginfo-5.5.14-109.48.1 php5-iconv-5.5.14-109.48.1 php5-iconv-debuginfo-5.5.14-109.48.1 php5-imap-5.5.14-109.48.1 php5-imap-debuginfo-5.5.14-109.48.1 php5-intl-5.5.14-109.48.1 php5-intl-debuginfo-5.5.14-109.48.1 php5-json-5.5.14-109.48.1 php5-json-debuginfo-5.5.14-109.48.1 php5-ldap-5.5.14-109.48.1 php5-ldap-debuginfo-5.5.14-109.48.1 php5-mbstring-5.5.14-109.48.1 php5-mbstring-debuginfo-5.5.14-109.48.1 php5-mcrypt-5.5.14-109.48.1 php5-mcrypt-debuginfo-5.5.14-109.48.1 php5-mysql-5.5.14-109.48.1 php5-mysql-debuginfo-5.5.14-109.48.1 php5-odbc-5.5.14-109.48.1 php5-odbc-debuginfo-5.5.14-109.48.1 php5-opcache-5.5.14-109.48.1 php5-opcache-debuginfo-5.5.14-109.48.1 php5-openssl-5.5.14-109.48.1 php5-openssl-debuginfo-5.5.14-109.48.1 php5-pcntl-5.5.14-109.48.1 php5-pcntl-debuginfo-5.5.14-109.48.1 php5-pdo-5.5.14-109.48.1 php5-pdo-debuginfo-5.5.14-109.48.1 php5-pgsql-5.5.14-109.48.1 php5-pgsql-debuginfo-5.5.14-109.48.1 php5-phar-5.5.14-109.48.1 php5-phar-debuginfo-5.5.14-109.48.1 php5-posix-5.5.14-109.48.1 php5-posix-debuginfo-5.5.14-109.48.1 php5-pspell-5.5.14-109.48.1 php5-pspell-debuginfo-5.5.14-109.48.1 php5-shmop-5.5.14-109.48.1 php5-shmop-debuginfo-5.5.14-109.48.1 php5-snmp-5.5.14-109.48.1 php5-snmp-debuginfo-5.5.14-109.48.1 php5-soap-5.5.14-109.48.1 php5-soap-debuginfo-5.5.14-109.48.1 php5-sockets-5.5.14-109.48.1 php5-sockets-debuginfo-5.5.14-109.48.1 php5-sqlite-5.5.14-109.48.1 php5-sqlite-debuginfo-5.5.14-109.48.1 php5-suhosin-5.5.14-109.48.1 php5-suhosin-debuginfo-5.5.14-109.48.1 php5-sysvmsg-5.5.14-109.48.1 php5-sysvmsg-debuginfo-5.5.14-109.48.1 php5-sysvsem-5.5.14-109.48.1 php5-sysvsem-debuginfo-5.5.14-109.48.1 php5-sysvshm-5.5.14-109.48.1 php5-sysvshm-debuginfo-5.5.14-109.48.1 php5-tokenizer-5.5.14-109.48.1 php5-tokenizer-debuginfo-5.5.14-109.48.1 php5-wddx-5.5.14-109.48.1 php5-wddx-debuginfo-5.5.14-109.48.1 php5-xmlreader-5.5.14-109.48.1 php5-xmlreader-debuginfo-5.5.14-109.48.1 php5-xmlrpc-5.5.14-109.48.1 php5-xmlrpc-debuginfo-5.5.14-109.48.1 php5-xmlwriter-5.5.14-109.48.1 php5-xmlwriter-debuginfo-5.5.14-109.48.1 php5-xsl-5.5.14-109.48.1 php5-xsl-debuginfo-5.5.14-109.48.1 php5-zip-5.5.14-109.48.1 php5-zip-debuginfo-5.5.14-109.48.1 php5-zlib-5.5.14-109.48.1 php5-zlib-debuginfo-5.5.14-109.48.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.48.1 References: https://www.suse.com/security/cve/CVE-2019-6977.html https://bugzilla.suse.com/1123354 From sle-security-updates at lists.suse.com Wed Feb 20 13:16:21 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Feb 2019 21:16:21 +0100 (CET) Subject: SUSE-SU-2019:0450-1: important: Security update for procps Message-ID: <20190220201621.3B8B4FD4A@maintenance.suse.de> SUSE Security Update: Security update for procps ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0450-1 Rating: important References: #1092100 #1121753 Cross-References: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-450=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-450=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-450=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-450=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-450=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-450=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-450=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-450=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-450=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-450=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-450=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-450=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-450=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-450=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 procps-devel-3.3.9-11.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 procps-devel-3.3.9-11.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE Enterprise Storage 4 (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE CaaS Platform ALL (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - SUSE CaaS Platform 3.0 (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 References: https://www.suse.com/security/cve/CVE-2018-1122.html https://www.suse.com/security/cve/CVE-2018-1123.html https://www.suse.com/security/cve/CVE-2018-1124.html https://www.suse.com/security/cve/CVE-2018-1125.html https://www.suse.com/security/cve/CVE-2018-1126.html https://bugzilla.suse.com/1092100 https://bugzilla.suse.com/1121753 From sle-security-updates at lists.suse.com Thu Feb 21 04:10:34 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 21 Feb 2019 12:10:34 +0100 (CET) Subject: SUSE-SU-2019:0457-1: important: Security update for qemu Message-ID: <20190221111034.31DA8FFD7@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0457-1 Rating: important References: #1116717 #1117275 #1123156 Cross-References: CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). * CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-457=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): qemu-2.0.2-48.49.3 qemu-block-curl-2.0.2-48.49.3 qemu-block-curl-debuginfo-2.0.2-48.49.3 qemu-debugsource-2.0.2-48.49.3 qemu-guest-agent-2.0.2-48.49.3 qemu-guest-agent-debuginfo-2.0.2-48.49.3 qemu-lang-2.0.2-48.49.3 qemu-tools-2.0.2-48.49.3 qemu-tools-debuginfo-2.0.2-48.49.3 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): qemu-kvm-2.0.2-48.49.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le): qemu-ppc-2.0.2-48.49.3 qemu-ppc-debuginfo-2.0.2-48.49.3 - SUSE Linux Enterprise Server 12-LTSS (noarch): qemu-ipxe-1.0.0-48.49.3 qemu-seabios-1.7.4-48.49.3 qemu-sgabios-8-48.49.3 qemu-vgabios-1.7.4-48.49.3 - SUSE Linux Enterprise Server 12-LTSS (x86_64): qemu-block-rbd-2.0.2-48.49.3 qemu-block-rbd-debuginfo-2.0.2-48.49.3 qemu-x86-2.0.2-48.49.3 qemu-x86-debuginfo-2.0.2-48.49.3 - SUSE Linux Enterprise Server 12-LTSS (s390x): qemu-s390-2.0.2-48.49.3 qemu-s390-debuginfo-2.0.2-48.49.3 References: https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1123156 From sle-security-updates at lists.suse.com Thu Feb 21 10:09:20 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 21 Feb 2019 18:09:20 +0100 (CET) Subject: SUSE-SU-2018:3033-2: important: Security update for texlive Message-ID: <20190221170920.A8FE1FEBC@maintenance.suse.de> SUSE Security Update: Security update for texlive ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3033-2 Rating: important References: #1109673 Cross-References: CVE-2018-17407 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-458=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-458=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-458=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-458=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-458=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-458=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-458=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 - SUSE Enterprise Storage 4 (x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 References: https://www.suse.com/security/cve/CVE-2018-17407.html https://bugzilla.suse.com/1109673 From sle-security-updates at lists.suse.com Fri Feb 22 07:25:03 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 22 Feb 2019 15:25:03 +0100 (CET) Subject: SUSE-SU-2019:0466-1: important: Security update for kernel-firmware Message-ID: <20190222142503.B6B7CFD0D@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0466-1 Rating: important References: #1104301 Cross-References: CVE-2018-5383 