From sle-security-updates at lists.suse.com Mon Jul 1 07:11:20 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Jul 2019 15:11:20 +0200 (CEST) Subject: SUSE-SU-2019:1717-1: important: Security update for gvfs Message-ID: <20190701131120.DEE90FDCE@maintenance.suse.de> SUSE Security Update: Security update for gvfs ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1717-1 Rating: important References: #1125433 #1136981 #1136986 #1136992 #1137930 Cross-References: CVE-2019-12447 CVE-2019-12448 CVE-2019-12449 CVE-2019-12795 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for gvfs fixes the following issues: Security issues fixed: - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls (bsc#1137930). - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of setfsuid (bsc#1136986). - CVE-2019-12449: Fixed an improper handling of file's user and group ownership in daemon/gvfsbackendadmin.c (bsc#1136992). - CVE-2019-12448: Fixed race conditions in daemon/gvfsbackendadmin.c due to implementation of query_info_on_read/write at admin backend (bsc#1136981). Other issue addressed: - Drop polkit rules files that are only relevant for wheel group (bsc#1125433). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1717=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1717=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1717=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): gvfs-32bit-1.34.2.1-4.13.1 gvfs-32bit-debuginfo-1.34.2.1-4.13.1 gvfs-debugsource-1.34.2.1-4.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): gvfs-1.34.2.1-4.13.1 gvfs-backend-afc-1.34.2.1-4.13.1 gvfs-backend-afc-debuginfo-1.34.2.1-4.13.1 gvfs-backend-samba-1.34.2.1-4.13.1 gvfs-backend-samba-debuginfo-1.34.2.1-4.13.1 gvfs-backends-1.34.2.1-4.13.1 gvfs-backends-debuginfo-1.34.2.1-4.13.1 gvfs-debuginfo-1.34.2.1-4.13.1 gvfs-debugsource-1.34.2.1-4.13.1 gvfs-devel-1.34.2.1-4.13.1 gvfs-fuse-1.34.2.1-4.13.1 gvfs-fuse-debuginfo-1.34.2.1-4.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): gvfs-lang-1.34.2.1-4.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): gvfs-1.34.2.1-4.13.1 gvfs-backend-afc-1.34.2.1-4.13.1 gvfs-backend-afc-debuginfo-1.34.2.1-4.13.1 gvfs-backend-samba-1.34.2.1-4.13.1 gvfs-backend-samba-debuginfo-1.34.2.1-4.13.1 gvfs-backends-1.34.2.1-4.13.1 gvfs-backends-debuginfo-1.34.2.1-4.13.1 gvfs-debuginfo-1.34.2.1-4.13.1 gvfs-debugsource-1.34.2.1-4.13.1 gvfs-devel-1.34.2.1-4.13.1 gvfs-fuse-1.34.2.1-4.13.1 gvfs-fuse-debuginfo-1.34.2.1-4.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): gvfs-lang-1.34.2.1-4.13.1 References: https://www.suse.com/security/cve/CVE-2019-12447.html https://www.suse.com/security/cve/CVE-2019-12448.html https://www.suse.com/security/cve/CVE-2019-12449.html https://www.suse.com/security/cve/CVE-2019-12795.html https://bugzilla.suse.com/1125433 https://bugzilla.suse.com/1136981 https://bugzilla.suse.com/1136986 https://bugzilla.suse.com/1136992 https://bugzilla.suse.com/1137930 From sle-security-updates at lists.suse.com Mon Jul 1 10:11:44 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Jul 2019 18:11:44 +0200 (CEST) Subject: SUSE-SU-2019:1211-2: important: Security update for java-1_8_0-openjdk Message-ID: <20190701161144.13687FDCE@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1211-2 Rating: important References: #1132728 #1132729 #1132732 #1133135 Cross-References: CVE-2018-3639 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE Non-Security issue fixed: - Disable LTO (bsc#1133135). - Added Japanese new era name. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1211=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1211=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-accessibility-1.8.0.212-3.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-3.19.1 java-1_8_0-openjdk-debugsource-1.8.0.212-3.19.1 java-1_8_0-openjdk-src-1.8.0.212-3.19.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.212-3.19.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.212-3.19.1 java-1_8_0-openjdk-debuginfo-1.8.0.212-3.19.1 java-1_8_0-openjdk-debugsource-1.8.0.212-3.19.1 java-1_8_0-openjdk-demo-1.8.0.212-3.19.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.212-3.19.1 java-1_8_0-openjdk-devel-1.8.0.212-3.19.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.212-3.19.1 java-1_8_0-openjdk-headless-1.8.0.212-3.19.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.212-3.19.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2019-2602.html https://www.suse.com/security/cve/CVE-2019-2684.html https://www.suse.com/security/cve/CVE-2019-2698.html https://bugzilla.suse.com/1132728 https://bugzilla.suse.com/1132729 https://bugzilla.suse.com/1132732 https://bugzilla.suse.com/1133135 From sle-security-updates at lists.suse.com Mon Jul 1 10:13:27 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Jul 2019 18:13:27 +0200 (CEST) Subject: SUSE-SU-2019:1351-2: important: Security update for gnutls Message-ID: <20190701161327.71E11FDCE@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1351-2 Rating: important References: #1118087 #1134856 Cross-References: CVE-2018-16868 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gnutls fixes the following issues: Security issue fixed: - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: - Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1351=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1351=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): gnutls-debuginfo-3.6.7-6.11.1 gnutls-debugsource-3.6.7-6.11.1 gnutls-guile-3.6.7-6.11.1 gnutls-guile-debuginfo-3.6.7-6.11.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libgnutls-devel-32bit-3.6.7-6.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-6.11.1 gnutls-debuginfo-3.6.7-6.11.1 gnutls-debugsource-3.6.7-6.11.1 libgnutls-devel-3.6.7-6.11.1 libgnutls30-3.6.7-6.11.1 libgnutls30-debuginfo-3.6.7-6.11.1 libgnutlsxx-devel-3.6.7-6.11.1 libgnutlsxx28-3.6.7-6.11.1 libgnutlsxx28-debuginfo-3.6.7-6.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libgnutls30-32bit-3.6.7-6.11.1 libgnutls30-32bit-debuginfo-3.6.7-6.11.1 References: https://www.suse.com/security/cve/CVE-2018-16868.html https://bugzilla.suse.com/1118087 https://bugzilla.suse.com/1134856 From sle-security-updates at lists.suse.com Mon Jul 1 10:15:52 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Jul 2019 18:15:52 +0200 (CEST) Subject: SUSE-SU-2019:1221-2: moderate: Security update for libxslt Message-ID: <20190701161552.DB22AFEA9@maintenance.suse.de> SUSE Security Update: Security update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1221-2 Rating: moderate References: #1132160 Cross-References: CVE-2019-11068 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxslt fixes the following issues: Security issue fixed: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1221=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1221=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libxslt-python-1.1.32-3.3.1 libxslt-python-debuginfo-1.1.32-3.3.1 libxslt-python-debugsource-1.1.32-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libxslt-debugsource-1.1.32-3.3.1 libxslt-devel-32bit-1.1.32-3.3.1 libxslt1-32bit-1.1.32-3.3.1 libxslt1-32bit-debuginfo-1.1.32-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.32-3.3.1 libxslt-devel-1.1.32-3.3.1 libxslt-tools-1.1.32-3.3.1 libxslt-tools-debuginfo-1.1.32-3.3.1 libxslt1-1.1.32-3.3.1 libxslt1-debuginfo-1.1.32-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-11068.html https://bugzilla.suse.com/1132160 From sle-security-updates at lists.suse.com Mon Jul 1 10:16:33 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Jul 2019 18:16:33 +0200 (CEST) Subject: SUSE-SU-2019:1357-2: important: Security update for curl Message-ID: <20190701161633.8EAD8FDCE@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1357-2 Rating: important References: #1135170 Cross-References: CVE-2019-5436 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1357=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1357=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): curl-mini-7.60.0-3.20.1 curl-mini-debuginfo-7.60.0-3.20.1 curl-mini-debugsource-7.60.0-3.20.1 libcurl-mini-devel-7.60.0-3.20.1 libcurl4-mini-7.60.0-3.20.1 libcurl4-mini-debuginfo-7.60.0-3.20.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): curl-debugsource-7.60.0-3.20.1 libcurl-devel-32bit-7.60.0-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.20.1 curl-debuginfo-7.60.0-3.20.1 curl-debugsource-7.60.0-3.20.1 libcurl-devel-7.60.0-3.20.1 libcurl4-7.60.0-3.20.1 libcurl4-debuginfo-7.60.0-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcurl4-32bit-7.60.0-3.20.1 libcurl4-32bit-debuginfo-7.60.0-3.20.1 References: https://www.suse.com/security/cve/CVE-2019-5436.html https://bugzilla.suse.com/1135170 From sle-security-updates at lists.suse.com Mon Jul 1 10:17:16 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Jul 2019 18:17:16 +0200 (CEST) Subject: SUSE-SU-2019:1207-2: important: Security update for 389-ds Message-ID: <20190701161716.3ACB7FDCE@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1207-2 Rating: important References: #1076530 #1096368 #1105606 #1106699 Cross-References: CVE-2017-15134 CVE-2017-15135 CVE-2018-10850 CVE-2018-10935 CVE-2018-14624 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for 389-ds fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10850: Fixed a race condition on reference counter that would lead to a denial of service using persistent search (bsc#1096368) - CVE-2017-15134: Fixed a remote denial of service via search filters in slapi_filter_sprintf in slapd/util.c (bsc#1076530) - CVE-2017-15135: Fixed authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (bsc#1076530) - CVE-2018-10935: Fixed an issue that allowed users to cause a crash via ldapsearch with server side sorts (bsc#1105606) - CVE-2018-14624: The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(), allowing an attacker to send a flood of modifications to a very large DN, which could have caused slapd to crash (bsc#1106699). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1207=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1207=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.0.3-4.7.52 389-ds-debuginfo-1.4.0.3-4.7.52 389-ds-debugsource-1.4.0.3-4.7.52 389-ds-devel-1.4.0.3-4.7.52 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): 389-ds-debuginfo-1.4.0.3-4.7.52 389-ds-debugsource-1.4.0.3-4.7.52 389-ds-snmp-1.4.0.3-4.7.52 389-ds-snmp-debuginfo-1.4.0.3-4.7.52 References: https://www.suse.com/security/cve/CVE-2017-15134.html https://www.suse.com/security/cve/CVE-2017-15135.html https://www.suse.com/security/cve/CVE-2018-10850.html https://www.suse.com/security/cve/CVE-2018-10935.html https://www.suse.com/security/cve/CVE-2018-14624.html https://bugzilla.suse.com/1076530 https://bugzilla.suse.com/1096368 https://bugzilla.suse.com/1105606 https://bugzilla.suse.com/1106699 From sle-security-updates at lists.suse.com Tue Jul 2 07:11:16 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Jul 2019 15:11:16 +0200 (CEST) Subject: SUSE-SU-2019:1721-1: moderate: Security update for dnsmasq Message-ID: <20190702131116.01D60FDCE@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1721-1 Rating: moderate References: #1054429 #1076958 Cross-References: CVE-2017-15107 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance. (bsc#1076958) Non-security issue fixed: - Reload system dbus to pick up policy change on install (bsc#1054429). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1721=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1721=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1721=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1721=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1721=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1721=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1721=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1721=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 dnsmasq-utils-2.78-18.6.1 dnsmasq-utils-debuginfo-2.78-18.6.1 - SUSE OpenStack Cloud 8 (x86_64): dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 dnsmasq-utils-2.78-18.6.1 dnsmasq-utils-debuginfo-2.78-18.6.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 dnsmasq-utils-2.78-18.6.1 dnsmasq-utils-debuginfo-2.78-18.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.6.1 dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.6.1 dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dnsmasq-2.78-18.6.1 dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): dnsmasq-2.78-18.6.1 dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 - HPE Helion Openstack 8 (x86_64): dnsmasq-debuginfo-2.78-18.6.1 dnsmasq-debugsource-2.78-18.6.1 dnsmasq-utils-2.78-18.6.1 dnsmasq-utils-debuginfo-2.78-18.6.1 References: https://www.suse.com/security/cve/CVE-2017-15107.html https://bugzilla.suse.com/1054429 https://bugzilla.suse.com/1076958 From sle-security-updates at lists.suse.com Tue Jul 2 07:12:54 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Jul 2019 15:12:54 +0200 (CEST) Subject: SUSE-SU-2019:1266-2: moderate: Security update for evolution Message-ID: <20190702131254.66ABDFDCE@maintenance.suse.de> SUSE Security Update: Security update for evolution ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1266-2 Rating: moderate References: #1125230 Cross-References: CVE-2018-15587 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for evolution fixes the following issues: Security issue fixed: - CVE-2018-15587: Fixed an issue with spoofed pgp signatures by using specially crafted emails (bsc#1125230). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1266=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1266=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): evolution-lang-3.26.6-4.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): evolution-3.26.6-4.3.1 evolution-debuginfo-3.26.6-4.3.1 evolution-debugsource-3.26.6-4.3.1 evolution-devel-3.26.6-4.3.1 evolution-plugin-bogofilter-3.26.6-4.3.1 evolution-plugin-bogofilter-debuginfo-3.26.6-4.3.1 evolution-plugin-pst-import-3.26.6-4.3.1 evolution-plugin-pst-import-debuginfo-3.26.6-4.3.1 evolution-plugin-spamassassin-3.26.6-4.3.1 evolution-plugin-spamassassin-debuginfo-3.26.6-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): evolution-debuginfo-3.26.6-4.3.1 evolution-debugsource-3.26.6-4.3.1 glade-catalog-evolution-3.26.6-4.3.1 glade-catalog-evolution-debuginfo-3.26.6-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-15587.html https://bugzilla.suse.com/1125230 From sle-security-updates at lists.suse.com Tue Jul 2 07:14:25 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Jul 2019 15:14:25 +0200 (CEST) Subject: SUSE-SU-2019:1722-1: important: Security update for glib2 Message-ID: <20190702131425.9839CFDCE@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1722-1 Rating: important References: #1061599 #1107116 #1107121 #1137001 Cross-References: CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for glib2 provides the following fix: Security issues fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). - CVE-2018-16428: Avoid a null pointer dereference that could crash glib2 users in markup processing (bnc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issues fixed: - Install dummy *-mimeapps.list files to prevent dead symlinks. (bsc#1061599) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1722=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2019-1722=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1722=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1722=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1722=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1722=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1722=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1722=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1722=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1722=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1722=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1722=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1722=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1722=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1722=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1722=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1722=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1722=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE OpenStack Cloud 7 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): glib2-debugsource-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): glib2-debugsource-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): glib2-debugsource-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-devel-2.48.2-12.12.2 glib2-devel-debuginfo-2.48.2-12.12.2 glib2-devel-static-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-devel-2.48.2-12.12.2 glib2-devel-debuginfo-2.48.2-12.12.2 glib2-devel-static-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-devel-2.48.2-12.12.2 glib2-devel-debuginfo-2.48.2-12.12.2 glib2-devel-static-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgio-fam-2.48.2-12.12.2 libgio-fam-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Enterprise Storage 4 (noarch): glib2-lang-2.48.2-12.12.2 - SUSE Enterprise Storage 4 (x86_64): glib2-debugsource-2.48.2-12.12.2 glib2-tools-2.48.2-12.12.2 glib2-tools-debuginfo-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-32bit-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libgio-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-32bit-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-32bit-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-32bit-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.12.2 libgthread-2_0-0-2.48.2-12.12.2 libgthread-2_0-0-32bit-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-2.48.2-12.12.2 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.12.2 - SUSE CaaS Platform 3.0 (noarch): gio-branding-upstream-2.48.2-12.12.2 - SUSE CaaS Platform 3.0 (x86_64): glib2-debugsource-2.48.2-12.12.2 libgio-2_0-0-2.48.2-12.12.2 libgio-2_0-0-debuginfo-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 libgmodule-2_0-0-2.48.2-12.12.2 libgmodule-2_0-0-debuginfo-2.48.2-12.12.2 libgobject-2_0-0-2.48.2-12.12.2 libgobject-2_0-0-debuginfo-2.48.2-12.12.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): glib2-debugsource-2.48.2-12.12.2 libglib-2_0-0-2.48.2-12.12.2 libglib-2_0-0-debuginfo-2.48.2-12.12.2 References: https://www.suse.com/security/cve/CVE-2018-16428.html https://www.suse.com/security/cve/CVE-2018-16429.html https://www.suse.com/security/cve/CVE-2019-12450.html https://bugzilla.suse.com/1061599 https://bugzilla.suse.com/1107116 https://bugzilla.suse.com/1107121 https://bugzilla.suse.com/1137001 From sle-security-updates at lists.suse.com Tue Jul 2 07:15:33 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Jul 2019 15:15:33 +0200 (CEST) Subject: SUSE-SU-2019:14111-1: important: Security update for dbus-1 Message-ID: <20190702131533.CA2EBFDCE@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14111-1 Rating: important References: #1137832 Cross-References: CVE-2019-12749 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-dbus-1-14111=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-dbus-1-14111=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dbus-1-14111=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-dbus-1-14111=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): dbus-1-1.2.10-3.34.8.1 dbus-1-x11-1.2.10-3.34.8.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): dbus-1-32bit-1.2.10-3.34.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): dbus-1-1.2.10-3.34.8.1 dbus-1-x11-1.2.10-3.34.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): dbus-1-debuginfo-1.2.10-3.34.8.1 dbus-1-debugsource-1.2.10-3.34.8.1 dbus-1-x11-debuginfo-1.2.10-3.34.8.1 dbus-1-x11-debugsource-1.2.10-3.34.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): dbus-1-debuginfo-1.2.10-3.34.8.1 dbus-1-debugsource-1.2.10-3.34.8.1 dbus-1-x11-debuginfo-1.2.10-3.34.8.1 dbus-1-x11-debugsource-1.2.10-3.34.8.1 References: https://www.suse.com/security/cve/CVE-2019-12749.html https://bugzilla.suse.com/1137832 From sle-security-updates at lists.suse.com Tue Jul 2 07:16:13 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Jul 2019 15:16:13 +0200 (CEST) Subject: SUSE-SU-2019:1220-2: moderate: Security update for cf-cli Message-ID: <20190702131613.E7359FDCE@maintenance.suse.de> SUSE Security Update: Security update for cf-cli ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1220-2 Rating: moderate References: #1132242 Cross-References: CVE-2019-3781 Affected Products: SUSE Linux Enterprise Module for CAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cf-cli fixes the following issues: cf-cli was updated: to version 6.43.0 (bsc#1132242) Enhancements : - `cf curl` supports a new `--fail` flag (primarily for scripting purposes) which returns exit code `22` for server errors [story](https://www.pivotaltracker.com/story/show/130060949) - Improves `cf delete-orphaned-routes` such that it uses a different endpoint, reducing the chance of a race condition when two users are simultaneously deleting orphaned routes and associating routes with applications [story](https://www.pivotaltracker.com/story/show/163156064) - we've improved the speed of cf services - it now hits a single endpoint instead of making individual API calls Security: - CVE-2019-3781: CF CLI does not sanitize user???s password in verbose/trace/debug. - Fixes issue with running cf login in verbose mode whereby passwords which contains regex were not completely redacted - Fixes issue whilst running commands in verbose mode refresh tokens were not completely redacted Other Bug Fixes: - Updates help text for cf curlstory - Now refresh tokens work properly whilst using cf curl with V3 CC API endpoints story - Fixes performance degradation for cf services story - cf delete-service requires that you are targeting a space story - cf enable-service access for a service in an org will succeed if you have already enabled access for that service in that org story cf-cli was updated to version 6.42.0: Minor Enhancements: - updated `cf restage` help text and the first line in the command's output to indicate that using this command will cause app downtime [story](https://www.pivotaltracker.com/story/show/151841382) - updated the `cf bind-route-service` help text to clarify usage instructions [story](https://www.pivotaltracker.com/story/show/150111078) - improved an error message for `cf create-service-boker` to be more helpful when the CC API returns a `502` due to an invalid service broker catalog - upgraded to Golang 1.11.4 [story](https://www.pivotaltracker.com/story/show/162745359) - added a short name `ue` for `cf unset-env` [story](https://www.pivotaltracker.com/story/show/161632713) - updated `cf marketplace` command to include a new `broker` column to prepare for a upcoming services-related feature which will allow services to have the same name as long as they are associated with different service brokers [story](https://www.pivotaltracker.com/story/show/162699756) Bugs: - fix for `cf enable-service-access -p plan` whereby when we refactored the code in CLI `v6.41.0` it created service plan visibilities as part of a subsequent run of the command (the unrefactored code skipped creating the service plan visibilities); now the command will skip creating service plan visibilities as it did prior to the refactor [story](https://www.pivotaltracker.com/story/show/162747373) - updated the `cf rename-buildpack` help text which was missing reference to the `-s` stack flag [story](https://www.pivotaltracker.com/story/show/162428661) - updated help text for when users use `brew search cloudfoundry-cli` [story](https://www.pivotaltracker.com/story/show/161770940) - now when you run `cf service service-instance` for a route service, the route service url appears in the key value table [story](https://www.pivotaltracker.com/story/show/162498211) Update to version 6.41.0: Enhancements: - updated `cf --help` to include the `delete` command [story](https://www.pivotaltracker.com/story/show/161556511) Update to version 6.40.1: Bug Fixes: - Updates the minimum version for the buildpacks-stacks association feature. In [CLI v6.39.0](https://github.com/cloudfoundry/cli/releases/tag/v6.39.0), when the feature was released, we incorrectly set the minimum to cc api version as`2.114`. The minimum cc api version is now correctly set to [`2.112`](https://github.com/cloudfoundry/capi-release/releases/tag/1.58.0) . [story](https://www.pivotaltracker.com/story/show/161464797) - Fixes a bug with inspecting a service instance `cf service service-instance`, now the `documentation` url displays correctly for services which populate that field [story](https://www.pivotaltracker.com/story/show/161251875) Update to version 6.40.0: Bug Fixes: - Fix bug where trailing slash on cf api would break listing commands for older CC APIs story. For older versions of CC API, if the API URL had a trailing slash, some requests would fail with an "Unknown request" error. These requests are now handled properly. Update to version 6.39.0: Enhancements: - for users on cc api 3.27, cf start is enhanced to display the new cf app v3 output. For users on cc api 3.27 or lower, users will see the same v2 output. Note that if you use v3 commands to create and start your app, if you subsequently use cf stop and cf start, the routes property in cf app will not populate even though the route exists story - for users on cc api 3.27, cf restart is enhanced to display the new cf app v3 output. For users on cc api 3.27 or lower, users will see the same v2 output. story - for users on cc api 3.27, cf restage is enhanced to display the new cf app v3 output. For users on cc api 3.27 or lower, users will see the same v2 output. story - improved help text for -d domains for cf push to include examples of usage story - cf v3-scale displays additional app information story - if you've created an internal domain, and it is the first domain in cc, the CLI will now ignore the internal domain and instead choose the next non-internal domain when you push an app story Bug Fixes: - Fix for users on macOS attempting to brew install cf-cli the CF CLI using the unreleased master branch of Homebrew story - Fixes an issue whereby, due to a recent cc api change, when you execute cf push and watch the cf app command, the app display returned a 400 error story - Fixes a bug whereby if you logged in using client credentials, cf auth user pass --client credentials you were unable to create an org; now create-org will assign the role to the user id specified in your manifest story - fixes an issue introduced when we refactored cf start and as part of that work, we stopped blocking on the initial connection with the logging backend; now the CLI blocks until the NOAA connection is made, or the default dial timeout of five seconds is reached story update to version 6.38.0: Enhancements: - v3-ssh process type now defaults to web story - Support added for setting tags for user provided service instances story - Now a warning appears if you attempt to use deprecated properties and variable substitution story - Updated usage so now you can rename the cf binary use it with every command story - cf events now displays the Diego cell_id and instance guid in crash events story - Includes cf service service-instance table display improvements wherein the service instance information is now grouped separately from the binding information story - cf service service-instance table display information for user provided services changed: status has been added to the table story Bug Fixes: - the CLI now properly handles escaped commas in the X-Cf-Warnings header Update to version 6.37.0: Enhancements - The api/cloudcontroller/ccv2 package has been updated with more functions #1343 - Now a warning appears if you are using a API version older than 2.69.0, which is no longer officially supported - Now the CLI reads the username and password from the environment variables #1358 Bug Fixes: - Fixes bug whereby X-Cf-Warnings were not being unescaped when displayed to user #1361 - When using CF_TRACE=1, passwords are now sanitized #1375 and tracker Update to version 6.36.0: Bug Fixes: - int64 support for cf/flags library, #1333 - Debian package, #1336 - Web action flag not working on CLI 0.6.5, #1337 - When a cf push upload fails/Consul is down, a panic occurs, #1340 and #1351 update to version 6.35.2: Bug Fixes: - Providing a clearer services authorization warning message when a service has been disabled for the organization, fixing #1344 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for CAP 15-SP1: zypper in -t patch SUSE-SLE-Module-CAP-Tools-15-SP1-2019-1220=1 Package List: - SUSE Linux Enterprise Module for CAP 15-SP1 (x86_64): cf-cli-6.43.0-3.3.2 References: https://www.suse.com/security/cve/CVE-2019-3781.html https://bugzilla.suse.com/1132242 From sle-security-updates at lists.suse.com Tue Jul 2 07:12:09 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Jul 2019 15:12:09 +0200 (CEST) Subject: SUSE-SU-2019:1267-2: moderate: Security update for graphviz Message-ID: <20190702131209.E0D96FDCE@maintenance.suse.de> SUSE Security Update: Security update for graphviz ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1267-2 Rating: moderate References: #1132091 Cross-References: CVE-2019-11023 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphviz fixes the following issues: Security issue fixed: - CVE-2019-11023: Fixed a denial of service vulnerability, which was caused by a NULL pointer dereference in agroot() (bsc#1132091). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1267=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1267=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1267=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1267=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1267=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-tcl-2.40.1-6.3.2 graphviz-tcl-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-doc-2.40.1-6.3.2 graphviz-gnome-2.40.1-6.3.2 graphviz-gnome-debuginfo-2.40.1-6.3.2 graphviz-guile-2.40.1-6.3.2 graphviz-guile-debuginfo-2.40.1-6.3.2 graphviz-gvedit-2.40.1-6.3.2 graphviz-gvedit-debuginfo-2.40.1-6.3.2 graphviz-java-2.40.1-6.3.2 graphviz-java-debuginfo-2.40.1-6.3.2 graphviz-lua-2.40.1-6.3.2 graphviz-lua-debuginfo-2.40.1-6.3.2 graphviz-php-2.40.1-6.3.2 graphviz-php-debuginfo-2.40.1-6.3.2 graphviz-ruby-2.40.1-6.3.2 graphviz-ruby-debuginfo-2.40.1-6.3.2 graphviz-smyrna-2.40.1-6.3.2 graphviz-smyrna-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-perl-2.40.1-6.3.2 graphviz-perl-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-2.40.1-6.3.2 graphviz-debuginfo-2.40.1-6.3.2 graphviz-debugsource-2.40.1-6.3.2 graphviz-devel-2.40.1-6.3.2 graphviz-plugins-core-2.40.1-6.3.2 graphviz-plugins-core-debuginfo-2.40.1-6.3.2 libgraphviz6-2.40.1-6.3.2 libgraphviz6-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-gd-2.40.1-6.3.2 graphviz-gd-debuginfo-2.40.1-6.3.2 graphviz-python-2.40.1-6.3.2 graphviz-python-debuginfo-2.40.1-6.3.2 References: https://www.suse.com/security/cve/CVE-2019-11023.html https://bugzilla.suse.com/1132091 From sle-security-updates at lists.suse.com Tue Jul 2 13:12:17 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:12:17 +0200 (CEST) Subject: SUSE-SU-2019:1725-1: moderate: Security update for php7 Message-ID: <20190702191217.B5DD5F7C7@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1725-1 Rating: moderate References: #1119396 #1138172 #1138173 Cross-References: CVE-2019-11039 CVE-2019-11040 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). Other issue addressed: - Enable php7 testsuite (bsc#1119396 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1725=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1725=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-1725=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.80.2 php7-debugsource-7.0.7-50.80.2 php7-devel-7.0.7-50.80.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.80.2 php7-debugsource-7.0.7-50.80.2 php7-devel-7.0.7-50.80.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.80.2 apache2-mod_php7-debuginfo-7.0.7-50.80.2 php7-7.0.7-50.80.2 php7-bcmath-7.0.7-50.80.2 php7-bcmath-debuginfo-7.0.7-50.80.2 php7-bz2-7.0.7-50.80.2 php7-bz2-debuginfo-7.0.7-50.80.2 php7-calendar-7.0.7-50.80.2 php7-calendar-debuginfo-7.0.7-50.80.2 php7-ctype-7.0.7-50.80.2 php7-ctype-debuginfo-7.0.7-50.80.2 php7-curl-7.0.7-50.80.2 php7-curl-debuginfo-7.0.7-50.80.2 php7-dba-7.0.7-50.80.2 php7-dba-debuginfo-7.0.7-50.80.2 php7-debuginfo-7.0.7-50.80.2 php7-debugsource-7.0.7-50.80.2 php7-dom-7.0.7-50.80.2 php7-dom-debuginfo-7.0.7-50.80.2 php7-enchant-7.0.7-50.80.2 php7-enchant-debuginfo-7.0.7-50.80.2 php7-exif-7.0.7-50.80.2 php7-exif-debuginfo-7.0.7-50.80.2 php7-fastcgi-7.0.7-50.80.2 php7-fastcgi-debuginfo-7.0.7-50.80.2 php7-fileinfo-7.0.7-50.80.2 php7-fileinfo-debuginfo-7.0.7-50.80.2 php7-fpm-7.0.7-50.80.2 php7-fpm-debuginfo-7.0.7-50.80.2 php7-ftp-7.0.7-50.80.2 php7-ftp-debuginfo-7.0.7-50.80.2 php7-gd-7.0.7-50.80.2 php7-gd-debuginfo-7.0.7-50.80.2 php7-gettext-7.0.7-50.80.2 php7-gettext-debuginfo-7.0.7-50.80.2 php7-gmp-7.0.7-50.80.2 php7-gmp-debuginfo-7.0.7-50.80.2 php7-iconv-7.0.7-50.80.2 php7-iconv-debuginfo-7.0.7-50.80.2 php7-imap-7.0.7-50.80.2 php7-imap-debuginfo-7.0.7-50.80.2 php7-intl-7.0.7-50.80.2 php7-intl-debuginfo-7.0.7-50.80.2 php7-json-7.0.7-50.80.2 php7-json-debuginfo-7.0.7-50.80.2 php7-ldap-7.0.7-50.80.2 php7-ldap-debuginfo-7.0.7-50.80.2 php7-mbstring-7.0.7-50.80.2 php7-mbstring-debuginfo-7.0.7-50.80.2 php7-mcrypt-7.0.7-50.80.2 php7-mcrypt-debuginfo-7.0.7-50.80.2 php7-mysql-7.0.7-50.80.2 php7-mysql-debuginfo-7.0.7-50.80.2 php7-odbc-7.0.7-50.80.2 php7-odbc-debuginfo-7.0.7-50.80.2 php7-opcache-7.0.7-50.80.2 php7-opcache-debuginfo-7.0.7-50.80.2 php7-openssl-7.0.7-50.80.2 php7-openssl-debuginfo-7.0.7-50.80.2 php7-pcntl-7.0.7-50.80.2 php7-pcntl-debuginfo-7.0.7-50.80.2 php7-pdo-7.0.7-50.80.2 php7-pdo-debuginfo-7.0.7-50.80.2 php7-pgsql-7.0.7-50.80.2 php7-pgsql-debuginfo-7.0.7-50.80.2 php7-phar-7.0.7-50.80.2 php7-phar-debuginfo-7.0.7-50.80.2 php7-posix-7.0.7-50.80.2 php7-posix-debuginfo-7.0.7-50.80.2 php7-pspell-7.0.7-50.80.2 php7-pspell-debuginfo-7.0.7-50.80.2 php7-shmop-7.0.7-50.80.2 php7-shmop-debuginfo-7.0.7-50.80.2 php7-snmp-7.0.7-50.80.2 php7-snmp-debuginfo-7.0.7-50.80.2 php7-soap-7.0.7-50.80.2 php7-soap-debuginfo-7.0.7-50.80.2 php7-sockets-7.0.7-50.80.2 php7-sockets-debuginfo-7.0.7-50.80.2 php7-sqlite-7.0.7-50.80.2 php7-sqlite-debuginfo-7.0.7-50.80.2 php7-sysvmsg-7.0.7-50.80.2 php7-sysvmsg-debuginfo-7.0.7-50.80.2 php7-sysvsem-7.0.7-50.80.2 php7-sysvsem-debuginfo-7.0.7-50.80.2 php7-sysvshm-7.0.7-50.80.2 php7-sysvshm-debuginfo-7.0.7-50.80.2 php7-tokenizer-7.0.7-50.80.2 php7-tokenizer-debuginfo-7.0.7-50.80.2 php7-wddx-7.0.7-50.80.2 php7-wddx-debuginfo-7.0.7-50.80.2 php7-xmlreader-7.0.7-50.80.2 php7-xmlreader-debuginfo-7.0.7-50.80.2 php7-xmlrpc-7.0.7-50.80.2 php7-xmlrpc-debuginfo-7.0.7-50.80.2 php7-xmlwriter-7.0.7-50.80.2 php7-xmlwriter-debuginfo-7.0.7-50.80.2 php7-xsl-7.0.7-50.80.2 php7-xsl-debuginfo-7.0.7-50.80.2 php7-zip-7.0.7-50.80.2 php7-zip-debuginfo-7.0.7-50.80.2 php7-zlib-7.0.7-50.80.2 php7-zlib-debuginfo-7.0.7-50.80.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.80.2 php7-pear-Archive_Tar-7.0.7-50.80.2 References: https://www.suse.com/security/cve/CVE-2019-11039.html https://www.suse.com/security/cve/CVE-2019-11040.html https://bugzilla.suse.com/1119396 https://bugzilla.suse.com/1138172 https://bugzilla.suse.com/1138173 From sle-security-updates at lists.suse.com Tue Jul 2 13:13:53 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Jul 2019 21:13:53 +0200 (CEST) Subject: SUSE-SU-2019:1724-1: moderate: Security update for php72 Message-ID: <20190702191353.C4BE0F7C7@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1724-1 Rating: moderate References: #1138172 #1138173 Cross-References: CVE-2019-11039 CVE-2019-11040 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php72 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1724=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1724=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-1724=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.20.2 php72-debugsource-7.2.5-1.20.2 php72-devel-7.2.5-1.20.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.20.2 php72-debugsource-7.2.5-1.20.2 php72-devel-7.2.5-1.20.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.20.2 apache2-mod_php72-debuginfo-7.2.5-1.20.2 php72-7.2.5-1.20.2 php72-bcmath-7.2.5-1.20.2 php72-bcmath-debuginfo-7.2.5-1.20.2 php72-bz2-7.2.5-1.20.2 php72-bz2-debuginfo-7.2.5-1.20.2 php72-calendar-7.2.5-1.20.2 php72-calendar-debuginfo-7.2.5-1.20.2 php72-ctype-7.2.5-1.20.2 php72-ctype-debuginfo-7.2.5-1.20.2 php72-curl-7.2.5-1.20.2 php72-curl-debuginfo-7.2.5-1.20.2 php72-dba-7.2.5-1.20.2 php72-dba-debuginfo-7.2.5-1.20.2 php72-debuginfo-7.2.5-1.20.2 php72-debugsource-7.2.5-1.20.2 php72-dom-7.2.5-1.20.2 php72-dom-debuginfo-7.2.5-1.20.2 php72-enchant-7.2.5-1.20.2 php72-enchant-debuginfo-7.2.5-1.20.2 php72-exif-7.2.5-1.20.2 php72-exif-debuginfo-7.2.5-1.20.2 php72-fastcgi-7.2.5-1.20.2 php72-fastcgi-debuginfo-7.2.5-1.20.2 php72-fileinfo-7.2.5-1.20.2 php72-fileinfo-debuginfo-7.2.5-1.20.2 php72-fpm-7.2.5-1.20.2 php72-fpm-debuginfo-7.2.5-1.20.2 php72-ftp-7.2.5-1.20.2 php72-ftp-debuginfo-7.2.5-1.20.2 php72-gd-7.2.5-1.20.2 php72-gd-debuginfo-7.2.5-1.20.2 php72-gettext-7.2.5-1.20.2 php72-gettext-debuginfo-7.2.5-1.20.2 php72-gmp-7.2.5-1.20.2 php72-gmp-debuginfo-7.2.5-1.20.2 php72-iconv-7.2.5-1.20.2 php72-iconv-debuginfo-7.2.5-1.20.2 php72-imap-7.2.5-1.20.2 php72-imap-debuginfo-7.2.5-1.20.2 php72-intl-7.2.5-1.20.2 php72-intl-debuginfo-7.2.5-1.20.2 php72-json-7.2.5-1.20.2 php72-json-debuginfo-7.2.5-1.20.2 php72-ldap-7.2.5-1.20.2 php72-ldap-debuginfo-7.2.5-1.20.2 php72-mbstring-7.2.5-1.20.2 php72-mbstring-debuginfo-7.2.5-1.20.2 php72-mysql-7.2.5-1.20.2 php72-mysql-debuginfo-7.2.5-1.20.2 php72-odbc-7.2.5-1.20.2 php72-odbc-debuginfo-7.2.5-1.20.2 php72-opcache-7.2.5-1.20.2 php72-opcache-debuginfo-7.2.5-1.20.2 php72-openssl-7.2.5-1.20.2 php72-openssl-debuginfo-7.2.5-1.20.2 php72-pcntl-7.2.5-1.20.2 php72-pcntl-debuginfo-7.2.5-1.20.2 php72-pdo-7.2.5-1.20.2 php72-pdo-debuginfo-7.2.5-1.20.2 php72-pgsql-7.2.5-1.20.2 php72-pgsql-debuginfo-7.2.5-1.20.2 php72-phar-7.2.5-1.20.2 php72-phar-debuginfo-7.2.5-1.20.2 php72-posix-7.2.5-1.20.2 php72-posix-debuginfo-7.2.5-1.20.2 php72-pspell-7.2.5-1.20.2 php72-pspell-debuginfo-7.2.5-1.20.2 php72-readline-7.2.5-1.20.2 php72-readline-debuginfo-7.2.5-1.20.2 php72-shmop-7.2.5-1.20.2 php72-shmop-debuginfo-7.2.5-1.20.2 php72-snmp-7.2.5-1.20.2 php72-snmp-debuginfo-7.2.5-1.20.2 php72-soap-7.2.5-1.20.2 php72-soap-debuginfo-7.2.5-1.20.2 php72-sockets-7.2.5-1.20.2 php72-sockets-debuginfo-7.2.5-1.20.2 php72-sqlite-7.2.5-1.20.2 php72-sqlite-debuginfo-7.2.5-1.20.2 php72-sysvmsg-7.2.5-1.20.2 php72-sysvmsg-debuginfo-7.2.5-1.20.2 php72-sysvsem-7.2.5-1.20.2 php72-sysvsem-debuginfo-7.2.5-1.20.2 php72-sysvshm-7.2.5-1.20.2 php72-sysvshm-debuginfo-7.2.5-1.20.2 php72-tidy-7.2.5-1.20.2 php72-tidy-debuginfo-7.2.5-1.20.2 php72-tokenizer-7.2.5-1.20.2 php72-tokenizer-debuginfo-7.2.5-1.20.2 php72-wddx-7.2.5-1.20.2 php72-wddx-debuginfo-7.2.5-1.20.2 php72-xmlreader-7.2.5-1.20.2 php72-xmlreader-debuginfo-7.2.5-1.20.2 php72-xmlrpc-7.2.5-1.20.2 php72-xmlrpc-debuginfo-7.2.5-1.20.2 php72-xmlwriter-7.2.5-1.20.2 php72-xmlwriter-debuginfo-7.2.5-1.20.2 php72-xsl-7.2.5-1.20.2 php72-xsl-debuginfo-7.2.5-1.20.2 php72-zip-7.2.5-1.20.2 php72-zip-debuginfo-7.2.5-1.20.2 php72-zlib-7.2.5-1.20.2 php72-zlib-debuginfo-7.2.5-1.20.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.20.2 php72-pear-Archive_Tar-7.2.5-1.20.2 References: https://www.suse.com/security/cve/CVE-2019-11039.html https://www.suse.com/security/cve/CVE-2019-11040.html https://bugzilla.suse.com/1138172 https://bugzilla.suse.com/1138173 From sle-security-updates at lists.suse.com Tue Jul 2 16:11:03 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Jul 2019 00:11:03 +0200 (CEST) Subject: SUSE-SU-2019:1374-2: Security update for taglib Message-ID: <20190702221103.6F029F7C7@maintenance.suse.de> SUSE Security Update: Security update for taglib ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1374-2 Rating: low References: #1096180 Cross-References: CVE-2018-11439 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for taglib fixes the following issues: - CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file (bsc#1096180) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1374=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1374=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1374=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): taglib-1.11.1-4.3.62 taglib-debuginfo-1.11.1-4.3.62 taglib-debugsource-1.11.1-4.3.62 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libtag1-32bit-1.11.1-4.3.62 libtag1-32bit-debuginfo-1.11.1-4.3.62 libtag_c0-32bit-1.11.1-4.3.62 libtag_c0-32bit-debuginfo-1.11.1-4.3.62 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libtag-devel-1.11.1-4.3.62 libtag_c0-1.11.1-4.3.62 libtag_c0-debuginfo-1.11.1-4.3.62 taglib-debuginfo-1.11.1-4.3.62 taglib-debugsource-1.11.1-4.3.62 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libtag1-1.11.1-4.3.62 libtag1-debuginfo-1.11.1-4.3.62 taglib-debuginfo-1.11.1-4.3.62 taglib-debugsource-1.11.1-4.3.62 References: https://www.suse.com/security/cve/CVE-2018-11439.html https://bugzilla.suse.com/1096180 From sle-security-updates at lists.suse.com Wed Jul 3 07:11:02 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Jul 2019 15:11:02 +0200 (CEST) Subject: SUSE-SU-2019:1731-1: moderate: Security update for python-Twisted Message-ID: <20190703131102.F36BCF7C7@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1731-1 Rating: moderate References: #1137825 Cross-References: CVE-2019-12387 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issue: Security issue fixed: - CVE-2019-12387: Fixed an improper sanitization of URIs or HTTP which could have allowed attackers to perfrom CRLF attacks (bsc#1137825). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1731=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1731=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-17.9.0-3.3.4 python-Twisted-debugsource-17.9.0-3.3.4 python-Twisted-doc-17.9.0-3.3.4 python2-Twisted-17.9.0-3.3.4 python2-Twisted-debuginfo-17.9.0-3.3.4 python3-Twisted-17.9.0-3.3.4 python3-Twisted-debuginfo-17.9.0-3.3.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-17.9.0-3.3.4 python-Twisted-debugsource-17.9.0-3.3.4 python-Twisted-doc-17.9.0-3.3.4 python2-Twisted-17.9.0-3.3.4 python2-Twisted-debuginfo-17.9.0-3.3.4 python3-Twisted-17.9.0-3.3.4 python3-Twisted-debuginfo-17.9.0-3.3.4 References: https://www.suse.com/security/cve/CVE-2019-12387.html https://bugzilla.suse.com/1137825 From sle-security-updates at lists.suse.com Wed Jul 3 07:11:42 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Jul 2019 15:11:42 +0200 (CEST) Subject: SUSE-SU-2019:1290-2: moderate: Security update for nmap Message-ID: <20190703131142.F0E28F7C7@maintenance.suse.de> SUSE Security Update: Security update for nmap ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1290-2 Rating: moderate References: #1104139 #1133512 Cross-References: CVE-2018-15173 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for nmap fixes the following issues: Security issue fixed: - CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service (bsc#1104139). Non-security issue fixed: - Add missing runtime dependency python-xml which prevented zenmap from starting (bsc#1133512). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1290=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1290=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ncat-7.70-3.5.1 ncat-debuginfo-7.70-3.5.1 ndiff-7.70-3.5.1 nmap-debuginfo-7.70-3.5.1 nmap-debugsource-7.70-3.5.1 nping-7.70-3.5.1 nping-debuginfo-7.70-3.5.1 zenmap-7.70-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): nmap-7.70-3.5.1 nmap-debuginfo-7.70-3.5.1 nmap-debugsource-7.70-3.5.1 References: https://www.suse.com/security/cve/CVE-2018-15173.html https://bugzilla.suse.com/1104139 https://bugzilla.suse.com/1133512 From sle-security-updates at lists.suse.com Wed Jul 3 07:12:30 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Jul 2019 15:12:30 +0200 (CEST) Subject: SUSE-SU-2019:1206-2: Security update for bzip2 Message-ID: <20190703131230.70B44F7C7@maintenance.suse.de> SUSE Security Update: Security update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1206-2 Rating: low References: #985657 Cross-References: CVE-2016-3189 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1206=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1206=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): bzip2-debugsource-1.0.6-5.3.1 libbz2-devel-32bit-1.0.6-5.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): bzip2-doc-1.0.6-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-5.3.1 bzip2-debuginfo-1.0.6-5.3.1 bzip2-debugsource-1.0.6-5.3.1 libbz2-1-1.0.6-5.3.1 libbz2-1-debuginfo-1.0.6-5.3.1 libbz2-devel-1.0.6-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libbz2-1-32bit-1.0.6-5.3.1 libbz2-1-32bit-debuginfo-1.0.6-5.3.1 References: https://www.suse.com/security/cve/CVE-2016-3189.html https://bugzilla.suse.com/985657 From sle-security-updates at lists.suse.com Wed Jul 3 07:13:11 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Jul 2019 15:13:11 +0200 (CEST) Subject: SUSE-SU-2019:1372-2: moderate: Security update for libtasn1 Message-ID: <20190703131311.EFC76F7C7@maintenance.suse.de> SUSE Security Update: Security update for libtasn1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1372-2 Rating: moderate References: #1105435 Cross-References: CVE-2018-1000654 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1372=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1372=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libtasn1-debugsource-4.13-4.5.1 libtasn1-devel-32bit-4.13-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libtasn1-4.13-4.5.1 libtasn1-6-4.13-4.5.1 libtasn1-6-debuginfo-4.13-4.5.1 libtasn1-debuginfo-4.13-4.5.1 libtasn1-debugsource-4.13-4.5.1 libtasn1-devel-4.13-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libtasn1-6-32bit-4.13-4.5.1 libtasn1-6-32bit-debuginfo-4.13-4.5.1 References: https://www.suse.com/security/cve/CVE-2018-1000654.html https://bugzilla.suse.com/1105435 From sle-security-updates at lists.suse.com Wed Jul 3 07:14:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Jul 2019 15:14:31 +0200 (CEST) Subject: SUSE-SU-2019:1389-2: Security update for cronie Message-ID: <20190703131431.F1DB0F7C7@maintenance.suse.de> SUSE Security Update: Security update for cronie ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1389-2 Rating: low References: #1128935 #1128937 #1130746 #1133100 Cross-References: CVE-2019-9704 CVE-2019-9705 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for cronie fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the daemon (bsc#1128937). - CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935). Bug fixes: - Manual start of cron is possible even when it's already started using systemd (bsc#1133100). - Cron schedules only one job of crontab (bsc#1130746). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1389=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1389=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): cronie-anacron-1.5.1-6.7.1 cronie-anacron-debuginfo-1.5.1-6.7.1 cronie-debuginfo-1.5.1-6.7.1 cronie-debugsource-1.5.1-6.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cron-4.2-6.7.1 cronie-1.5.1-6.7.1 cronie-debuginfo-1.5.1-6.7.1 cronie-debugsource-1.5.1-6.7.1 References: https://www.suse.com/security/cve/CVE-2019-9704.html https://www.suse.com/security/cve/CVE-2019-9705.html https://bugzilla.suse.com/1128935 https://bugzilla.suse.com/1128937 https://bugzilla.suse.com/1130746 https://bugzilla.suse.com/1133100 From sle-security-updates at lists.suse.com Wed Jul 3 10:12:25 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Jul 2019 18:12:25 +0200 (CEST) Subject: SUSE-SU-2019:1733-1: Security update for elfutils Message-ID: <20190703161225.E4A6AF7C7@maintenance.suse.de> SUSE Security Update: Security update for elfutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1733-1 Rating: low References: #1030472 #1030476 #1033084 #1033085 #1033087 #1033088 #1033089 #1033090 #1106390 #1107067 #1111973 #1112723 #1112726 #1123685 #1125007 Cross-References: CVE-2016-10254 CVE-2016-10255 CVE-2017-7607 CVE-2017-7608 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for elfutils fixes the following issues: Security issues fixed: - CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067). - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472). - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007). - CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476). - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files to be read (bsc#1123685). - CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390). - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088). - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090). - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084). - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085). - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087). - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723). - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089). - CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973). - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1733=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1733=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1733=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1733=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1733=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1733=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1733=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm-devel-0.158-7.7.2 libdw-devel-0.158-7.7.2 libebl-devel-0.158-7.7.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm-devel-0.158-7.7.2 libdw-devel-0.158-7.7.2 libebl-devel-0.158-7.7.2 libelf-devel-0.158-7.7.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): elfutils-0.158-7.7.2 elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm1-0.158-7.7.2 libasm1-debuginfo-0.158-7.7.2 libdw1-0.158-7.7.2 libdw1-debuginfo-0.158-7.7.2 libebl1-0.158-7.7.2 libebl1-debuginfo-0.158-7.7.2 libelf-devel-0.158-7.7.2 libelf1-0.158-7.7.2 libelf1-debuginfo-0.158-7.7.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libasm1-32bit-0.158-7.7.2 libasm1-debuginfo-32bit-0.158-7.7.2 libdw1-32bit-0.158-7.7.2 libdw1-debuginfo-32bit-0.158-7.7.2 libebl1-32bit-0.158-7.7.2 libebl1-debuginfo-32bit-0.158-7.7.2 libelf1-32bit-0.158-7.7.2 libelf1-debuginfo-32bit-0.158-7.7.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): elfutils-0.158-7.7.2 elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm1-0.158-7.7.2 libasm1-debuginfo-0.158-7.7.2 libdw1-0.158-7.7.2 libdw1-debuginfo-0.158-7.7.2 libebl1-0.158-7.7.2 libebl1-debuginfo-0.158-7.7.2 libelf1-0.158-7.7.2 libelf1-debuginfo-0.158-7.7.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libasm1-32bit-0.158-7.7.2 libasm1-debuginfo-32bit-0.158-7.7.2 libdw1-32bit-0.158-7.7.2 libdw1-debuginfo-32bit-0.158-7.7.2 libebl1-32bit-0.158-7.7.2 libebl1-debuginfo-32bit-0.158-7.7.2 libelf1-32bit-0.158-7.7.2 libelf1-debuginfo-32bit-0.158-7.7.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): elfutils-0.158-7.7.2 elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm1-0.158-7.7.2 libasm1-debuginfo-0.158-7.7.2 libdw1-0.158-7.7.2 libdw1-32bit-0.158-7.7.2 libdw1-debuginfo-0.158-7.7.2 libdw1-debuginfo-32bit-0.158-7.7.2 libebl1-0.158-7.7.2 libebl1-32bit-0.158-7.7.2 libebl1-debuginfo-0.158-7.7.2 libebl1-debuginfo-32bit-0.158-7.7.2 libelf-devel-0.158-7.7.2 libelf1-0.158-7.7.2 libelf1-32bit-0.158-7.7.2 libelf1-debuginfo-0.158-7.7.2 libelf1-debuginfo-32bit-0.158-7.7.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): elfutils-0.158-7.7.2 elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm1-0.158-7.7.2 libasm1-debuginfo-0.158-7.7.2 libdw1-0.158-7.7.2 libdw1-32bit-0.158-7.7.2 libdw1-debuginfo-0.158-7.7.2 libdw1-debuginfo-32bit-0.158-7.7.2 libebl1-0.158-7.7.2 libebl1-32bit-0.158-7.7.2 libebl1-debuginfo-0.158-7.7.2 libebl1-debuginfo-32bit-0.158-7.7.2 libelf1-0.158-7.7.2 libelf1-32bit-0.158-7.7.2 libelf1-debuginfo-0.158-7.7.2 libelf1-debuginfo-32bit-0.158-7.7.2 - SUSE CaaS Platform 3.0 (x86_64): elfutils-0.158-7.7.2 elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm1-0.158-7.7.2 libasm1-debuginfo-0.158-7.7.2 libdw1-0.158-7.7.2 libdw1-debuginfo-0.158-7.7.2 libelf1-0.158-7.7.2 libelf1-debuginfo-0.158-7.7.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): elfutils-0.158-7.7.2 elfutils-debuginfo-0.158-7.7.2 elfutils-debugsource-0.158-7.7.2 libasm1-0.158-7.7.2 libasm1-debuginfo-0.158-7.7.2 libdw1-0.158-7.7.2 libdw1-debuginfo-0.158-7.7.2 libelf1-0.158-7.7.2 libelf1-debuginfo-0.158-7.7.2 References: https://www.suse.com/security/cve/CVE-2016-10254.html https://www.suse.com/security/cve/CVE-2016-10255.html https://www.suse.com/security/cve/CVE-2017-7607.html https://www.suse.com/security/cve/CVE-2017-7608.html https://www.suse.com/security/cve/CVE-2017-7610.html https://www.suse.com/security/cve/CVE-2017-7611.html https://www.suse.com/security/cve/CVE-2017-7612.html https://www.suse.com/security/cve/CVE-2017-7613.html https://www.suse.com/security/cve/CVE-2018-16062.html https://www.suse.com/security/cve/CVE-2018-16403.html https://www.suse.com/security/cve/CVE-2018-18310.html https://www.suse.com/security/cve/CVE-2018-18520.html https://www.suse.com/security/cve/CVE-2018-18521.html https://www.suse.com/security/cve/CVE-2019-7150.html https://www.suse.com/security/cve/CVE-2019-7665.html https://bugzilla.suse.com/1030472 https://bugzilla.suse.com/1030476 https://bugzilla.suse.com/1033084 https://bugzilla.suse.com/1033085 https://bugzilla.suse.com/1033087 https://bugzilla.suse.com/1033088 https://bugzilla.suse.com/1033089 https://bugzilla.suse.com/1033090 https://bugzilla.suse.com/1106390 https://bugzilla.suse.com/1107067 https://bugzilla.suse.com/1111973 https://bugzilla.suse.com/1112723 https://bugzilla.suse.com/1112726 https://bugzilla.suse.com/1123685 https://bugzilla.suse.com/1125007 From sle-security-updates at lists.suse.com Thu Jul 4 07:11:09 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jul 2019 15:11:09 +0200 (CEST) Subject: SUSE-SU-2019:1746-1: moderate: Security update for php5 Message-ID: <20190704131109.4694DFFBD@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1746-1 Rating: moderate References: #1137633 #1138172 #1138173 Cross-References: CVE-2015-1351 CVE-2019-11039 CVE-2019-11040 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). - CVE-2015-1351: Fixed a use after free in opcache extension (bsc#1137633). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1746=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1746=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-1746=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.63.2 php5-debugsource-5.5.14-109.63.2 php5-devel-5.5.14-109.63.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.63.2 php5-debugsource-5.5.14-109.63.2 php5-devel-5.5.14-109.63.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.63.2 apache2-mod_php5-debuginfo-5.5.14-109.63.2 php5-5.5.14-109.63.2 php5-bcmath-5.5.14-109.63.2 php5-bcmath-debuginfo-5.5.14-109.63.2 php5-bz2-5.5.14-109.63.2 php5-bz2-debuginfo-5.5.14-109.63.2 php5-calendar-5.5.14-109.63.2 php5-calendar-debuginfo-5.5.14-109.63.2 php5-ctype-5.5.14-109.63.2 php5-ctype-debuginfo-5.5.14-109.63.2 php5-curl-5.5.14-109.63.2 php5-curl-debuginfo-5.5.14-109.63.2 php5-dba-5.5.14-109.63.2 php5-dba-debuginfo-5.5.14-109.63.2 php5-debuginfo-5.5.14-109.63.2 php5-debugsource-5.5.14-109.63.2 php5-dom-5.5.14-109.63.2 php5-dom-debuginfo-5.5.14-109.63.2 php5-enchant-5.5.14-109.63.2 php5-enchant-debuginfo-5.5.14-109.63.2 php5-exif-5.5.14-109.63.2 php5-exif-debuginfo-5.5.14-109.63.2 php5-fastcgi-5.5.14-109.63.2 php5-fastcgi-debuginfo-5.5.14-109.63.2 php5-fileinfo-5.5.14-109.63.2 php5-fileinfo-debuginfo-5.5.14-109.63.2 php5-fpm-5.5.14-109.63.2 php5-fpm-debuginfo-5.5.14-109.63.2 php5-ftp-5.5.14-109.63.2 php5-ftp-debuginfo-5.5.14-109.63.2 php5-gd-5.5.14-109.63.2 php5-gd-debuginfo-5.5.14-109.63.2 php5-gettext-5.5.14-109.63.2 php5-gettext-debuginfo-5.5.14-109.63.2 php5-gmp-5.5.14-109.63.2 php5-gmp-debuginfo-5.5.14-109.63.2 php5-iconv-5.5.14-109.63.2 php5-iconv-debuginfo-5.5.14-109.63.2 php5-imap-5.5.14-109.63.2 php5-imap-debuginfo-5.5.14-109.63.2 php5-intl-5.5.14-109.63.2 php5-intl-debuginfo-5.5.14-109.63.2 php5-json-5.5.14-109.63.2 php5-json-debuginfo-5.5.14-109.63.2 php5-ldap-5.5.14-109.63.2 php5-ldap-debuginfo-5.5.14-109.63.2 php5-mbstring-5.5.14-109.63.2 php5-mbstring-debuginfo-5.5.14-109.63.2 php5-mcrypt-5.5.14-109.63.2 php5-mcrypt-debuginfo-5.5.14-109.63.2 php5-mysql-5.5.14-109.63.2 php5-mysql-debuginfo-5.5.14-109.63.2 php5-odbc-5.5.14-109.63.2 php5-odbc-debuginfo-5.5.14-109.63.2 php5-opcache-5.5.14-109.63.2 php5-opcache-debuginfo-5.5.14-109.63.2 php5-openssl-5.5.14-109.63.2 php5-openssl-debuginfo-5.5.14-109.63.2 php5-pcntl-5.5.14-109.63.2 php5-pcntl-debuginfo-5.5.14-109.63.2 php5-pdo-5.5.14-109.63.2 php5-pdo-debuginfo-5.5.14-109.63.2 php5-pgsql-5.5.14-109.63.2 php5-pgsql-debuginfo-5.5.14-109.63.2 php5-phar-5.5.14-109.63.2 php5-phar-debuginfo-5.5.14-109.63.2 php5-posix-5.5.14-109.63.2 php5-posix-debuginfo-5.5.14-109.63.2 php5-pspell-5.5.14-109.63.2 php5-pspell-debuginfo-5.5.14-109.63.2 php5-shmop-5.5.14-109.63.2 php5-shmop-debuginfo-5.5.14-109.63.2 php5-snmp-5.5.14-109.63.2 php5-snmp-debuginfo-5.5.14-109.63.2 php5-soap-5.5.14-109.63.2 php5-soap-debuginfo-5.5.14-109.63.2 php5-sockets-5.5.14-109.63.2 php5-sockets-debuginfo-5.5.14-109.63.2 php5-sqlite-5.5.14-109.63.2 php5-sqlite-debuginfo-5.5.14-109.63.2 php5-suhosin-5.5.14-109.63.2 php5-suhosin-debuginfo-5.5.14-109.63.2 php5-sysvmsg-5.5.14-109.63.2 php5-sysvmsg-debuginfo-5.5.14-109.63.2 php5-sysvsem-5.5.14-109.63.2 php5-sysvsem-debuginfo-5.5.14-109.63.2 php5-sysvshm-5.5.14-109.63.2 php5-sysvshm-debuginfo-5.5.14-109.63.2 php5-tokenizer-5.5.14-109.63.2 php5-tokenizer-debuginfo-5.5.14-109.63.2 php5-wddx-5.5.14-109.63.2 php5-wddx-debuginfo-5.5.14-109.63.2 php5-xmlreader-5.5.14-109.63.2 php5-xmlreader-debuginfo-5.5.14-109.63.2 php5-xmlrpc-5.5.14-109.63.2 php5-xmlrpc-debuginfo-5.5.14-109.63.2 php5-xmlwriter-5.5.14-109.63.2 php5-xmlwriter-debuginfo-5.5.14-109.63.2 php5-xsl-5.5.14-109.63.2 php5-xsl-debuginfo-5.5.14-109.63.2 php5-zip-5.5.14-109.63.2 php5-zip-debuginfo-5.5.14-109.63.2 php5-zlib-5.5.14-109.63.2 php5-zlib-debuginfo-5.5.14-109.63.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.63.2 References: https://www.suse.com/security/cve/CVE-2015-1351.html https://www.suse.com/security/cve/CVE-2019-11039.html https://www.suse.com/security/cve/CVE-2019-11040.html https://bugzilla.suse.com/1137633 https://bugzilla.suse.com/1138172 https://bugzilla.suse.com/1138173 From sle-security-updates at lists.suse.com Thu Jul 4 07:12:51 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jul 2019 15:12:51 +0200 (CEST) Subject: SUSE-SU-2019:1744-1: important: Security update for the Linux Kernel Message-ID: <20190704131251.91F12FFBD@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1744-1 Rating: important References: #1051510 #1071995 #1094555 #1111666 #1112374 #1114279 #1128432 #1134730 #1134738 #1135153 #1135296 #1135642 #1136156 #1136157 #1136271 #1136333 #1137103 #1137194 #1137366 #1137884 #1137985 #1138263 #1138336 #1138374 #1138375 #1138589 #1138681 #1138719 #1138732 Cross-References: CVE-2018-16871 CVE-2019-12614 CVE-2019-12817 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 26 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. This update adds support for the Hygon Dhyana CPU (fate#327735). The following security bugs were fixed: - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103). - CVE-2019-12817: On the PowerPC architecture, local attackers could access other users processes memory (bnc#1138263). The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi: Add Hygon Dhyana support (fate#327735). - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - ceph: factor out ceph_lookup_inode() (bsc#1138681). - ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681). - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681). - ceph: flush dirty inodes before proceeding with remount (bsc#1138681). - ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681). - ceph: quota: fix quota subdir mounts (bsc#1138681). - ceph: remove duplicated filelock ref increase (bsc#1138681). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - cpufreq: Add Hygon Dhyana support (fate#327735). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (fate#327735). - cpu/topology: Export die_id (jsc#SLE-5454). - Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: fix a typo in the kernel doc for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: provide devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm: add fallback override/firmware EDID modes workaround (bsc#1111666). - drm/amd/display: Use plane->color_space for dpp if specified (bsc#1111666). - drm/edid: abstract override/firmware EDID retrieval (bsc#1111666). - drm/i915: Add new AML_ULX support list (jsc#SLE-4986). - drm/i915: Add new ICL PCI ID (jsc#SLE-4986). - drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986). - drm/i915: Apply correct ddi translation table for AML device (jsc#SLE-4986). - drm/i915: Attach the pci match data to the device upon creation (jsc#SLE-4986). - drm/i915/cfl: Adding another PCI Device ID (jsc#SLE-4986). - drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986). - drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init (jsc#SLE-4986). - drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986). - drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986). - drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986). - drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy (jsc#SLE-4986). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915: Remove redundant device id from IS_IRONLAKE_M macro (jsc#SLE-4986). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/i915: Split Pineview device info into desktop and mobile (jsc#SLE-4986). - drm/i915: Split some PCI ids into separate groups (jsc#SLE-4986). - drm/i915: start moving runtime device info to a separate struct (jsc#SLE-4986). - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1111666). - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1111666). - drm/mediatek: clear num_pipes when unbind driver (bsc#1111666). - drm/mediatek: fix unbind functions (bsc#1111666). - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change (bsc#1111666). - drm/nouveau/kms/gv100-: fix spurious window immediate interlocks (bsc#1111666). - EDAC, amd64: Add Hygon Dhyana support (fate#327735). - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Do not set tool type until we're in range (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: add the "Report Valid" usage (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (FATE#327735). - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (FATE#327735). - hwmon: (k10temp) Add support for family 17h (FATE#327735). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (FATE#327735). - hwmon: (k10temp) Add support for temperature offsets (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (FATE#327735). - hwmon: (k10temp) Correct model name for Ryzen 1600X (FATE#327735). - hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735). - hwmon: (k10temp) Fix reading critical temperature register (FATE#327735). - hwmon: (k10temp) Make function get_raw_temp static (FATE#327735). - hwmon: (k10temp) Move chip specific code into probe function (FATE#327735). - hwmon: (k10temp) Only apply temperature offset if result is positive (FATE#327735). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (FATE#327735). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (FATE#327735). - hwmon: (k10temp) Use API function to access System Management Network (FATE#327735). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (FATE#327735). - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - ipv6: fib: Do not assume only nodes hold a reference on routes (bsc#1138732). - kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803 FATE#327056). - kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730 LTC#173388). - kabi: s390: enum interruption_class (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - kabi/severities: Whitelist airq_iv_* (s390-specific) - kABI workaround for asus-wmi changes (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate#323487). - new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156). - nl80211: fix station_info pertid memory leak (bsc#1051510). - {nl,mac}80211: allow 4addr AP operation on crypto controlled devices (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - PCI: Disable VF decoding before pcibios_sriov_disable() updates resources (jsc#SLE-5803). - PCI/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803 FATE#327056). - PCI/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803 FATE#327056). - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - perf tools: Add Hygon Dhyana support (fate#327735). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform_data/mlxreg: Add capability field to core platform data (bsc#1112374). - platform_data/mlxreg: additions for Mellanox watchdog driver (bsc#1112374). - platform_data/mlxreg: Document fixes for core platform data (bsc#1112374). - platform/mellanox: Add new ODM system types to mlx-platform (bsc#1112374). - platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc (bsc#1136333 jsc#SLE-4994). - platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow (bsc#1111666). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_pmc_core: Add ICL platform support (jsc#SLE-5226). - platform/x86: intel_pmc_core: Add Package cstates residency info (jsc#SLE-5226). - platform/x86: intel_pmc_core: Avoid a u32 overflow (jsc#SLE-5226). - platform/x86: intel_pmc_core: Include Reserved IP for LTR (jsc#SLE-5226). - platform/x86: intel_pmc_core: Mark local function static (jsc#SLE-5226). - platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown (jsc#SLE-5226). - platform/x86: mlx-platform: Add ASIC hotplug device configuration (bsc#1112374). - platform/x86: mlx-platform: Add definitions for new registers (bsc#1112374). - platform/x86: mlx-platform: Add extra CPLD for next generation systems (bsc#1112374). - platform/x86: mlx-platform: Add LED platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-fan platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-io platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlx-wdt platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add support for fan capability registers (bsc#1112374). - platform/x86: mlx-platform: Add support for fan direction register (bsc#1112374). - platform/x86: mlx-platform: Add support for new VMOD0007 board name (bsc#1112374). - platform/x86: mlx-platform: Add support for tachometer speed register (bsc#1112374). - platform/x86: mlx-platform: Add UID LED for the next generation systems (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for new systems (bsc#1112374). - platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems (bsc#1112374). - platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374). - platform/x86: mlx-platform: Fix access mode for fan_dir attribute (bsc#1112374). - platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() (bsc#1112374). - platform/x86: mlx-platform: Fix LED configuration (bsc#1112374). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374). - platform/x86: mlx-platform: Remove unused define (bsc#1112374). - platform/x86: mlx-platform: Rename new systems product names (bsc#1112374). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279). - RAS/CEC: Fix binary search function (bsc#1114279). - rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681). - Revert "ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops" (bsc#1051510). - Revert "HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range" (bsc#1051510). - Revert "s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589)." This broke the build with older gcc instead. - s390/airq: provide cacheline aligned ivs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/airq: recognize directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390: enable processes for mio instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/ism: move oddities of device IO to wrapper function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/pci: add parameter to disable usage of MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: add parameter to force floating irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: clarify interrupt vector usage (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: fix assignment of bus resources (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: fix struct definition for set PCI function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: gather statistics for floating vs directed irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: improve bar check (jsc#SLE-5803 FATE#327056). - s390/pci: map IOV resources (jsc#SLE-5803 FATE#327056). - s390/pci: mark command line parser data __initdata (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: move io address mapping code to pci_insn.c (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: provide support for CPU directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: provide support for MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: remove stale rc (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: remove unused define (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: skip VF scanning (jsc#SLE-5803 FATE#327056). - s390/protvirt: add memory sharing for diag 308 set/store (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/protvirt: block kernel command line alteration (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/sclp: detect DIRQ facility (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/setup: fix early warning messages (bsc#1051510). - s390: show statistics for MSI IRQs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/uv: introduce guest side ultravisor code (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: fix an uninitialized read and dereference of pointer dev (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712 bsc#1136156). - scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (bsc#1136271). - scsi: megaraid_sas: correct an info message (bsc#1136271). - scsi: megaraid_sas: driver version update (bsc#1136271). - scsi: megaraid_sas: Retry reads of outbound_intr_status reg (bsc#1136271). - scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271). - scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271). - scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (bsc#1136271). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - SMB3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994) - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (fate#327735). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tty: max310x: Fix external crystal register setup (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735). - x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735). - x86/amd_nb: Check vendor in AMD-only functions (fate#327735). - x86/apic: Add Hygon Dhyana support (fate#327735). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (fate#327735). - x86/cpu: Add Icelake model number (jsc#SLE-5226). - x86/cpu/amd: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/cpu: Create Hygon Dhyana architecture support file (fate#327735). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (fate#327735). - x86/cpu/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (fate#327735). - x86/events: Add Hygon Dhyana support to PMU infrastructure (fate#327735). - x86/kvm: Add Hygon Dhyana support to KVM (fate#327735). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (fate#327735). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (fate#327735). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (fate#327735). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (fate#327735). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/umip: Make the UMIP activated message generic (bsc#1138336). - x86/umip: Print UMIP line only once (bsc#1138336). - x86/xen: Add Hygon Dhyana support to Xen (fate#327735). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (fate#327735). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1744=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 kernel-default-livepatch-4.12.14-197.7.1 kernel-default-livepatch-devel-4.12.14-197.7.1 kernel-livepatch-4_12_14-197_7-default-1-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12817.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1134730 https://bugzilla.suse.com/1134738 https://bugzilla.suse.com/1135153 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136156 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136271 https://bugzilla.suse.com/1136333 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137366 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137985 https://bugzilla.suse.com/1138263 https://bugzilla.suse.com/1138336 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138681 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1138732 From sle-security-updates at lists.suse.com Thu Jul 4 07:17:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jul 2019 15:17:38 +0200 (CEST) Subject: SUSE-SU-2019:1744-1: important: Security update for the Linux Kernel Message-ID: <20190704131738.AD8DBFFBD@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1744-1 Rating: important References: #1051510 #1071995 #1094555 #1111666 #1112374 #1114279 #1128432 #1134730 #1134738 #1135153 #1135296 #1135642 #1136156 #1136157 #1136271 #1136333 #1137103 #1137194 #1137366 #1137884 #1137985 #1138263 #1138336 #1138374 #1138375 #1138589 #1138681 #1138719 #1138732 Cross-References: CVE-2018-16871 CVE-2019-12614 CVE-2019-12817 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 26 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. This update adds support for the Hygon Dhyana CPU (fate#327735). The following security bugs were fixed: - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103). - CVE-2019-12817: On the PowerPC architecture, local attackers could access other users processes memory (bnc#1138263). The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi: Add Hygon Dhyana support (fate#327735). - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - ceph: factor out ceph_lookup_inode() (bsc#1138681). - ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681). - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681). - ceph: flush dirty inodes before proceeding with remount (bsc#1138681). - ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681). - ceph: quota: fix quota subdir mounts (bsc#1138681). - ceph: remove duplicated filelock ref increase (bsc#1138681). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - cpufreq: Add Hygon Dhyana support (fate#327735). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (fate#327735). - cpu/topology: Export die_id (jsc#SLE-5454). - Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: fix a typo in the kernel doc for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: provide devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm: add fallback override/firmware EDID modes workaround (bsc#1111666). - drm/amd/display: Use plane->color_space for dpp if specified (bsc#1111666). - drm/edid: abstract override/firmware EDID retrieval (bsc#1111666). - drm/i915: Add new AML_ULX support list (jsc#SLE-4986). - drm/i915: Add new ICL PCI ID (jsc#SLE-4986). - drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986). - drm/i915: Apply correct ddi translation table for AML device (jsc#SLE-4986). - drm/i915: Attach the pci match data to the device upon creation (jsc#SLE-4986). - drm/i915/cfl: Adding another PCI Device ID (jsc#SLE-4986). - drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986). - drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init (jsc#SLE-4986). - drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986). - drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986). - drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986). - drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy (jsc#SLE-4986). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915: Remove redundant device id from IS_IRONLAKE_M macro (jsc#SLE-4986). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/i915: Split Pineview device info into desktop and mobile (jsc#SLE-4986). - drm/i915: Split some PCI ids into separate groups (jsc#SLE-4986). - drm/i915: start moving runtime device info to a separate struct (jsc#SLE-4986). - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1111666). - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1111666). - drm/mediatek: clear num_pipes when unbind driver (bsc#1111666). - drm/mediatek: fix unbind functions (bsc#1111666). - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change (bsc#1111666). - drm/nouveau/kms/gv100-: fix spurious window immediate interlocks (bsc#1111666). - EDAC, amd64: Add Hygon Dhyana support (fate#327735). - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Do not set tool type until we're in range (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: add the "Report Valid" usage (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (FATE#327735). - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (FATE#327735). - hwmon: (k10temp) Add support for family 17h (FATE#327735). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (FATE#327735). - hwmon: (k10temp) Add support for temperature offsets (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (FATE#327735). - hwmon: (k10temp) Correct model name for Ryzen 1600X (FATE#327735). - hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735). - hwmon: (k10temp) Fix reading critical temperature register (FATE#327735). - hwmon: (k10temp) Make function get_raw_temp static (FATE#327735). - hwmon: (k10temp) Move chip specific code into probe function (FATE#327735). - hwmon: (k10temp) Only apply temperature offset if result is positive (FATE#327735). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (FATE#327735). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (FATE#327735). - hwmon: (k10temp) Use API function to access System Management Network (FATE#327735). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (FATE#327735). - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - ipv6: fib: Do not assume only nodes hold a reference on routes (bsc#1138732). - kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803 FATE#327056). - kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730 LTC#173388). - kabi: s390: enum interruption_class (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - kabi/severities: Whitelist airq_iv_* (s390-specific) - kABI workaround for asus-wmi changes (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate#323487). - new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156). - nl80211: fix station_info pertid memory leak (bsc#1051510). - {nl,mac}80211: allow 4addr AP operation on crypto controlled devices (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - PCI: Disable VF decoding before pcibios_sriov_disable() updates resources (jsc#SLE-5803). - PCI/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803 FATE#327056). - PCI/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803 FATE#327056). - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - perf tools: Add Hygon Dhyana support (fate#327735). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform_data/mlxreg: Add capability field to core platform data (bsc#1112374). - platform_data/mlxreg: additions for Mellanox watchdog driver (bsc#1112374). - platform_data/mlxreg: Document fixes for core platform data (bsc#1112374). - platform/mellanox: Add new ODM system types to mlx-platform (bsc#1112374). - platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc (bsc#1136333 jsc#SLE-4994). - platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow (bsc#1111666). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_pmc_core: Add ICL platform support (jsc#SLE-5226). - platform/x86: intel_pmc_core: Add Package cstates residency info (jsc#SLE-5226). - platform/x86: intel_pmc_core: Avoid a u32 overflow (jsc#SLE-5226). - platform/x86: intel_pmc_core: Include Reserved IP for LTR (jsc#SLE-5226). - platform/x86: intel_pmc_core: Mark local function static (jsc#SLE-5226). - platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown (jsc#SLE-5226). - platform/x86: mlx-platform: Add ASIC hotplug device configuration (bsc#1112374). - platform/x86: mlx-platform: Add definitions for new registers (bsc#1112374). - platform/x86: mlx-platform: Add extra CPLD for next generation systems (bsc#1112374). - platform/x86: mlx-platform: Add LED platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-fan platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-io platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlx-wdt platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add support for fan capability registers (bsc#1112374). - platform/x86: mlx-platform: Add support for fan direction register (bsc#1112374). - platform/x86: mlx-platform: Add support for new VMOD0007 board name (bsc#1112374). - platform/x86: mlx-platform: Add support for tachometer speed register (bsc#1112374). - platform/x86: mlx-platform: Add UID LED for the next generation systems (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for new systems (bsc#1112374). - platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems (bsc#1112374). - platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374). - platform/x86: mlx-platform: Fix access mode for fan_dir attribute (bsc#1112374). - platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() (bsc#1112374). - platform/x86: mlx-platform: Fix LED configuration (bsc#1112374). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374). - platform/x86: mlx-platform: Remove unused define (bsc#1112374). - platform/x86: mlx-platform: Rename new systems product names (bsc#1112374). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279). - RAS/CEC: Fix binary search function (bsc#1114279). - rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681). - Revert "ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops" (bsc#1051510). - Revert "HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range" (bsc#1051510). - Revert "s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589)." This broke the build with older gcc instead. - s390/airq: provide cacheline aligned ivs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/airq: recognize directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390: enable processes for mio instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/ism: move oddities of device IO to wrapper function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/pci: add parameter to disable usage of MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: add parameter to force floating irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: clarify interrupt vector usage (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: fix assignment of bus resources (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: fix struct definition for set PCI function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: gather statistics for floating vs directed irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: improve bar check (jsc#SLE-5803 FATE#327056). - s390/pci: map IOV resources (jsc#SLE-5803 FATE#327056). - s390/pci: mark command line parser data __initdata (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: move io address mapping code to pci_insn.c (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: provide support for CPU directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: provide support for MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: remove stale rc (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: remove unused define (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: skip VF scanning (jsc#SLE-5803 FATE#327056). - s390/protvirt: add memory sharing for diag 308 set/store (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/protvirt: block kernel command line alteration (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/sclp: detect DIRQ facility (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/setup: fix early warning messages (bsc#1051510). - s390: show statistics for MSI IRQs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/uv: introduce guest side ultravisor code (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: fix an uninitialized read and dereference of pointer dev (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712 bsc#1136156). - scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (bsc#1136271). - scsi: megaraid_sas: correct an info message (bsc#1136271). - scsi: megaraid_sas: driver version update (bsc#1136271). - scsi: megaraid_sas: Retry reads of outbound_intr_status reg (bsc#1136271). - scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271). - scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271). - scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (bsc#1136271). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - SMB3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994) - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (fate#327735). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tty: max310x: Fix external crystal register setup (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735). - x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735). - x86/amd_nb: Check vendor in AMD-only functions (fate#327735). - x86/apic: Add Hygon Dhyana support (fate#327735). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (fate#327735). - x86/cpu: Add Icelake model number (jsc#SLE-5226). - x86/cpu/amd: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/cpu: Create Hygon Dhyana architecture support file (fate#327735). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (fate#327735). - x86/cpu/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (fate#327735). - x86/events: Add Hygon Dhyana support to PMU infrastructure (fate#327735). - x86/kvm: Add Hygon Dhyana support to KVM (fate#327735). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (fate#327735). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (fate#327735). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (fate#327735). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (fate#327735). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/umip: Make the UMIP activated message generic (bsc#1138336). - x86/umip: Print UMIP line only once (bsc#1138336). - x86/xen: Add Hygon Dhyana support to Xen (fate#327735). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (fate#327735). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1744=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1744=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1744=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1744=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1744=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1744=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1744=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 kernel-default-extra-4.12.14-197.7.1 kernel-default-extra-debuginfo-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 kernel-obs-qa-4.12.14-197.7.1 kernel-vanilla-4.12.14-197.7.1 kernel-vanilla-base-4.12.14-197.7.1 kernel-vanilla-base-debuginfo-4.12.14-197.7.1 kernel-vanilla-debuginfo-4.12.14-197.7.1 kernel-vanilla-debugsource-4.12.14-197.7.1 kernel-vanilla-devel-4.12.14-197.7.1 kernel-vanilla-devel-debuginfo-4.12.14-197.7.1 kernel-vanilla-livepatch-devel-4.12.14-197.7.1 kselftests-kmp-default-4.12.14-197.7.1 kselftests-kmp-default-debuginfo-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64): kernel-debug-4.12.14-197.7.1 kernel-debug-base-4.12.14-197.7.1 kernel-debug-base-debuginfo-4.12.14-197.7.1 kernel-debug-debuginfo-4.12.14-197.7.1 kernel-debug-debugsource-4.12.14-197.7.1 kernel-debug-devel-4.12.14-197.7.1 kernel-debug-devel-debuginfo-4.12.14-197.7.1 kernel-debug-livepatch-devel-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x): kernel-default-livepatch-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): dtb-al-4.12.14-197.7.1 dtb-allwinner-4.12.14-197.7.1 dtb-altera-4.12.14-197.7.1 dtb-amd-4.12.14-197.7.1 dtb-amlogic-4.12.14-197.7.1 dtb-apm-4.12.14-197.7.1 dtb-arm-4.12.14-197.7.1 dtb-broadcom-4.12.14-197.7.1 dtb-cavium-4.12.14-197.7.1 dtb-exynos-4.12.14-197.7.1 dtb-freescale-4.12.14-197.7.1 dtb-hisilicon-4.12.14-197.7.1 dtb-lg-4.12.14-197.7.1 dtb-marvell-4.12.14-197.7.1 dtb-mediatek-4.12.14-197.7.1 dtb-nvidia-4.12.14-197.7.1 dtb-qcom-4.12.14-197.7.1 dtb-renesas-4.12.14-197.7.1 dtb-rockchip-4.12.14-197.7.1 dtb-socionext-4.12.14-197.7.1 dtb-sprd-4.12.14-197.7.1 dtb-xilinx-4.12.14-197.7.1 dtb-zte-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-docs-html-4.12.14-197.7.1 kernel-source-vanilla-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): kernel-kvmsmall-4.12.14-197.7.1 kernel-kvmsmall-base-4.12.14-197.7.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.7.1 kernel-kvmsmall-debuginfo-4.12.14-197.7.1 kernel-kvmsmall-debugsource-4.12.14-197.7.1 kernel-kvmsmall-devel-4.12.14-197.7.1 kernel-kvmsmall-devel-debuginfo-4.12.14-197.7.1 kernel-kvmsmall-livepatch-devel-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): kernel-zfcpdump-debuginfo-4.12.14-197.7.1 kernel-zfcpdump-debugsource-4.12.14-197.7.1 kernel-zfcpdump-man-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 kernel-default-livepatch-4.12.14-197.7.1 kernel-default-livepatch-devel-4.12.14-197.7.1 kernel-livepatch-4_12_14-197_7-default-1-3.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 reiserfs-kmp-default-4.12.14-197.7.1 reiserfs-kmp-default-debuginfo-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.7.1 kernel-obs-build-debugsource-4.12.14-197.7.1 kernel-syms-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.7.1 kernel-source-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.7.1 kernel-default-base-4.12.14-197.7.1 kernel-default-base-debuginfo-4.12.14-197.7.1 kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 kernel-default-devel-4.12.14-197.7.1 kernel-default-devel-debuginfo-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.7.1 kernel-macros-4.12.14-197.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.7.1 kernel-zfcpdump-4.12.14-197.7.1 kernel-zfcpdump-debuginfo-4.12.14-197.7.1 kernel-zfcpdump-debugsource-4.12.14-197.7.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.7.1 cluster-md-kmp-default-debuginfo-4.12.14-197.7.1 dlm-kmp-default-4.12.14-197.7.1 dlm-kmp-default-debuginfo-4.12.14-197.7.1 gfs2-kmp-default-4.12.14-197.7.1 gfs2-kmp-default-debuginfo-4.12.14-197.7.1 kernel-default-debuginfo-4.12.14-197.7.1 kernel-default-debugsource-4.12.14-197.7.1 ocfs2-kmp-default-4.12.14-197.7.1 ocfs2-kmp-default-debuginfo-4.12.14-197.7.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12817.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1134730 https://bugzilla.suse.com/1134738 https://bugzilla.suse.com/1135153 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136156 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136271 https://bugzilla.suse.com/1136333 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137366 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137985 https://bugzilla.suse.com/1138263 https://bugzilla.suse.com/1138336 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138681 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1138732 From sle-security-updates at lists.suse.com Thu Jul 4 10:11:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jul 2019 18:11:31 +0200 (CEST) Subject: SUSE-SU-2019:0048-2: moderate: Security update for helm-mirror Message-ID: <20190704161131.8AD30FDCE@maintenance.suse.de> SUSE Security Update: Security update for helm-mirror ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0048-2 Rating: moderate References: #1116182 #1118897 #1118898 #1118899 #1120762 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for helm-mirror to version 0.2.1 fixes the following issues: Security issues fixed: - CVE-2018-16873: Fixed a remote command execution (bsc#1118897) - CVE-2018-16874: Fixed a directory traversal in "go get" via curly braces in import path (bsc#1118898) - CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899) Non-security issue fixed: - Update to v0.2.1 (bsc#1120762) - Include helm-mirror into the containers module (bsc#1116182) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2019-48=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): helm-mirror-0.2.1-1.7.1 References: https://www.suse.com/security/cve/CVE-2018-16873.html https://www.suse.com/security/cve/CVE-2018-16874.html https://www.suse.com/security/cve/CVE-2018-16875.html https://bugzilla.suse.com/1116182 https://bugzilla.suse.com/1118897 https://bugzilla.suse.com/1118898 https://bugzilla.suse.com/1118899 https://bugzilla.suse.com/1120762 From sle-security-updates at lists.suse.com Thu Jul 4 10:12:44 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jul 2019 18:12:44 +0200 (CEST) Subject: SUSE-SU-2019:14114-1: moderate: Security update for MozillaFirefox, mozilla-nss, mozilla-nspr Message-ID: <20190704161244.67196FDCE@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nss, mozilla-nspr ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14114-1 Rating: moderate References: #1137338 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update contains Mozilla Firefox 60.7ESR. It brings lots of security fixes and other improvements. It also includes new additional helper libraries to allow Firefox to run on SUSE Linux Enterprise 11. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-firefox-607esr-14114=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): MozillaFirefox-branding-SLED-60-21.6.8 firefox-at-spi2-core-2.10.2-2.6.5 firefox-at-spi2-core-lang-2.10.2-2.6.5 firefox-atk-lang-2.26.1-2.5.5 firefox-dbus-1-glib-0.76-34.2.4.5 firefox-gdk-pixbuf-lang-2.36.11-2.5.4 firefox-gdk-pixbuf-query-loaders-2.36.11-2.5.4 firefox-gdk-pixbuf-thumbnailer-2.36.11-2.5.4 firefox-gio-branding-upstream-2.54.3-2.4.3 firefox-glib2-lang-2.54.3-2.4.3 firefox-glib2-tools-2.54.3-2.4.3 firefox-gtk3-branding-upstream-3.10.9-2.8.3 firefox-gtk3-data-3.10.9-2.8.3 firefox-gtk3-immodule-amharic-3.10.9-2.8.3 firefox-gtk3-immodule-inuktitut-3.10.9-2.8.3 firefox-gtk3-immodule-multipress-3.10.9-2.8.3 firefox-gtk3-immodule-thai-3.10.9-2.8.3 firefox-gtk3-immodule-vietnamese-3.10.9-2.8.3 firefox-gtk3-immodule-xim-3.10.9-2.8.3 firefox-gtk3-immodules-tigrigna-3.10.9-2.8.3 firefox-gtk3-lang-3.10.9-2.8.3 firefox-gtk3-tools-3.10.9-2.8.3 firefox-libatk-1_0-0-2.26.1-2.5.5 firefox-libatk-bridge-2_0-0-2.10.2-2.6.5 firefox-libatspi0-2.10.2-2.6.5 firefox-libcairo-gobject2-1.15.10-2.8.7 firefox-libcairo2-1.15.10-2.8.7 firefox-libfreetype6-2.9-2.4.1 firefox-libgcc_s1-5.3.1+r233831-10.1 firefox-libgdk_pixbuf-2_0-0-2.36.11-2.5.4 firefox-libgtk-3-0-3.10.9-2.8.3 firefox-libharfbuzz0-1.7.5-2.4.5 firefox-libpango-1_0-0-1.40.14-2.4.5 firefox-libpixman-1-0-0.34.0-2.5.1 firefox-libstdc++6-5.3.1+r233831-10.1 libfirefox-gio-2_0-0-2.54.3-2.4.3 libfirefox-glib-2_0-0-2.54.3-2.4.3 libfirefox-gmodule-2_0-0-2.54.3-2.4.3 libfirefox-gobject-2_0-0-2.54.3-2.4.3 libfirefox-gthread-2_0-0-2.54.3-2.4.3 mozilla-nspr-4.20-29.3.1 mozilla-nspr-devel-4.20-29.3.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): mozilla-nspr-32bit-4.20-29.3.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 s390x x86_64): libfreebl3-3.41.1-38.6.1 libsoftokn3-3.41.1-38.6.1 mozilla-nss-3.41.1-38.6.1 mozilla-nss-certs-3.41.1-38.6.1 mozilla-nss-devel-3.41.1-38.6.1 mozilla-nss-tools-3.41.1-38.6.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.41.1-38.6.1 libsoftokn3-32bit-3.41.1-38.6.1 mozilla-nss-32bit-3.41.1-38.6.1 mozilla-nss-certs-32bit-3.41.1-38.6.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-60.7.0esr-78.40.2 MozillaFirefox-translations-common-60.7.0esr-78.40.2 MozillaFirefox-translations-other-60.7.0esr-78.40.2 References: https://bugzilla.suse.com/1137338 From sle-security-updates at lists.suse.com Thu Jul 4 13:11:04 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jul 2019 21:11:04 +0200 (CEST) Subject: SUSE-SU-2019:1750-1: moderate: Security update for libu2f-host, pam_u2f Message-ID: <20190704191104.C8D8FFDCE@maintenance.suse.de> SUSE Security Update: Security update for libu2f-host, pam_u2f ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1750-1 Rating: moderate References: #1128140 #1135727 #1135729 Cross-References: CVE-2019-12209 CVE-2019-12210 CVE-2019-9578 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues: Security issues fixed for libu2f-host: - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140). Security issues fixed for pam_u2f: - CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729). - CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1750=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1750=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1750=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1750=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libu2f-host-debuginfo-1.1.6-3.6.1 libu2f-host-debugsource-1.1.6-3.6.1 libu2f-host-doc-1.1.6-3.6.1 u2f-host-1.1.6-3.6.1 u2f-host-debuginfo-1.1.6-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libu2f-host-debuginfo-1.1.6-3.6.1 libu2f-host-debugsource-1.1.6-3.6.1 libu2f-host-doc-1.1.6-3.6.1 u2f-host-1.1.6-3.6.1 u2f-host-debuginfo-1.1.6-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libu2f-host-debuginfo-1.1.6-3.6.1 libu2f-host-debugsource-1.1.6-3.6.1 libu2f-host-devel-1.1.6-3.6.1 libu2f-host0-1.1.6-3.6.1 libu2f-host0-debuginfo-1.1.6-3.6.1 pam_u2f-1.0.8-3.3.1 pam_u2f-debuginfo-1.0.8-3.3.1 pam_u2f-debugsource-1.0.8-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libu2f-host-debuginfo-1.1.6-3.6.1 libu2f-host-debugsource-1.1.6-3.6.1 libu2f-host-devel-1.1.6-3.6.1 libu2f-host0-1.1.6-3.6.1 libu2f-host0-debuginfo-1.1.6-3.6.1 pam_u2f-1.0.8-3.3.1 pam_u2f-debuginfo-1.0.8-3.3.1 pam_u2f-debugsource-1.0.8-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-12209.html https://www.suse.com/security/cve/CVE-2019-12210.html https://www.suse.com/security/cve/CVE-2019-9578.html https://bugzilla.suse.com/1128140 https://bugzilla.suse.com/1135727 https://bugzilla.suse.com/1135729 From sle-security-updates at lists.suse.com Thu Jul 4 13:12:04 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jul 2019 21:12:04 +0200 (CEST) Subject: SUSE-SU-2019:1749-1: moderate: Security update for libu2f-host Message-ID: <20190704191204.58670FDCE@maintenance.suse.de> SUSE Security Update: Security update for libu2f-host ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1749-1 Rating: moderate References: #1124781 #1128140 #1135727 #1135729 Cross-References: CVE-2018-20340 CVE-2019-12209 CVE-2019-12210 CVE-2019-9578 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues: Security issues fixed for libu2f-host: - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140). - CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow with a custom made malicious USB device (bsc#1124781). Security issues fixed for pam_u2f: - CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729). - CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1749=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1749=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libu2f-host-debugsource-1.1.6-3.5.1 libu2f-host0-1.1.6-3.5.1 libu2f-host0-debuginfo-1.1.6-3.5.1 pam_u2f-1.0.8-3.3.1 pam_u2f-debuginfo-1.0.8-3.3.1 pam_u2f-debugsource-1.0.8-3.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libu2f-host-debugsource-1.1.6-3.5.1 libu2f-host0-1.1.6-3.5.1 libu2f-host0-debuginfo-1.1.6-3.5.1 pam_u2f-1.0.8-3.3.1 pam_u2f-debuginfo-1.0.8-3.3.1 pam_u2f-debugsource-1.0.8-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-20340.html https://www.suse.com/security/cve/CVE-2019-12209.html https://www.suse.com/security/cve/CVE-2019-12210.html https://www.suse.com/security/cve/CVE-2019-9578.html https://bugzilla.suse.com/1124781 https://bugzilla.suse.com/1128140 https://bugzilla.suse.com/1135727 https://bugzilla.suse.com/1135729 From sle-security-updates at lists.suse.com Fri Jul 5 10:15:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Jul 2019 18:15:05 +0200 (CEST) Subject: SUSE-SU-2019:1398-2: Security update for libpng16 Message-ID: <20190705161505.328A8FDCE@maintenance.suse.de> SUSE Security Update: Security update for libpng16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1398-2 Rating: low References: #1100687 #1121624 #1124211 Cross-References: CVE-2018-13785 CVE-2019-7317 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1398=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1398=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libpng16-debugsource-1.6.34-3.9.1 libpng16-tools-1.6.34-3.9.1 libpng16-tools-debuginfo-1.6.34-3.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpng16-compat-devel-32bit-1.6.34-3.9.1 libpng16-devel-32bit-1.6.34-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpng16-16-1.6.34-3.9.1 libpng16-16-debuginfo-1.6.34-3.9.1 libpng16-compat-devel-1.6.34-3.9.1 libpng16-debugsource-1.6.34-3.9.1 libpng16-devel-1.6.34-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libpng16-16-32bit-1.6.34-3.9.1 libpng16-16-32bit-debuginfo-1.6.34-3.9.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1100687 https://bugzilla.suse.com/1121624 https://bugzilla.suse.com/1124211 From sle-security-updates at lists.suse.com Fri Jul 5 16:11:03 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 6 Jul 2019 00:11:03 +0200 (CEST) Subject: SUSE-SU-2019:0838-2: important: Security update for bash Message-ID: <20190705221103.50AE4FFD6@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0838-2 Rating: important References: #1130324 Cross-References: CVE-2019-9924 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-838=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2019-838=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-838=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-838=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-838=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-838=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-32bit-6.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE OpenStack Cloud 7 (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): bash-lang-4.3-83.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libreadline6-32bit-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libreadline6-32bit-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-32bit-6.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Enterprise Storage 4 (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Enterprise Storage 4 (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-32bit-6.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 References: https://www.suse.com/security/cve/CVE-2019-9924.html https://bugzilla.suse.com/1130324 From sle-security-updates at lists.suse.com Mon Jul 8 10:10:55 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Jul 2019 18:10:55 +0200 (CEST) Subject: SUSE-SU-2019:1767-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP1) Message-ID: <20190708161055.BA719FEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1767-1 Rating: important References: #1102682 #1133191 Cross-References: CVE-2018-5390 CVE-2019-11487 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_115 fixes several issues. The following security issues were fixed: - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). - CVE-2018-5390: Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1766=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1767=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1766=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1767=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_114-default-2-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_115-default-2-2.1 kgraft-patch-3_12_74-60_64_115-xen-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_114-default-2-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_115-default-2-2.1 kgraft-patch-3_12_74-60_64_115-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2019-11487.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1133191 From sle-security-updates at lists.suse.com Mon Jul 8 10:11:48 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Jul 2019 18:11:48 +0200 (CEST) Subject: SUSE-SU-2019:1765-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1) Message-ID: <20190708161148.464CEFEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1765-1 Rating: important References: #1136446 #1138264 Cross-References: CVE-2019-12817 CVE-2019-3846 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-195 fixes several issues. The following security issues were fixed: - CVE-2019-12817: arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel for powerpc had a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected (bsc#1138264). - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1765=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-195-default-3-7.2 References: https://www.suse.com/security/cve/CVE-2019-12817.html https://www.suse.com/security/cve/CVE-2019-3846.html https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1138264 From sle-security-updates at lists.suse.com Mon Jul 8 10:12:36 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Jul 2019 18:12:36 +0200 (CEST) Subject: SUSE-SU-2019:1768-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP3) Message-ID: <20190708161236.07496FEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1768-1 Rating: important References: #1133191 Cross-References: CVE-2019-11487 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.180-94_97 fixes one issue. The following security issue was fixed: - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-1768=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_97-default-2-2.1 kgraft-patch-4_4_180-94_97-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-11487.html https://bugzilla.suse.com/1133191 From sle-security-updates at lists.suse.com Mon Jul 8 10:13:13 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Jul 2019 18:13:13 +0200 (CEST) Subject: SUSE-SU-2019:1769-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP1) Message-ID: <20190708161313.398BBFEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1769-1 Rating: important References: #1138264 Cross-References: CVE-2019-12817 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-197_4 fixes one issue. The following security issue was fixed: - CVE-2019-12817: arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel for powerpc had a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected (bsc#1138264). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1769=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_4-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-12817.html https://bugzilla.suse.com/1138264 From sle-security-updates at lists.suse.com Mon Jul 8 13:10:56 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Jul 2019 21:10:56 +0200 (CEST) Subject: SUSE-SU-2019:1773-1: moderate: Security update for ImageMagick Message-ID: <20190708191056.C5DB8FEA9@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1773-1 Rating: moderate References: #1138425 #1138464 Cross-References: CVE-2019-11597 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1773=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1773=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1773=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1773=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1773=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1773=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-config-7-upstream-7.0.7.34-3.64.2 ImageMagick-debuginfo-7.0.7.34-3.64.2 ImageMagick-debugsource-7.0.7.34-3.64.2 ImageMagick-extra-7.0.7.34-3.64.2 ImageMagick-extra-debuginfo-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): ImageMagick-doc-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): ImageMagick-devel-32bit-7.0.7.34-3.64.2 libMagick++-7_Q16HDRI4-32bit-7.0.7.34-3.64.2 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-3.64.2 libMagick++-devel-32bit-7.0.7.34-3.64.2 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-3.64.2 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-3.64.2 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-3.64.2 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.64.2 ImageMagick-debugsource-7.0.7.34-3.64.2 ImageMagick-extra-7.0.7.34-3.64.2 ImageMagick-extra-debuginfo-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): ImageMagick-doc-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.64.2 ImageMagick-debugsource-7.0.7.34-3.64.2 perl-PerlMagick-7.0.7.34-3.64.2 perl-PerlMagick-debuginfo-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.64.2 ImageMagick-debugsource-7.0.7.34-3.64.2 perl-PerlMagick-7.0.7.34-3.64.2 perl-PerlMagick-debuginfo-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.64.2 ImageMagick-config-7-SUSE-7.0.7.34-3.64.2 ImageMagick-debuginfo-7.0.7.34-3.64.2 ImageMagick-debugsource-7.0.7.34-3.64.2 ImageMagick-devel-7.0.7.34-3.64.2 libMagick++-7_Q16HDRI4-7.0.7.34-3.64.2 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.64.2 libMagick++-devel-7.0.7.34-3.64.2 libMagickCore-7_Q16HDRI6-7.0.7.34-3.64.2 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.64.2 libMagickWand-7_Q16HDRI6-7.0.7.34-3.64.2 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.64.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.64.2 ImageMagick-config-7-SUSE-7.0.7.34-3.64.2 ImageMagick-config-7-upstream-7.0.7.34-3.64.2 ImageMagick-debuginfo-7.0.7.34-3.64.2 ImageMagick-debugsource-7.0.7.34-3.64.2 ImageMagick-devel-7.0.7.34-3.64.2 libMagick++-7_Q16HDRI4-7.0.7.34-3.64.2 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.64.2 libMagick++-devel-7.0.7.34-3.64.2 libMagickCore-7_Q16HDRI6-7.0.7.34-3.64.2 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.64.2 libMagickWand-7_Q16HDRI6-7.0.7.34-3.64.2 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.64.2 References: https://www.suse.com/security/cve/CVE-2019-11597.html https://bugzilla.suse.com/1138425 https://bugzilla.suse.com/1138464 From sle-security-updates at lists.suse.com Mon Jul 8 16:10:53 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2019 00:10:53 +0200 (CEST) Subject: SUSE-SU-2019:1776-1: important: Security update for zeromq Message-ID: <20190708221053.3E925FFE1@maintenance.suse.de> SUSE Security Update: Security update for zeromq ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1776-1 Rating: important References: #1082318 #1140255 Cross-References: CVE-2019-13132 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) - Correctly mark license files as licence instead of documentation (bsc#1082318) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1776=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1776=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1776=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1776=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): zeromq-debugsource-4.2.3-3.8.1 zeromq-tools-4.2.3-3.8.1 zeromq-tools-debuginfo-4.2.3-3.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): zeromq-debugsource-4.2.3-3.8.1 zeromq-tools-4.2.3-3.8.1 zeromq-tools-debuginfo-4.2.3-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libzmq5-4.2.3-3.8.1 libzmq5-debuginfo-4.2.3-3.8.1 zeromq-debugsource-4.2.3-3.8.1 zeromq-devel-4.2.3-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libzmq5-4.2.3-3.8.1 libzmq5-debuginfo-4.2.3-3.8.1 zeromq-debugsource-4.2.3-3.8.1 zeromq-devel-4.2.3-3.8.1 References: https://www.suse.com/security/cve/CVE-2019-13132.html https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1140255 From sle-security-updates at lists.suse.com Mon Jul 8 16:12:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2019 00:12:38 +0200 (CEST) Subject: SUSE-SU-2019:1772-1: important: Security update for python-Pillow Message-ID: <20190708221238.6E6DDFEA9@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1772-1 Rating: important References: #1008845 Cross-References: CVE-2016-9189 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Pillow fixes the following issues: Security issue fixed: - CVE-2016-9189: Fixed a integer overflows leading to memory disclosure in PyImaging_MapBuffer() (bsc#1008845). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1772=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1772=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-Pillow-2.8.1-4.6.1 python-Pillow-debuginfo-2.8.1-4.6.1 python-Pillow-debugsource-2.8.1-4.6.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): python-Pillow-2.8.1-4.6.1 python-Pillow-debuginfo-2.8.1-4.6.1 python-Pillow-debugsource-2.8.1-4.6.1 References: https://www.suse.com/security/cve/CVE-2016-9189.html https://bugzilla.suse.com/1008845 From sle-security-updates at lists.suse.com Mon Jul 8 16:14:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2019 00:14:05 +0200 (CEST) Subject: SUSE-SU-2019:14117-1: important: Security update for zeromq Message-ID: <20190708221405.6776AFEA9@maintenance.suse.de> SUSE Security Update: Security update for zeromq ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14117-1 Rating: important References: #1140255 Cross-References: CVE-2019-13132 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-zeromq-14117=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-zeromq-14117=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): libzmq3-4.0.4-3.3.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): libzmq3-4.0.4-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-13132.html https://bugzilla.suse.com/1140255 From sle-security-updates at lists.suse.com Tue Jul 9 07:11:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2019 15:11:05 +0200 (CEST) Subject: SUSE-SU-2019:1783-1: important: Security update for postgresql10 Message-ID: <20190709131105.B5D9FFFE2@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1783-1 Rating: important References: #1138034 Cross-References: CVE-2019-10164 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1783=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1783=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1783=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1783=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1783=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1783=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1783=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1783=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1783=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1783=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1783=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1783=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1783=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1783=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1783=1 Package List: - SUSE OpenStack Cloud 8 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE OpenStack Cloud 8 (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE OpenStack Cloud 7 (s390x x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE OpenStack Cloud 7 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): postgresql10-devel-10.9-1.12.1 postgresql10-devel-debuginfo-10.9-1.12.1 postgresql10-libs-debugsource-10.9-1.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 - SUSE Enterprise Storage 5 (noarch): postgresql10-docs-10.9-1.12.2 - SUSE Enterprise Storage 5 (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Enterprise Storage 4 (x86_64): libecpg6-10.9-1.12.1 libecpg6-debuginfo-10.9-1.12.1 libpq5-10.9-1.12.1 libpq5-32bit-10.9-1.12.1 libpq5-debuginfo-10.9-1.12.1 libpq5-debuginfo-32bit-10.9-1.12.1 postgresql10-10.9-1.12.2 postgresql10-contrib-10.9-1.12.2 postgresql10-contrib-debuginfo-10.9-1.12.2 postgresql10-debuginfo-10.9-1.12.2 postgresql10-debugsource-10.9-1.12.2 postgresql10-libs-debugsource-10.9-1.12.1 postgresql10-plperl-10.9-1.12.2 postgresql10-plperl-debuginfo-10.9-1.12.2 postgresql10-plpython-10.9-1.12.2 postgresql10-plpython-debuginfo-10.9-1.12.2 postgresql10-pltcl-10.9-1.12.2 postgresql10-pltcl-debuginfo-10.9-1.12.2 postgresql10-server-10.9-1.12.2 postgresql10-server-debuginfo-10.9-1.12.2 - SUSE Enterprise Storage 4 (noarch): postgresql10-docs-10.9-1.12.2 References: https://www.suse.com/security/cve/CVE-2019-10164.html https://bugzilla.suse.com/1138034 From sle-security-updates at lists.suse.com Tue Jul 9 07:11:52 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2019 15:11:52 +0200 (CEST) Subject: SUSE-SU-2019:1785-1: important: Security update for zeromq Message-ID: <20190709131152.0DCC4FEA9@maintenance.suse.de> SUSE Security Update: Security update for zeromq ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1785-1 Rating: important References: #1140255 Cross-References: CVE-2019-13132 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-1785=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1785=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1785=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1785=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1785=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2019-1785=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2019-1785=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1785=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1785=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1785=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Manager Server 3.2 (ppc64le s390x x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Manager Proxy 3.2 (x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 zeromq-devel-4.0.4-15.3.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 - SUSE CaaS Platform 3.0 (x86_64): libzmq3-4.0.4-15.3.1 libzmq3-debuginfo-4.0.4-15.3.1 zeromq-debugsource-4.0.4-15.3.1 References: https://www.suse.com/security/cve/CVE-2019-13132.html https://bugzilla.suse.com/1140255 From sle-security-updates at lists.suse.com Tue Jul 9 13:10:41 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:10:41 +0200 (CEST) Subject: SUSE-SU-2019:1790-1: moderate: Security update for SUSE Manager Server 3.2 Message-ID: <20190709191041.F3387FFC2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1790-1 Rating: moderate References: #1102770 #1136480 Cross-References: CVE-2019-10136 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes the following issues: release-notes-susemanager: - Fix invalid characters in ncurses mode (bsc#1102770) spacewalk-backend: - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) spacewalk-web: - Change WebUI string version to 3.2.9 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1790=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1790=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): release-notes-susemanager-3.2.9-6.35.1 - SUSE Manager Server 3.2 (noarch): spacewalk-backend-2.8.57.17-3.33.1 spacewalk-backend-app-2.8.57.17-3.33.1 spacewalk-backend-applet-2.8.57.17-3.33.1 spacewalk-backend-config-files-2.8.57.17-3.33.1 spacewalk-backend-config-files-common-2.8.57.17-3.33.1 spacewalk-backend-config-files-tool-2.8.57.17-3.33.1 spacewalk-backend-iss-2.8.57.17-3.33.1 spacewalk-backend-iss-export-2.8.57.17-3.33.1 spacewalk-backend-libs-2.8.57.17-3.33.1 spacewalk-backend-package-push-server-2.8.57.17-3.33.1 spacewalk-backend-server-2.8.57.17-3.33.1 spacewalk-backend-sql-2.8.57.17-3.33.1 spacewalk-backend-sql-oracle-2.8.57.17-3.33.1 spacewalk-backend-sql-postgresql-2.8.57.17-3.33.1 spacewalk-backend-tools-2.8.57.17-3.33.1 spacewalk-backend-xml-export-libs-2.8.57.17-3.33.1 spacewalk-backend-xmlrpc-2.8.57.17-3.33.1 spacewalk-base-2.8.7.17-3.30.1 spacewalk-base-minimal-2.8.7.17-3.30.1 spacewalk-base-minimal-config-2.8.7.17-3.30.1 spacewalk-html-2.8.7.17-3.30.1 susemanager-web-libs-2.8.7.17-3.30.1 - SUSE Manager Proxy 3.2 (noarch): spacewalk-backend-2.8.57.17-3.33.1 spacewalk-backend-libs-2.8.57.17-3.33.1 spacewalk-base-minimal-2.8.7.17-3.30.1 spacewalk-base-minimal-config-2.8.7.17-3.30.1 spacewalk-proxy-broker-2.8.5.6-3.11.1 spacewalk-proxy-common-2.8.5.6-3.11.1 spacewalk-proxy-management-2.8.5.6-3.11.1 spacewalk-proxy-package-manager-2.8.5.6-3.11.1 spacewalk-proxy-redirect-2.8.5.6-3.11.1 spacewalk-proxy-salt-2.8.5.6-3.11.1 susemanager-web-libs-2.8.7.17-3.30.1 - SUSE Manager Proxy 3.2 (x86_64): release-notes-susemanager-proxy-3.2.9-0.16.27.1 References: https://www.suse.com/security/cve/CVE-2019-10136.html https://bugzilla.suse.com/1102770 https://bugzilla.suse.com/1136480 From sle-security-updates at lists.suse.com Tue Jul 9 13:11:34 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:11:34 +0200 (CEST) Subject: SUSE-SU-2019:1790-1: moderate: Security update for SUSE Manager 3.2 : Server and Proxy Message-ID: <20190709191134.B19DEFFC2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager 3.2 : Server and Proxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1790-1 Rating: moderate References: #1102770 #1136476 #1136480 Cross-References: CVE-2019-10136 CVE-2019-10137 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update fixes the following issues: release-notes-susemanager: - Fix invalid characters in ncurses mode (bsc#1102770) release-notes-susemanager-proxy: - Fix invalid characters in ncurses mode (bsc#1102770) spacewalk-backend: - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) spacewalk-proxy: - Fix for CVE-2019-10137. A path traversal flaw was found in the way the proxy processes cached client tokens. A remote, unauthenticated, attacker could use this flaw to test the existence of arbitrary files, or if they have access to the proxy's filesystem, execute arbitrary code in the context of the proxy. (bsc#1136476) spacewalk-web: - Change WebUI string version to 3.2.9 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1790=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1790=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): release-notes-susemanager-3.2.9-6.35.1 - SUSE Manager Server 3.2 (noarch): spacewalk-backend-2.8.57.17-3.33.1 spacewalk-backend-app-2.8.57.17-3.33.1 spacewalk-backend-applet-2.8.57.17-3.33.1 spacewalk-backend-config-files-2.8.57.17-3.33.1 spacewalk-backend-config-files-common-2.8.57.17-3.33.1 spacewalk-backend-config-files-tool-2.8.57.17-3.33.1 spacewalk-backend-iss-2.8.57.17-3.33.1 spacewalk-backend-iss-export-2.8.57.17-3.33.1 spacewalk-backend-libs-2.8.57.17-3.33.1 spacewalk-backend-package-push-server-2.8.57.17-3.33.1 spacewalk-backend-server-2.8.57.17-3.33.1 spacewalk-backend-sql-2.8.57.17-3.33.1 spacewalk-backend-sql-oracle-2.8.57.17-3.33.1 spacewalk-backend-sql-postgresql-2.8.57.17-3.33.1 spacewalk-backend-tools-2.8.57.17-3.33.1 spacewalk-backend-xml-export-libs-2.8.57.17-3.33.1 spacewalk-backend-xmlrpc-2.8.57.17-3.33.1 spacewalk-base-2.8.7.17-3.30.1 spacewalk-base-minimal-2.8.7.17-3.30.1 spacewalk-base-minimal-config-2.8.7.17-3.30.1 spacewalk-html-2.8.7.17-3.30.1 susemanager-web-libs-2.8.7.17-3.30.1 - SUSE Manager Proxy 3.2 (noarch): spacewalk-backend-2.8.57.17-3.33.1 spacewalk-backend-libs-2.8.57.17-3.33.1 spacewalk-base-minimal-2.8.7.17-3.30.1 spacewalk-base-minimal-config-2.8.7.17-3.30.1 spacewalk-proxy-broker-2.8.5.6-3.11.1 spacewalk-proxy-common-2.8.5.6-3.11.1 spacewalk-proxy-management-2.8.5.6-3.11.1 spacewalk-proxy-package-manager-2.8.5.6-3.11.1 spacewalk-proxy-redirect-2.8.5.6-3.11.1 spacewalk-proxy-salt-2.8.5.6-3.11.1 susemanager-web-libs-2.8.7.17-3.30.1 - SUSE Manager Proxy 3.2 (x86_64): release-notes-susemanager-proxy-3.2.9-0.16.27.1 References: https://www.suse.com/security/cve/CVE-2019-10136.html https://www.suse.com/security/cve/CVE-2019-10137.html https://bugzilla.suse.com/1102770 https://bugzilla.suse.com/1136476 https://bugzilla.suse.com/1136480 From sle-security-updates at lists.suse.com Tue Jul 9 13:12:30 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:12:30 +0200 (CEST) Subject: SUSE-SU-2019:1789-1: moderate: Security update for SUSE Manager 4.0 : Server and Proxy Message-ID: <20190709191230.948F0FFC2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager 4.0 : Server and Proxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1789-1 Rating: moderate References: #1136476 #1136480 #1136561 #1136857 #1137955 #1138313 #1138358 #1138364 #1139693 Cross-References: CVE-2019-10136 CVE-2019-10137 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has 7 fixes is now available. Description: This update fixes the following issues: spacewalk-backend: - Do not duplicate "http://" protocol when using proxies with "deb" repositories (bsc#1138313) - Fix reposync when dealing with RedHat CDN (bsc#1138358) - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) spacewalk-proxy: - Fix for CVE-2019-10137. A path traversal flaw was found in the way the proxy processes cached client tokens. A remote, unauthenticated, attacker could use this flaw to test the existence of arbitrary files, or if they have access to the proxy's filesystem, execute arbitrary code in the context of the proxy. (bsc#1136476) spacewalk-web: - Change WebUI version 4.0.1 susemanager-doc-indexes: - Updated wording for prometheus section - Jeos VM update - Port 8050 for graphical console display - Content life-cycle docs are not enough for customer to understand (bsc#1137955) - Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857) - Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561) susemanager-docs_en: - Updated wording for prometheus section - Jeos VM update - Port 8050 for graphical console display - Content life-cycle docs are not enough for customer to understand (bsc#1137955) - Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857) - Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561) susemanager-sync-data: - Add channel family definitions for SLES12 SP3 LTSS (bsc#1139693) - Add OPENSUSE to allowed channel_families to make openSUSE Leap product visible in the product list (bsc#1138364) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2019-1789=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2019-1789=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): python3-spacewalk-backend-libs-4.0.22-3.3.1 spacewalk-backend-4.0.22-3.3.1 spacewalk-backend-app-4.0.22-3.3.1 spacewalk-backend-applet-4.0.22-3.3.1 spacewalk-backend-config-files-4.0.22-3.3.1 spacewalk-backend-config-files-common-4.0.22-3.3.1 spacewalk-backend-config-files-tool-4.0.22-3.3.1 spacewalk-backend-iss-4.0.22-3.3.1 spacewalk-backend-iss-export-4.0.22-3.3.1 spacewalk-backend-package-push-server-4.0.22-3.3.1 spacewalk-backend-server-4.0.22-3.3.1 spacewalk-backend-sql-4.0.22-3.3.1 spacewalk-backend-sql-postgresql-4.0.22-3.3.1 spacewalk-backend-tools-4.0.22-3.3.1 spacewalk-backend-xml-export-libs-4.0.22-3.3.1 spacewalk-backend-xmlrpc-4.0.22-3.3.1 spacewalk-base-4.0.14-3.3.1 spacewalk-base-minimal-4.0.14-3.3.1 spacewalk-base-minimal-config-4.0.14-3.3.1 spacewalk-html-4.0.14-3.3.1 susemanager-doc-indexes-4.0-10.3.1 susemanager-docs_en-4.0-10.3.1 susemanager-docs_en-pdf-4.0-10.3.1 susemanager-sync-data-4.0.12-3.3.1 susemanager-web-libs-4.0.14-3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-backend-libs-4.0.22-3.3.1 spacewalk-backend-4.0.22-3.3.1 spacewalk-base-minimal-4.0.14-3.3.1 spacewalk-base-minimal-config-4.0.14-3.3.1 spacewalk-proxy-broker-4.0.12-3.3.1 spacewalk-proxy-common-4.0.12-3.3.1 spacewalk-proxy-management-4.0.12-3.3.1 spacewalk-proxy-package-manager-4.0.12-3.3.1 spacewalk-proxy-redirect-4.0.12-3.3.1 spacewalk-proxy-salt-4.0.12-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-10136.html https://www.suse.com/security/cve/CVE-2019-10137.html https://bugzilla.suse.com/1136476 https://bugzilla.suse.com/1136480 https://bugzilla.suse.com/1136561 https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1137955 https://bugzilla.suse.com/1138313 https://bugzilla.suse.com/1138358 https://bugzilla.suse.com/1138364 https://bugzilla.suse.com/1139693 From sle-security-updates at lists.suse.com Tue Jul 9 13:15:39 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:15:39 +0200 (CEST) Subject: SUSE-SU-2019:1789-1: moderate: Security update for SUSE Manager 4.0 : Server and Proxy Message-ID: <20190709191539.B2FEAFFC2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager 4.0 : Server and Proxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1789-1 Rating: moderate References: #1136476 #1136480 #1136561 #1136857 #1137955 #1138313 #1138358 #1138364 #1139693 Cross-References: CVE-2019-10136 CVE-2019-10137 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has 7 fixes is now available. Description: This update fixes the following issues: spacewalk-backend: - Do not duplicate "http://" protocol when using proxies with "deb" repositories (bsc#1138313) - Fix reposync when dealing with RedHat CDN (bsc#1138358) - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) spacewalk-proxy: - Fix for CVE-2019-10137. A path traversal flaw was found in the way the proxy processes cached client tokens. A remote, unauthenticated, attacker could use this flaw to test the existence of arbitrary files, or if they have access to the proxy's filesystem, execute arbitrary code in the context of the proxy. (bsc#1136476) spacewalk-web: - Change WebUI version 4.0.1 susemanager-doc-indexes: - Updated wording for prometheus section - Jeos VM update - Port 8050 for graphical console display - Content life-cycle docs are not enough for customer to understand (bsc#1137955) - Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857) - Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561) susemanager-docs_en: - Updated wording for prometheus section - Jeos VM update - Port 8050 for graphical console display - Content life-cycle docs are not enough for customer to understand (bsc#1137955) - Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857) - Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561) susemanager-sync-data: - Add channel family definitions for SLES12 SP3 LTSS (bsc#1139693) - Add OPENSUSE to allowed channel_families to make openSUSE Leap product visible in the product list (bsc#1138364) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2019-1789=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2019-1789=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): python3-spacewalk-backend-libs-4.0.22-3.3.1 spacewalk-backend-4.0.22-3.3.1 spacewalk-backend-app-4.0.22-3.3.1 spacewalk-backend-applet-4.0.22-3.3.1 spacewalk-backend-config-files-4.0.22-3.3.1 spacewalk-backend-config-files-common-4.0.22-3.3.1 spacewalk-backend-config-files-tool-4.0.22-3.3.1 spacewalk-backend-iss-4.0.22-3.3.1 spacewalk-backend-iss-export-4.0.22-3.3.1 spacewalk-backend-package-push-server-4.0.22-3.3.1 spacewalk-backend-server-4.0.22-3.3.1 spacewalk-backend-sql-4.0.22-3.3.1 spacewalk-backend-sql-postgresql-4.0.22-3.3.1 spacewalk-backend-tools-4.0.22-3.3.1 spacewalk-backend-xml-export-libs-4.0.22-3.3.1 spacewalk-backend-xmlrpc-4.0.22-3.3.1 spacewalk-base-4.0.14-3.3.1 spacewalk-base-minimal-4.0.14-3.3.1 spacewalk-base-minimal-config-4.0.14-3.3.1 spacewalk-html-4.0.14-3.3.1 susemanager-doc-indexes-4.0-10.3.1 susemanager-docs_en-4.0-10.3.1 susemanager-docs_en-pdf-4.0-10.3.1 susemanager-sync-data-4.0.12-3.3.1 susemanager-web-libs-4.0.14-3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-backend-libs-4.0.22-3.3.1 spacewalk-backend-4.0.22-3.3.1 spacewalk-base-minimal-4.0.14-3.3.1 spacewalk-base-minimal-config-4.0.14-3.3.1 spacewalk-proxy-broker-4.0.12-3.3.1 spacewalk-proxy-common-4.0.12-3.3.1 spacewalk-proxy-management-4.0.12-3.3.1 spacewalk-proxy-package-manager-4.0.12-3.3.1 spacewalk-proxy-redirect-4.0.12-3.3.1 spacewalk-proxy-salt-4.0.12-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-10136.html https://www.suse.com/security/cve/CVE-2019-10137.html https://bugzilla.suse.com/1136476 https://bugzilla.suse.com/1136480 https://bugzilla.suse.com/1136561 https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1137955 https://bugzilla.suse.com/1138313 https://bugzilla.suse.com/1138358 https://bugzilla.suse.com/1138364 https://bugzilla.suse.com/1139693 From sle-security-updates at lists.suse.com Tue Jul 9 13:17:12 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:17:12 +0200 (CEST) Subject: SUSE-SU-2019:1792-1: moderate: Security update for kernel-firmware Message-ID: <20190709191712.73FE8FFC2@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1792-1 Rating: moderate References: #1136334 #1136498 #1139383 Cross-References: CVE-2019-9836 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for kernel-firmware fixes the following issues: kernel-firmware was updated to version 20190618: * cavium: Add firmware for CNN55XX crypto driver. * linux-firmware: Update firmware file for Intel Bluetooth 22161 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update AMD SEV firmware (CVE-2019-9836, bsc#1139383) * linux-firmware: update licence text for Marvell firmware * linux-firmware: update firmware for mhdp8546 * linux-firmware: rsi: update firmware images for Redpine 9113 chipset * imx: sdma: update firmware to v3.5/v4.5 * nvidia: update GP10[2467] SEC2 RTOS with the one already used on GP108 * linux-firmware: Update firmware file for Intel Bluetooth 8265 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * amlogic: add video decoder firmwares * iwlwifi: update -46 firmwares for 22260 and 9000 series * iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares * iwlwifi: add -46.ucode firmwares for 9000 series * amdgpu: update vega20 to the latest 19.10 firmware * amdgpu: update vega12 to the latest 19.10 firmware * amdgpu: update vega10 to the latest 19.10 firmware * amdgpu: update polaris11 to the latest 19.10 firmware * amdgpu: update polaris10 to the latest 19.10 firmware * amdgpu: update raven2 to the latest 19.10 firmware * amdgpu: update raven to the latest 19.10 firmware * amdgpu: update picasso to the latest 19.10 firmware * linux-firmware: update fw for qat devices * Mellanox: Add new mlxsw_spectrum firmware 13.2000.1122 * drm/i915/firmware: Add ICL HuC v8.4.3238 * drm/i915/firmware: Add ICL GuC v32.0.3 * drm/i915/firmware: Add GLK HuC v03.01.2893 * drm/i915/firmware: Add GLK GuC v32.0.3 * drm/i915/firmware: Add KBL GuC v32.0.3 * drm/i915/firmware: Add SKL GuC v32.0.3 * drm/i915/firmware: Add BXT GuC v32.0.3 * linux-firmware: Add firmware file for Intel Bluetooth 22161 * cxgb4: update firmware to revision 1.23.4.0 (bsc#1136334) * linux-firmware: Update NXP Management Complex firmware to version 10.14.3 * linux-firmware: add firmware for MT7615E * mediatek: update MT8173 VPU firmware to v1.1.2 [decoder] Enlarge struct vdec_pic_info to support more capture buffer plane and capture buffer format change. * linux-firmware: update Marvell 8797/8997 firmware images * nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.10.A.23 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1792=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-firmware-20190618-3.3.1 ucode-amd-20190618-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-9836.html https://bugzilla.suse.com/1136334 https://bugzilla.suse.com/1136498 https://bugzilla.suse.com/1139383 From sle-security-updates at lists.suse.com Tue Jul 9 13:18:08 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:18:08 +0200 (CEST) Subject: SUSE-SU-2019:1789-1: moderate: Security update for SUSE Manager 4.0 : Server and Proxy Message-ID: <20190709191808.F1904FFC2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager 4.0 : Server and Proxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1789-1 Rating: moderate References: #1136476 #1136480 #1136561 #1136857 #1137955 #1138313 #1138358 #1138364 #1139693 Cross-References: CVE-2019-10136 CVE-2019-10137 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has 7 fixes is now available. Description: This update fixes the following issues: spacewalk-backend: - Do not duplicate "http://" protocol when using proxies with "deb" repositories (bsc#1138313) - Fix reposync when dealing with RedHat CDN (bsc#1138358) - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) spacewalk-proxy: - Fix for CVE-2019-10137. A path traversal flaw was found in the way the proxy processes cached client tokens. A remote, unauthenticated, attacker could use this flaw to test the existence of arbitrary files, or if they have access to the proxy's filesystem, execute arbitrary code in the context of the proxy. (bsc#1136476) spacewalk-web: - Change WebUI version 4.0.1 susemanager-doc-indexes: - Updated wording for prometheus section - Jeos VM update - Port 8050 for graphical console display - Content life-cycle docs are not enough for customer to understand (bsc#1137955) - Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857) - Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561) susemanager-docs_en: - Updated wording for prometheus section - Jeos VM update - Port 8050 for graphical console display - Content life-cycle docs are not enough for customer to understand (bsc#1137955) - Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857) - Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561) susemanager-sync-data: - Add channel family definitions for SLES12 SP3 LTSS (bsc#1139693) - Add OPENSUSE to allowed channel_families to make openSUSE Leap product visible in the product list (bsc#1138364) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2019-1789=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2019-1789=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): python3-spacewalk-backend-libs-4.0.22-3.3.1 spacewalk-backend-4.0.22-3.3.1 spacewalk-backend-app-4.0.22-3.3.1 spacewalk-backend-applet-4.0.22-3.3.1 spacewalk-backend-config-files-4.0.22-3.3.1 spacewalk-backend-config-files-common-4.0.22-3.3.1 spacewalk-backend-config-files-tool-4.0.22-3.3.1 spacewalk-backend-iss-4.0.22-3.3.1 spacewalk-backend-iss-export-4.0.22-3.3.1 spacewalk-backend-package-push-server-4.0.22-3.3.1 spacewalk-backend-server-4.0.22-3.3.1 spacewalk-backend-sql-4.0.22-3.3.1 spacewalk-backend-sql-postgresql-4.0.22-3.3.1 spacewalk-backend-tools-4.0.22-3.3.1 spacewalk-backend-xml-export-libs-4.0.22-3.3.1 spacewalk-backend-xmlrpc-4.0.22-3.3.1 spacewalk-base-4.0.14-3.3.1 spacewalk-base-minimal-4.0.14-3.3.1 spacewalk-base-minimal-config-4.0.14-3.3.1 spacewalk-html-4.0.14-3.3.1 susemanager-doc-indexes-4.0-10.3.1 susemanager-docs_en-4.0-10.3.1 susemanager-docs_en-pdf-4.0-10.3.1 susemanager-sync-data-4.0.12-3.3.1 susemanager-web-libs-4.0.14-3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-backend-libs-4.0.22-3.3.1 spacewalk-backend-4.0.22-3.3.1 spacewalk-base-minimal-4.0.14-3.3.1 spacewalk-base-minimal-config-4.0.14-3.3.1 spacewalk-proxy-broker-4.0.12-3.3.1 spacewalk-proxy-common-4.0.12-3.3.1 spacewalk-proxy-management-4.0.12-3.3.1 spacewalk-proxy-package-manager-4.0.12-3.3.1 spacewalk-proxy-redirect-4.0.12-3.3.1 spacewalk-proxy-salt-4.0.12-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-10136.html https://www.suse.com/security/cve/CVE-2019-10137.html https://bugzilla.suse.com/1136476 https://bugzilla.suse.com/1136480 https://bugzilla.suse.com/1136561 https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1137955 https://bugzilla.suse.com/1138313 https://bugzilla.suse.com/1138358 https://bugzilla.suse.com/1138364 https://bugzilla.suse.com/1139693 From sle-security-updates at lists.suse.com Tue Jul 9 13:19:42 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jul 2019 21:19:42 +0200 (CEST) Subject: SUSE-SU-2019:1791-1: moderate: Security update for libqb Message-ID: <20190709191942.9F3C1FFC2@maintenance.suse.de> SUSE Security Update: Security update for libqb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1791-1 Rating: moderate References: #1137835 Cross-References: CVE-2019-12779 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libqb fixes the following issue: Security issue fixed: - CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files (bsc#1137835). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1791=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1791=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libqb-debugsource-1.0.3+20190326.a521604-3.3.1 libqb-devel-32bit-1.0.3+20190326.a521604-3.3.1 libqb20-32bit-1.0.3+20190326.a521604-3.3.1 libqb20-32bit-debuginfo-1.0.3+20190326.a521604-3.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): libqb-debugsource-1.0.3+20190326.a521604-3.3.1 libqb-devel-1.0.3+20190326.a521604-3.3.1 libqb-tests-1.0.3+20190326.a521604-3.3.1 libqb-tests-debuginfo-1.0.3+20190326.a521604-3.3.1 libqb-tools-1.0.3+20190326.a521604-3.3.1 libqb-tools-debuginfo-1.0.3+20190326.a521604-3.3.1 libqb20-1.0.3+20190326.a521604-3.3.1 libqb20-debuginfo-1.0.3+20190326.a521604-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-12779.html https://bugzilla.suse.com/1137835 From sle-security-updates at lists.suse.com Wed Jul 10 07:11:18 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Jul 2019 15:11:18 +0200 (CEST) Subject: SUSE-SU-2019:1803-1: moderate: Security update for kernel-firmware Message-ID: <20190710131118.AB539FFC2@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1803-1 Rating: moderate References: #1136334 #1136498 #1139383 Cross-References: CVE-2019-9836 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for kernel-firmware fixes the following issues: kernel-firmware was updated to version 20190618: * cavium: Add firmware for CNN55XX crypto driver. * linux-firmware: Update firmware file for Intel Bluetooth 22161 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update AMD SEV firmware (CVE-2019-9836, bsc#1139383) * linux-firmware: update licence text for Marvell firmware * linux-firmware: update firmware for mhdp8546 * linux-firmware: rsi: update firmware images for Redpine 9113 chipset * imx: sdma: update firmware to v3.5/v4.5 * nvidia: update GP10[2467] SEC2 RTOS with the one already used on GP108 * linux-firmware: Update firmware file for Intel Bluetooth 8265 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * amlogic: add video decoder firmwares * iwlwifi: update -46 firmwares for 22260 and 9000 series * iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares * iwlwifi: add -46.ucode firmwares for 9000 series * amdgpu: update vega20 to the latest 19.10 firmware * amdgpu: update vega12 to the latest 19.10 firmware * amdgpu: update vega10 to the latest 19.10 firmware * amdgpu: update polaris11 to the latest 19.10 firmware * amdgpu: update polaris10 to the latest 19.10 firmware * amdgpu: update raven2 to the latest 19.10 firmware * amdgpu: update raven to the latest 19.10 firmware * amdgpu: update picasso to the latest 19.10 firmware * linux-firmware: update fw for qat devices * Mellanox: Add new mlxsw_spectrum firmware 13.2000.1122 * drm/i915/firmware: Add ICL HuC v8.4.3238 * drm/i915/firmware: Add ICL GuC v32.0.3 * drm/i915/firmware: Add GLK HuC v03.01.2893 * drm/i915/firmware: Add GLK GuC v32.0.3 * drm/i915/firmware: Add KBL GuC v32.0.3 * drm/i915/firmware: Add SKL GuC v32.0.3 * drm/i915/firmware: Add BXT GuC v32.0.3 * linux-firmware: Add firmware file for Intel Bluetooth 22161 * cxgb4: update firmware to revision 1.23.4.0 (bsc#1136334) * linux-firmware: Update NXP Management Complex firmware to version 10.14.3 * linux-firmware: add firmware for MT7615E * mediatek: update MT8173 VPU firmware to v1.1.2 [decoder] Enlarge struct vdec_pic_info to support more capture buffer plane and capture buffer format change. * linux-firmware: update Marvell 8797/8997 firmware images * nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.10.A.23 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1803=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-firmware-20190618-3.22.1 ucode-amd-20190618-3.22.1 References: https://www.suse.com/security/cve/CVE-2019-9836.html https://bugzilla.suse.com/1136334 https://bugzilla.suse.com/1136498 https://bugzilla.suse.com/1139383 From sle-security-updates at lists.suse.com Wed Jul 10 07:12:17 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Jul 2019 15:12:17 +0200 (CEST) Subject: SUSE-SU-2019:1804-1: important: Security update for ruby-bundled-gems-rpmhelper, ruby2.5 Message-ID: <20190710131217.F136DFFC2@maintenance.suse.de> SUSE Security Update: Security update for ruby-bundled-gems-rpmhelper, ruby2.5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1804-1 Rating: important References: #1082007 #1082008 #1082009 #1082010 #1082011 #1082014 #1082058 #1087433 #1087434 #1087436 #1087437 #1087440 #1087441 #1112530 #1112532 #1130028 #1130611 #1130617 #1130620 #1130622 #1130623 #1130627 #1133790 Cross-References: CVE-2017-17742 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-16395 CVE-2018-16396 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has two fixes is now available. Description: This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: - CVE-2019-8320: Delete directory using symlink when decompressing tar (bsc#1130627) - CVE-2019-8321: Escape sequence injection vulnerability in verbose (bsc#1130623) - CVE-2019-8322: Escape sequence injection vulnerability in gem owner (bsc#1130622) - CVE-2019-8323: Escape sequence injection vulnerability in API response handling (bsc#1130620) - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution (bsc#1130617) - CVE-2019-8325: Escape sequence injection vulnerability in errors (bsc#1130611) Ruby 2.5 was updated to 2.5.3: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives (bsc#1112532) - CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly (bsc#1112530) Ruby 2.5 was updated to 2.5.1: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434) - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441) - CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436) - CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433) - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440) - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437) - Multiple vulnerabilities in RubyGems were fixed: - CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058) - CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014) - CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011) - CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010) - CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009) - CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008) - CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007) Other changes: - Fixed Net::POPMail methods modify frozen literal when using default arg - ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790) - build with PIE support (bsc#1130028) Changes in ruby-bundled-gems-rpmhelper: - Add a new helper for bundled ruby gems. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1804=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1804=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1804=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1804=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-debuginfo-2.5.5-4.3.1 ruby2.5-debugsource-2.5.5-4.3.1 ruby2.5-doc-2.5.5-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): ruby2.5-doc-ri-2.5.5-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ruby2.5-debuginfo-2.5.5-4.3.1 ruby2.5-debugsource-2.5.5-4.3.1 ruby2.5-doc-2.5.5-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): ruby2.5-doc-ri-2.5.5-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.5-4.3.1 libruby2_5-2_5-debuginfo-2.5.5-4.3.1 ruby2.5-2.5.5-4.3.1 ruby2.5-debuginfo-2.5.5-4.3.1 ruby2.5-debugsource-2.5.5-4.3.1 ruby2.5-devel-2.5.5-4.3.1 ruby2.5-devel-extra-2.5.5-4.3.1 ruby2.5-stdlib-2.5.5-4.3.1 ruby2.5-stdlib-debuginfo-2.5.5-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.5-4.3.1 libruby2_5-2_5-debuginfo-2.5.5-4.3.1 ruby2.5-2.5.5-4.3.1 ruby2.5-debuginfo-2.5.5-4.3.1 ruby2.5-debugsource-2.5.5-4.3.1 ruby2.5-devel-2.5.5-4.3.1 ruby2.5-devel-extra-2.5.5-4.3.1 ruby2.5-stdlib-2.5.5-4.3.1 ruby2.5-stdlib-debuginfo-2.5.5-4.3.1 References: https://www.suse.com/security/cve/CVE-2017-17742.html https://www.suse.com/security/cve/CVE-2018-1000073.html https://www.suse.com/security/cve/CVE-2018-1000074.html https://www.suse.com/security/cve/CVE-2018-1000075.html https://www.suse.com/security/cve/CVE-2018-1000076.html https://www.suse.com/security/cve/CVE-2018-1000077.html https://www.suse.com/security/cve/CVE-2018-1000078.html https://www.suse.com/security/cve/CVE-2018-1000079.html https://www.suse.com/security/cve/CVE-2018-16395.html https://www.suse.com/security/cve/CVE-2018-16396.html https://www.suse.com/security/cve/CVE-2018-6914.html https://www.suse.com/security/cve/CVE-2018-8777.html https://www.suse.com/security/cve/CVE-2018-8778.html https://www.suse.com/security/cve/CVE-2018-8779.html https://www.suse.com/security/cve/CVE-2018-8780.html https://www.suse.com/security/cve/CVE-2019-8320.html https://www.suse.com/security/cve/CVE-2019-8321.html https://www.suse.com/security/cve/CVE-2019-8322.html https://www.suse.com/security/cve/CVE-2019-8323.html https://www.suse.com/security/cve/CVE-2019-8324.html https://www.suse.com/security/cve/CVE-2019-8325.html https://bugzilla.suse.com/1082007 https://bugzilla.suse.com/1082008 https://bugzilla.suse.com/1082009 https://bugzilla.suse.com/1082010 https://bugzilla.suse.com/1082011 https://bugzilla.suse.com/1082014 https://bugzilla.suse.com/1082058 https://bugzilla.suse.com/1087433 https://bugzilla.suse.com/1087434 https://bugzilla.suse.com/1087436 https://bugzilla.suse.com/1087437 https://bugzilla.suse.com/1087440 https://bugzilla.suse.com/1087441 https://bugzilla.suse.com/1112530 https://bugzilla.suse.com/1112532 https://bugzilla.suse.com/1130028 https://bugzilla.suse.com/1130611 https://bugzilla.suse.com/1130617 https://bugzilla.suse.com/1130620 https://bugzilla.suse.com/1130622 https://bugzilla.suse.com/1130623 https://bugzilla.suse.com/1130627 https://bugzilla.suse.com/1133790 From sle-security-updates at lists.suse.com Wed Jul 10 07:15:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Jul 2019 15:15:31 +0200 (CEST) Subject: SUSE-SU-2019:1806-1: important: Security update for libdlm, libqb Message-ID: <20190710131531.1C69FFFC2@maintenance.suse.de> SUSE Security Update: Security update for libdlm, libqb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1806-1 Rating: important References: #1069468 #1074327 #1098449 #1137835 Cross-References: CVE-2019-12779 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for libdlm, libqb fixes the following issues: libqb to version 1.0.3: - CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files (bsc#1137835). - Enabled use of filesystem sockets for linux (fate#323415). - Fixed logging with newer binutils version (bsc#1074327). libdlm: - Explicitly used and linked libstonithd from libpacemaker3 (bsc#1098449). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1806=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1806=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1806=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libdlm-debuginfo-4.0.7-3.3.2 libdlm-debugsource-4.0.7-3.3.2 libdlm-devel-4.0.7-3.3.2 libqb-debugsource-1.0.3+20171226.6d62b64-4.3.1 libqb-devel-1.0.3+20171226.6d62b64-4.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libdlm-4.0.7-3.3.2 libdlm-debuginfo-4.0.7-3.3.2 libdlm-debugsource-4.0.7-3.3.2 libdlm3-4.0.7-3.3.2 libdlm3-debuginfo-4.0.7-3.3.2 libqb-debugsource-1.0.3+20171226.6d62b64-4.3.1 libqb0-1.0.3+20171226.6d62b64-4.3.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-4.3.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): libdlm-4.0.7-3.3.2 libdlm-debuginfo-4.0.7-3.3.2 libdlm-debugsource-4.0.7-3.3.2 libdlm3-4.0.7-3.3.2 libdlm3-debuginfo-4.0.7-3.3.2 libqb-debugsource-1.0.3+20171226.6d62b64-4.3.1 libqb0-1.0.3+20171226.6d62b64-4.3.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-4.3.1 References: https://www.suse.com/security/cve/CVE-2019-12779.html https://bugzilla.suse.com/1069468 https://bugzilla.suse.com/1074327 https://bugzilla.suse.com/1098449 https://bugzilla.suse.com/1137835 From sle-security-updates at lists.suse.com Wed Jul 10 07:16:45 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Jul 2019 15:16:45 +0200 (CEST) Subject: SUSE-SU-2019:1802-1: moderate: Security update for kernel-firmware Message-ID: <20190710131645.2D4C3FFC2@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1802-1 Rating: moderate References: #1091203 #1104289 #1110720 #1122456 #1128292 #1132303 #1136334 #1136498 #1139383 Cross-References: CVE-2019-9836 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has 8 fixes is now available. Description: This update for kernel-firmware aligns the firmware code with SUSE Linux Enterprise Server 15. The version is now at 20190618. Please refer to the kernel-firmware rpm changelog file to see the full history of changes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1802=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1802=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-firmware-20190618-5.8.1 ucode-amd-20190618-5.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-firmware-20190618-5.8.1 ucode-amd-20190618-5.8.1 References: https://www.suse.com/security/cve/CVE-2019-9836.html https://bugzilla.suse.com/1091203 https://bugzilla.suse.com/1104289 https://bugzilla.suse.com/1110720 https://bugzilla.suse.com/1122456 https://bugzilla.suse.com/1128292 https://bugzilla.suse.com/1132303 https://bugzilla.suse.com/1136334 https://bugzilla.suse.com/1136498 https://bugzilla.suse.com/1139383 From sle-security-updates at lists.suse.com Wed Jul 10 10:10:57 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Jul 2019 18:10:57 +0200 (CEST) Subject: SUSE-SU-2019:14120-1: important: Security update for sqlite3 Message-ID: <20190710161057.6C406FFC2@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14120-1 Rating: important References: #1136976 Cross-References: CVE-2019-8457 Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-8457: Fixed an heap out-of-bound read in the rtreenode() when handling invalid rtree tables (bsc#1136976). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-sqlite3-14120=1 Package List: - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): sqlite3-debugsource-3.6.4-4.3.2 References: https://www.suse.com/security/cve/CVE-2019-8457.html https://bugzilla.suse.com/1136976 From sle-security-updates at lists.suse.com Wed Jul 10 10:12:22 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Jul 2019 18:12:22 +0200 (CEST) Subject: SUSE-SU-2019:1809-1: Security update for fence-agents Message-ID: <20190710161222.08830FFC2@maintenance.suse.de> SUSE Security Update: Security update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1809-1 Rating: low References: #1137314 #1139913 Cross-References: CVE-2019-10153 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for fence-agents version 4.4.0 fixes the following issues: Security issue fixed: - CVE-2019-10153: Fixed a denial of service via guest VM comments (bsc#1137314). Non-security issue fixed: - Added aliyun fence agent (bsc#1139913). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1809=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-3.5.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-3.5.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-3.5.1 References: https://www.suse.com/security/cve/CVE-2019-10153.html https://bugzilla.suse.com/1137314 https://bugzilla.suse.com/1139913 From sle-security-updates at lists.suse.com Wed Jul 10 10:13:08 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Jul 2019 18:13:08 +0200 (CEST) Subject: SUSE-SU-2019:1810-1: moderate: Security update for postgresql10 Message-ID: <20190710161308.C0F2CFFC2@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1810-1 Rating: moderate References: #1134689 #1138034 Cross-References: CVE-2019-10130 CVE-2019-10164 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes: - For a complete list of fixes check the release notes. * https://www.postgresql.org/docs/10/release-10-9.html * https://www.postgresql.org/docs/10/release-10-8.html * https://www.postgresql.org/docs/10/release-10-7.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1810=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1810=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1810=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1810=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libecpg6-10.9-4.13.2 libecpg6-debuginfo-10.9-4.13.2 postgresql10-contrib-10.9-4.13.2 postgresql10-contrib-debuginfo-10.9-4.13.2 postgresql10-debuginfo-10.9-4.13.2 postgresql10-debugsource-10.9-4.13.2 postgresql10-devel-10.9-4.13.2 postgresql10-devel-debuginfo-10.9-4.13.2 postgresql10-plperl-10.9-4.13.2 postgresql10-plperl-debuginfo-10.9-4.13.2 postgresql10-plpython-10.9-4.13.2 postgresql10-plpython-debuginfo-10.9-4.13.2 postgresql10-pltcl-10.9-4.13.2 postgresql10-pltcl-debuginfo-10.9-4.13.2 postgresql10-server-10.9-4.13.2 postgresql10-server-debuginfo-10.9-4.13.2 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): postgresql10-docs-10.9-4.13.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): postgresql10-debuginfo-10.9-4.13.2 postgresql10-debugsource-10.9-4.13.2 postgresql10-test-10.9-4.13.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): postgresql10-debuginfo-10.9-4.13.2 postgresql10-debugsource-10.9-4.13.2 postgresql10-test-10.9-4.13.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (x86_64): libpq5-32bit-10.9-4.13.2 libpq5-32bit-debuginfo-10.9-4.13.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpq5-10.9-4.13.2 libpq5-debuginfo-10.9-4.13.2 postgresql10-10.9-4.13.2 postgresql10-debuginfo-10.9-4.13.2 postgresql10-debugsource-10.9-4.13.2 References: https://www.suse.com/security/cve/CVE-2019-10130.html https://www.suse.com/security/cve/CVE-2019-10164.html https://bugzilla.suse.com/1134689 https://bugzilla.suse.com/1138034 From sle-security-updates at lists.suse.com Wed Jul 10 13:10:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Jul 2019 21:10:38 +0200 (CEST) Subject: SUSE-SU-2019:1813-1: Security update for fence-agents Message-ID: <20190710191038.D9603FFC2@maintenance.suse.de> SUSE Security Update: Security update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1813-1 Rating: low References: #1049852 #1137314 Cross-References: CVE-2019-10153 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for fence-agents version 4.4.0 fixes the following issues: Security issue fixed: - CVE-2019-10153: Fixed a denial of service via guest VM comments (bsc#1137314). Non-security issue fixed: - Included timestamps when logging (bsc#1049852). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1813=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-4.6.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-4.6.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-4.6.1 fence-agents-devel-4.4.0+git.1558595666.5f79f9e9-4.6.1 References: https://www.suse.com/security/cve/CVE-2019-10153.html https://bugzilla.suse.com/1049852 https://bugzilla.suse.com/1137314 From sle-security-updates at lists.suse.com Wed Jul 10 13:11:28 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Jul 2019 21:11:28 +0200 (CEST) Subject: SUSE-SU-2019:1812-1: moderate: Security update for libqb Message-ID: <20190710191128.AB202FFC2@maintenance.suse.de> SUSE Security Update: Security update for libqb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1812-1 Rating: moderate References: #1137835 Cross-References: CVE-2019-12779 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libqb fixes the following issues: Security issue fixed: - CVE-2019-12779: Fixed an issue where a local attacker could overwrite privileged system files (bsc#1137835). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1812=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1812=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libqb0-1.0.3+20171226.6d62b64-3.3.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x): libqb-debugsource-1.0.3+20171226.6d62b64-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libqb0-32bit-1.0.3+20171226.6d62b64-3.3.1 libqb0-32bit-debuginfo-1.0.3+20171226.6d62b64-3.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libqb-debugsource-1.0.3+20171226.6d62b64-3.3.1 libqb-devel-1.0.3+20171226.6d62b64-3.3.1 libqb0-1.0.3+20171226.6d62b64-3.3.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-12779.html https://bugzilla.suse.com/1137835 From sle-security-updates at lists.suse.com Thu Jul 11 07:11:42 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Jul 2019 15:11:42 +0200 (CEST) Subject: SUSE-SU-2019:1819-1: Security update for fence-agents Message-ID: <20190711131142.0F22CFFC2@maintenance.suse.de> SUSE Security Update: Security update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1819-1 Rating: low References: #1137314 #1139913 Cross-References: CVE-2019-10153 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for fence-agents version 4.4.0 fixes the following issues: Security issue fixed: - CVE-2019-10153: Fixed a denial of service via guest VM comments (bsc#1137314). Non-security issue fixed: - Added aliyun fence agent (bsc#1139913). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2019-1819=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1819=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-7.5.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-7.5.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-7.5.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-7.5.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-7.5.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-7.5.1 fence-agents-devel-4.4.0+git.1558595666.5f79f9e9-7.5.1 References: https://www.suse.com/security/cve/CVE-2019-10153.html https://bugzilla.suse.com/1137314 https://bugzilla.suse.com/1139913 From sle-security-updates at lists.suse.com Thu Jul 11 19:13:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2019 03:13:19 +0200 (CEST) Subject: SUSE-SU-2019:1793-1: important: Test update for SUSE:SLE-12-SP5:Update (security) Message-ID: <20190712011319.3A7B6FFC2@maintenance.suse.de> SUSE Security Update: Test update for SUSE:SLE-12-SP5:Update (security) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1793-1 Rating: important References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This is a security test update for SUSE:SLE-12-SP5:Update Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1793=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1793=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-security-5-7.2.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-security-5-7.2.1 References: https://bugzilla.suse.com/1137402 From sle-security-updates at lists.suse.com Fri Jul 12 04:14:39 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2019 12:14:39 +0200 (CEST) Subject: SUSE-SU-2019:1823-1: important: Security update for the Linux Kernel Message-ID: <20190712101439.18AD2FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1823-1 Rating: important References: #1096254 #1108382 #1109137 #1127155 #1133190 #1133738 #1134395 #1134701 #1136922 #1136935 #1137194 #1138291 #1140575 Cross-References: CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11487 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has two fixes is now available. Description: The SUSE Linux Enterprise 12 SP 2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace. (bnc#) - CVE-2019-10126: A flaw was found in the Linux kernel that might lead to memory corruption in the marvell mwifiex driver. (bnc#1136935) - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#) - CVE-2019-12818: An issue was discovered in the Linux kernel The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. (bnc#1137194) - CVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12456 a double-fetch bug in _ctl_ioctl_main() could allow local users to create a denial of service (bsc#1136922). - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it. (bnc#) - CVE-2019-11487: The Linux kernel allowed page-_refcount reference count to overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (bnc#1133190) The following non-security bugs were fixed: - Drop multiversion(kernel) from the KMP template (bsc#1127155). - Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137)." This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19. - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - x86/cpu: Unify CPU family, model, stepping calculation (bsc#1134701). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode/AMD: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/AMD: Fix load of builtin microcode with randomized memory (bsc#1134701). - x86/microcode/AMD: Reload proper initrd start address (bsc#1134701). - x86/microcode/amd: Hand down the CPU family (bsc#1134701). - x86/microcode/amd: Move private inlines to .c and mark local functions static (bsc#1134701). - x86/microcode/intel: Drop stashed AP patch pointer optimization (bsc#1134701). - x86/microcode/intel: Fix allocation size of struct ucode_patch (bsc#1134701). - x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/intel: Remove intel_lib.c (bsc#1134701). - x86/microcode/intel: Remove unused arg of get_matching_model_microcode() (bsc#1134701). - x86/microcode/intel: Rename load_microcode_early() to find_microcode_patch() (bsc#1134701). - x86/microcode/intel: Rename local variables of type struct mc_saved_data (bsc#1134701). - x86/microcode/intel: Rename mc_intel variable to mc (bsc#1134701). - x86/microcode/intel: Rename mc_saved_in_initrd (bsc#1134701). - x86/microcode/intel: Simplify generic_load_microcode() (bsc#1134701). - x86/microcode/intel: Unexport save_mc_for_early() (bsc#1134701). - x86/microcode/intel: Use correct buffer size for saving microcode data (bsc#1134701). - x86/microcode: Collect CPU info on resume (bsc#1134701). - x86/microcode: Export the microcode cache linked list (bsc#1134701). - x86/microcode: Fix loading precedence (bsc#1134701). - x86/microcode: Get rid of find_cpio_data()'s dummy offset arg (bsc#1134701). - x86/microcode: Issue the debug printk on resume only on success (bsc#1134701). - x86/microcode: Rework microcode loading (bsc#1134701). - x86/microcode: Run the AP-loading routine only on the application processors (bsc#1134701). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1823=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1823=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1823=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1823=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1823=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.117.1 kernel-default-base-4.4.121-92.117.1 kernel-default-base-debuginfo-4.4.121-92.117.1 kernel-default-debuginfo-4.4.121-92.117.1 kernel-default-debugsource-4.4.121-92.117.1 kernel-default-devel-4.4.121-92.117.1 kernel-syms-4.4.121-92.117.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.117.1 kernel-macros-4.4.121-92.117.1 kernel-source-4.4.121-92.117.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_117-default-1-3.3.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.117.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.117.1 kernel-default-base-4.4.121-92.117.1 kernel-default-base-debuginfo-4.4.121-92.117.1 kernel-default-debuginfo-4.4.121-92.117.1 kernel-default-debugsource-4.4.121-92.117.1 kernel-default-devel-4.4.121-92.117.1 kernel-syms-4.4.121-92.117.1 kgraft-patch-4_4_121-92_117-default-1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.117.1 kernel-macros-4.4.121-92.117.1 kernel-source-4.4.121-92.117.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.117.1 kernel-default-base-4.4.121-92.117.1 kernel-default-base-debuginfo-4.4.121-92.117.1 kernel-default-debuginfo-4.4.121-92.117.1 kernel-default-debugsource-4.4.121-92.117.1 kernel-default-devel-4.4.121-92.117.1 kernel-syms-4.4.121-92.117.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_117-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.117.1 kernel-macros-4.4.121-92.117.1 kernel-source-4.4.121-92.117.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.117.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.117.1 kernel-macros-4.4.121-92.117.1 kernel-source-4.4.121-92.117.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.117.1 kernel-default-base-4.4.121-92.117.1 kernel-default-base-debuginfo-4.4.121-92.117.1 kernel-default-debuginfo-4.4.121-92.117.1 kernel-default-debugsource-4.4.121-92.117.1 kernel-default-devel-4.4.121-92.117.1 kernel-syms-4.4.121-92.117.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.117.1 kernel-macros-4.4.121-92.117.1 kernel-source-4.4.121-92.117.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.117.1 kernel-default-base-4.4.121-92.117.1 kernel-default-base-debuginfo-4.4.121-92.117.1 kernel-default-debuginfo-4.4.121-92.117.1 kernel-default-debugsource-4.4.121-92.117.1 kernel-default-devel-4.4.121-92.117.1 kernel-syms-4.4.121-92.117.1 kgraft-patch-4_4_121-92_117-default-1-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1096254 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1134701 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1140575 From sle-security-updates at lists.suse.com Fri Jul 12 07:10:52 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2019 15:10:52 +0200 (CEST) Subject: SUSE-SU-2019:1824-1: important: Security update for glib2 Message-ID: <20190712131052.54779FFC2@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1824-1 Rating: important References: #1139959 Cross-References: CVE-2019-13012 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1824=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1824=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1824=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): glib2-lang-2.38.2-7.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): glib2-debugsource-2.38.2-7.12.1 glib2-tools-2.38.2-7.12.1 glib2-tools-debuginfo-2.38.2-7.12.1 libgio-2_0-0-2.38.2-7.12.1 libgio-2_0-0-32bit-2.38.2-7.12.1 libgio-2_0-0-debuginfo-2.38.2-7.12.1 libgio-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libglib-2_0-0-2.38.2-7.12.1 libglib-2_0-0-32bit-2.38.2-7.12.1 libglib-2_0-0-debuginfo-2.38.2-7.12.1 libglib-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgmodule-2_0-0-2.38.2-7.12.1 libgmodule-2_0-0-32bit-2.38.2-7.12.1 libgmodule-2_0-0-debuginfo-2.38.2-7.12.1 libgmodule-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgobject-2_0-0-2.38.2-7.12.1 libgobject-2_0-0-32bit-2.38.2-7.12.1 libgobject-2_0-0-debuginfo-2.38.2-7.12.1 libgobject-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgthread-2_0-0-2.38.2-7.12.1 libgthread-2_0-0-32bit-2.38.2-7.12.1 libgthread-2_0-0-debuginfo-2.38.2-7.12.1 libgthread-2_0-0-debuginfo-32bit-2.38.2-7.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): glib2-debugsource-2.38.2-7.12.1 glib2-tools-2.38.2-7.12.1 glib2-tools-debuginfo-2.38.2-7.12.1 libgio-2_0-0-2.38.2-7.12.1 libgio-2_0-0-debuginfo-2.38.2-7.12.1 libglib-2_0-0-2.38.2-7.12.1 libglib-2_0-0-debuginfo-2.38.2-7.12.1 libgmodule-2_0-0-2.38.2-7.12.1 libgmodule-2_0-0-debuginfo-2.38.2-7.12.1 libgobject-2_0-0-2.38.2-7.12.1 libgobject-2_0-0-debuginfo-2.38.2-7.12.1 libgthread-2_0-0-2.38.2-7.12.1 libgthread-2_0-0-debuginfo-2.38.2-7.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libgio-2_0-0-32bit-2.38.2-7.12.1 libgio-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libglib-2_0-0-32bit-2.38.2-7.12.1 libglib-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgmodule-2_0-0-32bit-2.38.2-7.12.1 libgmodule-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgobject-2_0-0-32bit-2.38.2-7.12.1 libgobject-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgthread-2_0-0-32bit-2.38.2-7.12.1 libgthread-2_0-0-debuginfo-32bit-2.38.2-7.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): glib2-lang-2.38.2-7.12.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): glib2-debugsource-2.38.2-7.12.1 glib2-tools-2.38.2-7.12.1 glib2-tools-debuginfo-2.38.2-7.12.1 libgio-2_0-0-2.38.2-7.12.1 libgio-2_0-0-debuginfo-2.38.2-7.12.1 libglib-2_0-0-2.38.2-7.12.1 libglib-2_0-0-debuginfo-2.38.2-7.12.1 libgmodule-2_0-0-2.38.2-7.12.1 libgmodule-2_0-0-debuginfo-2.38.2-7.12.1 libgobject-2_0-0-2.38.2-7.12.1 libgobject-2_0-0-debuginfo-2.38.2-7.12.1 libgthread-2_0-0-2.38.2-7.12.1 libgthread-2_0-0-debuginfo-2.38.2-7.12.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libgio-2_0-0-32bit-2.38.2-7.12.1 libgio-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libglib-2_0-0-32bit-2.38.2-7.12.1 libglib-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgmodule-2_0-0-32bit-2.38.2-7.12.1 libgmodule-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgobject-2_0-0-32bit-2.38.2-7.12.1 libgobject-2_0-0-debuginfo-32bit-2.38.2-7.12.1 libgthread-2_0-0-32bit-2.38.2-7.12.1 libgthread-2_0-0-debuginfo-32bit-2.38.2-7.12.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): glib2-lang-2.38.2-7.12.1 References: https://www.suse.com/security/cve/CVE-2019-13012.html https://bugzilla.suse.com/1139959 From sle-security-updates at lists.suse.com Fri Jul 12 10:11:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2019 18:11:31 +0200 (CEST) Subject: SUSE-SU-2019:1352-2: moderate: Security update for python3 Message-ID: <20190712161131.3C825FFC2@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1352-2 Rating: moderate References: #1130840 #1133452 Cross-References: CVE-2019-9947 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1352=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1352=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1352=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.16.2 python3-base-debugsource-3.6.8-3.16.2 python3-testsuite-3.6.8-3.16.2 python3-testsuite-debuginfo-3.6.8-3.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python3-doc-3.6.8-3.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpython3_6m1_0-32bit-3.6.8-3.16.2 libpython3_6m1_0-32bit-debuginfo-3.6.8-3.16.2 python3-32bit-3.6.8-3.16.2 python3-32bit-debuginfo-3.6.8-3.16.2 python3-base-32bit-3.6.8-3.16.2 python3-base-32bit-debuginfo-3.6.8-3.16.2 python3-debugsource-3.6.8-3.16.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.8-3.16.2 python3-base-debugsource-3.6.8-3.16.2 python3-tools-3.6.8-3.16.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.8-3.16.2 libpython3_6m1_0-debuginfo-3.6.8-3.16.2 python3-3.6.8-3.16.2 python3-base-3.6.8-3.16.2 python3-base-debuginfo-3.6.8-3.16.2 python3-base-debugsource-3.6.8-3.16.2 python3-curses-3.6.8-3.16.2 python3-curses-debuginfo-3.6.8-3.16.2 python3-dbm-3.6.8-3.16.2 python3-dbm-debuginfo-3.6.8-3.16.2 python3-debuginfo-3.6.8-3.16.2 python3-debugsource-3.6.8-3.16.2 python3-devel-3.6.8-3.16.2 python3-devel-debuginfo-3.6.8-3.16.2 python3-idle-3.6.8-3.16.2 python3-tk-3.6.8-3.16.2 python3-tk-debuginfo-3.6.8-3.16.2 References: https://www.suse.com/security/cve/CVE-2019-9947.html https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1133452 From sle-security-updates at lists.suse.com Fri Jul 12 10:12:20 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2019 18:12:20 +0200 (CEST) Subject: SUSE-SU-2019:1829-1: important: Security update for the Linux Kernel Message-ID: <20190712161220.23C62FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1829-1 Rating: important References: #1051510 #1071995 #1088047 #1094555 #1098633 #1106383 #1106751 #1109137 #1114279 #1119532 #1120423 #1124167 #1127155 #1128432 #1128902 #1128910 #1131645 #1132154 #1132390 #1133401 #1133738 #1134303 #1134395 #1135296 #1135556 #1135642 #1136157 #1136598 #1136922 #1136935 #1137103 #1137194 #1137429 #1137625 #1137728 #1137884 #1137995 #1137996 #1137998 #1137999 #1138000 #1138002 #1138003 #1138005 #1138006 #1138007 #1138008 #1138009 #1138010 #1138011 #1138012 #1138013 #1138014 #1138015 #1138016 #1138017 #1138018 #1138019 #1138291 #1138293 #1138374 #1138375 #1138589 #1138719 #1139771 #1139782 #1139865 #1140133 #1140328 #1140405 #1140424 #1140428 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 71 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575] - CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. [bnc#1140577] - CVE-2018-20836: A race condition used to exist in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. [bnc#1134395] - CVE-2019-10126: A heap based buffer overflow in the wireless driver code was fixed. This issue might have lead to memory corruption and possibly other consequences. [bnc#1136935] - CVE-2019-11599: The coredump implementation did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. [bnc#1131645]. - CVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC platforms, which allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). [bnc#1137194] - CVE-2018-16871: A flaw was found in the NFS implementation. An attacker who was able to mount an exported NFS filesystem was able to trigger a null pointer dereference by an invalid NFS sequence. This could panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will were lost. [bnc#1137103] - CVE-2019-12819: The function __mdiobus_register() used to call put_device(), which would trigger a fixed_mdio_bus_init use-after-free error. This would cause a denial of service. [bnc#1138291] - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it could trigger a NULL pointer dereference. This would cause denial of service. [bnc#1138293] - CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. [bsc#1136922] - CVE-2019-12380: An issue was in the EFI subsystem existed that mishandled memory allocation failures. Note, however, that all relevant code runs only at boot-time, before any user processes are started. Therefore, there was no possibility for an unprivileged user to exploit this issue. [bnc#1136598] The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi: Add Hygon Dhyana support (). - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - edac, amd64: Add Hygon Dhyana support. - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid: wacom: Add support for Pro Pen slim (bsc#1051510). - hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid: wacom: Do not set tool type until we're in range (bsc#1051510). - hid: wacom: Mark expected switch fall-through (bsc#1051510). - hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - hid: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - hid: wacom: fix mistake in printk (bsc#1051510). - hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid: wacom: generic: Report AES battery information (bsc#1051510). - hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid: wacom: generic: Support multiple tools per report (bsc#1051510). - hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid: wacom: generic: add the "Report Valid" usage (bsc#1051510). - hid: wacom: switch Dell canvas into highres mode (bsc#1051510). - hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - kabi workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: fixup blk_mq_register_dev() (bsc#1140637). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - pci: pm: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: pm: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - pm / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi: spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty: max310x: Fix external crystal register setup (bsc#1051510). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-1829=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1829=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): kernel-azure-4.12.14-5.33.1 kernel-azure-base-4.12.14-5.33.1 kernel-azure-base-debuginfo-4.12.14-5.33.1 kernel-azure-debuginfo-4.12.14-5.33.1 kernel-azure-devel-4.12.14-5.33.1 kernel-syms-azure-4.12.14-5.33.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): kernel-devel-azure-4.12.14-5.33.1 kernel-source-azure-4.12.14-5.33.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): cluster-md-kmp-azure-4.12.14-5.33.1 cluster-md-kmp-azure-debuginfo-4.12.14-5.33.1 dlm-kmp-azure-4.12.14-5.33.1 dlm-kmp-azure-debuginfo-4.12.14-5.33.1 gfs2-kmp-azure-4.12.14-5.33.1 gfs2-kmp-azure-debuginfo-4.12.14-5.33.1 kernel-azure-4.12.14-5.33.1 kernel-azure-base-4.12.14-5.33.1 kernel-azure-base-debuginfo-4.12.14-5.33.1 kernel-azure-debuginfo-4.12.14-5.33.1 kernel-azure-debugsource-4.12.14-5.33.1 kernel-azure-devel-4.12.14-5.33.1 kernel-azure-devel-debuginfo-4.12.14-5.33.1 kernel-azure-extra-4.12.14-5.33.1 kernel-azure-extra-debuginfo-4.12.14-5.33.1 kernel-azure-livepatch-4.12.14-5.33.1 kernel-syms-azure-4.12.14-5.33.1 kselftests-kmp-azure-4.12.14-5.33.1 kselftests-kmp-azure-debuginfo-4.12.14-5.33.1 ocfs2-kmp-azure-4.12.14-5.33.1 ocfs2-kmp-azure-debuginfo-4.12.14-5.33.1 reiserfs-kmp-azure-4.12.14-5.33.1 reiserfs-kmp-azure-debuginfo-4.12.14-5.33.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-devel-azure-4.12.14-5.33.1 kernel-source-azure-4.12.14-5.33.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1106751 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1124167 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1128910 https://bugzilla.suse.com/1131645 https://bugzilla.suse.com/1132154 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136598 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137995 https://bugzilla.suse.com/1137996 https://bugzilla.suse.com/1137998 https://bugzilla.suse.com/1137999 https://bugzilla.suse.com/1138000 https://bugzilla.suse.com/1138002 https://bugzilla.suse.com/1138003 https://bugzilla.suse.com/1138005 https://bugzilla.suse.com/1138006 https://bugzilla.suse.com/1138007 https://bugzilla.suse.com/1138008 https://bugzilla.suse.com/1138009 https://bugzilla.suse.com/1138010 https://bugzilla.suse.com/1138011 https://bugzilla.suse.com/1138012 https://bugzilla.suse.com/1138013 https://bugzilla.suse.com/1138014 https://bugzilla.suse.com/1138015 https://bugzilla.suse.com/1138016 https://bugzilla.suse.com/1138017 https://bugzilla.suse.com/1138018 https://bugzilla.suse.com/1138019 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139782 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 From sle-security-updates at lists.suse.com Fri Jul 12 10:24:32 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2019 18:24:32 +0200 (CEST) Subject: SUSE-SU-2019:1825-1: moderate: Security update for tomcat Message-ID: <20190712162432.803E2FFC2@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1825-1 Rating: moderate References: #1139924 Cross-References: CVE-2019-0199 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat to version 9.0.21 fixes the following issues: Security issue fixed: - CVE-2019-0199: Added additional fixes to address HTTP/2 connection window exhaustion (bsc#1139924). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-1825=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1825=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): tomcat-9.0.21-3.27.1 tomcat-admin-webapps-9.0.21-3.27.1 tomcat-el-3_0-api-9.0.21-3.27.1 tomcat-jsp-2_3-api-9.0.21-3.27.1 tomcat-lib-9.0.21-3.27.1 tomcat-servlet-4_0-api-9.0.21-3.27.1 tomcat-webapps-9.0.21-3.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): tomcat-docs-webapp-9.0.21-3.27.1 tomcat-embed-9.0.21-3.27.1 tomcat-javadoc-9.0.21-3.27.1 tomcat-jsvc-9.0.21-3.27.1 References: https://www.suse.com/security/cve/CVE-2019-0199.html https://bugzilla.suse.com/1139924 From sle-security-updates at lists.suse.com Fri Jul 12 10:25:15 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2019 18:25:15 +0200 (CEST) Subject: SUSE-SU-2019:1826-1: important: Security update for bubblewrap Message-ID: <20190712162515.B40E0FFC2@maintenance.suse.de> SUSE Security Update: Security update for bubblewrap ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1826-1 Rating: important References: #1136958 Cross-References: CVE-2019-12439 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bubblewrap fixes the following issues: Security issue fixed: - CVE-2019-12439: Fixed insecure use of /tmp (bsc#1136958). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1826=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): bubblewrap-0.2.0-3.3.1 bubblewrap-debuginfo-0.2.0-3.3.1 bubblewrap-debugsource-0.2.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-12439.html https://bugzilla.suse.com/1136958 From sle-security-updates at lists.suse.com Fri Jul 12 13:11:30 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2019 21:11:30 +0200 (CEST) Subject: SUSE-SU-2019:1835-1: moderate: Security update for expat Message-ID: <20190712191130.46136FFC2@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1835-1 Rating: moderate References: #1139937 Cross-References: CVE-2018-20843 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1835=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1835=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1835=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): expat-32bit-debuginfo-2.2.5-3.3.1 expat-debugsource-2.2.5-3.3.1 libexpat-devel-32bit-2.2.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.3.1 expat-debuginfo-2.2.5-3.3.1 expat-debugsource-2.2.5-3.3.1 libexpat-devel-2.2.5-3.3.1 libexpat1-2.2.5-3.3.1 libexpat1-debuginfo-2.2.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): expat-32bit-debuginfo-2.2.5-3.3.1 libexpat1-32bit-2.2.5-3.3.1 libexpat1-32bit-debuginfo-2.2.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.3.1 expat-debuginfo-2.2.5-3.3.1 expat-debugsource-2.2.5-3.3.1 libexpat-devel-2.2.5-3.3.1 libexpat1-2.2.5-3.3.1 libexpat1-debuginfo-2.2.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): expat-32bit-debuginfo-2.2.5-3.3.1 libexpat1-32bit-2.2.5-3.3.1 libexpat1-32bit-debuginfo-2.2.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-20843.html https://bugzilla.suse.com/1139937 From sle-security-updates at lists.suse.com Fri Jul 12 13:12:12 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2019 21:12:12 +0200 (CEST) Subject: SUSE-SU-2019:1832-1: moderate: Security update for php7 Message-ID: <20190712191212.8EA12FFC2@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1832-1 Rating: moderate References: #1138172 #1138173 Cross-References: CVE-2019-11039 CVE-2019-11040 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-1832=1 - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-1832=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1832=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1832=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1832=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.35.3 apache2-mod_php7-debuginfo-7.2.5-4.35.3 php7-7.2.5-4.35.3 php7-bcmath-7.2.5-4.35.3 php7-bcmath-debuginfo-7.2.5-4.35.3 php7-bz2-7.2.5-4.35.3 php7-bz2-debuginfo-7.2.5-4.35.3 php7-calendar-7.2.5-4.35.3 php7-calendar-debuginfo-7.2.5-4.35.3 php7-ctype-7.2.5-4.35.3 php7-ctype-debuginfo-7.2.5-4.35.3 php7-curl-7.2.5-4.35.3 php7-curl-debuginfo-7.2.5-4.35.3 php7-dba-7.2.5-4.35.3 php7-dba-debuginfo-7.2.5-4.35.3 php7-debuginfo-7.2.5-4.35.3 php7-debugsource-7.2.5-4.35.3 php7-devel-7.2.5-4.35.3 php7-dom-7.2.5-4.35.3 php7-dom-debuginfo-7.2.5-4.35.3 php7-enchant-7.2.5-4.35.3 php7-enchant-debuginfo-7.2.5-4.35.3 php7-exif-7.2.5-4.35.3 php7-exif-debuginfo-7.2.5-4.35.3 php7-fastcgi-7.2.5-4.35.3 php7-fastcgi-debuginfo-7.2.5-4.35.3 php7-fileinfo-7.2.5-4.35.3 php7-fileinfo-debuginfo-7.2.5-4.35.3 php7-fpm-7.2.5-4.35.3 php7-fpm-debuginfo-7.2.5-4.35.3 php7-ftp-7.2.5-4.35.3 php7-ftp-debuginfo-7.2.5-4.35.3 php7-gd-7.2.5-4.35.3 php7-gd-debuginfo-7.2.5-4.35.3 php7-gettext-7.2.5-4.35.3 php7-gettext-debuginfo-7.2.5-4.35.3 php7-gmp-7.2.5-4.35.3 php7-gmp-debuginfo-7.2.5-4.35.3 php7-iconv-7.2.5-4.35.3 php7-iconv-debuginfo-7.2.5-4.35.3 php7-intl-7.2.5-4.35.3 php7-intl-debuginfo-7.2.5-4.35.3 php7-json-7.2.5-4.35.3 php7-json-debuginfo-7.2.5-4.35.3 php7-ldap-7.2.5-4.35.3 php7-ldap-debuginfo-7.2.5-4.35.3 php7-mbstring-7.2.5-4.35.3 php7-mbstring-debuginfo-7.2.5-4.35.3 php7-mysql-7.2.5-4.35.3 php7-mysql-debuginfo-7.2.5-4.35.3 php7-odbc-7.2.5-4.35.3 php7-odbc-debuginfo-7.2.5-4.35.3 php7-opcache-7.2.5-4.35.3 php7-opcache-debuginfo-7.2.5-4.35.3 php7-openssl-7.2.5-4.35.3 php7-openssl-debuginfo-7.2.5-4.35.3 php7-pcntl-7.2.5-4.35.3 php7-pcntl-debuginfo-7.2.5-4.35.3 php7-pdo-7.2.5-4.35.3 php7-pdo-debuginfo-7.2.5-4.35.3 php7-pgsql-7.2.5-4.35.3 php7-pgsql-debuginfo-7.2.5-4.35.3 php7-phar-7.2.5-4.35.3 php7-phar-debuginfo-7.2.5-4.35.3 php7-posix-7.2.5-4.35.3 php7-posix-debuginfo-7.2.5-4.35.3 php7-shmop-7.2.5-4.35.3 php7-shmop-debuginfo-7.2.5-4.35.3 php7-snmp-7.2.5-4.35.3 php7-snmp-debuginfo-7.2.5-4.35.3 php7-soap-7.2.5-4.35.3 php7-soap-debuginfo-7.2.5-4.35.3 php7-sockets-7.2.5-4.35.3 php7-sockets-debuginfo-7.2.5-4.35.3 php7-sqlite-7.2.5-4.35.3 php7-sqlite-debuginfo-7.2.5-4.35.3 php7-sysvmsg-7.2.5-4.35.3 php7-sysvmsg-debuginfo-7.2.5-4.35.3 php7-sysvsem-7.2.5-4.35.3 php7-sysvsem-debuginfo-7.2.5-4.35.3 php7-sysvshm-7.2.5-4.35.3 php7-sysvshm-debuginfo-7.2.5-4.35.3 php7-tokenizer-7.2.5-4.35.3 php7-tokenizer-debuginfo-7.2.5-4.35.3 php7-wddx-7.2.5-4.35.3 php7-wddx-debuginfo-7.2.5-4.35.3 php7-xmlreader-7.2.5-4.35.3 php7-xmlreader-debuginfo-7.2.5-4.35.3 php7-xmlrpc-7.2.5-4.35.3 php7-xmlrpc-debuginfo-7.2.5-4.35.3 php7-xmlwriter-7.2.5-4.35.3 php7-xmlwriter-debuginfo-7.2.5-4.35.3 php7-xsl-7.2.5-4.35.3 php7-xsl-debuginfo-7.2.5-4.35.3 php7-zip-7.2.5-4.35.3 php7-zip-debuginfo-7.2.5-4.35.3 php7-zlib-7.2.5-4.35.3 php7-zlib-debuginfo-7.2.5-4.35.3 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): php7-pear-7.2.5-4.35.3 php7-pear-Archive_Tar-7.2.5-4.35.3 - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.35.3 apache2-mod_php7-debuginfo-7.2.5-4.35.3 php7-7.2.5-4.35.3 php7-bcmath-7.2.5-4.35.3 php7-bcmath-debuginfo-7.2.5-4.35.3 php7-bz2-7.2.5-4.35.3 php7-bz2-debuginfo-7.2.5-4.35.3 php7-calendar-7.2.5-4.35.3 php7-calendar-debuginfo-7.2.5-4.35.3 php7-ctype-7.2.5-4.35.3 php7-ctype-debuginfo-7.2.5-4.35.3 php7-curl-7.2.5-4.35.3 php7-curl-debuginfo-7.2.5-4.35.3 php7-dba-7.2.5-4.35.3 php7-dba-debuginfo-7.2.5-4.35.3 php7-debuginfo-7.2.5-4.35.3 php7-debugsource-7.2.5-4.35.3 php7-devel-7.2.5-4.35.3 php7-dom-7.2.5-4.35.3 php7-dom-debuginfo-7.2.5-4.35.3 php7-enchant-7.2.5-4.35.3 php7-enchant-debuginfo-7.2.5-4.35.3 php7-exif-7.2.5-4.35.3 php7-exif-debuginfo-7.2.5-4.35.3 php7-fastcgi-7.2.5-4.35.3 php7-fastcgi-debuginfo-7.2.5-4.35.3 php7-fileinfo-7.2.5-4.35.3 php7-fileinfo-debuginfo-7.2.5-4.35.3 php7-fpm-7.2.5-4.35.3 php7-fpm-debuginfo-7.2.5-4.35.3 php7-ftp-7.2.5-4.35.3 php7-ftp-debuginfo-7.2.5-4.35.3 php7-gd-7.2.5-4.35.3 php7-gd-debuginfo-7.2.5-4.35.3 php7-gettext-7.2.5-4.35.3 php7-gettext-debuginfo-7.2.5-4.35.3 php7-gmp-7.2.5-4.35.3 php7-gmp-debuginfo-7.2.5-4.35.3 php7-iconv-7.2.5-4.35.3 php7-iconv-debuginfo-7.2.5-4.35.3 php7-intl-7.2.5-4.35.3 php7-intl-debuginfo-7.2.5-4.35.3 php7-json-7.2.5-4.35.3 php7-json-debuginfo-7.2.5-4.35.3 php7-ldap-7.2.5-4.35.3 php7-ldap-debuginfo-7.2.5-4.35.3 php7-mbstring-7.2.5-4.35.3 php7-mbstring-debuginfo-7.2.5-4.35.3 php7-mysql-7.2.5-4.35.3 php7-mysql-debuginfo-7.2.5-4.35.3 php7-odbc-7.2.5-4.35.3 php7-odbc-debuginfo-7.2.5-4.35.3 php7-opcache-7.2.5-4.35.3 php7-opcache-debuginfo-7.2.5-4.35.3 php7-openssl-7.2.5-4.35.3 php7-openssl-debuginfo-7.2.5-4.35.3 php7-pcntl-7.2.5-4.35.3 php7-pcntl-debuginfo-7.2.5-4.35.3 php7-pdo-7.2.5-4.35.3 php7-pdo-debuginfo-7.2.5-4.35.3 php7-pgsql-7.2.5-4.35.3 php7-pgsql-debuginfo-7.2.5-4.35.3 php7-phar-7.2.5-4.35.3 php7-phar-debuginfo-7.2.5-4.35.3 php7-posix-7.2.5-4.35.3 php7-posix-debuginfo-7.2.5-4.35.3 php7-shmop-7.2.5-4.35.3 php7-shmop-debuginfo-7.2.5-4.35.3 php7-snmp-7.2.5-4.35.3 php7-snmp-debuginfo-7.2.5-4.35.3 php7-soap-7.2.5-4.35.3 php7-soap-debuginfo-7.2.5-4.35.3 php7-sockets-7.2.5-4.35.3 php7-sockets-debuginfo-7.2.5-4.35.3 php7-sodium-7.2.5-4.35.3 php7-sodium-debuginfo-7.2.5-4.35.3 php7-sqlite-7.2.5-4.35.3 php7-sqlite-debuginfo-7.2.5-4.35.3 php7-sysvmsg-7.2.5-4.35.3 php7-sysvmsg-debuginfo-7.2.5-4.35.3 php7-sysvsem-7.2.5-4.35.3 php7-sysvsem-debuginfo-7.2.5-4.35.3 php7-sysvshm-7.2.5-4.35.3 php7-sysvshm-debuginfo-7.2.5-4.35.3 php7-tokenizer-7.2.5-4.35.3 php7-tokenizer-debuginfo-7.2.5-4.35.3 php7-wddx-7.2.5-4.35.3 php7-wddx-debuginfo-7.2.5-4.35.3 php7-xmlreader-7.2.5-4.35.3 php7-xmlreader-debuginfo-7.2.5-4.35.3 php7-xmlrpc-7.2.5-4.35.3 php7-xmlrpc-debuginfo-7.2.5-4.35.3 php7-xmlwriter-7.2.5-4.35.3 php7-xmlwriter-debuginfo-7.2.5-4.35.3 php7-xsl-7.2.5-4.35.3 php7-xsl-debuginfo-7.2.5-4.35.3 php7-zip-7.2.5-4.35.3 php7-zip-debuginfo-7.2.5-4.35.3 php7-zlib-7.2.5-4.35.3 php7-zlib-debuginfo-7.2.5-4.35.3 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): php7-pear-7.2.5-4.35.3 php7-pear-Archive_Tar-7.2.5-4.35.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.35.3 php7-debugsource-7.2.5-4.35.3 php7-embed-7.2.5-4.35.3 php7-embed-debuginfo-7.2.5-4.35.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.35.3 php7-debugsource-7.2.5-4.35.3 php7-embed-7.2.5-4.35.3 php7-embed-debuginfo-7.2.5-4.35.3 php7-readline-7.2.5-4.35.3 php7-readline-debuginfo-7.2.5-4.35.3 php7-sodium-7.2.5-4.35.3 php7-sodium-debuginfo-7.2.5-4.35.3 php7-tidy-7.2.5-4.35.3 php7-tidy-debuginfo-7.2.5-4.35.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.35.3 php7-debugsource-7.2.5-4.35.3 php7-embed-7.2.5-4.35.3 php7-embed-debuginfo-7.2.5-4.35.3 php7-readline-7.2.5-4.35.3 php7-readline-debuginfo-7.2.5-4.35.3 php7-sodium-7.2.5-4.35.3 php7-sodium-debuginfo-7.2.5-4.35.3 php7-tidy-7.2.5-4.35.3 php7-tidy-debuginfo-7.2.5-4.35.3 References: https://www.suse.com/security/cve/CVE-2019-11039.html https://www.suse.com/security/cve/CVE-2019-11040.html https://bugzilla.suse.com/1138172 https://bugzilla.suse.com/1138173 From sle-security-updates at lists.suse.com Fri Jul 12 13:13:03 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2019 21:13:03 +0200 (CEST) Subject: SUSE-SU-2019:1833-1: moderate: Security update for glib2 Message-ID: <20190712191303.1CFE5FFC2@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1833-1 Rating: moderate References: #1139959 Cross-References: CVE-2019-13012 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1833=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1833=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1833=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1833=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1833=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (x86_64): glib2-debugsource-2.54.3-4.18.1 glib2-devel-32bit-2.54.3-4.18.1 glib2-devel-32bit-debuginfo-2.54.3-4.18.1 glib2-tools-32bit-2.54.3-4.18.1 glib2-tools-32bit-debuginfo-2.54.3-4.18.1 libgthread-2_0-0-32bit-2.54.3-4.18.1 libgthread-2_0-0-32bit-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.18.1 glib2-devel-static-2.54.3-4.18.1 libgio-fam-2.54.3-4.18.1 libgio-fam-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): glib2-devel-32bit-2.54.3-4.18.1 glib2-devel-32bit-debuginfo-2.54.3-4.18.1 glib2-tools-32bit-2.54.3-4.18.1 glib2-tools-32bit-debuginfo-2.54.3-4.18.1 libgio-fam-32bit-2.54.3-4.18.1 libgio-fam-32bit-debuginfo-2.54.3-4.18.1 libgthread-2_0-0-32bit-2.54.3-4.18.1 libgthread-2_0-0-32bit-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): gio-branding-upstream-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.18.1 glib2-devel-static-2.54.3-4.18.1 libgio-fam-2.54.3-4.18.1 libgio-fam-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): gio-branding-upstream-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.18.1 glib2-devel-2.54.3-4.18.1 glib2-devel-debuginfo-2.54.3-4.18.1 glib2-tools-2.54.3-4.18.1 glib2-tools-debuginfo-2.54.3-4.18.1 libgio-2_0-0-2.54.3-4.18.1 libgio-2_0-0-debuginfo-2.54.3-4.18.1 libglib-2_0-0-2.54.3-4.18.1 libglib-2_0-0-debuginfo-2.54.3-4.18.1 libgmodule-2_0-0-2.54.3-4.18.1 libgmodule-2_0-0-debuginfo-2.54.3-4.18.1 libgobject-2_0-0-2.54.3-4.18.1 libgobject-2_0-0-debuginfo-2.54.3-4.18.1 libgthread-2_0-0-2.54.3-4.18.1 libgthread-2_0-0-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): glib2-lang-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libgio-2_0-0-32bit-2.54.3-4.18.1 libgio-2_0-0-32bit-debuginfo-2.54.3-4.18.1 libglib-2_0-0-32bit-2.54.3-4.18.1 libglib-2_0-0-32bit-debuginfo-2.54.3-4.18.1 libgmodule-2_0-0-32bit-2.54.3-4.18.1 libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.18.1 libgobject-2_0-0-32bit-2.54.3-4.18.1 libgobject-2_0-0-32bit-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.54.3-4.18.1 glib2-devel-2.54.3-4.18.1 glib2-devel-debuginfo-2.54.3-4.18.1 glib2-tools-2.54.3-4.18.1 glib2-tools-debuginfo-2.54.3-4.18.1 libgio-2_0-0-2.54.3-4.18.1 libgio-2_0-0-debuginfo-2.54.3-4.18.1 libglib-2_0-0-2.54.3-4.18.1 libglib-2_0-0-debuginfo-2.54.3-4.18.1 libgmodule-2_0-0-2.54.3-4.18.1 libgmodule-2_0-0-debuginfo-2.54.3-4.18.1 libgobject-2_0-0-2.54.3-4.18.1 libgobject-2_0-0-debuginfo-2.54.3-4.18.1 libgthread-2_0-0-2.54.3-4.18.1 libgthread-2_0-0-debuginfo-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): glib2-lang-2.54.3-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libgio-2_0-0-32bit-2.54.3-4.18.1 libgio-2_0-0-32bit-debuginfo-2.54.3-4.18.1 libglib-2_0-0-32bit-2.54.3-4.18.1 libglib-2_0-0-32bit-debuginfo-2.54.3-4.18.1 libgmodule-2_0-0-32bit-2.54.3-4.18.1 libgmodule-2_0-0-32bit-debuginfo-2.54.3-4.18.1 libgobject-2_0-0-32bit-2.54.3-4.18.1 libgobject-2_0-0-32bit-debuginfo-2.54.3-4.18.1 References: https://www.suse.com/security/cve/CVE-2019-13012.html https://bugzilla.suse.com/1139959 From sle-security-updates at lists.suse.com Fri Jul 12 13:13:43 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2019 21:13:43 +0200 (CEST) Subject: SUSE-SU-2019:1834-1: moderate: Security update for expat Message-ID: <20190712191343.737D1FFC2@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1834-1 Rating: moderate References: #1139937 Cross-References: CVE-2018-20843 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1834=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1834=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1834=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): expat-debuginfo-2.1.0-21.6.1 expat-debugsource-2.1.0-21.6.1 libexpat-devel-2.1.0-21.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.6.1 expat-debuginfo-2.1.0-21.6.1 expat-debugsource-2.1.0-21.6.1 libexpat1-2.1.0-21.6.1 libexpat1-debuginfo-2.1.0-21.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.6.1 libexpat1-32bit-2.1.0-21.6.1 libexpat1-debuginfo-32bit-2.1.0-21.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): expat-2.1.0-21.6.1 expat-debuginfo-2.1.0-21.6.1 expat-debuginfo-32bit-2.1.0-21.6.1 expat-debugsource-2.1.0-21.6.1 libexpat1-2.1.0-21.6.1 libexpat1-32bit-2.1.0-21.6.1 libexpat1-debuginfo-2.1.0-21.6.1 libexpat1-debuginfo-32bit-2.1.0-21.6.1 - SUSE CaaS Platform 3.0 (x86_64): expat-2.1.0-21.6.1 expat-debuginfo-2.1.0-21.6.1 expat-debugsource-2.1.0-21.6.1 libexpat1-2.1.0-21.6.1 libexpat1-debuginfo-2.1.0-21.6.1 References: https://www.suse.com/security/cve/CVE-2018-20843.html https://bugzilla.suse.com/1139937 From sle-security-updates at lists.suse.com Fri Jul 12 13:14:27 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jul 2019 21:14:27 +0200 (CEST) Subject: SUSE-SU-2019:1830-1: important: Security update for glib2 Message-ID: <20190712191427.AAF13FFC2@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1830-1 Rating: important References: #1139959 #1140122 Cross-References: CVE-2019-13012 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Non-security issue fixed: - Added explicit requires between libglib2 and libgio2 (bsc#1140122). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1830=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1830=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2019-1830=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1830=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1830=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1830=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1830=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1830=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1830=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1830=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1830=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1830=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1830=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1830=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1830=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1830=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1830=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE OpenStack Cloud 8 (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE OpenStack Cloud 7 (s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE OpenStack Cloud 7 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): glib2-debugsource-2.48.2-12.15.1 libgio-fam-2.48.2-12.15.1 libgio-fam-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): glib2-debugsource-2.48.2-12.15.1 libgio-fam-2.48.2-12.15.1 libgio-fam-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-devel-2.48.2-12.15.1 glib2-devel-debuginfo-2.48.2-12.15.1 glib2-devel-static-2.48.2-12.15.1 libgio-fam-2.48.2-12.15.1 libgio-fam-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-devel-2.48.2-12.15.1 glib2-devel-debuginfo-2.48.2-12.15.1 glib2-devel-static-2.48.2-12.15.1 libgio-fam-2.48.2-12.15.1 libgio-fam-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgio-fam-2.48.2-12.15.1 libgio-fam-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgio-fam-2.48.2-12.15.1 libgio-fam-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Enterprise Storage 5 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE Enterprise Storage 5 (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Enterprise Storage 4 (x86_64): glib2-debugsource-2.48.2-12.15.1 glib2-tools-2.48.2-12.15.1 glib2-tools-debuginfo-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-32bit-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-32bit-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-32bit-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-32bit-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.15.1 libgthread-2_0-0-2.48.2-12.15.1 libgthread-2_0-0-32bit-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-2.48.2-12.15.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.15.1 - SUSE Enterprise Storage 4 (noarch): glib2-lang-2.48.2-12.15.1 - SUSE CaaS Platform 3.0 (x86_64): glib2-debugsource-2.48.2-12.15.1 libgio-2_0-0-2.48.2-12.15.1 libgio-2_0-0-debuginfo-2.48.2-12.15.1 libglib-2_0-0-2.48.2-12.15.1 libglib-2_0-0-debuginfo-2.48.2-12.15.1 libgmodule-2_0-0-2.48.2-12.15.1 libgmodule-2_0-0-debuginfo-2.48.2-12.15.1 libgobject-2_0-0-2.48.2-12.15.1 libgobject-2_0-0-debuginfo-2.48.2-12.15.1 - SUSE CaaS Platform 3.0 (noarch): gio-branding-upstream-2.48.2-12.15.1 References: https://www.suse.com/security/cve/CVE-2019-13012.html https://bugzilla.suse.com/1139959 https://bugzilla.suse.com/1140122 From sle-security-updates at lists.suse.com Fri Jul 12 19:12:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 13 Jul 2019 03:12:38 +0200 (CEST) Subject: SUSE-SU-2019:1838-1: important: Test update for SUSE:SLE-12-SP5:Update (security) Message-ID: <20190713011238.50F77FFC2@maintenance.suse.de> SUSE Security Update: Test update for SUSE:SLE-12-SP5:Update (security) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1838-1 Rating: important References: #1137402 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This is a security test update for SUSE:SLE-12-SP5:Update Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1838=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1838=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-test-security-5-7.2.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): update-test-security-5-7.2.1 References: https://bugzilla.suse.com/1137402 From sle-security-updates at lists.suse.com Mon Jul 15 04:11:18 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 12:11:18 +0200 (CEST) Subject: SUSE-SU-2019:1823-2: important: Security update for the Linux Kernel Message-ID: <20190715101118.793ABFFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1823-2 Rating: important References: #1096254 #1108382 #1109137 #1127155 #1133190 #1133738 #1134395 #1134701 #1136922 #1136935 #1137194 #1138291 #1140575 Cross-References: CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11487 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has two fixes is now available. Description: The SUSE Linux Enterprise 12 SP 2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace. (bnc#) - CVE-2019-10126: A flaw was found in the Linux kernel that might lead to memory corruption in the marvell mwifiex driver. (bnc#1136935) - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#) - CVE-2019-12818: An issue was discovered in the Linux kernel The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. (bnc#1137194) - CVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12456 a double-fetch bug in _ctl_ioctl_main() could allow local users to create a denial of service (bsc#1136922). - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it. (bnc#) - CVE-2019-11487: The Linux kernel allowed page-_refcount reference count to overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (bnc#1133190) The following non-security bugs were fixed: - Drop multiversion(kernel) from the KMP template (bsc#1127155). - Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137)." This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19. - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - x86/cpu: Unify CPU family, model, stepping calculation (bsc#1134701). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode/AMD: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/AMD: Fix load of builtin microcode with randomized memory (bsc#1134701). - x86/microcode/AMD: Reload proper initrd start address (bsc#1134701). - x86/microcode/amd: Hand down the CPU family (bsc#1134701). - x86/microcode/amd: Move private inlines to .c and mark local functions static (bsc#1134701). - x86/microcode/intel: Drop stashed AP patch pointer optimization (bsc#1134701). - x86/microcode/intel: Fix allocation size of struct ucode_patch (bsc#1134701). - x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/intel: Remove intel_lib.c (bsc#1134701). - x86/microcode/intel: Remove unused arg of get_matching_model_microcode() (bsc#1134701). - x86/microcode/intel: Rename load_microcode_early() to find_microcode_patch() (bsc#1134701). - x86/microcode/intel: Rename local variables of type struct mc_saved_data (bsc#1134701). - x86/microcode/intel: Rename mc_intel variable to mc (bsc#1134701). - x86/microcode/intel: Rename mc_saved_in_initrd (bsc#1134701). - x86/microcode/intel: Simplify generic_load_microcode() (bsc#1134701). - x86/microcode/intel: Unexport save_mc_for_early() (bsc#1134701). - x86/microcode/intel: Use correct buffer size for saving microcode data (bsc#1134701). - x86/microcode: Collect CPU info on resume (bsc#1134701). - x86/microcode: Export the microcode cache linked list (bsc#1134701). - x86/microcode: Fix loading precedence (bsc#1134701). - x86/microcode: Get rid of find_cpio_data()'s dummy offset arg (bsc#1134701). - x86/microcode: Issue the debug printk on resume only on success (bsc#1134701). - x86/microcode: Rework microcode loading (bsc#1134701). - x86/microcode: Run the AP-loading routine only on the application processors (bsc#1134701). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-1823=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.117.1 cluster-md-kmp-default-debuginfo-4.4.121-92.117.1 cluster-network-kmp-default-4.4.121-92.117.1 cluster-network-kmp-default-debuginfo-4.4.121-92.117.1 dlm-kmp-default-4.4.121-92.117.1 dlm-kmp-default-debuginfo-4.4.121-92.117.1 gfs2-kmp-default-4.4.121-92.117.1 gfs2-kmp-default-debuginfo-4.4.121-92.117.1 kernel-default-debuginfo-4.4.121-92.117.1 kernel-default-debugsource-4.4.121-92.117.1 ocfs2-kmp-default-4.4.121-92.117.1 ocfs2-kmp-default-debuginfo-4.4.121-92.117.