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-466=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-466=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-466=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-466=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-466=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-466=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-466=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE Enterprise Storage 4 (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 - SUSE CaaS Platform ALL (noarch): kernel-firmware-20170530-21.28.1 - SUSE CaaS Platform 3.0 (noarch): kernel-firmware-20170530-21.28.1 ucode-amd-20170530-21.28.1 References: https://www.suse.com/security/cve/CVE-2018-5383.html https://bugzilla.suse.com/1104301 From sle-security-updates at lists.suse.com Fri Feb 22 10:09:48 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 22 Feb 2019 18:09:48 +0100 (CET) Subject: SUSE-SU-2019:0471-1: important: Security update for qemu Message-ID: <20190222170948.6F211FD0B@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0471-1 Rating: important References: #1116717 #1117275 #1119493 #1123156 Cross-References: CVE-2018-16872 CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issue fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-471=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): qemu-2.3.1-33.20.1 qemu-block-curl-2.3.1-33.20.1 qemu-block-curl-debuginfo-2.3.1-33.20.1 qemu-debugsource-2.3.1-33.20.1 qemu-guest-agent-2.3.1-33.20.1 qemu-guest-agent-debuginfo-2.3.1-33.20.1 qemu-lang-2.3.1-33.20.1 qemu-tools-2.3.1-33.20.1 qemu-tools-debuginfo-2.3.1-33.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): qemu-kvm-2.3.1-33.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le): qemu-ppc-2.3.1-33.20.1 qemu-ppc-debuginfo-2.3.1-33.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): qemu-ipxe-1.0.0-33.20.1 qemu-seabios-1.8.1-33.20.1 qemu-sgabios-8-33.20.1 qemu-vgabios-1.8.1-33.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): qemu-block-rbd-2.3.1-33.20.1 qemu-block-rbd-debuginfo-2.3.1-33.20.1 qemu-x86-2.3.1-33.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): qemu-s390-2.3.1-33.20.1 qemu-s390-debuginfo-2.3.1-33.20.1 References: https://www.suse.com/security/cve/CVE-2018-16872.html https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1119493 https://bugzilla.suse.com/1123156 From sle-security-updates at lists.suse.com Fri Feb 22 10:11:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 22 Feb 2019 18:11:19 +0100 (CET) Subject: SUSE-SU-2019:0470-1: important: Security update for the Linux Kernel Message-ID: <20190222171119.BB8D5FD0B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0470-1 Rating: important References: #1012382 #1023175 #1087036 #1094823 #1102875 #1102877 #1102879 #1102882 #1102896 #1106105 #1106929 #1107866 #1109695 #1114893 #1116653 #1119680 #1120722 #1120758 #1120902 #1121726 #1122650 #1122651 #1122779 #1122885 #1123321 #1123323 #1123357 Cross-References: CVE-2017-18249 CVE-2019-3459 CVE-2019-3460 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has 24 fixes is now available. Description: The SUSE Linux Enterprise 12 realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18249: Fixed tracking on allocated nid in the add_free_nid function fs/f2fs/node.c, which previously allowed local users to cause a denial of service (bnc#1087036). - CVE-2019-3459: Fixed remote heap address information leak in use of l2cap_get_conf_opt (bnc#1120758). - CVE-2019-3460: Fixed remote data leak in multiple location in the function l2cap_parse_conf_rsp (bnc#1120758). The following non-security bugs were fixed: - Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - Yama: Check for pid death before checking ancestry (bnc#1012382). - acpi / processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)). - acpi/nfit: Block function zero DSMs (bsc#1123321). - acpi/nfit: Fix command-supported detection (bsc#1123323). - acpi: power: Skip duplicate power resource references in _PRx (bnc#1012382). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382). - arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382). - arm64: Do not trap host pointer auth use to EL2 (bnc#1012382). - arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382). - ata: Fix racy link clearance (bsc#1107866). - block/loop: Use global lock for ioctl() operation (bnc#1012382). - block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes). - Btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382). - Btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382). - Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896). - Btrfs: tree-checker: Fix misleading group system information (bnc#1012382). - Btrfs: validate type when reading a chunk (bnc#1012382). - Btrfs: wait on ordered extents on abort cleanup (bnc#1012382). - can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382). - cifs: Do not hide EINTR after sending network packets (bnc#1012382). - cifs: Fix potential OOB access of lock element array (bnc#1012382). - clk: imx6q: reset exclusive gates on init (bnc#1012382). - crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382). - crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382). - crypto: cts - fix crash on short inputs (bnc#1012382). - crypto: user - support incremental algorithm dumps (bsc#1120902). - dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes). - dm crypt: factor IV constructor out to separate function (Git-fixes). - dm crypt: fix crash by adding missing check for auth key size (git-fixes). - dm crypt: fix error return code in crypt_ctr() (git-fixes). - dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes). - dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes). - dm crypt: wipe kernel key copy after IV initialization (Git-fixes). - dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382). - dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382). - dm: do not allow readahead to limit IO size (git fixes (readahead)). - e1000e: allow non-monotonic SYSTIM readings (bnc#1012382). - edac: Raise the maximum number of memory controllers (bsc#1120722). - efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382). - f2fs: Add sanity_check_inode() function (bnc#1012382). - f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382). - f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382). - f2fs: clean up argument of recover_data (bnc#1012382). - f2fs: clean up with is_valid_blkaddr() (bnc#1012382). - f2fs: detect wrong layout (bnc#1012382). - f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382). - f2fs: factor out fsync inode entry operations (bnc#1012382). - f2fs: fix inode cache leak (bnc#1012382). - f2fs: fix invalid memory access (bnc#1012382). - f2fs: fix missing up_read (bnc#1012382). - f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382). - f2fs: fix to convert inline directory correctly (bnc#1012382). - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382). - f2fs: fix to do sanity check with block address in main area (bnc#1012382). - f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382). - f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382). - f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382). - f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382). - f2fs: fix to do sanity check with secs_per_zone (bnc#1012382). - f2fs: fix to do sanity check with user_block_count (bnc#1012382). - f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382). - f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382). - f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382). - f2fs: introduce and spread verify_blkaddr (bnc#1012382). - f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382). - f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382). - f2fs: not allow to write illegal blkaddr (bnc#1012382). - f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382). - f2fs: remove an obsolete variable (bnc#1012382). - f2fs: return error during fill_super (bnc#1012382). - f2fs: sanity check on sit entry (bnc#1012382). - f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes). - i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382). - ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382). - ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382). - kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653). - kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382). - kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382). - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382). - loop: Fold __loop_release into loop_release (bnc#1012382). - loop: Get rid of loop_index_mutex (bnc#1012382). - lsm: Check for NULL cred-security on free (bnc#1012382). - md: batch flush requests (bsc#1119680). - media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382). - media: vb2: be sure to unlock mutex on errors (bnc#1012382). - media: vb2: vb2_mmap: move lock up (bnc#1012382). - media: vivid: fix error handling of kthread_run (bnc#1012382). - media: vivid: set min width/height to a value > 0 (bnc#1012382). - mfd: tps6586x: Handle interrupts on suspend (bnc#1012382). - mips: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur (bnc#1012382). - mips: fix n32 compat_ipc_parse_version (bnc#1012382). - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps (bnc#1012382). - mm, slab: faster active and free stats (bsc#1116653, VM Performance). - mm, slab: maintain total slab count instead of active count (bsc#1116653, VM Performance). - mm/page-writeback.c: do not break integrity writeback on ->writepage() error (bnc#1012382). - mm/slab: improve performance of gathering slabinfo stats (bsc#1116653, VM Performance). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (bnc#1012382). - net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382). - net: speed up skb_rbtree_purge() (bnc#1012382). - ocfs2: fix panic due to unrecovered local alloc (bnc#1012382). - omap2fb: Fix stack memory disclosure (bsc#1106929) - packet: Do not leak dev refcounts on error exit (bnc#1012382). - pci: altera: Check link status before retrain link (bnc#1012382). - pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382). - pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#1012382). - pci: altera: Poll for link training status after retraining the link (bnc#1012382). - pci: altera: Poll for link up status after retraining the link (bnc#1012382). - pci: altera: Reorder read/write functions (bnc#1012382). - pci: altera: Rework config accessors for use without a struct pci_bus (bnc#1012382). - perf intel-pt: Fix error with config term "pt=0" (bnc#1012382). - perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382). - perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bnc#1012382). - powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - powerpc: Detect the presence of big-cores via "ibm, thread-groups" (bsc#1109695). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823). - pstore/ram: Do not treat empty buffers as valid (bnc#1012382). - r8169: Add support for new Realtek Ethernet (bnc#1012382). - scsi: megaraid: fix out-of-bound array accesses (bnc#1012382). - scsi: sd: Fix cache_type_store() (bnc#1012382). - scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382). - sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382). - selinux: fix GPF on invalid policy (bnc#1012382). - slab: alien caches must not be initialized if the allocation of the alien cache failed (bnc#1012382). - sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382). - sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382). - usb: storage: add quirk for SMI SM3350 (bnc#1012382). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#1012382). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86/pkeys: Properly copy pkey state at fork() (bsc#1106105). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP3: zypper in -t patch SUSE-SLE-RT-12-SP3-2019-470=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP3 (noarch): kernel-devel-rt-4.4.172-3.35.1 kernel-source-rt-4.4.172-3.35.1 - SUSE Linux Enterprise Real Time Extension 12-SP3 (x86_64): cluster-md-kmp-rt-4.4.172-3.35.1 cluster-md-kmp-rt-debuginfo-4.4.172-3.35.1 dlm-kmp-rt-4.4.172-3.35.1 dlm-kmp-rt-debuginfo-4.4.172-3.35.1 gfs2-kmp-rt-4.4.172-3.35.1 gfs2-kmp-rt-debuginfo-4.4.172-3.35.1 kernel-rt-4.4.172-3.35.1 kernel-rt-base-4.4.172-3.35.1 kernel-rt-base-debuginfo-4.4.172-3.35.1 kernel-rt-debuginfo-4.4.172-3.35.1 kernel-rt-debugsource-4.4.172-3.35.1 kernel-rt-devel-4.4.172-3.35.1 kernel-rt_debug-debuginfo-4.4.172-3.35.1 kernel-rt_debug-debugsource-4.4.172-3.35.1 kernel-rt_debug-devel-4.4.172-3.35.1 kernel-rt_debug-devel-debuginfo-4.4.172-3.35.1 kernel-syms-rt-4.4.172-3.35.1 ocfs2-kmp-rt-4.4.172-3.35.1 ocfs2-kmp-rt-debuginfo-4.4.172-3.35.1 References: https://www.suse.com/security/cve/CVE-2017-18249.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1087036 https://bugzilla.suse.com/1094823 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1116653 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1120722 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1121726 https://bugzilla.suse.com/1122650 https://bugzilla.suse.com/1122651 https://bugzilla.suse.com/1122779 https://bugzilla.suse.com/1122885 https://bugzilla.suse.com/1123321 https://bugzilla.suse.com/1123323 https://bugzilla.suse.com/1123357 From sle-security-updates at lists.suse.com Fri Feb 22 10:15:57 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 22 Feb 2019 18:15:57 +0100 (CET) Subject: SUSE-SU-2019:0469-1: important: Security update for MozillaThunderbird Message-ID: <20190222171557.900F3FD0B@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0469-1 Rating: important References: #1125330 Cross-References: CVE-2018-18335 CVE-2018-18356 CVE-2018-18509 CVE-2019-5785 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaThunderbird to version 60.5.1 fixes the following issues: Security issues fixed (MFSA 2019-06 bsc#1125330): - CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D. This issue does not affect Linuc distributions. - CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures showing mistakenly that emails bring a valid sugnature. - CVE-2018-18356: Fixed a Use-after-free in Skia. - CVE-2019-5785: Fixed an Integer overflow in Skia. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-469=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.5.1-3.24.1 MozillaThunderbird-debuginfo-60.5.1-3.24.1 MozillaThunderbird-debugsource-60.5.1-3.24.1 MozillaThunderbird-translations-common-60.5.1-3.24.1 MozillaThunderbird-translations-other-60.5.1-3.24.1 References: https://www.suse.com/security/cve/CVE-2018-18335.html https://www.suse.com/security/cve/CVE-2018-18356.html https://www.suse.com/security/cve/CVE-2018-18509.html https://www.suse.com/security/cve/CVE-2019-5785.html https://bugzilla.suse.com/1125330 From sle-security-updates at lists.suse.com Mon Feb 25 07:09:24 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 25 Feb 2019 15:09:24 +0100 (CET) Subject: SUSE-SU-2019:0483-1: moderate: Security update for python-Django Message-ID: <20190225140924.2A0AEFD4A@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0483-1 Rating: moderate References: #1120932 Cross-References: CVE-2019-3498 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django fixes the following issues: Security issue fixed: - CVE-2019-3498: Fixed a content spoofing attack in the default 404 page (bsc#1120932) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-483=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-Django-1.8.19-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-3498.html https://bugzilla.suse.com/1120932 From sle-security-updates at lists.suse.com Mon Feb 25 10:09:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 25 Feb 2019 18:09:31 +0100 (CET) Subject: SUSE-SU-2019:0482-1: important: Security update for python Message-ID: <20190225170931.E359AFD4A@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0482-1 Rating: important References: #1073748 #1109847 #1122191 Cross-References: CVE-2018-14647 CVE-2019-5010 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191). - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847). Non-security issue fixed: - Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-482=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-482=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-482=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-482=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-482=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-482=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-482=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-482=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-482=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-482=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-482=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-482=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-482=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-482=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-482=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-482=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE OpenStack Cloud 7 (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-strict-tls-check-2.7.13-28.21.1 - SUSE Enterprise Storage 4 (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 - SUSE Enterprise Storage 4 (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE CaaS Platform ALL (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE CaaS Platform 3.0 (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 python-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 References: https://www.suse.com/security/cve/CVE-2018-14647.html https://www.suse.com/security/cve/CVE-2019-5010.html https://bugzilla.suse.com/1073748 https://bugzilla.suse.com/1109847 https://bugzilla.suse.com/1122191 From sle-security-updates at lists.suse.com Mon Feb 25 10:10:24 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 25 Feb 2019 18:10:24 +0100 (CET) Subject: SUSE-SU-2019:0481-1: important: Security update for python-amqp, python-oslo.messaging, python-ovs, python-paramiko, python-psql2mysql Message-ID: <20190225171024.98F59FD4A@maintenance.suse.de> SUSE Security Update: Security update for python-amqp, python-oslo.messaging, python-ovs, python-paramiko, python-psql2mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0481-1 Rating: important References: #1111151 #1115099 #1116437 #1123054 Cross-References: CVE-2018-1000805 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for python-amqp, python-oslo.messaging, python-ovs, python-paramiko, python-psql2mysql fixes the following issues: Security issue fixed for python-paramiko: - CVE-2018-1000805: Fixed an authentication bypass (bnc#1111151). Non-security issues fixed: - python-oslo.messaging: Fixed an issue if the client tries to reconnect after connection was lost (bsc#1123054). - python-ovs: Fixed memory leak in c parser (bsc#1116437). - python-ovs: Switched away from noarch and build the C based backend (bsc#1115099). - python-psql2mysql: Update to version 0.5.0+git.1539592188.13e5d0f. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-481=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-481=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-481=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-ovs-2.5.0-3.3.1 - SUSE OpenStack Cloud 7 (noarch): python-amqp-1.4.9-3.3.1 python-oslo.messaging-5.10.2-3.9.1 python-paramiko-2.0.9-3.6.1 python-psql2mysql-0.5.0+git.1539592188.13e5d0f-1.9.1 - SUSE Enterprise Storage 4 (noarch): python-paramiko-2.0.9-3.6.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): python-paramiko-2.0.9-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-1000805.html https://bugzilla.suse.com/1111151 https://bugzilla.suse.com/1115099 https://bugzilla.suse.com/1116437 https://bugzilla.suse.com/1123054 From sle-security-updates at lists.suse.com Mon Feb 25 13:11:24 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 25 Feb 2019 21:11:24 +0100 (CET) Subject: SUSE-SU-2019:0480-1: important: Security update for supportutils Message-ID: <20190225201124.53BCF100FD@maintenance.suse.de> SUSE Security Update: Security update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0480-1 Rating: important References: #1043311 #1046681 #1051797 #1071545 #1105849 #1112461 #1115245 #1117776 #1118460 #1118462 #1118463 #1125609 #1125666 Cross-References: CVE-2018-19637 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 9 fixes is now available. Description: This update for supportutils fixes the following issues: Security issues fixed: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). Other issues fixed: - Fixed invalid exit code commands (bsc#1125666). - Included additional SUSE separation (bsc#1125609). - Merged added listing of locked packes by zypper. - Exclude pam.txt per GDPR by default (bsc#1112461). - Clarified -x functionality in supportconfig(8) (bsc#1115245). - udev service and provide the whole journal content in supportconfig (bsc#1051797). - supportconfig collects tuned profile settings (bsc#1071545). - sfdisk -d no disk device specified (bsc#1043311). - Added vulnerabilites status check in basic-health.txt (bsc#1105849). - Added only sched_domain from cpu0. - Blacklist sched_domain from proc.txt (bsc#1046681). - Added firewall-cmd info. - Add ls -lA --time-style=long-iso /etc/products.d/ - Dump lsof errors. - Added corosync status to ha_info. - Dump find errors in ib_info. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-480=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): supportutils-3.1-5.7.1 References: https://www.suse.com/security/cve/CVE-2018-19637.html https://www.suse.com/security/cve/CVE-2018-19638.html https://www.suse.com/security/cve/CVE-2018-19639.html https://www.suse.com/security/cve/CVE-2018-19640.html https://bugzilla.suse.com/1043311 https://bugzilla.suse.com/1046681 https://bugzilla.suse.com/1051797 https://bugzilla.suse.com/1071545 https://bugzilla.suse.com/1105849 https://bugzilla.suse.com/1112461 https://bugzilla.suse.com/1115245 https://bugzilla.suse.com/1117776 https://bugzilla.suse.com/1118460 https://bugzilla.suse.com/1118462 https://bugzilla.suse.com/1118463 https://bugzilla.suse.com/1125609 https://bugzilla.suse.com/1125666 From sle-security-updates at lists.suse.com Tue Feb 26 04:13:01 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 26 Feb 2019 12:13:01 +0100 (CET) Subject: SUSE-SU-2019:0489-1: important: Security update for qemu Message-ID: <20190226111301.0C0ECFD57@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0489-1 Rating: important References: #1084604 #1113231 #1116717 #1117275 #1119493 #1123156 Cross-References: CVE-2017-13672 CVE-2017-13673 CVE-2018-16872 CVE-2018-19364 CVE-2018-19489 CVE-2018-7858 CVE-2019-6778 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-7858: Fixed a denial of service which could occur while updating the VGA display, after guest has adjusted the display dimensions (bsc#1084604). - CVE-2017-13673: Fixed a denial of service in the cpu_physical_memory_snapshot_get_dirty function. - CVE-2017-13672: Fixed a denial of service via vectors involving display update. Non-security issues fixed: - Fixed bad guest time after migration (bsc#1113231). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-489=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-489=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-489=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-489=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-489=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): qemu-2.6.2-41.49.1 qemu-block-curl-2.6.2-41.49.1 qemu-block-curl-debuginfo-2.6.2-41.49.1 qemu-block-ssh-2.6.2-41.49.1 qemu-block-ssh-debuginfo-2.6.2-41.49.1 qemu-debugsource-2.6.2-41.49.1 qemu-guest-agent-2.6.2-41.49.1 qemu-guest-agent-debuginfo-2.6.2-41.49.1 qemu-kvm-2.6.2-41.49.1 qemu-lang-2.6.2-41.49.1 qemu-tools-2.6.2-41.49.1 qemu-tools-debuginfo-2.6.2-41.49.1 - SUSE OpenStack Cloud 7 (noarch): qemu-ipxe-1.0.0-41.49.1 qemu-seabios-1.9.1-41.49.1 qemu-sgabios-8-41.49.1 qemu-vgabios-1.9.1-41.49.1 - SUSE OpenStack Cloud 7 (x86_64): qemu-block-rbd-2.6.2-41.49.1 qemu-block-rbd-debuginfo-2.6.2-41.49.1 qemu-x86-2.6.2-41.49.1 qemu-x86-debuginfo-2.6.2-41.49.1 - SUSE OpenStack Cloud 7 (s390x): qemu-s390-2.6.2-41.49.1 qemu-s390-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): qemu-2.6.2-41.49.1 qemu-block-curl-2.6.2-41.49.1 qemu-block-curl-debuginfo-2.6.2-41.49.1 qemu-block-ssh-2.6.2-41.49.1 qemu-block-ssh-debuginfo-2.6.2-41.49.1 qemu-debugsource-2.6.2-41.49.1 qemu-guest-agent-2.6.2-41.49.1 qemu-guest-agent-debuginfo-2.6.2-41.49.1 qemu-lang-2.6.2-41.49.1 qemu-tools-2.6.2-41.49.1 qemu-tools-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): qemu-ppc-2.6.2-41.49.1 qemu-ppc-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): qemu-ipxe-1.0.0-41.49.1 qemu-seabios-1.9.1-41.49.1 qemu-sgabios-8-41.49.1 qemu-vgabios-1.9.1-41.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): qemu-block-rbd-2.6.2-41.49.1 qemu-block-rbd-debuginfo-2.6.2-41.49.1 qemu-kvm-2.6.2-41.49.1 qemu-x86-2.6.2-41.49.1 qemu-x86-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): qemu-2.6.2-41.49.1 qemu-block-curl-2.6.2-41.49.1 qemu-block-curl-debuginfo-2.6.2-41.49.1 qemu-block-ssh-2.6.2-41.49.1 qemu-block-ssh-debuginfo-2.6.2-41.49.1 qemu-debugsource-2.6.2-41.49.1 qemu-guest-agent-2.6.2-41.49.1 qemu-guest-agent-debuginfo-2.6.2-41.49.1 qemu-lang-2.6.2-41.49.1 qemu-tools-2.6.2-41.49.1 qemu-tools-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): qemu-kvm-2.6.2-41.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le): qemu-ppc-2.6.2-41.49.1 qemu-ppc-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): qemu-ipxe-1.0.0-41.49.1 qemu-seabios-1.9.1-41.49.1 qemu-sgabios-8-41.49.1 qemu-vgabios-1.9.1-41.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): qemu-block-rbd-2.6.2-41.49.1 qemu-block-rbd-debuginfo-2.6.2-41.49.1 qemu-x86-2.6.2-41.49.1 qemu-x86-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): qemu-s390-2.6.2-41.49.1 qemu-s390-debuginfo-2.6.2-41.49.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): qemu-ipxe-1.0.0-41.49.1 qemu-seabios-1.9.1-41.49.1 qemu-sgabios-8-41.49.1 qemu-vgabios-1.9.1-41.49.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): qemu-2.6.2-41.49.1 qemu-block-curl-2.6.2-41.49.1 qemu-block-curl-debuginfo-2.6.2-41.49.1 qemu-block-rbd-2.6.2-41.49.1 qemu-block-rbd-debuginfo-2.6.2-41.49.1 qemu-block-ssh-2.6.2-41.49.1 qemu-block-ssh-debuginfo-2.6.2-41.49.1 qemu-debugsource-2.6.2-41.49.1 qemu-guest-agent-2.6.2-41.49.1 qemu-guest-agent-debuginfo-2.6.2-41.49.1 qemu-kvm-2.6.2-41.49.1 qemu-lang-2.6.2-41.49.1 qemu-tools-2.6.2-41.49.1 qemu-tools-debuginfo-2.6.2-41.49.1 qemu-x86-2.6.2-41.49.1 qemu-x86-debuginfo-2.6.2-41.49.1 - SUSE Enterprise Storage 4 (noarch): qemu-ipxe-1.0.0-41.49.1 qemu-seabios-1.9.1-41.49.1 qemu-sgabios-8-41.49.1 qemu-vgabios-1.9.1-41.49.1 - SUSE Enterprise Storage 4 (x86_64): qemu-2.6.2-41.49.1 qemu-block-curl-2.6.2-41.49.1 qemu-block-curl-debuginfo-2.6.2-41.49.1 qemu-block-rbd-2.6.2-41.49.1 qemu-block-rbd-debuginfo-2.6.2-41.49.1 qemu-block-ssh-2.6.2-41.49.1 qemu-block-ssh-debuginfo-2.6.2-41.49.1 qemu-debugsource-2.6.2-41.49.1 qemu-guest-agent-2.6.2-41.49.1 qemu-guest-agent-debuginfo-2.6.2-41.49.1 qemu-kvm-2.6.2-41.49.1 qemu-lang-2.6.2-41.49.1 qemu-tools-2.6.2-41.49.1 qemu-tools-debuginfo-2.6.2-41.49.1 qemu-x86-2.6.2-41.49.1 qemu-x86-debuginfo-2.6.2-41.49.1 References: https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2017-13673.html https://www.suse.com/security/cve/CVE-2018-16872.html https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2018-7858.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1084604 https://bugzilla.suse.com/1113231 https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1119493 https://bugzilla.suse.com/1123156 From sle-security-updates at lists.suse.com Tue Feb 26 13:09:32 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 26 Feb 2019 21:09:32 +0100 (CET) Subject: SUSE-SU-2019:0499-1: important: Security update for ceph Message-ID: <20190226200932.3CFE8FD4B@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0499-1 Rating: important References: #1111177 #1113246 #1114710 #1121567 Cross-References: CVE-2018-14662 CVE-2018-16846 CVE-2018-16889 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-14662: mon: limit caps allowed to access the config store (bsc#1111177) - CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (bsc#1114710) - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567) Non-security issue fixed: - os/bluestore: avoid frequent allocator dump on bluefs rebalance failure (bsc#1113246) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-499=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-499=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-499=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-499=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-499=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-499=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-499=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs-devel-12.2.10+git.1549630712.bb089269ea-2.27.2 librados-devel-12.2.10+git.1549630712.bb089269ea-2.27.2 librados-devel-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd-devel-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs-devel-12.2.10+git.1549630712.bb089269ea-2.27.2 librados-devel-12.2.10+git.1549630712.bb089269ea-2.27.2 librados-devel-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd-devel-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE Enterprise Storage 5 (aarch64 x86_64): ceph-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-base-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-base-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-fuse-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-fuse-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-mds-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-mds-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-mgr-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-mgr-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-mon-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-mon-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-osd-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-osd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-radosgw-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-radosgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-ceph-compat-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-ceph-argparse-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python3-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 rbd-fuse-12.2.10+git.1549630712.bb089269ea-2.27.2 rbd-fuse-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 rbd-mirror-12.2.10+git.1549630712.bb089269ea-2.27.2 rbd-mirror-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 rbd-nbd-12.2.10+git.1549630712.bb089269ea-2.27.2 rbd-nbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE CaaS Platform ALL (x86_64): ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 - SUSE CaaS Platform 3.0 (x86_64): ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 ceph-debugsource-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2 libcephfs2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-12.2.10+git.1549630712.bb089269ea-2.27.2 librados2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2 libradosstriper1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2 librbd1-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2 librgw2-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2 python-cephfs-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rados-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rbd-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2 python-rgw-debuginfo-12.2.10+git.1549630712.bb089269ea-2.27.2 References: https://www.suse.com/security/cve/CVE-2018-14662.html https://www.suse.com/security/cve/CVE-2018-16846.html https://www.suse.com/security/cve/CVE-2018-16889.html https://bugzilla.suse.com/1111177 https://bugzilla.suse.com/1113246 https://bugzilla.suse.com/1114710 https://bugzilla.suse.com/1121567 From sle-security-updates at lists.suse.com Tue Feb 26 13:10:41 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 26 Feb 2019 21:10:41 +0100 (CET) Subject: SUSE-SU-2019:0495-1: important: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc Message-ID: <20190226201041.C6BB0FD4B@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0495-1 Rating: important References: #1048046 #1051429 #1114832 #1118897 #1118898 #1118899 #1121967 #1124308 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-5736 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues: Security issues fixed: - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-495=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-495=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): containerd-ctr-1.2.2-5.9.1 docker-debuginfo-18.09.1_ce-6.14.1 docker-debugsource-18.09.1_ce-6.14.1 docker-test-18.09.1_ce-6.14.1 docker-test-debuginfo-18.09.1_ce-6.14.1 golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): containerd-test-1.2.2-5.9.1 docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1 docker-zsh-completion-18.09.1_ce-6.14.1 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): containerd-1.2.2-5.9.1 docker-18.09.1_ce-6.14.1 docker-debuginfo-18.09.1_ce-6.14.1 docker-debugsource-18.09.1_ce-6.14.1 docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1 docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1 docker-runc-debuginfo-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1 - SUSE Linux Enterprise Module for Containers 15 (noarch): docker-bash-completion-18.09.1_ce-6.14.1 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://www.suse.com/security/cve/CVE-2019-5736.html https://bugzilla.suse.com/1048046 https://bugzilla.suse.com/1051429 https://bugzilla.suse.com/1114832 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 https://bugzilla.suse.com/1121967 https://bugzilla.suse.com/1124308 From sle-security-updates at lists.suse.com Tue Feb 26 13:12:40 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 26 Feb 2019 21:12:40 +0100 (CET) Subject: SUSE-SU-2019:0498-1: moderate: Security update for apache2 Message-ID: <20190226201240.C3438FD4B@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0498-1 Rating: moderate References: #1121086 #1122838 #1122839 Cross-References: CVE-2018-17189 CVE-2018-17199 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies (bsc#1122838) - CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time (bsc#1122839) Non-security issue fixed: - sysconfig.d is not created anymore if it already exists (bsc#1121086) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-498=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-498=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-498=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-498=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.34.4 apache2-debugsource-2.4.23-29.34.4 apache2-devel-2.4.23-29.34.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.34.4 apache2-debugsource-2.4.23-29.34.4 apache2-devel-2.4.23-29.34.4 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.34.4 apache2-debuginfo-2.4.23-29.34.4 apache2-debugsource-2.4.23-29.34.4 apache2-example-pages-2.4.23-29.34.4 apache2-prefork-2.4.23-29.34.4 apache2-prefork-debuginfo-2.4.23-29.34.4 apache2-utils-2.4.23-29.34.4 apache2-utils-debuginfo-2.4.23-29.34.4 apache2-worker-2.4.23-29.34.4 apache2-worker-debuginfo-2.4.23-29.34.4 - SUSE Linux Enterprise Server 12-SP4 (noarch): apache2-doc-2.4.23-29.34.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.34.4 apache2-debuginfo-2.4.23-29.34.4 apache2-debugsource-2.4.23-29.34.4 apache2-example-pages-2.4.23-29.34.4 apache2-prefork-2.4.23-29.34.4 apache2-prefork-debuginfo-2.4.23-29.34.4 apache2-utils-2.4.23-29.34.4 apache2-utils-debuginfo-2.4.23-29.34.4 apache2-worker-2.4.23-29.34.4 apache2-worker-debuginfo-2.4.23-29.34.4 - SUSE Linux Enterprise Server 12-SP3 (noarch): apache2-doc-2.4.23-29.34.4 References: https://www.suse.com/security/cve/CVE-2018-17189.html https://www.suse.com/security/cve/CVE-2018-17199.html https://bugzilla.suse.com/1121086 https://bugzilla.suse.com/1122838 https://bugzilla.suse.com/1122839 From sle-security-updates at lists.suse.com Tue Feb 26 13:13:39 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 26 Feb 2019 21:13:39 +0100 (CET) Subject: SUSE-SU-2019:0496-1: moderate: Security update for openssh Message-ID: <20190226201339.619DEFD4B@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0496-1 Rating: moderate References: #1121816 #1121821 #1125687 Cross-References: CVE-2019-6109 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816) - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821) Other bug fixes and changes: - Handle brace expansion in scp when checking that filenames sent by the server side match what the client requested (bsc#1125687) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-496=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-496=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-496=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-496=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-7.6p1-9.23.1 openssh-debugsource-7.6p1-9.23.1 openssh-fips-7.6p1-9.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openssh-cavs-7.6p1-9.23.1 openssh-cavs-debuginfo-7.6p1-9.23.1 openssh-debuginfo-7.6p1-9.23.1 openssh-debugsource-7.6p1-9.23.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-7.6p1-9.23.1 openssh-askpass-gnome-debuginfo-7.6p1-9.23.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): openssh-7.6p1-9.23.1 openssh-debuginfo-7.6p1-9.23.1 openssh-debugsource-7.6p1-9.23.1 openssh-helpers-7.6p1-9.23.1 openssh-helpers-debuginfo-7.6p1-9.23.1 References: https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121821 https://bugzilla.suse.com/1125687 From sle-security-updates at lists.suse.com Tue Feb 26 13:14:37 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 26 Feb 2019 21:14:37 +0100 (CET) Subject: SUSE-SU-2019:0497-1: moderate: Security update for webkit2gtk3 Message-ID: <20190226201437.182C8FD4B@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0497-1 Rating: moderate References: #1119553 #1119554 #1119555 #1119556 #1119557 #1119558 Cross-References: CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.22.6 fixes the following issues (boo#1124937 boo#1119558): Security vulnerabilities fixed: - CVE-2018-4437: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119553) - CVE-2018-4438: Processing maliciously crafted web content may lead to arbitrary code execution. A logic issue existed resulting in memory corruption. This was addressed with improved state management. (boo#1119554) - CVE-2018-4441: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119555) - CVE-2018-4442: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119556) - CVE-2018-4443: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119557) - CVE-2018-4464: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119558) - CVE-2019-6212: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6215: Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling. - CVE-2019-6216: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6217: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6226: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6227: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2019-6229: Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue was addressed with improved validation. - CVE-2019-6233: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2019-6234: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. Other bug fixes and changes: - Make kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fix Web inspector magnifier under Wayland. - Fix garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fix several crashes, race conditions, and rendering issues. For a detailed list of changes, please refer to: - https://webkitgtk.org/security/WSA-2019-0001.html - https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html - https://webkitgtk.org/security/WSA-2018-0009.html - https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-497=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-497=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-497=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): webkit-jsc-4-2.22.6-3.18.2 webkit-jsc-4-debuginfo-2.22.6-3.18.2 webkit2gtk3-debugsource-2.22.6-3.18.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.22.6-3.18.2 typelib-1_0-WebKit2-4_0-2.22.6-3.18.2 typelib-1_0-WebKit2WebExtension-4_0-2.22.6-3.18.2 webkit2gtk3-debugsource-2.22.6-3.18.2 webkit2gtk3-devel-2.22.6-3.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.6-3.18.2 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-3.18.2 libwebkit2gtk-4_0-37-2.22.6-3.18.2 libwebkit2gtk-4_0-37-debuginfo-2.22.6-3.18.2 webkit2gtk-4_0-injected-bundles-2.22.6-3.18.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-3.18.2 webkit2gtk3-debugsource-2.22.6-3.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libwebkit2gtk3-lang-2.22.6-3.18.2 References: https://www.suse.com/security/cve/CVE-2018-4437.html https://www.suse.com/security/cve/CVE-2018-4438.html https://www.suse.com/security/cve/CVE-2018-4441.html https://www.suse.com/security/cve/CVE-2018-4442.html https://www.suse.com/security/cve/CVE-2018-4443.html https://www.suse.com/security/cve/CVE-2018-4464.html https://www.suse.com/security/cve/CVE-2019-6212.html https://www.suse.com/security/cve/CVE-2019-6215.html https://www.suse.com/security/cve/CVE-2019-6216.html https://www.suse.com/security/cve/CVE-2019-6217.html https://www.suse.com/security/cve/CVE-2019-6226.html https://www.suse.com/security/cve/CVE-2019-6227.html https://www.suse.com/security/cve/CVE-2019-6229.html https://www.suse.com/security/cve/CVE-2019-6233.html https://www.suse.com/security/cve/CVE-2019-6234.html https://bugzilla.suse.com/1119553 https://bugzilla.suse.com/1119554 https://bugzilla.suse.com/1119555 https://bugzilla.suse.com/1119556 https://bugzilla.suse.com/1119557 https://bugzilla.suse.com/1119558 From sle-security-updates at lists.suse.com Wed Feb 27 04:11:15 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 27 Feb 2019 12:11:15 +0100 (CET) Subject: SUSE-SU-2019:0505-1: moderate: Security update for amavisd-new Message-ID: <20190227111115.F2278FD4B@maintenance.suse.de> SUSE Security Update: Security update for amavisd-new ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0505-1 Rating: moderate References: #1123389 #987887 Cross-References: CVE-2016-1238 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for amavisd-new fixes the following issues: wmavisd-new was updated to version 2.11.1 (bsc#1123389): * removed a trailing dot element from @INC, as a workaround for a perl vulnerability CVE-2016-1238 (bsc#987887) * amavis-services: bumping up syslog level from LOG_NOTICE to LOG_ERR for a message "PID went away", and removed redundant newlines from some log messages * safe_decode() and safe_decode_utf8(): avoid warning messages "Use of uninitialized value in subroutine entry" in Encode::MIME::Header when the $check argument is undefined * @sa_userconf_maps has been extended to allow loading of per-recipient (or per-policy bank, or global) SpamAssassin configuration set from LDAP. For consistency with SQL a @sa_userconf_maps entry prefixed with 'ldap:' will load SpamAssassin configuration set using the load_scoreonly_ldap() method; a patch by Atanas Karashenski * add some Sanesecurity.Foxhole false positives to the default list @virus_name_to_spam_score_maps * updated some comments Update amavis-milter to version 2.6.1: * Fixed bug when creating amavisd-new policy bank names Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-505=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): amavisd-new-2.11.1-6.3.1 amavisd-new-debuginfo-2.11.1-6.3.1 amavisd-new-debugsource-2.11.1-6.3.1 amavisd-new-docs-2.11.1-6.3.1 References: https://www.suse.com/security/cve/CVE-2016-1238.html https://bugzilla.suse.com/1123389 https://bugzilla.suse.com/987887 From sle-security-updates at lists.suse.com Wed Feb 27 04:12:29 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 27 Feb 2019 12:12:29 +0100 (CET) Subject: SUSE-SU-2019:0504-1: moderate: Security update for apache2 Message-ID: <20190227111229.C0504FD4B@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0504-1 Rating: moderate References: #1121086 #1122838 #1122839 Cross-References: CVE-2018-17189 CVE-2018-17199 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies (bsc#1122838) - CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time (bsc#1122839) Non-security issue fixed: - sysconfig.d is not created anymore if it already exists (bsc#1121086) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-504=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-504=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.9.7 apache2-debuginfo-2.4.33-3.9.7 apache2-debugsource-2.4.33-3.9.7 apache2-devel-2.4.33-3.9.7 apache2-prefork-2.4.33-3.9.7 apache2-prefork-debuginfo-2.4.33-3.9.7 apache2-utils-2.4.33-3.9.7 apache2-utils-debuginfo-2.4.33-3.9.7 apache2-worker-2.4.33-3.9.7 apache2-worker-debuginfo-2.4.33-3.9.7 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): apache2-doc-2.4.33-3.9.7 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.33-3.9.7 apache2-debugsource-2.4.33-3.9.7 apache2-event-2.4.33-3.9.7 apache2-event-debuginfo-2.4.33-3.9.7 apache2-example-pages-2.4.33-3.9.7 References: https://www.suse.com/security/cve/CVE-2018-17189.html https://www.suse.com/security/cve/CVE-2018-17199.html https://bugzilla.suse.com/1121086 https://bugzilla.suse.com/1122838 https://bugzilla.suse.com/1122839 From sle-security-updates at lists.suse.com Thu Feb 28 07:09:18 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 28 Feb 2019 15:09:18 +0100 (CET) Subject: SUSE-SU-2019:0510-1: moderate: Security update for bluez Message-ID: <20190228140918.0BDF6FD4B@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0510-1 Rating: moderate References: #1013721 #1013732 #1013877 #1015173 #1026652 #1057342 Cross-References: CVE-2016-7837 CVE-2016-9800 CVE-2016-9801 CVE-2016-9804 CVE-2016-9918 CVE-2017-1000250 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for bluez fixes the following issues: Security issues fixed: - CVE-2016-7837: Fixed possible buffer overflow, make sure we don't write past the end of the array.(bsc#1026652) - CVE-2016-9800: Fix hcidump memory leak in pin_code_reply_dump() (bsc#1013721). - CVE-2016-9801: Fixed a buffer overflow in set_ext_ctrl function (bsc#1013732) - CVE-2016-9804: Fix hcidump buffer overflow in commands_dump() (bsc#1013877). - CVE-2016-9918: Fixed an out-of-bounds read in packet_hexdump() (bsc#1015173) - CVE-2017-1000250: Fixed a information leak in SDP (part of the recently published BlueBorne vulnerabilities) (bsc#1057342) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-510=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-510=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-510=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): bluez-5.13-3.10.1 bluez-debuginfo-5.13-3.10.1 bluez-debugsource-5.13-3.10.1 libbluetooth3-5.13-3.10.1 libbluetooth3-debuginfo-5.13-3.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): bluez-5.13-3.10.1 bluez-debuginfo-5.13-3.10.1 bluez-debugsource-5.13-3.10.1 libbluetooth3-5.13-3.10.1 libbluetooth3-debuginfo-5.13-3.10.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bluez-5.13-3.10.1 bluez-debuginfo-5.13-3.10.1 bluez-debugsource-5.13-3.10.1 libbluetooth3-5.13-3.10.1 libbluetooth3-debuginfo-5.13-3.10.1 References: https://www.suse.com/security/cve/CVE-2016-7837.html https://www.suse.com/security/cve/CVE-2016-9800.html https://www.suse.com/security/cve/CVE-2016-9801.html https://www.suse.com/security/cve/CVE-2016-9804.html https://www.suse.com/security/cve/CVE-2016-9918.html https://www.suse.com/security/cve/CVE-2017-1000250.html https://bugzilla.suse.com/1013721 https://bugzilla.suse.com/1013732 https://bugzilla.suse.com/1013877 https://bugzilla.suse.com/1015173 https://bugzilla.suse.com/1026652 https://bugzilla.suse.com/1057342 From sle-security-updates at lists.suse.com Thu Feb 28 10:09:47 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 28 Feb 2019 18:09:47 +0100 (CET) Subject: SUSE-SU-2019:0511-1: important: Security update for webkit2gtk3 Message-ID: <20190228170947.198EEFDD3@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0511-1 Rating: important References: #1124937 Cross-References: CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.22.6 fixes the following issues: Security issues fixed: - CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. Other issues addressed: - Update to version 2.22.6 (bsc#1124937). - Kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fixed Web inspector magnifier under Wayland. - Fixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fixed several crashes, race conditions, and rendering issues. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-511=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-511=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-511=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-511=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-511=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-511=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-511=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-511=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-511=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-511=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-511=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-511=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-511=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 - SUSE OpenStack Cloud 7 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 - SUSE Enterprise Storage 4 (noarch): libwebkit2gtk3-lang-2.22.6-2.35.1 - SUSE Enterprise Storage 4 (x86_64): libjavascriptcoregtk-4_0-18-2.22.6-2.35.1 libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-2.35.1 libwebkit2gtk-4_0-37-2.22.6-2.35.1 libwebkit2gtk-4_0-37-debuginfo-2.22.6-2.35.1 typelib-1_0-JavaScriptCore-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2-4_0-2.22.6-2.35.1 typelib-1_0-WebKit2WebExtension-4_0-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-2.22.6-2.35.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-2.35.1 webkit2gtk3-debugsource-2.22.6-2.35.1 webkit2gtk3-devel-2.22.6-2.35.1 References: https://www.suse.com/security/cve/CVE-2019-6212.html https://www.suse.com/security/cve/CVE-2019-6215.html https://www.suse.com/security/cve/CVE-2019-6216.html https://www.suse.com/security/cve/CVE-2019-6217.html https://www.suse.com/security/cve/CVE-2019-6226.html https://www.suse.com/security/cve/CVE-2019-6227.html https://www.suse.com/security/cve/CVE-2019-6229.html https://www.suse.com/security/cve/CVE-2019-6233.html https://www.suse.com/security/cve/CVE-2019-6234.html https://bugzilla.suse.com/1124937 From sle-security-updates at lists.suse.com Thu Feb 28 10:10:23 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 28 Feb 2019 18:10:23 +0100 (CET) Subject: SUSE-SU-2019:0512-1: moderate: Security update for openssl-1_1 Message-ID: <20190228171023.AA6DAFD4B@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0512-1 Rating: moderate References: #1117951 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for openssl-1_1 fixes the following issues: - The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations (bsc#1117951) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-512=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-512=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-512=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1-2.6.1 openssl-1_1-debuginfo-1.1.1-2.6.1 openssl-1_1-debugsource-1.1.1-2.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1-2.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1-2.6.1 libopenssl1_1-debuginfo-1.1.1-2.6.1 openssl-1_1-debuginfo-1.1.1-2.6.1 openssl-1_1-debugsource-1.1.1-2.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libopenssl1_1-32bit-1.1.1-2.6.1 libopenssl1_1-debuginfo-32bit-1.1.1-2.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libopenssl1_1-1.1.1-2.6.1 libopenssl1_1-32bit-1.1.1-2.6.1 libopenssl1_1-debuginfo-1.1.1-2.6.1 libopenssl1_1-debuginfo-32bit-1.1.1-2.6.1 openssl-1_1-debuginfo-1.1.1-2.6.1 openssl-1_1-debugsource-1.1.1-2.6.1 References: https://bugzilla.suse.com/1117951