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1096254 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1134701 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1140575 From sle-security-updates at lists.suse.com Mon Jul 15 07:10:59 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 15:10:59 +0200 (CEST) Subject: SUSE-SU-2019:1846-1: important: Security update for bzip2 Message-ID: <20190715131059.922C4FFC2@maintenance.suse.de> SUSE Security Update: Security update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1846-1 Rating: important References: #1139083 Cross-References: CVE-2019-12900 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1846=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1846=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1846=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1846=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): bzip2-doc-1.0.6-5.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): bzip2-debugsource-1.0.6-5.6.1 libbz2-devel-32bit-1.0.6-5.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): bzip2-doc-1.0.6-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-5.6.1 bzip2-debuginfo-1.0.6-5.6.1 bzip2-debugsource-1.0.6-5.6.1 libbz2-1-1.0.6-5.6.1 libbz2-1-debuginfo-1.0.6-5.6.1 libbz2-devel-1.0.6-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libbz2-1-32bit-1.0.6-5.6.1 libbz2-1-32bit-debuginfo-1.0.6-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-5.6.1 bzip2-debuginfo-1.0.6-5.6.1 bzip2-debugsource-1.0.6-5.6.1 libbz2-1-1.0.6-5.6.1 libbz2-1-debuginfo-1.0.6-5.6.1 libbz2-devel-1.0.6-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libbz2-1-32bit-1.0.6-5.6.1 libbz2-1-32bit-debuginfo-1.0.6-5.6.1 References: https://www.suse.com/security/cve/CVE-2019-12900.html https://bugzilla.suse.com/1139083 From sle-security-updates at lists.suse.com Mon Jul 15 10:11:23 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 18:11:23 +0200 (CEST) Subject: SUSE-SU-2019:1847-1: important: Security update for xrdp Message-ID: <20190715161123.3E824FFC2@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1847-1 Rating: important References: #1014524 #1015567 #1029912 #1060644 #1069591 #1090174 #1100453 #1101506 Cross-References: CVE-2013-1430 CVE-2017-16927 CVE-2017-6967 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update for xrdp fixes the following issues: These security issues were fixed: - CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user's cleartext password, DES encrypted with a known key (bsc#1015567). - CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through used an untrusted integer as a write length, which could lead to a local denial of service (bsc#1069591). - CVE-2017-6967: Fixed call of the PAM function auth_start_session(). This lead to to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass (bsc#1029912). These non-security issues were fixed: - The KillDisconnected option for TigerVNC Xvnc sessions is now supported (bsc#1101506) - Fixed an issue with delayed X KeyRelease events (bsc#1100453) - Force xrdp-sesman.service to start after xrdp.service. (bsc#1014524) - Avoid use of hard-coded sesman port. (bsc#1060644) - Fixed a regression connecting from Windows 10. (bsc#1090174) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1847=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1847=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-21.9.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.9.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.9.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.9.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.9.1 References: https://www.suse.com/security/cve/CVE-2013-1430.html https://www.suse.com/security/cve/CVE-2017-16927.html https://www.suse.com/security/cve/CVE-2017-6967.html https://bugzilla.suse.com/1014524 https://bugzilla.suse.com/1015567 https://bugzilla.suse.com/1029912 https://bugzilla.suse.com/1060644 https://bugzilla.suse.com/1069591 https://bugzilla.suse.com/1090174 https://bugzilla.suse.com/1100453 https://bugzilla.suse.com/1101506 From sle-security-updates at lists.suse.com Mon Jul 15 10:13:07 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 18:13:07 +0200 (CEST) Subject: SUSE-SU-2019:1850-1: important: Security update for webkit2gtk3 Message-ID: <20190715161307.7D2B0FFC2@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1850-1 Rating: important References: #1133291 #1135715 Cross-References: CVE-2019-6237 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.24.2 fixes the following issues: Security issues fixed: - CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623 (bsc#1135715). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1850=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1850=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1850=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1850=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libwebkit2gtk3-lang-2.24.2-2.44.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.24.2-2.44.1 webkit2gtk3-debugsource-2.24.2-2.44.1 webkit2gtk3-devel-2.24.2-2.44.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.2-2.44.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.2-2.44.1 libwebkit2gtk-4_0-37-2.24.2-2.44.1 libwebkit2gtk-4_0-37-debuginfo-2.24.2-2.44.1 typelib-1_0-JavaScriptCore-4_0-2.24.2-2.44.1 typelib-1_0-WebKit2-4_0-2.24.2-2.44.1 webkit2gtk-4_0-injected-bundles-2.24.2-2.44.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.2-2.44.1 webkit2gtk3-debugsource-2.24.2-2.44.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libjavascriptcoregtk-4_0-18-2.24.2-2.44.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.2-2.44.1 libwebkit2gtk-4_0-37-2.24.2-2.44.1 libwebkit2gtk-4_0-37-debuginfo-2.24.2-2.44.1 typelib-1_0-JavaScriptCore-4_0-2.24.2-2.44.1 typelib-1_0-WebKit2-4_0-2.24.2-2.44.1 webkit2gtk-4_0-injected-bundles-2.24.2-2.44.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.2-2.44.1 webkit2gtk3-debugsource-2.24.2-2.44.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): libwebkit2gtk3-lang-2.24.2-2.44.1 References: https://www.suse.com/security/cve/CVE-2019-6237.html https://www.suse.com/security/cve/CVE-2019-8571.html https://www.suse.com/security/cve/CVE-2019-8583.html https://www.suse.com/security/cve/CVE-2019-8584.html https://www.suse.com/security/cve/CVE-2019-8586.html https://www.suse.com/security/cve/CVE-2019-8587.html https://www.suse.com/security/cve/CVE-2019-8594.html https://www.suse.com/security/cve/CVE-2019-8595.html https://www.suse.com/security/cve/CVE-2019-8596.html https://www.suse.com/security/cve/CVE-2019-8597.html https://www.suse.com/security/cve/CVE-2019-8601.html https://www.suse.com/security/cve/CVE-2019-8607.html https://www.suse.com/security/cve/CVE-2019-8608.html https://www.suse.com/security/cve/CVE-2019-8609.html https://www.suse.com/security/cve/CVE-2019-8610.html https://www.suse.com/security/cve/CVE-2019-8611.html https://www.suse.com/security/cve/CVE-2019-8615.html https://www.suse.com/security/cve/CVE-2019-8619.html https://www.suse.com/security/cve/CVE-2019-8622.html https://www.suse.com/security/cve/CVE-2019-8623.html https://bugzilla.suse.com/1133291 https://bugzilla.suse.com/1135715 From sle-security-updates at lists.suse.com Mon Jul 15 10:13:55 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 18:13:55 +0200 (CEST) Subject: SUSE-SU-2019:14122-1: important: Security update for bzip2 Message-ID: <20190715161355.83BDFFFC2@maintenance.suse.de> SUSE Security Update: Security update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14122-1 Rating: important References: #1139083 #985657 Cross-References: CVE-2016-3189 CVE-2019-12900 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-bzip2-14122=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bzip2-14122=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bzip2-14122=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bzip2-14122=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): bzip2-1.0.5-34.256.5.1 bzip2-doc-1.0.5-34.256.5.1 libbz2-1-1.0.5-34.256.5.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libbz2-1-32bit-1.0.5-34.256.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bzip2-1.0.5-34.256.5.1 bzip2-doc-1.0.5-34.256.5.1 libbz2-1-1.0.5-34.256.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): bzip2-debuginfo-1.0.5-34.256.5.1 bzip2-debugsource-1.0.5-34.256.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bzip2-debuginfo-1.0.5-34.256.5.1 bzip2-debugsource-1.0.5-34.256.5.1 References: https://www.suse.com/security/cve/CVE-2016-3189.html https://www.suse.com/security/cve/CVE-2019-12900.html https://bugzilla.suse.com/1139083 https://bugzilla.suse.com/985657 From sle-security-updates at lists.suse.com Mon Jul 15 10:14:46 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 18:14:46 +0200 (CEST) Subject: SUSE-SU-2019:1849-1: moderate: Security update for podofo Message-ID: <20190715161446.47FDBFFC2@maintenance.suse.de> SUSE Security Update: Security update for podofo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1849-1 Rating: moderate References: #1035596 #1076962 #1096890 #1099720 #1124357 Cross-References: CVE-2017-8054 CVE-2018-11255 CVE-2018-12982 CVE-2018-20751 CVE-2018-5783 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for podofo fixes the following issues: Security issues fixed: - CVE-2017-8054: Fixed a vulnerability in PdfPagesTree::GetPageNodeFromArray function which could allow remote attackers to cause Denial of Service (bsc#1035596). - CVE-2018-5783: Fixed an uncontrolled memory allocation in PdfVecObjects::Reserve function (bsc#1076962). - CVE-2018-11255: Fixed a null pointer dereference in PdfPage::GetPageNumber() function which could lead to Denial of Service (bsc#1096890). - CVE-2018-20751: Fixed a null pointer dereference in crop_page function (bsc#1124357). - CVE-2018-12982: Fixed an invalid memory read in PdfVariant::DelayedLoad() function which could allow remote attackers to cause Denial of Service (bsc#1099720). - Fixed a buffer overflow in TestEncrypt function. - Fixed a null pointer dereference in PdfTranslator-setTarget function. - Fixed a heap based buffer overflow PdfVariant:DelayedLoad function. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1849=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1849=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1849=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libpodofo0_9_2-0.9.2-3.9.2 libpodofo0_9_2-debuginfo-0.9.2-3.9.2 podofo-debuginfo-0.9.2-3.9.2 podofo-debugsource-0.9.2-3.9.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.2-3.9.2 podofo-debuginfo-0.9.2-3.9.2 podofo-debugsource-0.9.2-3.9.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpodofo0_9_2-0.9.2-3.9.2 libpodofo0_9_2-debuginfo-0.9.2-3.9.2 podofo-debuginfo-0.9.2-3.9.2 podofo-debugsource-0.9.2-3.9.2 References: https://www.suse.com/security/cve/CVE-2017-8054.html https://www.suse.com/security/cve/CVE-2018-11255.html https://www.suse.com/security/cve/CVE-2018-12982.html https://www.suse.com/security/cve/CVE-2018-20751.html https://www.suse.com/security/cve/CVE-2018-5783.html https://bugzilla.suse.com/1035596 https://bugzilla.suse.com/1076962 https://bugzilla.suse.com/1096890 https://bugzilla.suse.com/1099720 https://bugzilla.suse.com/1124357 From sle-security-updates at lists.suse.com Mon Jul 15 13:11:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 21:11:05 +0200 (CEST) Subject: SUSE-SU-2019:1854-1: important: Security update for the Linux Kernel Message-ID: <20190715191105.306C7FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1854-1 Rating: important References: #1051510 #1071995 #1088047 #1098633 #1103990 #1103991 #1103992 #1106383 #1109837 #1111666 #1112374 #1114685 #1119113 #1119532 #1120423 #1125703 #1128902 #1130836 #1131645 #1132390 #1133401 #1133738 #1134303 #1134395 #1135556 #1135642 #1135897 #1136161 #1136264 #1136343 #1136935 #1137625 #1137728 #1138879 #1139712 #1139751 #1139771 #1139865 #1140133 #1140228 #1140328 #1140405 #1140424 #1140428 #1140454 #1140463 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 #1140887 #1140888 #1140889 #1140891 #1140893 #1140948 #1140954 #1140955 #1140956 #1140957 #1140958 #1140959 #1140960 #1140961 #1140962 #1140964 #1140971 #1140972 #1140992 Cross-References: CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11599 CVE-2019-13233 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 69 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577). - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577). - CVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454). - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935). - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738). The following non-security bugs were fixed: - Abort file_remove_privs() for non-reg. files (bsc#1140888). - acpica: Clear status of GPEs on first direct enable (bsc#1111666). - acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - Backporting hwpoison fixes - mm: hugetlb: prevent reuse of hwpoisoned free hugepages (bsc#1139712). - mm: hwpoison: change PageHWPoison behavior on hugetlb pages (bsc#1139712). - mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (bsc#1139712). - mm: soft-offline: dissolve free hugepage if soft-offlined (bsc#1139712). - mm: hwpoison: introduce memory_failure_hugetlb() (bsc#1139712). - mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (bsc#1139712). - mm: hugetlb: delete dequeue_hwpoisoned_huge_page() (bsc#1139712). - mm: hwpoison: introduce idenfity_page_state (bsc#1139712). - mm: hugetlb: soft_offline: save compound page order before page migration (bsc#1139712) - fs: hugetlbfs: fix hwpoison reserve accounting (bsc#1139712) - mm: fix race on soft-offlining free huge pages (bsc#1139712). - mm: soft-offline: close the race against page allocation (bsc#1139712). - mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails (bsc#1139712). - mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge (bsc#bsc#1139712). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bpf, devmap: Add missing bulk queue free (bsc#1109837). - bpf, devmap: Add missing RCU read lock on flush (bsc#1109837). - bpf, devmap: Fix premature entry free on destroying map (bsc#1109837). - bpf: devmap: fix use-after-free Read in __dev_map_entry_free (bsc#1109837). - bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837). - bpf: sockmap fix msg->sg.size account on ingress skb (bsc#1109837). - bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837). - bpf: sockmap remove duplicate queue free (bsc#1109837). - bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - documentation/ABI: Document umwait control sysfs interfaces (jsc#SLE-5187). - documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base/devres: introduce devm_release_action() (bsc#1103992). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666). - drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666). - drm/fb-helper: generic: Do not take module ref for fbcon (bsc#1111666). - drm: Fix drm_release() and device unplug (bsc#1111666). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/imx: notify drm core before sending event during crtc disable (bsc#1111666). - drm/imx: only send event on crtc disable if kept disabled (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - failover: allow name change on IFF_UP slave interfaces (bsc#1109837). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374). - i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374). - i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374). - i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374). - i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374). - i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374). - ib/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685). - ib/hfi1: Create inline to get extended headers (bsc#1114685 ). - ib/hfi1: Validate fault injection opcode user input (bsc#1114685 ). - ib/mlx5: Verify DEVX general object type correctly (bsc#1103991 ). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu: Use right function to get group for device (bsc#1140958). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - iov_iter: Fix build error without CONFIG_CRYPTO (bsc#1111666). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510). - ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228). - kabi fixup blk_mq_register_dev() (bsc#1140637). - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-binary: Use -c grep option in klp project detection. - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - kvm: x86: fix return value for reserved EFER (bsc#1140992). - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). This feature was requested for SLE15 but aws reverted in packaging and master. - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374). - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue (bsc#1112374). - mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374). - mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374). - mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374). - mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374). - mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374). - mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374). - mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374). - mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374). - mmc: core: complete HS400 before checking status (bsc#1111666). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mm/devm_memremap_pages: introduce devm_memunmap_pages (bsc#1103992). - mm/page_alloc.c: avoid potential NULL pointer dereference (git fixes (mm/pagealloc)). - mm/page_alloc.c: fix never set ALLOC_NOFRAGMENT flag (git fixes (mm/pagealloc)). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - net: core: support XDP generic on stacked devices (bsc#1109837). - net: do not clear sock->sk early to avoid trouble in strparser (bsc#1103990). - net: ena: add ethtool function for changing io queue sizes (bsc#1138879). - net: ena: add good checksum counter (bsc#1138879). - net: ena: add handling of llq max tx burst size (bsc#1138879). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1138879). - net: ena: add newline at the end of pr_err prints (bsc#1138879). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1138879). - net: ena: allow automatic fallback to polling mode (bsc#1138879). - net: ena: allow queue allocation backoff when low on memory (bsc#1138879). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879). - net: ena: enable negotiating larger Rx ring size (bsc#1138879). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1138879). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1138879). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879). - net: ena: fix incorrect test of supported hash function (bsc#1138879). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1138879). - net: ena: gcc 8: fix compilation warning (bsc#1138879). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879). - net: ena: make ethtool show correct current and max queue sizes (bsc#1138879). - net: ena: optimise calculations for CQ doorbell (bsc#1138879). - net: ena: remove inline keyword from functions in *.c (bsc#1138879). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1138879). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879). - net: ena: use dev_info_once instead of static variable (bsc#1138879). - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836). - net: Fix missing meta data in skb with vlan packet (bsc#1109837). - net/mlx5: Avoid reloading already removed devices (bsc#1103990 ). - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990). - net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 ). - net/mlx5e: Fix use-after-free after xdp_return_frame (bsc#1103990). - net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 ). - net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837). - net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 ). - net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990). - net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 ). - net/mlx5: Set completion EQs as shared resources (bsc#1103991 ). - net/mlx5: Update pci error handler entries and command translation (bsc#1103991). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113). - net/sched: cbs: Fix error path of cbs_module_init (bsc#1109837). - net/sched: cbs: fix port_rate miscalculation (bsc#1109837). - net/tls: avoid NULL pointer deref on nskb->sk in fallback (bsc#1109837). - net/tls: avoid potential deadlock in tls_set_device_offload_rx() (bsc#1109837). - net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837). - net/tls: do not copy negative amounts of data in reencrypt (bsc#1109837). - net/tls: do not ignore netdev notifications if no TLS features (bsc#1109837). - net/tls: do not leak IV and record seq when offload fails (bsc#1109837). - net/tls: do not leak partially sent record in device mode (bsc#1109837). - net/tls: fix build without CONFIG_TLS_DEVICE (bsc#1109837). - net/tls: fix copy to fragments in reencrypt (bsc#1109837). - net/tls: fix page double free on TX cleanup (bsc#1109837). - net/tls: fix refcount adjustment in fallback (bsc#1109837). - net/tls: fix state removal with feature flags off (bsc#1109837). - net/tls: fix the IV leaks (bsc#1109837). - net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() (bsc#1109837). - net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837). - net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837). - nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - pci: Do not poll for PME if the device is in D3cold (bsc#1051510). - pci/p2pdma: fix the gen_pool_add_virt() failure path (bsc#1103992). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - pinctrl/amd: add get_direction handler (bsc#1140463). - pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463). - pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463). - pinctrl/amd: make functions amd_gpio_suspend and amd_gpio_resume static (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463). - pm: ACPI/PCI: Resume all devices during hibernation (bsc#1111666). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppc64le: enable CONFIG_PPC_DT_CPU_FTRS (jsc#SLE-7159). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992). - rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991). - rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991). - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - Replace the bluetooth fix with the upstream commit (bsc#1135556) - Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" (bsc#1138879). - Revert "net/mlx5e: Enable reporting checksum unnecessary also for L3 packets" (bsc#1103990). - Revert "Revert "Drop multiversion(kernel) from the KMP template ()"" - Revert "Sign non-x86 kernels when possible (boo#1134303)" This reverts commit bac621c6704610562ebd9e74ae5ad85ca8025681. We do not have reports of this working with all ARM architectures in all cases (boot, kexec, ..) so revert for now. - Revert "svm: Fix AVIC incomplete IPI emulation" (bsc#1140133). - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scripts/git_sort/git_sort.py: drop old scsi branches - scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161). - scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: fix spelling mistake "Retreiving" -> "Retrieving" (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264). - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix calls to dma_set_mask_and_coherent() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343). - scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add flag high_iops_queues (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for ATLAS PCIe switch (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: change _base_get_msix_index prototype (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix typo in request_desript_type (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - signal/ptrace: Do not leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tools: bpftool: fix infinite loop in map create (bsc#1109837). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - typec: tcpm: fix compiler warning about stupid things (git-fixes). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - x86/cpufeatures: Enumerate user wait instructions (jsc#SLE-5187). - x86/umwait: Add sysfs interface to control umwait C0.2 state (jsc#SLE-5187). - x86/umwait: Add sysfs interface to control umwait maximum time (jsc#SLE-5187). - x86/umwait: Initialize umwait control values (jsc#SLE-5187). - xdp: check device pointer before clearing (bsc#1109837). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1854=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1854=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-default-extra-4.12.14-197.10.1 kernel-default-extra-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-obs-qa-4.12.14-197.10.1 kernel-vanilla-4.12.14-197.10.1 kernel-vanilla-base-4.12.14-197.10.1 kernel-vanilla-base-debuginfo-4.12.14-197.10.1 kernel-vanilla-debuginfo-4.12.14-197.10.1 kernel-vanilla-debugsource-4.12.14-197.10.1 kernel-vanilla-devel-4.12.14-197.10.1 kernel-vanilla-devel-debuginfo-4.12.14-197.10.1 kernel-vanilla-livepatch-devel-4.12.14-197.10.1 kselftests-kmp-default-4.12.14-197.10.1 kselftests-kmp-default-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64): kernel-debug-4.12.14-197.10.1 kernel-debug-base-4.12.14-197.10.1 kernel-debug-base-debuginfo-4.12.14-197.10.1 kernel-debug-debuginfo-4.12.14-197.10.1 kernel-debug-debugsource-4.12.14-197.10.1 kernel-debug-devel-4.12.14-197.10.1 kernel-debug-devel-debuginfo-4.12.14-197.10.1 kernel-debug-livepatch-devel-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x): kernel-default-livepatch-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): dtb-al-4.12.14-197.10.1 dtb-allwinner-4.12.14-197.10.1 dtb-altera-4.12.14-197.10.1 dtb-amd-4.12.14-197.10.1 dtb-amlogic-4.12.14-197.10.1 dtb-apm-4.12.14-197.10.1 dtb-arm-4.12.14-197.10.1 dtb-broadcom-4.12.14-197.10.1 dtb-cavium-4.12.14-197.10.1 dtb-exynos-4.12.14-197.10.1 dtb-freescale-4.12.14-197.10.1 dtb-hisilicon-4.12.14-197.10.1 dtb-lg-4.12.14-197.10.1 dtb-marvell-4.12.14-197.10.1 dtb-mediatek-4.12.14-197.10.1 dtb-nvidia-4.12.14-197.10.1 dtb-qcom-4.12.14-197.10.1 dtb-renesas-4.12.14-197.10.1 dtb-rockchip-4.12.14-197.10.1 dtb-socionext-4.12.14-197.10.1 dtb-sprd-4.12.14-197.10.1 dtb-xilinx-4.12.14-197.10.1 dtb-zte-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-docs-html-4.12.14-197.10.1 kernel-source-vanilla-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): kernel-kvmsmall-4.12.14-197.10.1 kernel-kvmsmall-base-4.12.14-197.10.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.10.1 kernel-kvmsmall-debuginfo-4.12.14-197.10.1 kernel-kvmsmall-debugsource-4.12.14-197.10.1 kernel-kvmsmall-devel-4.12.14-197.10.1 kernel-kvmsmall-devel-debuginfo-4.12.14-197.10.1 kernel-kvmsmall-livepatch-devel-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): kernel-zfcpdump-debuginfo-4.12.14-197.10.1 kernel-zfcpdump-debugsource-4.12.14-197.10.1 kernel-zfcpdump-man-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 reiserfs-kmp-default-4.12.14-197.10.1 reiserfs-kmp-default-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.10.1 kernel-obs-build-debugsource-4.12.14-197.10.1 kernel-syms-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.10.1 kernel-source-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.10.1 kernel-default-base-4.12.14-197.10.1 kernel-default-base-debuginfo-4.12.14-197.10.1 kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-default-devel-4.12.14-197.10.1 kernel-default-devel-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.10.1 kernel-macros-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.10.1 kernel-zfcpdump-4.12.14-197.10.1 kernel-zfcpdump-debuginfo-4.12.14-197.10.1 kernel-zfcpdump-debugsource-4.12.14-197.10.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.10.1 cluster-md-kmp-default-debuginfo-4.12.14-197.10.1 dlm-kmp-default-4.12.14-197.10.1 dlm-kmp-default-debuginfo-4.12.14-197.10.1 gfs2-kmp-default-4.12.14-197.10.1 gfs2-kmp-default-debuginfo-4.12.14-197.10.1 kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 ocfs2-kmp-default-4.12.14-197.10.1 ocfs2-kmp-default-debuginfo-4.12.14-197.10.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-13233.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114685 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1125703 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1130836 https://bugzilla.suse.com/1131645 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1136161 https://bugzilla.suse.com/1136264 https://bugzilla.suse.com/1136343 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1138879 https://bugzilla.suse.com/1139712 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140228 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140454 https://bugzilla.suse.com/1140463 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 https://bugzilla.suse.com/1140887 https://bugzilla.suse.com/1140888 https://bugzilla.suse.com/1140889 https://bugzilla.suse.com/1140891 https://bugzilla.suse.com/1140893 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/1140954 https://bugzilla.suse.com/1140955 https://bugzilla.suse.com/1140956 https://bugzilla.suse.com/1140957 https://bugzilla.suse.com/1140958 https://bugzilla.suse.com/1140959 https://bugzilla.suse.com/1140960 https://bugzilla.suse.com/1140961 https://bugzilla.suse.com/1140962 https://bugzilla.suse.com/1140964 https://bugzilla.suse.com/1140971 https://bugzilla.suse.com/1140972 https://bugzilla.suse.com/1140992 From sle-security-updates at lists.suse.com Mon Jul 15 13:21:25 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 21:21:25 +0200 (CEST) Subject: SUSE-SU-2019:1855-1: important: Security update for the Linux Kernel Message-ID: <20190715192125.BADFFFFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1855-1 Rating: important References: #1051510 #1061840 #1065600 #1071995 #1088047 #1094555 #1098633 #1106383 #1106751 #1109137 #1114279 #1119532 #1120423 #1124167 #1127155 #1128432 #1128902 #1128910 #1131645 #1132154 #1132390 #1133401 #1133738 #1134303 #1134395 #1135296 #1135556 #1135642 #1136157 #1136598 #1136922 #1136935 #1137103 #1137194 #1137429 #1137625 #1137728 #1137884 #1137995 #1137996 #1137998 #1137999 #1138000 #1138002 #1138003 #1138005 #1138006 #1138007 #1138008 #1138009 #1138010 #1138011 #1138012 #1138013 #1138014 #1138015 #1138016 #1138017 #1138018 #1138019 #1138291 #1138293 #1138374 #1138375 #1138589 #1138719 #1139751 #1139771 #1139782 #1139865 #1140133 #1140328 #1140405 #1140424 #1140428 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 73 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575] - CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. [bnc#1140577] - CVE-2018-20836: A race condition used to exist in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. [bnc#1134395] - CVE-2019-10126: A heap based buffer overflow in the wireless driver code was fixed. This issue might have lead to memory corruption and possibly other consequences. [bnc#1136935] - CVE-2019-11599: The coredump implementation did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. [bnc#1131645]. - CVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC platforms, which allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). [bnc#1137194] - CVE-2018-16871: A flaw was found in the NFS implementation. An attacker who was able to mount an exported NFS filesystem was able to trigger a null pointer dereference by an invalid NFS sequence. This could panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will were lost. [bnc#1137103] - CVE-2019-12819: The function __mdiobus_register() used to call put_device(), which would trigger a fixed_mdio_bus_init use-after-free error. This would cause a denial of service. [bnc#1138291] - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it could trigger a NULL pointer dereference. This would cause denial of service. [bnc#1138293] - CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. [bsc#1136922] - CVE-2019-12380: An issue was in the EFI subsystem existed that mishandled memory allocation failures. Note, however, that all relevant code runs only at boot-time, before any user processes are started. Therefore, there was no possibility for an unprivileged user to exploit this issue. [bnc#1136598] The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - ACPI: Add Hygon Dhyana support (). - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - ALSA: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - ALSA: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - ALSA: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - ALSA: hda/realtek - Set default power save node to 0 (bsc#1051510). - ALSA: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - ALSA: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - ALSA: line6: Fix write on zero-sized buffer (bsc#1051510). - ALSA: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - ALSA: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510). - Add kernel-subpackage-build.spec (). - add kernel-subpackage-build.spec.in and support scripts - hook it in mkspec - extend the mechanism that copies dependencies inside kernel-binary.spec.in from kernel-%build_flavor to kernel-%build_flavor-base to also handle kernel-subpackage-build.spec.in using BINARY DEPS marker. - expand %name in kernel-%build_flavor so the dependencies are expanded correctly in kernel-subpackage-build.spec.in - Add sample kernel-default-base spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - Bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - Build klp-symbols in kernel devel projects. - Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751). - Do not provide kernel-default-srchash from kernel-default-base. - Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - Documentation: Correct the possible MDS sysfs values (bsc#1135642). - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - EDAC, amd64: Add Hygon Dhyana support (). - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Do not set tool type until we're in range (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: generic: add the "Report Valid" usage (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - Install extra rpm scripts for kernel subpackaging (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - KVM: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - KVM: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - KVM: PPC: Remove redundand permission bits removal (bsc#1061840). - KVM: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - KVM: PPC: Validate all tces before updating tables (bsc#1061840). - Kabi fixup blk_mq_register_dev() (bsc#1140637). - Move stuff git_sort chokes on, out of the way - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - PCI: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279). - RAS/CEC: Fix binary search function (bsc#1114279). - SMB3: Fix endian warning (bsc#1137884). - Staging: vc04_services: Fix a couple error codes (bsc#1051510). - Trim build dependencies of sample subpackage spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - USB: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - USB: core: Do not unbind interfaces following device reset failure (bsc#1051510). - USB: rio500: fix memory leak in close after disconnect (bsc#1051510). - USB: rio500: refuse more than one device at a time (bsc#1051510). - USB: serial: fix initial-termios handling (bsc#1135642). - USB: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - USB: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - USB: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - USB: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - USB: usb-storage: Add new ID to ums-realtek (bsc#1051510). - added De0-Nanos-SoC board support (and others based on Altera SOC). - af_key: unconditionally clone on broadcast (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - sort patches to proper position - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tcp: refine memory limit test in tcp_fragment() (CVE-2019-11478, bsc#1139751). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1855=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1855=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-1855=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1855=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1855=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1855=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-default-extra-4.12.14-150.27.1 kernel-default-extra-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-150.27.1 kernel-default-base-debuginfo-4.12.14-150.27.1 kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-obs-qa-4.12.14-150.27.1 kselftests-kmp-default-4.12.14-150.27.1 kselftests-kmp-default-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 reiserfs-kmp-default-4.12.14-150.27.1 reiserfs-kmp-default-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-150.27.1 kernel-obs-build-debugsource-4.12.14-150.27.1 kernel-syms-4.12.14-150.27.1 kernel-vanilla-base-4.12.14-150.27.1 kernel-vanilla-base-debuginfo-4.12.14-150.27.1 kernel-vanilla-debuginfo-4.12.14-150.27.1 kernel-vanilla-debugsource-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-150.27.1 kernel-source-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150.27.1 kernel-default-base-4.12.14-150.27.1 kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-default-devel-4.12.14-150.27.1 kernel-default-devel-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-150.27.1 kernel-macros-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-150.27.1 kernel-zfcpdump-4.12.14-150.27.1 kernel-zfcpdump-debuginfo-4.12.14-150.27.1 kernel-zfcpdump-debugsource-4.12.14-150.27.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.27.1 cluster-md-kmp-default-debuginfo-4.12.14-150.27.1 dlm-kmp-default-4.12.14-150.27.1 dlm-kmp-default-debuginfo-4.12.14-150.27.1 gfs2-kmp-default-4.12.14-150.27.1 gfs2-kmp-default-debuginfo-4.12.14-150.27.1 kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 ocfs2-kmp-default-4.12.14-150.27.1 ocfs2-kmp-default-debuginfo-4.12.14-150.27.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1106751 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1124167 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1128910 https://bugzilla.suse.com/1131645 https://bugzilla.suse.com/1132154 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136598 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137995 https://bugzilla.suse.com/1137996 https://bugzilla.suse.com/1137998 https://bugzilla.suse.com/1137999 https://bugzilla.suse.com/1138000 https://bugzilla.suse.com/1138002 https://bugzilla.suse.com/1138003 https://bugzilla.suse.com/1138005 https://bugzilla.suse.com/1138006 https://bugzilla.suse.com/1138007 https://bugzilla.suse.com/1138008 https://bugzilla.suse.com/1138009 https://bugzilla.suse.com/1138010 https://bugzilla.suse.com/1138011 https://bugzilla.suse.com/1138012 https://bugzilla.suse.com/1138013 https://bugzilla.suse.com/1138014 https://bugzilla.suse.com/1138015 https://bugzilla.suse.com/1138016 https://bugzilla.suse.com/1138017 https://bugzilla.suse.com/1138018 https://bugzilla.suse.com/1138019 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139782 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 From sle-security-updates at lists.suse.com Mon Jul 15 13:32:57 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 21:32:57 +0200 (CEST) Subject: SUSE-SU-2019:1854-1: important: Security update for the Linux Kernel Message-ID: <20190715193257.C05E4FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1854-1 Rating: important References: #1051510 #1071995 #1088047 #1098633 #1103990 #1103991 #1103992 #1106383 #1109837 #1111666 #1112374 #1114685 #1119113 #1119532 #1120423 #1125703 #1128902 #1130836 #1131645 #1132390 #1133401 #1133738 #1134303 #1134395 #1135556 #1135642 #1135897 #1136161 #1136264 #1136343 #1136935 #1137625 #1137728 #1138879 #1139712 #1139751 #1139771 #1139865 #1140133 #1140228 #1140328 #1140405 #1140424 #1140428 #1140454 #1140463 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 #1140887 #1140888 #1140889 #1140891 #1140893 #1140948 #1140954 #1140955 #1140956 #1140957 #1140958 #1140959 #1140960 #1140961 #1140962 #1140964 #1140971 #1140972 #1140992 Cross-References: CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11599 CVE-2019-13233 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 69 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577). - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577). - CVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454). - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935). - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738). The following non-security bugs were fixed: - Abort file_remove_privs() for non-reg. files (bsc#1140888). - acpica: Clear status of GPEs on first direct enable (bsc#1111666). - acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - Backporting hwpoison fixes - mm: hugetlb: prevent reuse of hwpoisoned free hugepages (bsc#1139712). - mm: hwpoison: change PageHWPoison behavior on hugetlb pages (bsc#1139712). - mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (bsc#1139712). - mm: soft-offline: dissolve free hugepage if soft-offlined (bsc#1139712). - mm: hwpoison: introduce memory_failure_hugetlb() (bsc#1139712). - mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (bsc#1139712). - mm: hugetlb: delete dequeue_hwpoisoned_huge_page() (bsc#1139712). - mm: hwpoison: introduce idenfity_page_state (bsc#1139712). - mm: hugetlb: soft_offline: save compound page order before page migration (bsc#1139712) - fs: hugetlbfs: fix hwpoison reserve accounting (bsc#1139712) - mm: fix race on soft-offlining free huge pages (bsc#1139712). - mm: soft-offline: close the race against page allocation (bsc#1139712). - mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails (bsc#1139712). - mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge (bsc#bsc#1139712). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bpf, devmap: Add missing bulk queue free (bsc#1109837). - bpf, devmap: Add missing RCU read lock on flush (bsc#1109837). - bpf, devmap: Fix premature entry free on destroying map (bsc#1109837). - bpf: devmap: fix use-after-free Read in __dev_map_entry_free (bsc#1109837). - bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837). - bpf: sockmap fix msg->sg.size account on ingress skb (bsc#1109837). - bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837). - bpf: sockmap remove duplicate queue free (bsc#1109837). - bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - documentation/ABI: Document umwait control sysfs interfaces (jsc#SLE-5187). - documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base/devres: introduce devm_release_action() (bsc#1103992). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666). - drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666). - drm/fb-helper: generic: Do not take module ref for fbcon (bsc#1111666). - drm: Fix drm_release() and device unplug (bsc#1111666). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/imx: notify drm core before sending event during crtc disable (bsc#1111666). - drm/imx: only send event on crtc disable if kept disabled (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - failover: allow name change on IFF_UP slave interfaces (bsc#1109837). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374). - i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374). - i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374). - i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374). - i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374). - i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374). - ib/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685). - ib/hfi1: Create inline to get extended headers (bsc#1114685 ). - ib/hfi1: Validate fault injection opcode user input (bsc#1114685 ). - ib/mlx5: Verify DEVX general object type correctly (bsc#1103991 ). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu: Use right function to get group for device (bsc#1140958). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - iov_iter: Fix build error without CONFIG_CRYPTO (bsc#1111666). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510). - ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228). - kabi fixup blk_mq_register_dev() (bsc#1140637). - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-binary: Use -c grep option in klp project detection. - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - kvm: x86: fix return value for reserved EFER (bsc#1140992). - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). This feature was requested for SLE15 but aws reverted in packaging and master. - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374). - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue (bsc#1112374). - mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374). - mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374). - mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374). - mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374). - mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374). - mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374). - mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374). - mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374). - mmc: core: complete HS400 before checking status (bsc#1111666). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mm/devm_memremap_pages: introduce devm_memunmap_pages (bsc#1103992). - mm/page_alloc.c: avoid potential NULL pointer dereference (git fixes (mm/pagealloc)). - mm/page_alloc.c: fix never set ALLOC_NOFRAGMENT flag (git fixes (mm/pagealloc)). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - net: core: support XDP generic on stacked devices (bsc#1109837). - net: do not clear sock->sk early to avoid trouble in strparser (bsc#1103990). - net: ena: add ethtool function for changing io queue sizes (bsc#1138879). - net: ena: add good checksum counter (bsc#1138879). - net: ena: add handling of llq max tx burst size (bsc#1138879). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1138879). - net: ena: add newline at the end of pr_err prints (bsc#1138879). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1138879). - net: ena: allow automatic fallback to polling mode (bsc#1138879). - net: ena: allow queue allocation backoff when low on memory (bsc#1138879). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879). - net: ena: enable negotiating larger Rx ring size (bsc#1138879). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1138879). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1138879). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879). - net: ena: fix incorrect test of supported hash function (bsc#1138879). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1138879). - net: ena: gcc 8: fix compilation warning (bsc#1138879). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879). - net: ena: make ethtool show correct current and max queue sizes (bsc#1138879). - net: ena: optimise calculations for CQ doorbell (bsc#1138879). - net: ena: remove inline keyword from functions in *.c (bsc#1138879). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1138879). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879). - net: ena: use dev_info_once instead of static variable (bsc#1138879). - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836). - net: Fix missing meta data in skb with vlan packet (bsc#1109837). - net/mlx5: Avoid reloading already removed devices (bsc#1103990 ). - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990). - net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 ). - net/mlx5e: Fix use-after-free after xdp_return_frame (bsc#1103990). - net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 ). - net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837). - net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 ). - net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990). - net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 ). - net/mlx5: Set completion EQs as shared resources (bsc#1103991 ). - net/mlx5: Update pci error handler entries and command translation (bsc#1103991). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113). - net/sched: cbs: Fix error path of cbs_module_init (bsc#1109837). - net/sched: cbs: fix port_rate miscalculation (bsc#1109837). - net/tls: avoid NULL pointer deref on nskb->sk in fallback (bsc#1109837). - net/tls: avoid potential deadlock in tls_set_device_offload_rx() (bsc#1109837). - net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837). - net/tls: do not copy negative amounts of data in reencrypt (bsc#1109837). - net/tls: do not ignore netdev notifications if no TLS features (bsc#1109837). - net/tls: do not leak IV and record seq when offload fails (bsc#1109837). - net/tls: do not leak partially sent record in device mode (bsc#1109837). - net/tls: fix build without CONFIG_TLS_DEVICE (bsc#1109837). - net/tls: fix copy to fragments in reencrypt (bsc#1109837). - net/tls: fix page double free on TX cleanup (bsc#1109837). - net/tls: fix refcount adjustment in fallback (bsc#1109837). - net/tls: fix state removal with feature flags off (bsc#1109837). - net/tls: fix the IV leaks (bsc#1109837). - net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() (bsc#1109837). - net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837). - net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837). - nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - pci: Do not poll for PME if the device is in D3cold (bsc#1051510). - pci/p2pdma: fix the gen_pool_add_virt() failure path (bsc#1103992). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - pinctrl/amd: add get_direction handler (bsc#1140463). - pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463). - pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463). - pinctrl/amd: make functions amd_gpio_suspend and amd_gpio_resume static (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463). - pm: ACPI/PCI: Resume all devices during hibernation (bsc#1111666). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppc64le: enable CONFIG_PPC_DT_CPU_FTRS (jsc#SLE-7159). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992). - rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991). - rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991). - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - Replace the bluetooth fix with the upstream commit (bsc#1135556) - Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" (bsc#1138879). - Revert "net/mlx5e: Enable reporting checksum unnecessary also for L3 packets" (bsc#1103990). - Revert "Revert "Drop multiversion(kernel) from the KMP template ()"" - Revert "Sign non-x86 kernels when possible (boo#1134303)" This reverts commit bac621c6704610562ebd9e74ae5ad85ca8025681. We do not have reports of this working with all ARM architectures in all cases (boot, kexec, ..) so revert for now. - Revert "svm: Fix AVIC incomplete IPI emulation" (bsc#1140133). - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scripts/git_sort/git_sort.py: drop old scsi branches - scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161). - scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: fix spelling mistake "Retreiving" -> "Retrieving" (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264). - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix calls to dma_set_mask_and_coherent() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343). - scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add flag high_iops_queues (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for ATLAS PCIe switch (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: change _base_get_msix_index prototype (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix typo in request_desript_type (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - signal/ptrace: Do not leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tools: bpftool: fix infinite loop in map create (bsc#1109837). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - typec: tcpm: fix compiler warning about stupid things (git-fixes). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - x86/cpufeatures: Enumerate user wait instructions (jsc#SLE-5187). - x86/umwait: Add sysfs interface to control umwait C0.2 state (jsc#SLE-5187). - x86/umwait: Add sysfs interface to control umwait maximum time (jsc#SLE-5187). - x86/umwait: Initialize umwait control values (jsc#SLE-5187). - xdp: check device pointer before clearing (bsc#1109837). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1854=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1854=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1854=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-default-extra-4.12.14-197.10.1 kernel-default-extra-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-obs-qa-4.12.14-197.10.1 kernel-vanilla-4.12.14-197.10.1 kernel-vanilla-base-4.12.14-197.10.1 kernel-vanilla-base-debuginfo-4.12.14-197.10.1 kernel-vanilla-debuginfo-4.12.14-197.10.1 kernel-vanilla-debugsource-4.12.14-197.10.1 kernel-vanilla-devel-4.12.14-197.10.1 kernel-vanilla-devel-debuginfo-4.12.14-197.10.1 kernel-vanilla-livepatch-devel-4.12.14-197.10.1 kselftests-kmp-default-4.12.14-197.10.1 kselftests-kmp-default-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64): kernel-debug-4.12.14-197.10.1 kernel-debug-base-4.12.14-197.10.1 kernel-debug-base-debuginfo-4.12.14-197.10.1 kernel-debug-debuginfo-4.12.14-197.10.1 kernel-debug-debugsource-4.12.14-197.10.1 kernel-debug-devel-4.12.14-197.10.1 kernel-debug-devel-debuginfo-4.12.14-197.10.1 kernel-debug-livepatch-devel-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x): kernel-default-livepatch-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): dtb-al-4.12.14-197.10.1 dtb-allwinner-4.12.14-197.10.1 dtb-altera-4.12.14-197.10.1 dtb-amd-4.12.14-197.10.1 dtb-amlogic-4.12.14-197.10.1 dtb-apm-4.12.14-197.10.1 dtb-arm-4.12.14-197.10.1 dtb-broadcom-4.12.14-197.10.1 dtb-cavium-4.12.14-197.10.1 dtb-exynos-4.12.14-197.10.1 dtb-freescale-4.12.14-197.10.1 dtb-hisilicon-4.12.14-197.10.1 dtb-lg-4.12.14-197.10.1 dtb-marvell-4.12.14-197.10.1 dtb-mediatek-4.12.14-197.10.1 dtb-nvidia-4.12.14-197.10.1 dtb-qcom-4.12.14-197.10.1 dtb-renesas-4.12.14-197.10.1 dtb-rockchip-4.12.14-197.10.1 dtb-socionext-4.12.14-197.10.1 dtb-sprd-4.12.14-197.10.1 dtb-xilinx-4.12.14-197.10.1 dtb-zte-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-docs-html-4.12.14-197.10.1 kernel-source-vanilla-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): kernel-kvmsmall-4.12.14-197.10.1 kernel-kvmsmall-base-4.12.14-197.10.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.10.1 kernel-kvmsmall-debuginfo-4.12.14-197.10.1 kernel-kvmsmall-debugsource-4.12.14-197.10.1 kernel-kvmsmall-devel-4.12.14-197.10.1 kernel-kvmsmall-devel-debuginfo-4.12.14-197.10.1 kernel-kvmsmall-livepatch-devel-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): kernel-zfcpdump-debuginfo-4.12.14-197.10.1 kernel-zfcpdump-debugsource-4.12.14-197.10.1 kernel-zfcpdump-man-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-default-livepatch-4.12.14-197.10.1 kernel-default-livepatch-devel-4.12.14-197.10.1 kernel-livepatch-4_12_14-197_10-default-1-3.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 reiserfs-kmp-default-4.12.14-197.10.1 reiserfs-kmp-default-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.10.1 kernel-obs-build-debugsource-4.12.14-197.10.1 kernel-syms-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.10.1 kernel-source-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.10.1 kernel-default-base-4.12.14-197.10.1 kernel-default-base-debuginfo-4.12.14-197.10.1 kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 kernel-default-devel-4.12.14-197.10.1 kernel-default-devel-debuginfo-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.10.1 kernel-macros-4.12.14-197.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.10.1 kernel-zfcpdump-4.12.14-197.10.1 kernel-zfcpdump-debuginfo-4.12.14-197.10.1 kernel-zfcpdump-debugsource-4.12.14-197.10.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.10.1 cluster-md-kmp-default-debuginfo-4.12.14-197.10.1 dlm-kmp-default-4.12.14-197.10.1 dlm-kmp-default-debuginfo-4.12.14-197.10.1 gfs2-kmp-default-4.12.14-197.10.1 gfs2-kmp-default-debuginfo-4.12.14-197.10.1 kernel-default-debuginfo-4.12.14-197.10.1 kernel-default-debugsource-4.12.14-197.10.1 ocfs2-kmp-default-4.12.14-197.10.1 ocfs2-kmp-default-debuginfo-4.12.14-197.10.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-13233.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114685 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1125703 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1130836 https://bugzilla.suse.com/1131645 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1136161 https://bugzilla.suse.com/1136264 https://bugzilla.suse.com/1136343 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1138879 https://bugzilla.suse.com/1139712 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140228 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140454 https://bugzilla.suse.com/1140463 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 https://bugzilla.suse.com/1140887 https://bugzilla.suse.com/1140888 https://bugzilla.suse.com/1140889 https://bugzilla.suse.com/1140891 https://bugzilla.suse.com/1140893 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/1140954 https://bugzilla.suse.com/1140955 https://bugzilla.suse.com/1140956 https://bugzilla.suse.com/1140957 https://bugzilla.suse.com/1140958 https://bugzilla.suse.com/1140959 https://bugzilla.suse.com/1140960 https://bugzilla.suse.com/1140961 https://bugzilla.suse.com/1140962 https://bugzilla.suse.com/1140964 https://bugzilla.suse.com/1140971 https://bugzilla.suse.com/1140972 https://bugzilla.suse.com/1140992 From sle-security-updates at lists.suse.com Mon Jul 15 13:42:10 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 21:42:10 +0200 (CEST) Subject: SUSE-SU-2019:1851-1: important: Security update for the Linux Kernel Message-ID: <20190715194210.28A4EFFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1851-1 Rating: important References: #1051510 #1061840 #1065600 #1071995 #1088047 #1094555 #1098633 #1106383 #1106751 #1109137 #1114279 #1119532 #1120423 #1124167 #1127155 #1128432 #1128902 #1128910 #1132154 #1132390 #1133401 #1133738 #1134303 #1134395 #1135296 #1135556 #1135642 #1136157 #1136811 #1136922 #1137103 #1137194 #1137221 #1137366 #1137429 #1137625 #1137728 #1137884 #1137995 #1137996 #1137998 #1137999 #1138000 #1138002 #1138003 #1138005 #1138006 #1138007 #1138008 #1138009 #1138010 #1138011 #1138012 #1138013 #1138014 #1138015 #1138016 #1138017 #1138018 #1138019 #1138291 #1138293 #1138374 #1138375 #1138589 #1138719 #1139751 #1139771 #1139782 #1139865 #1140133 #1140328 #1140405 #1140424 #1140428 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 #1140948 #821419 #945811 Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 77 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. (bnc#1140577) - CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc#1137194) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device() which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293) The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - acpi: Add Hygon Dhyana support - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - asoc: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bluetooth: Replace the bluetooth fix with the upstream commit (bsc#1135556) - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - documentation: Correct the possible MDS sysfs values (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hid: Wacom: switch Dell canvas into highres mode (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - hid: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - hid: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid: wacom: Add support for Pro Pen slim (bsc#1051510). - hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid: wacom: Do not set tool type until we're in range (bsc#1051510). - hid: wacom: Mark expected switch fall-through (bsc#1051510). - hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - hid: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - hid: wacom: fix mistake in printk (bsc#1051510). - hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid: wacom: generic: Report AES battery information (bsc#1051510). - hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid: wacom: generic: Support multiple tools per report (bsc#1051510). - hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid: wacom: generic: add the "Report Valid" usage (bsc#1051510). - hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kmps: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - pm/core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - rpm/dtb.spec.in.in: Fix new include path Commit 89de3db69113d58cdab14d2c777de6080eac49dc ("rpm/dtb.spec.in.in: Update include path for dt-bindings") introduced an additional include path for 4.12. The commit message had it correct, but the spec file template lacked a path component, breaking the aarch64 build while succeeding on armv7hl. Fix that. - rpm/dtb.spec.in.in: Update include path for dt-bindings Kernels before 4.12 had arch/{arm,arm64}/boot/dts/include/ directories with a symlink to include/dt-bindings/. In 4.12 those include/ directories were dropped. Therefore use include/ directly. Additionally some cross-architecture .dtsi reuse was introduced, which requires scripts/dtc/include-prefixes/ that didn't exist on older kernels. - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-subpackage-build: handle arm kernel zImage. - rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage. - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/. - rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/. - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390: fix booting problem (bsc#1140948). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1851=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_24-default-1-6.5.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1106751 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1124167 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1128910 https://bugzilla.suse.com/1132154 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136811 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137221 https://bugzilla.suse.com/1137366 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137995 https://bugzilla.suse.com/1137996 https://bugzilla.suse.com/1137998 https://bugzilla.suse.com/1137999 https://bugzilla.suse.com/1138000 https://bugzilla.suse.com/1138002 https://bugzilla.suse.com/1138003 https://bugzilla.suse.com/1138005 https://bugzilla.suse.com/1138006 https://bugzilla.suse.com/1138007 https://bugzilla.suse.com/1138008 https://bugzilla.suse.com/1138009 https://bugzilla.suse.com/1138010 https://bugzilla.suse.com/1138011 https://bugzilla.suse.com/1138012 https://bugzilla.suse.com/1138013 https://bugzilla.suse.com/1138014 https://bugzilla.suse.com/1138015 https://bugzilla.suse.com/1138016 https://bugzilla.suse.com/1138017 https://bugzilla.suse.com/1138018 https://bugzilla.suse.com/1138019 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139782 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/821419 https://bugzilla.suse.com/945811 From sle-security-updates at lists.suse.com Mon Jul 15 13:54:24 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 21:54:24 +0200 (CEST) Subject: SUSE-SU-2019:1855-1: important: Security update for the Linux Kernel Message-ID: <20190715195424.AC894FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1855-1 Rating: important References: #1051510 #1061840 #1065600 #1071995 #1088047 #1094555 #1098633 #1106383 #1106751 #1109137 #1114279 #1119532 #1120423 #1124167 #1127155 #1128432 #1128902 #1128910 #1131645 #1132154 #1132390 #1133401 #1133738 #1134303 #1134395 #1135296 #1135556 #1135642 #1136157 #1136598 #1136922 #1136935 #1137103 #1137194 #1137429 #1137625 #1137728 #1137884 #1137995 #1137996 #1137998 #1137999 #1138000 #1138002 #1138003 #1138005 #1138006 #1138007 #1138008 #1138009 #1138010 #1138011 #1138012 #1138013 #1138014 #1138015 #1138016 #1138017 #1138018 #1138019 #1138291 #1138293 #1138374 #1138375 #1138589 #1138719 #1139751 #1139771 #1139782 #1139865 #1140133 #1140328 #1140405 #1140424 #1140428 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 73 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575] - CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. [bnc#1140577] - CVE-2018-20836: A race condition used to exist in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. [bnc#1134395] - CVE-2019-10126: A heap based buffer overflow in the wireless driver code was fixed. This issue might have lead to memory corruption and possibly other consequences. [bnc#1136935] - CVE-2019-11599: The coredump implementation did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. [bnc#1131645]. - CVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC platforms, which allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). [bnc#1137194] - CVE-2018-16871: A flaw was found in the NFS implementation. An attacker who was able to mount an exported NFS filesystem was able to trigger a null pointer dereference by an invalid NFS sequence. This could panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will were lost. [bnc#1137103] - CVE-2019-12819: The function __mdiobus_register() used to call put_device(), which would trigger a fixed_mdio_bus_init use-after-free error. This would cause a denial of service. [bnc#1138291] - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it could trigger a NULL pointer dereference. This would cause denial of service. [bnc#1138293] - CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. [bsc#1136922] - CVE-2019-12380: An issue was in the EFI subsystem existed that mishandled memory allocation failures. Note, however, that all relevant code runs only at boot-time, before any user processes are started. Therefore, there was no possibility for an unprivileged user to exploit this issue. [bnc#1136598] The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - ACPI: Add Hygon Dhyana support (). - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - ALSA: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - ALSA: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - ALSA: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - ALSA: hda/realtek - Set default power save node to 0 (bsc#1051510). - ALSA: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - ALSA: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - ALSA: line6: Fix write on zero-sized buffer (bsc#1051510). - ALSA: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - ALSA: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510). - Add kernel-subpackage-build.spec (). - add kernel-subpackage-build.spec.in and support scripts - hook it in mkspec - extend the mechanism that copies dependencies inside kernel-binary.spec.in from kernel-%build_flavor to kernel-%build_flavor-base to also handle kernel-subpackage-build.spec.in using BINARY DEPS marker. - expand %name in kernel-%build_flavor so the dependencies are expanded correctly in kernel-subpackage-build.spec.in - Add sample kernel-default-base spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - Bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - Build klp-symbols in kernel devel projects. - Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751). - Do not provide kernel-default-srchash from kernel-default-base. - Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - Documentation: Correct the possible MDS sysfs values (bsc#1135642). - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - EDAC, amd64: Add Hygon Dhyana support (). - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Do not set tool type until we're in range (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: generic: add the "Report Valid" usage (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - Install extra rpm scripts for kernel subpackaging (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - KVM: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - KVM: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - KVM: PPC: Remove redundand permission bits removal (bsc#1061840). - KVM: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - KVM: PPC: Validate all tces before updating tables (bsc#1061840). - Kabi fixup blk_mq_register_dev() (bsc#1140637). - Move stuff git_sort chokes on, out of the way - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - PCI: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279). - RAS/CEC: Fix binary search function (bsc#1114279). - SMB3: Fix endian warning (bsc#1137884). - Staging: vc04_services: Fix a couple error codes (bsc#1051510). - Trim build dependencies of sample subpackage spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - USB: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - USB: core: Do not unbind interfaces following device reset failure (bsc#1051510). - USB: rio500: fix memory leak in close after disconnect (bsc#1051510). - USB: rio500: refuse more than one device at a time (bsc#1051510). - USB: serial: fix initial-termios handling (bsc#1135642). - USB: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - USB: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - USB: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - USB: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - USB: usb-storage: Add new ID to ums-realtek (bsc#1051510). - added De0-Nanos-SoC board support (and others based on Altera SOC). - af_key: unconditionally clone on broadcast (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - sort patches to proper position - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tcp: refine memory limit test in tcp_fragment() (CVE-2019-11478, bsc#1139751). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1855=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1855=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1855=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-1855=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1855=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1855=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1855=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-default-extra-4.12.14-150.27.1 kernel-default-extra-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-150.27.1 kernel-default-base-debuginfo-4.12.14-150.27.1 kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-obs-qa-4.12.14-150.27.1 kselftests-kmp-default-4.12.14-150.27.1 kselftests-kmp-default-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-default-livepatch-4.12.14-150.27.1 kernel-livepatch-4_12_14-150_27-default-1-1.5.1 kernel-livepatch-4_12_14-150_27-default-debuginfo-1-1.5.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 reiserfs-kmp-default-4.12.14-150.27.1 reiserfs-kmp-default-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-150.27.1 kernel-obs-build-debugsource-4.12.14-150.27.1 kernel-syms-4.12.14-150.27.1 kernel-vanilla-base-4.12.14-150.27.1 kernel-vanilla-base-debuginfo-4.12.14-150.27.1 kernel-vanilla-debuginfo-4.12.14-150.27.1 kernel-vanilla-debugsource-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-150.27.1 kernel-source-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150.27.1 kernel-default-base-4.12.14-150.27.1 kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 kernel-default-devel-4.12.14-150.27.1 kernel-default-devel-debuginfo-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-150.27.1 kernel-macros-4.12.14-150.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-150.27.1 kernel-zfcpdump-4.12.14-150.27.1 kernel-zfcpdump-debuginfo-4.12.14-150.27.1 kernel-zfcpdump-debugsource-4.12.14-150.27.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.27.1 cluster-md-kmp-default-debuginfo-4.12.14-150.27.1 dlm-kmp-default-4.12.14-150.27.1 dlm-kmp-default-debuginfo-4.12.14-150.27.1 gfs2-kmp-default-4.12.14-150.27.1 gfs2-kmp-default-debuginfo-4.12.14-150.27.1 kernel-default-debuginfo-4.12.14-150.27.1 kernel-default-debugsource-4.12.14-150.27.1 ocfs2-kmp-default-4.12.14-150.27.1 ocfs2-kmp-default-debuginfo-4.12.14-150.27.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1106751 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1124167 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1128910 https://bugzilla.suse.com/1131645 https://bugzilla.suse.com/1132154 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136598 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137995 https://bugzilla.suse.com/1137996 https://bugzilla.suse.com/1137998 https://bugzilla.suse.com/1137999 https://bugzilla.suse.com/1138000 https://bugzilla.suse.com/1138002 https://bugzilla.suse.com/1138003 https://bugzilla.suse.com/1138005 https://bugzilla.suse.com/1138006 https://bugzilla.suse.com/1138007 https://bugzilla.suse.com/1138008 https://bugzilla.suse.com/1138009 https://bugzilla.suse.com/1138010 https://bugzilla.suse.com/1138011 https://bugzilla.suse.com/1138012 https://bugzilla.suse.com/1138013 https://bugzilla.suse.com/1138014 https://bugzilla.suse.com/1138015 https://bugzilla.suse.com/1138016 https://bugzilla.suse.com/1138017 https://bugzilla.suse.com/1138018 https://bugzilla.suse.com/1138019 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139782 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 From sle-security-updates at lists.suse.com Mon Jul 15 14:05:46 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 22:05:46 +0200 (CEST) Subject: SUSE-SU-2019:1852-1: important: Security update for the Linux Kernel Message-ID: <20190715200546.4FF44FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1852-1 Rating: important References: #1053043 #1066223 #1094555 #1108382 #1109137 #1111188 #1119086 #1120902 #1121263 #1125580 #1126961 #1127155 #1129770 #1131335 #1131336 #1131645 #1132390 #1133140 #1133190 #1133191 #1133738 #1134395 #1135642 #1136598 #1136889 #1136922 #1136935 #1137004 #1137194 #1137739 #1137749 #1137752 #1137915 #1138291 #1138293 #1138374 #1138681 #1139751 #1140575 #1140577 Cross-References: CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11487 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise High Availability 12-SP3 SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 29 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577). - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), that lead to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577). - CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935). - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm call. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738). - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service (bnc#1138291). - CVE-2019-12818: An issue was discovered in the Linux kernel The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause a denial of service. This affected nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293). - CVE-2019-12456: A double-fetch bug in _ctl_ioctl_main() could lead to a local denial of service attack (bsc#1136922 CVE-2019-12456). - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because ;All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it (bnc#1136598). - CVE-2019-11487: The Linux kernel before allowed page-_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests (bnc#1133190 1133191). The following non-security bugs were fixed: - Drop multiversion(kernel) from the KMP template (bsc#1127155). - Fix ixgbe backport (bsc#1133140) - Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137)." This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19. - Update "TCP SACK Panic" series - ACPI / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1126961). - ACPI / CPPC: Fix KASAN global out of bounds warning (bsc#1126961). - ACPI / CPPC: Make CPPC ACPI driver aware of PCC subspace IDs (bsc#1126961). - ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1126961). - ACPI / CPPC: Use 64-bit arithmetic instead of 32-bit (bsc#1126961). - ACPI / CPPC: fix build issue with ktime_t used in logical operation (bsc#1126961). - ACPI: CPPC: remove initial assignment of pcc_ss_data (bsc#1126961). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1135642). - ath6kl: Only use match sets when firmware supports it (bsc#1120902). - btrfs: check for refs on snapshot delete resume (bsc#1131335, bsc#1137004). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188, bsc#1137004). - btrfs: save drop_progress if we drop refs at all (bsc#1131336, bsc#1137004). - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681). - ceph: flush dirty inodes before proceeding with remount (bsc#1138681). - ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681). - cpu/hotplug: Provide cpus_read|write_[un]lock() (bsc#1138374, LTC#178199). - cpu/hotplug: Provide lockdep_assert_cpus_held() (bsc#1138374, LTC#178199). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1126961). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1126961). - cpufreq: Replace "max_transition_latency" with "dynamic_switching" (bsc#1126961). - cpufreq: cn99xx: set platform specific sampling rate (bsc#1126961). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - kabi: cpufreq: rename dynamic_switching to max_transition_latency (bsc#1126961). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (bsc#1137749). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - mailbox: PCC: Move the MAX_PCC_SUBSPACES definition to header file (bsc#1126961). - mailbox: pcc: Drop uninformative output during boot (bsc#1126961). - mailbox: pcc: Fix crash when request PCC channel 0 (bsc#1126961). - mwl8k: Fix rate_idx underflow (bsc#1135642). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net: Remove NO_IRQ from powerpc-only network drivers (bsc#1137739). - nvmet-fc: bring Disconnect into compliance with FC-NVME spec (bsc#1136889). - nvmet-fc: fix issues with targetport assoc_list list walking (bsc#1136889). - nvmet: fix fatal_err_work deadlock (bsc#1136889). - nvmet_fc: support target port removal with nvmet layer (bsc#1136889). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/eeh: Fix race with driver un/bind (bsc#1066223). - powerpc/perf: Add blacklisted events for Power9 DD2.1 (bsc#1053043). - powerpc/perf: Add blacklisted events for Power9 DD2.2 (bsc#1053043). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/perf: Infrastructure to support addition of blacklisted events (bsc#1053043). - powerpc/process: Fix sparse address space warnings (bsc#1066223). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - rtlwifi: fix false rates in _rtl8821ae_mrate_idx_to_arfr_id() (bsc#1120902). - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - signals: avoid random wakeups in sigsuspend() (bsc#1137915) - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1852=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1852=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1852=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1852=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1852=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (x86_64): kernel-default-4.4.180-94.100.1 kernel-default-base-4.4.180-94.100.1 kernel-default-base-debuginfo-4.4.180-94.100.1 kernel-default-debuginfo-4.4.180-94.100.1 kernel-default-debugsource-4.4.180-94.100.1 kernel-default-devel-4.4.180-94.100.1 kernel-syms-4.4.180-94.100.1 kgraft-patch-4_4_180-94_100-default-1-4.3.1 kgraft-patch-4_4_180-94_100-default-debuginfo-1-4.3.1 - SUSE OpenStack Cloud 8 (noarch): kernel-devel-4.4.180-94.100.1 kernel-macros-4.4.180-94.100.1 kernel-source-4.4.180-94.100.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kernel-default-4.4.180-94.100.1 kernel-default-base-4.4.180-94.100.1 kernel-default-base-debuginfo-4.4.180-94.100.1 kernel-default-debuginfo-4.4.180-94.100.1 kernel-default-debugsource-4.4.180-94.100.1 kernel-default-devel-4.4.180-94.100.1 kernel-syms-4.4.180-94.100.1 kgraft-patch-4_4_180-94_100-default-1-4.3.1 kgraft-patch-4_4_180-94_100-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kernel-devel-4.4.180-94.100.1 kernel-macros-4.4.180-94.100.1 kernel-source-4.4.180-94.100.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): kernel-default-4.4.180-94.100.1 kernel-default-base-4.4.180-94.100.1 kernel-default-base-debuginfo-4.4.180-94.100.1 kernel-default-debuginfo-4.4.180-94.100.1 kernel-default-debugsource-4.4.180-94.100.1 kernel-default-devel-4.4.180-94.100.1 kernel-syms-4.4.180-94.100.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_100-default-1-4.3.1 kgraft-patch-4_4_180-94_100-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kernel-devel-4.4.180-94.100.1 kernel-macros-4.4.180-94.100.1 kernel-source-4.4.180-94.100.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): kernel-default-man-4.4.180-94.100.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.100.1 cluster-md-kmp-default-debuginfo-4.4.180-94.100.1 dlm-kmp-default-4.4.180-94.100.1 dlm-kmp-default-debuginfo-4.4.180-94.100.1 gfs2-kmp-default-4.4.180-94.100.1 gfs2-kmp-default-debuginfo-4.4.180-94.100.1 kernel-default-debuginfo-4.4.180-94.100.1 kernel-default-debugsource-4.4.180-94.100.1 ocfs2-kmp-default-4.4.180-94.100.1 ocfs2-kmp-default-debuginfo-4.4.180-94.100.1 - SUSE Enterprise Storage 5 (noarch): kernel-devel-4.4.180-94.100.1 kernel-macros-4.4.180-94.100.1 kernel-source-4.4.180-94.100.1 - SUSE Enterprise Storage 5 (x86_64): kernel-default-4.4.180-94.100.1 kernel-default-base-4.4.180-94.100.1 kernel-default-base-debuginfo-4.4.180-94.100.1 kernel-default-debuginfo-4.4.180-94.100.1 kernel-default-debugsource-4.4.180-94.100.1 kernel-default-devel-4.4.180-94.100.1 kernel-syms-4.4.180-94.100.1 kgraft-patch-4_4_180-94_100-default-1-4.3.1 kgraft-patch-4_4_180-94_100-default-debuginfo-1-4.3.1 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.180-94.100.1 kernel-default-debuginfo-4.4.180-94.100.1 kernel-default-debugsource-4.4.180-94.100.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1111188 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1121263 https://bugzilla.suse.com/1125580 https://bugzilla.suse.com/1126961 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1131335 https://bugzilla.suse.com/1131336 https://bugzilla.suse.com/1131645 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133140 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133191 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136598 https://bugzilla.suse.com/1136889 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1137004 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137749 https://bugzilla.suse.com/1137752 https://bugzilla.suse.com/1137915 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138681 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 From sle-security-updates at lists.suse.com Mon Jul 15 14:12:13 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 22:12:13 +0200 (CEST) Subject: SUSE-SU-2019:1364-2: moderate: Security update for systemd Message-ID: <20190715201213.3A382FFC2@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1364-2 Rating: moderate References: #1036463 #1121563 #1124122 #1125352 #1125604 #1126056 #1127557 #1130230 #1132348 #1132400 #1132721 #1133506 #1133509 Cross-References: CVE-2019-3842 CVE-2019-3843 CVE-2019-3844 CVE-2019-6454 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has 9 fixes is now available. Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). - CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). - CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: - logind: fix killing of scopes (bsc#1125604) - namespace: make MountFlags=shared work again (bsc#1124122) - rules: load drivers only on "add" events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - Do not automatically online memory on s390x (bsc#1127557) - Removed sg.conf (bsc#1036463) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1364=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1364=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libsystemd0-mini-234-24.30.1 libsystemd0-mini-debuginfo-234-24.30.1 libudev-mini-devel-234-24.30.1 libudev-mini1-234-24.30.1 libudev-mini1-debuginfo-234-24.30.1 nss-myhostname-234-24.30.1 nss-myhostname-debuginfo-234-24.30.1 nss-mymachines-234-24.30.1 nss-mymachines-debuginfo-234-24.30.1 nss-systemd-234-24.30.1 nss-systemd-debuginfo-234-24.30.1 systemd-debuginfo-234-24.30.1 systemd-debugsource-234-24.30.1 systemd-logger-234-24.30.1 systemd-mini-234-24.30.1 systemd-mini-container-mini-234-24.30.1 systemd-mini-container-mini-debuginfo-234-24.30.1 systemd-mini-coredump-mini-234-24.30.1 systemd-mini-coredump-mini-debuginfo-234-24.30.1 systemd-mini-debuginfo-234-24.30.1 systemd-mini-debugsource-234-24.30.1 systemd-mini-devel-234-24.30.1 systemd-mini-sysvinit-234-24.30.1 udev-mini-234-24.30.1 udev-mini-debuginfo-234-24.30.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libudev-devel-32bit-234-24.30.1 nss-myhostname-32bit-234-24.30.1 nss-myhostname-32bit-debuginfo-234-24.30.1 nss-mymachines-32bit-234-24.30.1 nss-mymachines-32bit-debuginfo-234-24.30.1 systemd-32bit-debuginfo-234-24.30.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): systemd-mini-bash-completion-234-24.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.30.1 libsystemd0-debuginfo-234-24.30.1 libudev-devel-234-24.30.1 libudev1-234-24.30.1 libudev1-debuginfo-234-24.30.1 systemd-234-24.30.1 systemd-container-234-24.30.1 systemd-container-debuginfo-234-24.30.1 systemd-coredump-234-24.30.1 systemd-coredump-debuginfo-234-24.30.1 systemd-debuginfo-234-24.30.1 systemd-debugsource-234-24.30.1 systemd-devel-234-24.30.1 systemd-sysvinit-234-24.30.1 udev-234-24.30.1 udev-debuginfo-234-24.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libsystemd0-32bit-234-24.30.1 libsystemd0-32bit-debuginfo-234-24.30.1 libudev1-32bit-234-24.30.1 libudev1-32bit-debuginfo-234-24.30.1 systemd-32bit-234-24.30.1 systemd-32bit-debuginfo-234-24.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): systemd-bash-completion-234-24.30.1 References: https://www.suse.com/security/cve/CVE-2019-3842.html https://www.suse.com/security/cve/CVE-2019-3843.html https://www.suse.com/security/cve/CVE-2019-3844.html https://www.suse.com/security/cve/CVE-2019-6454.html https://bugzilla.suse.com/1036463 https://bugzilla.suse.com/1121563 https://bugzilla.suse.com/1124122 https://bugzilla.suse.com/1125352 https://bugzilla.suse.com/1125604 https://bugzilla.suse.com/1126056 https://bugzilla.suse.com/1127557 https://bugzilla.suse.com/1130230 https://bugzilla.suse.com/1132348 https://bugzilla.suse.com/1132400 https://bugzilla.suse.com/1132721 https://bugzilla.suse.com/1133506 https://bugzilla.suse.com/1133509 From sle-security-updates at lists.suse.com Mon Jul 15 14:14:30 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jul 2019 22:14:30 +0200 (CEST) Subject: SUSE-SU-2019:1851-1: important: Security update for the Linux Kernel Message-ID: <20190715201430.C0611FFC2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1851-1 Rating: important References: #1051510 #1061840 #1065600 #1071995 #1088047 #1094555 #1098633 #1106383 #1106751 #1109137 #1114279 #1119532 #1120423 #1124167 #1127155 #1128432 #1128902 #1128910 #1132154 #1132390 #1133401 #1133738 #1134303 #1134395 #1135296 #1135556 #1135642 #1136157 #1136811 #1136922 #1137103 #1137194 #1137221 #1137366 #1137429 #1137625 #1137728 #1137884 #1137995 #1137996 #1137998 #1137999 #1138000 #1138002 #1138003 #1138005 #1138006 #1138007 #1138008 #1138009 #1138010 #1138011 #1138012 #1138013 #1138014 #1138015 #1138016 #1138017 #1138018 #1138019 #1138291 #1138293 #1138374 #1138375 #1138589 #1138719 #1139751 #1139771 #1139782 #1139865 #1140133 #1140328 #1140405 #1140424 #1140428 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 #1140948 #821419 #945811 Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 77 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. (bnc#1140577) - CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc#1137194) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device() which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293) The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - acpi: Add Hygon Dhyana support - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - asoc: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bluetooth: Replace the bluetooth fix with the upstream commit (bsc#1135556) - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - documentation: Correct the possible MDS sysfs values (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hid: Wacom: switch Dell canvas into highres mode (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - hid: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - hid: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid: wacom: Add support for Pro Pen slim (bsc#1051510). - hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid: wacom: Do not set tool type until we're in range (bsc#1051510). - hid: wacom: Mark expected switch fall-through (bsc#1051510). - hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - hid: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - hid: wacom: fix mistake in printk (bsc#1051510). - hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid: wacom: generic: Report AES battery information (bsc#1051510). - hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid: wacom: generic: Support multiple tools per report (bsc#1051510). - hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid: wacom: generic: add the "Report Valid" usage (bsc#1051510). - hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kmps: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - pm/core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - rpm/dtb.spec.in.in: Fix new include path Commit 89de3db69113d58cdab14d2c777de6080eac49dc ("rpm/dtb.spec.in.in: Update include path for dt-bindings") introduced an additional include path for 4.12. The commit message had it correct, but the spec file template lacked a path component, breaking the aarch64 build while succeeding on armv7hl. Fix that. - rpm/dtb.spec.in.in: Update include path for dt-bindings Kernels before 4.12 had arch/{arm,arm64}/boot/dts/include/ directories with a symlink to include/dt-bindings/. In 4.12 those include/ directories were dropped. Therefore use include/ directly. Additionally some cross-architecture .dtsi reuse was introduced, which requires scripts/dtc/include-prefixes/ that didn't exist on older kernels. - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-subpackage-build: handle arm kernel zImage. - rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage. - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/. - rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/. - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390: fix booting problem (bsc#1140948). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1851=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1851=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1851=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1851=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1851=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1851=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.24.1 kernel-default-debugsource-4.12.14-95.24.1 kernel-default-extra-4.12.14-95.24.1 kernel-default-extra-debuginfo-4.12.14-95.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.24.1 kernel-obs-build-debugsource-4.12.14-95.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.24.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.24.1 kernel-default-base-4.12.14-95.24.1 kernel-default-base-debuginfo-4.12.14-95.24.1 kernel-default-debuginfo-4.12.14-95.24.1 kernel-default-debugsource-4.12.14-95.24.1 kernel-default-devel-4.12.14-95.24.1 kernel-syms-4.12.14-95.24.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.24.1 kernel-macros-4.12.14-95.24.1 kernel-source-4.12.14-95.24.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.24.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.24.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_24-default-1-6.5.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.24.1 cluster-md-kmp-default-debuginfo-4.12.14-95.24.1 dlm-kmp-default-4.12.14-95.24.1 dlm-kmp-default-debuginfo-4.12.14-95.24.1 gfs2-kmp-default-4.12.14-95.24.1 gfs2-kmp-default-debuginfo-4.12.14-95.24.1 kernel-default-debuginfo-4.12.14-95.24.1 kernel-default-debugsource-4.12.14-95.24.1 ocfs2-kmp-default-4.12.14-95.24.1 ocfs2-kmp-default-debuginfo-4.12.14-95.24.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.24.1 kernel-default-debuginfo-4.12.14-95.24.1 kernel-default-debugsource-4.12.14-95.24.1 kernel-default-devel-4.12.14-95.24.1 kernel-default-devel-debuginfo-4.12.14-95.24.1 kernel-default-extra-4.12.14-95.24.1 kernel-default-extra-debuginfo-4.12.14-95.24.1 kernel-syms-4.12.14-95.24.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.24.1 kernel-macros-4.12.14-95.24.1 kernel-source-4.12.14-95.24.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1106751 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1124167 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1128910 https://bugzilla.suse.com/1132154 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136811 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137221 https://bugzilla.suse.com/1137366 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137995 https://bugzilla.suse.com/1137996 https://bugzilla.suse.com/1137998 https://bugzilla.suse.com/1137999 https://bugzilla.suse.com/1138000 https://bugzilla.suse.com/1138002 https://bugzilla.suse.com/1138003 https://bugzilla.suse.com/1138005 https://bugzilla.suse.com/1138006 https://bugzilla.suse.com/1138007 https://bugzilla.suse.com/1138008 https://bugzilla.suse.com/1138009 https://bugzilla.suse.com/1138010 https://bugzilla.suse.com/1138011 https://bugzilla.suse.com/1138012 https://bugzilla.suse.com/1138013 https://bugzilla.suse.com/1138014 https://bugzilla.suse.com/1138015 https://bugzilla.suse.com/1138016 https://bugzilla.suse.com/1138017 https://bugzilla.suse.com/1138018 https://bugzilla.suse.com/1138019 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139782 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/821419 https://bugzilla.suse.com/945811 From sle-security-updates at lists.suse.com Tue Jul 16 10:10:43 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Jul 2019 18:10:43 +0200 (CEST) Subject: SUSE-SU-2019:1859-1: moderate: Security update for libgcrypt Message-ID: <20190716161043.43387FFC2@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1859-1 Rating: moderate References: #1097073 #1125740 #1138939 Cross-References: CVE-2019-12904 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-12904: The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) (bsc#1138939) Other bugfixes: - Don't run full FIPS self-tests from constructor (bsc#1097073) - Skip all the self-tests except for binary integrity when called from the constructor (bsc#1097073) - Enforce the minimal RSA keygen size in fips mode (bsc#1125740) - avoid executing some tests twice. - Fixed a race condition in initialization. - Fixed env-script-interpreter in cavs_driver.pl - Fixed redundant fips tests in some situations causing failure to boot in fips mode. (bsc#1097073) This helps during booting of the system in FIPS mode with insufficient entropy. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1859=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1859=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libgcrypt-cavs-1.8.2-6.17.1 libgcrypt-cavs-debuginfo-1.8.2-6.17.1 libgcrypt-debugsource-1.8.2-6.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.8.2-6.17.1 libgcrypt-devel-1.8.2-6.17.1 libgcrypt-devel-debuginfo-1.8.2-6.17.1 libgcrypt20-1.8.2-6.17.1 libgcrypt20-debuginfo-1.8.2-6.17.1 libgcrypt20-hmac-1.8.2-6.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libgcrypt20-32bit-1.8.2-6.17.1 libgcrypt20-32bit-debuginfo-1.8.2-6.17.1 libgcrypt20-hmac-32bit-1.8.2-6.17.1 References: https://www.suse.com/security/cve/CVE-2019-12904.html https://bugzilla.suse.com/1097073 https://bugzilla.suse.com/1125740 https://bugzilla.suse.com/1138939 From sle-security-updates at lists.suse.com Tue Jul 16 13:10:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Jul 2019 21:10:31 +0200 (CEST) Subject: SUSE-SU-2019:1860-1: important: Security update for xrdp Message-ID: <20190716191031.3AA8D100E3@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1860-1 Rating: important References: #1014524 #1015567 #1022098 #1023988 #1029912 #1060644 #1069591 #1090174 #1100453 #1101506 Cross-References: CVE-2013-1430 CVE-2017-16927 CVE-2017-6967 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 7 fixes is now available. Description: This update for xrdp fixes the following issues: Security issues fixed: - CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user's cleartext password, DES encrypted with a known key (bsc#1015567). - CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through used an untrusted integer as a write length, which could lead to a local denial of service (bsc#1069591). - CVE-2017-6967: Fixed call of the PAM function auth_start_session(). This lead to to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass (bsc#1029912). Other issues addressed: - The KillDisconnected option for TigerVNC Xvnc sessions is now supported (bsc#1101506) - Fixed an issue with delayed X KeyRelease events (bsc#1100453) - Force xrdp-sesman.service to start after xrdp.service. (bsc#1014524) - Avoid use of hard-coded sesman port. (bsc#1060644) - Backport upstream commit 5575197, sesman should stop setting LANG and let initialization scripts take care of it (bsc#1023988). - Backport upstream patches for 32bpp support (bsc#1022098). - Fixed a regression connecting from Windows 10. (bsc#1090174) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1860=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1860=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1860=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1860=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.9.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): xrdp-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.9.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.9.3 - SUSE Enterprise Storage 4 (x86_64): xrdp-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.9.3 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.9.3 References: https://www.suse.com/security/cve/CVE-2013-1430.html https://www.suse.com/security/cve/CVE-2017-16927.html https://www.suse.com/security/cve/CVE-2017-6967.html https://bugzilla.suse.com/1014524 https://bugzilla.suse.com/1015567 https://bugzilla.suse.com/1022098 https://bugzilla.suse.com/1023988 https://bugzilla.suse.com/1029912 https://bugzilla.suse.com/1060644 https://bugzilla.suse.com/1069591 https://bugzilla.suse.com/1090174 https://bugzilla.suse.com/1100453 https://bugzilla.suse.com/1101506 From sle-security-updates at lists.suse.com Wed Jul 17 07:11:12 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Jul 2019 15:11:12 +0200 (CEST) Subject: SUSE-SU-2019:1862-1: important: Security update for ardana and crowbar Message-ID: <20190717131112.16808FFE6@maintenance.suse.de> SUSE Security Update: Security update for ardana and crowbar ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1862-1 Rating: important References: #1083721 #1105559 #1118003 #1120932 #1122875 #1124170 #1126391 #1128753 #1130593 #1131712 #1131791 #1132542 #1132852 #1132860 #124991 Cross-References: CVE-2018-14574 CVE-2019-10876 CVE-2019-11068 CVE-2019-3498 CVE-2019-6975 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 10 fixes is now available. Description: This update for ardana and crowbar fixes the following issues: - Restrict rootwrap directories for cinder (bsc#1132542) - Change Cinder default log level from DEBUG to INFO (SCRD-7132) - Remove configuration from migration (bsc#1126391) - Configurable innodb flush options (SCRD-7496) - Secure designate's rootwrap files (bsc#1132542) - specify rootwrap config file in designate sudoer (bsc#1132542) - Update Designate log threshold from DEBUG to INFO (SCRD-8459) - Change Glance default log level from DEBUG to INFO (SCRD-8592) - Change Heat default log level from DEBUG to INFO (SCRD-7132) - Fix Horizon missing create snapshot action for users (bsc#1130593) - Don't set external-name in ardana-ci models (SCRD-7471) - Fix fail-over/-back behavior of haproxy for galera (bsc#1122875) - Update swift endpoints from keystone-reconfigure.yml if needed (SCRD-8703) - Change Magnum default log level from DEFAULT to INFO (SCRD-7132) - Rip out vertica related code (SCRD-9031) - Tighten neutron sudoers to only execute rootwrap (bsc#1132542) - Change Neutron default log level from DEBUG to INFO (SCRD-7132) - SCRD-9031 Change permitted nova-rootwrap config file pattern (bsc#1132542) - specify rootwrap config file in nova sudoer (bsc#1132542) - Change Nova default log level from DEBUG to INFO (SCRD-7132) - Stop installing a sudoers root escalator (SCRD-9031) - Change Octavia default log level from DEBUG to INFO (SCRD-7132) - Increase number of connect retries (SCRD-7496) - UDEV rules for multi-port nics (SCRD-8329) - Ensure that the ceph group exists (SCRD-8347) - Disable test_create_health_monitor_with_scenarios tempest (SOC-9176) - Make --os-test-timeout configurable and increase default (SCRD-7496) - Disable TestVolumeBootPattern.test_volume_boot_pattern (SCRD-9015) - Increase and make timeout values configurable (SCRD-7496) - Configure heat boot config template path (SCRD-7496) - Fix typo on ceilometer filter (SCRD-7496) - barclamp: Fix setting MTU on networks using a bridge - Fix order of values in nodes piechart - Ignore CVE-2019-11068 during Travis (SOC-9262) - Fix cloud-mkcloud9-job-backup-restore (SCRD-7126) - Update suse-branding.patch with correct links for documentation (SCRD-8294) - pacemaker: add failure nodes to sync fail message (bsc#1083721) - update suse-branding.patch (SOC-9297) - pacemaker: wait more for founder if SBD is configured (SCRD-8462) - pacemaker: don't check cluster members on founder (SCRD-8462) - database: Make wsrep_provider_options configurable (fate#327745) - database: Raise and align promote/demote timeouts (bsc#1131791) - mysql: improve galera HA setup (bsc#1122875) - Update suse-branding.patch with correct links for documentation (SCRD-8294) - neutron: Fix the rest of the keystone related settings for LBaaS - neutron: properly define neutron lbaas region (bsc#1128753) - CLM - update MariaDB manually (bsc#1132852, SOC-9022) - update MariaDB manually (bsc#1132852, SOC-9022) - SOC8 alarm table restructure ((SCRD-7710, bsc#1124170) - Fix bsc#1118003 - add deprecation decision tree (shrub) (SCRD-8530) - add cert section (SCRD-5542) - grammar; make migration pairing more explicit (SCRD-7595) - Remove whitespace on top of login page (SCRD-7142) - Revert alert and form colors to default SCRD-6919 - Change active sidebar section text white SCRD-6919 - Updated the openstack-monasca-agent-sudoers file (bsc#1132542) - Don't restart neutron-ovs-cleanup on RPM update (bsc#1132860) - Fix KeyError in OVS firewall (bsc#1131712, CVE-2019-10876) - update to 1.11.20 (bsc#124991, CVE-2019-6975): - Memory exhaustion in ``django.utils.numberformat.format()`` - Include ops-console logs if exist (bsc-1126912) - Add a sed pattern to censor passwords from servers.yml (bsc#1105559) - Show the status file of crowbar upgrade (if it exists) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1862=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1862=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1862=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1558533551.8d8ed2058-3.23.1 crowbar-core-branding-upstream-5.0+git.1558533551.8d8ed2058-3.23.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): crowbar-core-branding-SOC-5.0-10.6.3 crowbar-ha-5.0+git.1559282566.6b06ca3-3.17.1 crowbar-openstack-5.0+git.1559335140.62bb4c014-4.25.1 documentation-suse-openstack-cloud-deployment-8.20190521-1.17.1 documentation-suse-openstack-cloud-supplement-8.20190521-1.17.1 documentation-suse-openstack-cloud-upstream-admin-8.20190521-1.17.1 documentation-suse-openstack-cloud-upstream-user-8.20190521-1.17.1 openstack-aodh-5.1.1~dev7-3.11.2 openstack-aodh-api-5.1.1~dev7-3.11.2 openstack-aodh-doc-5.1.1~dev7-3.11.1 openstack-aodh-evaluator-5.1.1~dev7-3.11.2 openstack-aodh-expirer-5.1.1~dev7-3.11.2 openstack-aodh-listener-5.1.1~dev7-3.11.2 openstack-aodh-notifier-5.1.1~dev7-3.11.2 openstack-barbican-5.0.2~dev3-3.14.2 openstack-barbican-api-5.0.2~dev3-3.14.2 openstack-barbican-doc-5.0.2~dev3-3.14.1 openstack-barbican-keystone-listener-5.0.2~dev3-3.14.2 openstack-barbican-retry-5.0.2~dev3-3.14.2 openstack-barbican-worker-5.0.2~dev3-3.14.2 openstack-ceilometer-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-central-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-compute-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-ipmi-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-notification-9.0.8~dev7-3.12.2 openstack-ceilometer-api-9.0.8~dev7-3.12.2 openstack-ceilometer-collector-9.0.8~dev7-3.12.2 openstack-ceilometer-doc-9.0.8~dev7-3.12.1 openstack-ceilometer-polling-9.0.8~dev7-3.12.2 openstack-cinder-11.2.3~dev5-3.15.2 openstack-cinder-api-11.2.3~dev5-3.15.2 openstack-cinder-backup-11.2.3~dev5-3.15.2 openstack-cinder-doc-11.2.3~dev5-3.15.1 openstack-cinder-scheduler-11.2.3~dev5-3.15.2 openstack-cinder-volume-11.2.3~dev5-3.15.2 openstack-dashboard-12.0.4~dev6-3.20.2 openstack-dashboard-theme-SUSE-2017.2+git.1554906711.9dbe79b-7.11.1 openstack-designate-5.0.3~dev7-3.11.1 openstack-designate-agent-5.0.3~dev7-3.11.1 openstack-designate-api-5.0.3~dev7-3.11.1 openstack-designate-central-5.0.3~dev7-3.11.1 openstack-designate-doc-5.0.3~dev7-3.11.1 openstack-designate-producer-5.0.3~dev7-3.11.1 openstack-designate-sink-5.0.3~dev7-3.11.1 openstack-designate-worker-5.0.3~dev7-3.11.1 openstack-heat-9.0.8~dev3-3.18.2 openstack-heat-api-9.0.8~dev3-3.18.2 openstack-heat-api-cfn-9.0.8~dev3-3.18.2 openstack-heat-api-cloudwatch-9.0.8~dev3-3.18.2 openstack-heat-doc-9.0.8~dev3-3.18.2 openstack-heat-engine-9.0.8~dev3-3.18.2 openstack-heat-gbp-7.0.1~dev1-3.3.1 openstack-heat-plugin-heat_docker-9.0.8~dev3-3.18.2 openstack-heat-test-9.0.8~dev3-3.18.2 openstack-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1 openstack-ironic-9.1.8~dev5-3.18.2 openstack-ironic-api-9.1.8~dev5-3.18.2 openstack-ironic-conductor-9.1.8~dev5-3.18.2 openstack-ironic-doc-9.1.8~dev5-3.18.1 openstack-keystone-12.0.4~dev2-5.19.2 openstack-keystone-doc-12.0.4~dev2-5.19.1 openstack-monasca-agent-2.2.5~dev2-3.9.2 openstack-monasca-api-2.2.1~dev26-3.12.2 openstack-monasca-log-api-2.3.1~dev12-3.6.2 openstack-neutron-11.0.9~dev28-3.18.2 openstack-neutron-dhcp-agent-11.0.9~dev28-3.18.2 openstack-neutron-doc-11.0.9~dev28-3.18.1 openstack-neutron-fwaas-11.0.3~dev1-3.14.1 openstack-neutron-fwaas-doc-11.0.3~dev1-3.14.1 openstack-neutron-gbp-7.3.1~dev28-3.3.1 openstack-neutron-ha-tool-11.0.9~dev28-3.18.2 openstack-neutron-l3-agent-11.0.9~dev28-3.18.2 openstack-neutron-lbaas-11.0.4~dev6-3.9.1 openstack-neutron-lbaas-agent-11.0.4~dev6-3.9.1 openstack-neutron-lbaas-doc-11.0.4~dev6-3.9.1 openstack-neutron-linuxbridge-agent-11.0.9~dev28-3.18.2 openstack-neutron-macvtap-agent-11.0.9~dev28-3.18.2 openstack-neutron-metadata-agent-11.0.9~dev28-3.18.2 openstack-neutron-metering-agent-11.0.9~dev28-3.18.2 openstack-neutron-openvswitch-agent-11.0.9~dev28-3.18.2 openstack-neutron-server-11.0.9~dev28-3.18.2 openstack-neutron-vpn-agent-11.0.1~dev5-3.12.1 openstack-neutron-vpnaas-11.0.1~dev5-3.12.1 openstack-neutron-vpnaas-doc-11.0.1~dev5-3.12.1 openstack-neutron-vyatta-agent-11.0.1~dev5-3.12.1 openstack-nova-16.1.9~dev3-3.23.2 openstack-nova-api-16.1.9~dev3-3.23.2 openstack-nova-cells-16.1.9~dev3-3.23.2 openstack-nova-compute-16.1.9~dev3-3.23.2 openstack-nova-conductor-16.1.9~dev3-3.23.2 openstack-nova-console-16.1.9~dev3-3.23.2 openstack-nova-consoleauth-16.1.9~dev3-3.23.2 openstack-nova-doc-16.1.9~dev3-3.23.1 openstack-nova-novncproxy-16.1.9~dev3-3.23.2 openstack-nova-placement-api-16.1.9~dev3-3.23.2 openstack-nova-scheduler-16.1.9~dev3-3.23.2 openstack-nova-serialproxy-16.1.9~dev3-3.23.2 openstack-nova-vncproxy-16.1.9~dev3-3.23.2 openstack-trove-8.0.1~dev13-3.9.1 openstack-trove-api-8.0.1~dev13-3.9.1 openstack-trove-conductor-8.0.1~dev13-3.9.1 openstack-trove-doc-8.0.1~dev13-3.9.1 openstack-trove-guestagent-8.0.1~dev13-3.9.1 openstack-trove-taskmanager-8.0.1~dev13-3.9.1 python-Django-1.11.20-3.7.1 python-aodh-5.1.1~dev7-3.11.2 python-barbican-5.0.2~dev3-3.14.2 python-ceilometer-9.0.8~dev7-3.12.2 python-cinder-11.2.3~dev5-3.15.2 python-cliff-2.8.3-3.6.2 python-designate-5.0.3~dev7-3.11.1 python-freezerclient-1.5.1-3.3.2 python-freezerclient-doc-1.5.1-3.3.2 python-heat-9.0.8~dev3-3.18.2 python-heat-gbp-7.0.1~dev1-3.3.1 python-horizon-12.0.4~dev6-3.20.2 python-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1 python-ironic-9.1.8~dev5-3.18.2 python-ironicclient-1.17.2-3.3.1 python-ironicclient-doc-1.17.2-3.3.1 python-keystone-12.0.4~dev2-5.19.2 python-magnumclient-2.7.1-3.3.1 python-magnumclient-doc-2.7.1-3.3.1 python-manilaclient-1.17.4-3.6.1 python-manilaclient-doc-1.17.4-3.6.1 python-monasca-agent-2.2.5~dev2-3.9.2 python-monasca-api-2.2.1~dev26-3.12.2 python-monasca-log-api-2.3.1~dev12-3.6.2 python-muranoclient-0.14.1-3.3.1 python-muranoclient-doc-0.14.1-3.3.1 python-neutron-11.0.9~dev28-3.18.2 python-neutron-fwaas-11.0.3~dev1-3.14.1 python-neutron-gbp-7.3.1~dev28-3.3.1 python-neutron-lbaas-11.0.4~dev6-3.9.1 python-neutron-vpnaas-11.0.1~dev5-3.12.1 python-nova-16.1.9~dev3-3.23.2 python-novaclient-9.1.3-3.6.2 python-novaclient-doc-9.1.3-3.6.2 python-openstackclient-3.12.2-3.3.1 python-os-brick-1.15.9-3.6.2 python-os-client-config-1.28.1-3.3.1 python-os-vif-1.7.2-3.3.2 python-os-win-2.2.1-3.3.1 python-oslo.cache-1.25.2-3.3.1 python-oslo.concurrency-3.21.2-3.3.1 python-oslo.config-4.11.2-3.3.1 python-oslo.config-doc-4.11.2-3.3.1 python-oslo.i18n-3.17.2-3.3.2 python-oslo.log-3.30.3-3.3.1 python-oslo.messaging-5.30.8-3.8.1 python-oslo.middleware-3.30.2-3.3.1 python-oslo.policy-1.25.4-3.6.1 python-oslo.privsep-1.22.2-3.3.1 python-oslo.reports-1.22.2-3.3.1 python-oslo.utils-3.28.4-3.6.1 python-oslo.versionedobjects-1.26.3-3.6.1 python-oslo.vmware-2.23.2-3.3.1 python-oslotest-2.17.2-3.3.1 python-python-subunit-1.2.0-4.3.1 python-saharaclient-1.3.1-3.3.1 python-saharaclient-doc-1.3.1-3.3.1 python-swiftclient-3.4.1-3.3.1 python-swiftclient-doc-3.4.1-3.3.1 python-trove-8.0.1~dev13-3.9.1 python-zaqarclient-1.7.1-3.3.1 supportutils-plugin-suse-openstack-cloud-8.0.1551262227.7a7deb6-3.3.1 - SUSE OpenStack Cloud 8 (noarch): ardana-ansible-8.0+git.1553878455.7439e04-3.61.1 ardana-barbican-8.0+git.1534266594.8136db7-4.30.1 ardana-cassandra-8.0+git.1534266612.44dcb20-3.12.1 ardana-ceilometer-8.0+git.1534266629.0bb5d54-3.9.1 ardana-cinder-8.0+git.1558619942.6bd075c-3.36.1 ardana-cluster-8.0+git.1534266734.ec4822f-3.33.1 ardana-cobbler-8.0+git.1550694449.df88054-3.38.1 ardana-db-8.0+git.1555341117.d812d88-3.25.1 ardana-designate-8.0+git.1558636763.f7f09ca-3.14.1 ardana-freezer-8.0+git.1534266805.c9ea29b-3.15.1 ardana-glance-8.0+git.1555450219.97789ac-3.11.1 ardana-heat-8.0+git.1555450207.a7d3bfe-3.12.1 ardana-horizon-8.0+git.1554732431.8f9dd50-3.15.1 ardana-input-model-8.0+git.1557418274.fb273dd-3.27.1 ardana-ironic-8.0+git.1534266893.1d69df7-3.6.1 ardana-keystone-8.0+git.1554915846.db23473-3.24.1 ardana-logging-8.0+git.1544117621.1c9a954-3.18.1 ardana-magnum-8.0+git.1555450198.c42dc52-3.6.1 ardana-manila-8.0+git.1551748668.7427826-1.18.1 ardana-memcached-8.0+git.1534266982.498c352-3.6.1 ardana-monasca-8.0+git.1557856965.bde9eb2-3.18.1 ardana-monasca-transform-8.0+git.1534267017.4bbecd9-3.9.1 ardana-mq-8.0+git.1549882721.b2e8873-3.13.1 ardana-neutron-8.0+git.1557523208.81aa1da-3.30.1 ardana-nova-8.0+git.1559253853.bb932ea-3.29.1 ardana-octavia-8.0+git.1557523035.ab44613-3.17.1 ardana-opsconsole-8.0+git.1534267103.829be13-3.10.1 ardana-opsconsole-ui-8.0+git.1537201508.68c32e6-3.16.1 ardana-osconfig-8.0+git.1557503482.852ec24-3.36.1 ardana-service-8.0+git.1551382173.a81d5e1-3.26.1 ardana-service-ansible-8.0+git.1544119019.e68516a-3.17.1 ardana-ses-8.0+git.1554912320.73ad306-1.20.1 ardana-spark-8.0+git.1539709555.5b31c25-3.12.1 ardana-swift-8.0+git.1551502730.f4d219d-3.27.1 ardana-tempest-8.0+git.1557761054.b971c8f-3.21.1 ardana-tls-8.0+git.1534267264.6b1e899-3.6.1 documentation-suse-openstack-cloud-installation-8.20190521-1.17.1 documentation-suse-openstack-cloud-operations-8.20190521-1.17.1 documentation-suse-openstack-cloud-opsconsole-8.20190521-1.17.1 documentation-suse-openstack-cloud-planning-8.20190521-1.17.1 documentation-suse-openstack-cloud-security-8.20190521-1.17.1 documentation-suse-openstack-cloud-supplement-8.20190521-1.17.1 documentation-suse-openstack-cloud-upstream-admin-8.20190521-1.17.1 documentation-suse-openstack-cloud-upstream-user-8.20190521-1.17.1 documentation-suse-openstack-cloud-user-8.20190521-1.17.1 openstack-aodh-5.1.1~dev7-3.11.2 openstack-aodh-api-5.1.1~dev7-3.11.2 openstack-aodh-doc-5.1.1~dev7-3.11.1 openstack-aodh-evaluator-5.1.1~dev7-3.11.2 openstack-aodh-expirer-5.1.1~dev7-3.11.2 openstack-aodh-listener-5.1.1~dev7-3.11.2 openstack-aodh-notifier-5.1.1~dev7-3.11.2 openstack-barbican-5.0.2~dev3-3.14.2 openstack-barbican-api-5.0.2~dev3-3.14.2 openstack-barbican-doc-5.0.2~dev3-3.14.1 openstack-barbican-keystone-listener-5.0.2~dev3-3.14.2 openstack-barbican-retry-5.0.2~dev3-3.14.2 openstack-barbican-worker-5.0.2~dev3-3.14.2 openstack-ceilometer-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-central-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-compute-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-ipmi-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-notification-9.0.8~dev7-3.12.2 openstack-ceilometer-api-9.0.8~dev7-3.12.2 openstack-ceilometer-collector-9.0.8~dev7-3.12.2 openstack-ceilometer-doc-9.0.8~dev7-3.12.1 openstack-ceilometer-polling-9.0.8~dev7-3.12.2 openstack-cinder-11.2.3~dev5-3.15.2 openstack-cinder-api-11.2.3~dev5-3.15.2 openstack-cinder-backup-11.2.3~dev5-3.15.2 openstack-cinder-doc-11.2.3~dev5-3.15.1 openstack-cinder-scheduler-11.2.3~dev5-3.15.2 openstack-cinder-volume-11.2.3~dev5-3.15.2 openstack-dashboard-12.0.4~dev6-3.20.2 openstack-dashboard-theme-SUSE-2017.2+git.1554906711.9dbe79b-7.11.1 openstack-designate-5.0.3~dev7-3.11.1 openstack-designate-agent-5.0.3~dev7-3.11.1 openstack-designate-api-5.0.3~dev7-3.11.1 openstack-designate-central-5.0.3~dev7-3.11.1 openstack-designate-doc-5.0.3~dev7-3.11.1 openstack-designate-producer-5.0.3~dev7-3.11.1 openstack-designate-sink-5.0.3~dev7-3.11.1 openstack-designate-worker-5.0.3~dev7-3.11.1 openstack-heat-9.0.8~dev3-3.18.2 openstack-heat-api-9.0.8~dev3-3.18.2 openstack-heat-api-cfn-9.0.8~dev3-3.18.2 openstack-heat-api-cloudwatch-9.0.8~dev3-3.18.2 openstack-heat-doc-9.0.8~dev3-3.18.2 openstack-heat-engine-9.0.8~dev3-3.18.2 openstack-heat-gbp-7.0.1~dev1-3.3.1 openstack-heat-plugin-heat_docker-9.0.8~dev3-3.18.2 openstack-heat-test-9.0.8~dev3-3.18.2 openstack-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1 openstack-ironic-9.1.8~dev5-3.18.2 openstack-ironic-api-9.1.8~dev5-3.18.2 openstack-ironic-conductor-9.1.8~dev5-3.18.2 openstack-ironic-doc-9.1.8~dev5-3.18.1 openstack-keystone-12.0.4~dev2-5.19.2 openstack-keystone-doc-12.0.4~dev2-5.19.1 openstack-monasca-agent-2.2.5~dev2-3.9.2 openstack-monasca-api-2.2.1~dev26-3.12.2 openstack-monasca-log-api-2.3.1~dev12-3.6.2 openstack-neutron-11.0.9~dev28-3.18.2 openstack-neutron-dhcp-agent-11.0.9~dev28-3.18.2 openstack-neutron-doc-11.0.9~dev28-3.18.1 openstack-neutron-fwaas-11.0.3~dev1-3.14.1 openstack-neutron-fwaas-doc-11.0.3~dev1-3.14.1 openstack-neutron-gbp-7.3.1~dev28-3.3.1 openstack-neutron-ha-tool-11.0.9~dev28-3.18.2 openstack-neutron-l3-agent-11.0.9~dev28-3.18.2 openstack-neutron-lbaas-11.0.4~dev6-3.9.1 openstack-neutron-lbaas-agent-11.0.4~dev6-3.9.1 openstack-neutron-lbaas-doc-11.0.4~dev6-3.9.1 openstack-neutron-linuxbridge-agent-11.0.9~dev28-3.18.2 openstack-neutron-macvtap-agent-11.0.9~dev28-3.18.2 openstack-neutron-metadata-agent-11.0.9~dev28-3.18.2 openstack-neutron-metering-agent-11.0.9~dev28-3.18.2 openstack-neutron-openvswitch-agent-11.0.9~dev28-3.18.2 openstack-neutron-server-11.0.9~dev28-3.18.2 openstack-neutron-vpn-agent-11.0.1~dev5-3.12.1 openstack-neutron-vpnaas-11.0.1~dev5-3.12.1 openstack-neutron-vpnaas-doc-11.0.1~dev5-3.12.1 openstack-neutron-vyatta-agent-11.0.1~dev5-3.12.1 openstack-nova-16.1.9~dev3-3.23.2 openstack-nova-api-16.1.9~dev3-3.23.2 openstack-nova-cells-16.1.9~dev3-3.23.2 openstack-nova-compute-16.1.9~dev3-3.23.2 openstack-nova-conductor-16.1.9~dev3-3.23.2 openstack-nova-console-16.1.9~dev3-3.23.2 openstack-nova-consoleauth-16.1.9~dev3-3.23.2 openstack-nova-doc-16.1.9~dev3-3.23.1 openstack-nova-novncproxy-16.1.9~dev3-3.23.2 openstack-nova-placement-api-16.1.9~dev3-3.23.2 openstack-nova-scheduler-16.1.9~dev3-3.23.2 openstack-nova-serialproxy-16.1.9~dev3-3.23.2 openstack-nova-vncproxy-16.1.9~dev3-3.23.2 openstack-trove-8.0.1~dev13-3.9.1 openstack-trove-api-8.0.1~dev13-3.9.1 openstack-trove-conductor-8.0.1~dev13-3.9.1 openstack-trove-doc-8.0.1~dev13-3.9.1 openstack-trove-guestagent-8.0.1~dev13-3.9.1 openstack-trove-taskmanager-8.0.1~dev13-3.9.1 python-Django-1.11.20-3.7.1 python-aodh-5.1.1~dev7-3.11.2 python-ardana-configurationprocessor-8.0+git.1534266236.fb1623c-6.9.1 python-barbican-5.0.2~dev3-3.14.2 python-ceilometer-9.0.8~dev7-3.12.2 python-cinder-11.2.3~dev5-3.15.2 python-cinderlm-0.0.2+git.1541444073.4d3347c-3.6.1 python-cliff-2.8.3-3.6.2 python-designate-5.0.3~dev7-3.11.1 python-freezerclient-1.5.1-3.3.2 python-freezerclient-doc-1.5.1-3.3.2 python-heat-9.0.8~dev3-3.18.2 python-heat-gbp-7.0.1~dev1-3.3.1 python-horizon-12.0.4~dev6-3.20.2 python-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1 python-ironic-9.1.8~dev5-3.18.2 python-ironicclient-1.17.2-3.3.1 python-ironicclient-doc-1.17.2-3.3.1 python-keystone-12.0.4~dev2-5.19.2 python-magnumclient-2.7.1-3.3.1 python-magnumclient-doc-2.7.1-3.3.1 python-manilaclient-1.17.4-3.6.1 python-manilaclient-doc-1.17.4-3.6.1 python-monasca-agent-2.2.5~dev2-3.9.2 python-monasca-api-2.2.1~dev26-3.12.2 python-monasca-log-api-2.3.1~dev12-3.6.2 python-muranoclient-0.14.1-3.3.1 python-muranoclient-doc-0.14.1-3.3.1 python-neutron-11.0.9~dev28-3.18.2 python-neutron-fwaas-11.0.3~dev1-3.14.1 python-neutron-gbp-7.3.1~dev28-3.3.1 python-neutron-lbaas-11.0.4~dev6-3.9.1 python-neutron-vpnaas-11.0.1~dev5-3.12.1 python-nova-16.1.9~dev3-3.23.2 python-novaclient-9.1.3-3.6.2 python-novaclient-doc-9.1.3-3.6.2 python-openstackclient-3.12.2-3.3.1 python-os-brick-1.15.9-3.6.2 python-os-client-config-1.28.1-3.3.1 python-os-vif-1.7.2-3.3.2 python-os-win-2.2.1-3.3.1 python-oslo.cache-1.25.2-3.3.1 python-oslo.concurrency-3.21.2-3.3.1 python-oslo.config-4.11.2-3.3.1 python-oslo.config-doc-4.11.2-3.3.1 python-oslo.i18n-3.17.2-3.3.2 python-oslo.log-3.30.3-3.3.1 python-oslo.messaging-5.30.8-3.8.1 python-oslo.middleware-3.30.2-3.3.1 python-oslo.policy-1.25.4-3.6.1 python-oslo.privsep-1.22.2-3.3.1 python-oslo.reports-1.22.2-3.3.1 python-oslo.utils-3.28.4-3.6.1 python-oslo.versionedobjects-1.26.3-3.6.1 python-oslo.vmware-2.23.2-3.3.1 python-oslotest-2.17.2-3.3.1 python-python-subunit-1.2.0-4.3.1 python-saharaclient-1.3.1-3.3.1 python-saharaclient-doc-1.3.1-3.3.1 python-swiftclient-3.4.1-3.3.1 python-swiftclient-doc-3.4.1-3.3.1 python-trove-8.0.1~dev13-3.9.1 python-zaqarclient-1.7.1-3.3.1 supportutils-plugin-suse-openstack-cloud-8.0.1551262227.7a7deb6-3.3.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.16.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.17.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.14.1 venv-openstack-cinder-x86_64-11.2.3~dev5-14.17.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.15.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.12.1 venv-openstack-glance-x86_64-15.0.2~dev9-12.15.1 venv-openstack-heat-x86_64-9.0.8~dev3-12.17.1 venv-openstack-horizon-x86_64-12.0.4~dev6-14.22.1 venv-openstack-ironic-x86_64-9.1.8~dev5-12.17.1 venv-openstack-keystone-x86_64-12.0.4~dev2-11.17.1 venv-openstack-magnum-x86_64-5.0.2-11.15.1 venv-openstack-manila-x86_64-5.0.4~dev17-12.19.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1-8.11.1 venv-openstack-monasca-x86_64-2.2.1-11.13.1 venv-openstack-murano-x86_64-4.0.1-12.11.1 venv-openstack-neutron-x86_64-11.0.2-13.19.1 venv-openstack-nova-x86_64-16.1.9~dev3-11.18.1 venv-openstack-octavia-x86_64-1.0.5~dev1-12.17.1 venv-openstack-sahara-x86_64-7.0.4~dev1-11.16.1 venv-openstack-swift-x86_64-2.15.2-11.11.1 venv-openstack-trove-x86_64-8.0.1~dev13-11.16.1 - HPE Helion Openstack 8 (noarch): ardana-ansible-8.0+git.1553878455.7439e04-3.61.1 ardana-barbican-8.0+git.1534266594.8136db7-4.30.1 ardana-cassandra-8.0+git.1534266612.44dcb20-3.12.1 ardana-ceilometer-8.0+git.1534266629.0bb5d54-3.9.1 ardana-cinder-8.0+git.1558619942.6bd075c-3.36.1 ardana-cluster-8.0+git.1534266734.ec4822f-3.33.1 ardana-cobbler-8.0+git.1550694449.df88054-3.38.1 ardana-db-8.0+git.1555341117.d812d88-3.25.1 ardana-designate-8.0+git.1558636763.f7f09ca-3.14.1 ardana-freezer-8.0+git.1534266805.c9ea29b-3.15.1 ardana-glance-8.0+git.1555450219.97789ac-3.11.1 ardana-heat-8.0+git.1555450207.a7d3bfe-3.12.1 ardana-horizon-8.0+git.1554732431.8f9dd50-3.15.1 ardana-input-model-8.0+git.1557418274.fb273dd-3.27.1 ardana-ironic-8.0+git.1534266893.1d69df7-3.6.1 ardana-keystone-8.0+git.1554915846.db23473-3.24.1 ardana-logging-8.0+git.1544117621.1c9a954-3.18.1 ardana-magnum-8.0+git.1555450198.c42dc52-3.6.1 ardana-manila-8.0+git.1551748668.7427826-1.18.1 ardana-memcached-8.0+git.1534266982.498c352-3.6.1 ardana-monasca-8.0+git.1557856965.bde9eb2-3.18.1 ardana-monasca-transform-8.0+git.1534267017.4bbecd9-3.9.1 ardana-mq-8.0+git.1549882721.b2e8873-3.13.1 ardana-neutron-8.0+git.1557523208.81aa1da-3.30.1 ardana-nova-8.0+git.1559253853.bb932ea-3.29.1 ardana-octavia-8.0+git.1557523035.ab44613-3.17.1 ardana-opsconsole-8.0+git.1534267103.829be13-3.10.1 ardana-opsconsole-ui-hpe-8.0+git.1537201508.68c32e6-3.16.1 ardana-osconfig-8.0+git.1557503482.852ec24-3.36.1 ardana-service-8.0+git.1551382173.a81d5e1-3.26.1 ardana-service-ansible-8.0+git.1544119019.e68516a-3.17.1 ardana-ses-8.0+git.1554912320.73ad306-1.20.1 ardana-spark-8.0+git.1539709555.5b31c25-3.12.1 ardana-swift-8.0+git.1551502730.f4d219d-3.27.1 ardana-tempest-8.0+git.1557761054.b971c8f-3.21.1 ardana-tls-8.0+git.1534267264.6b1e899-3.6.1 documentation-hpe-helion-openstack-installation-8.20190521-1.17.1 documentation-hpe-helion-openstack-operations-8.20190521-1.17.1 documentation-hpe-helion-openstack-opsconsole-8.20190521-1.17.1 documentation-hpe-helion-openstack-planning-8.20190521-1.17.1 documentation-hpe-helion-openstack-security-8.20190521-1.17.1 documentation-hpe-helion-openstack-user-8.20190521-1.17.1 openstack-aodh-5.1.1~dev7-3.11.2 openstack-aodh-api-5.1.1~dev7-3.11.2 openstack-aodh-doc-5.1.1~dev7-3.11.1 openstack-aodh-evaluator-5.1.1~dev7-3.11.2 openstack-aodh-expirer-5.1.1~dev7-3.11.2 openstack-aodh-listener-5.1.1~dev7-3.11.2 openstack-aodh-notifier-5.1.1~dev7-3.11.2 openstack-barbican-5.0.2~dev3-3.14.2 openstack-barbican-api-5.0.2~dev3-3.14.2 openstack-barbican-doc-5.0.2~dev3-3.14.1 openstack-barbican-keystone-listener-5.0.2~dev3-3.14.2 openstack-barbican-retry-5.0.2~dev3-3.14.2 openstack-barbican-worker-5.0.2~dev3-3.14.2 openstack-ceilometer-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-central-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-compute-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-ipmi-9.0.8~dev7-3.12.2 openstack-ceilometer-agent-notification-9.0.8~dev7-3.12.2 openstack-ceilometer-api-9.0.8~dev7-3.12.2 openstack-ceilometer-collector-9.0.8~dev7-3.12.2 openstack-ceilometer-doc-9.0.8~dev7-3.12.1 openstack-ceilometer-polling-9.0.8~dev7-3.12.2 openstack-cinder-11.2.3~dev5-3.15.2 openstack-cinder-api-11.2.3~dev5-3.15.2 openstack-cinder-backup-11.2.3~dev5-3.15.2 openstack-cinder-doc-11.2.3~dev5-3.15.1 openstack-cinder-scheduler-11.2.3~dev5-3.15.2 openstack-cinder-volume-11.2.3~dev5-3.15.2 openstack-dashboard-12.0.4~dev6-3.20.2 openstack-designate-5.0.3~dev7-3.11.1 openstack-designate-agent-5.0.3~dev7-3.11.1 openstack-designate-api-5.0.3~dev7-3.11.1 openstack-designate-central-5.0.3~dev7-3.11.1 openstack-designate-doc-5.0.3~dev7-3.11.1 openstack-designate-producer-5.0.3~dev7-3.11.1 openstack-designate-sink-5.0.3~dev7-3.11.1 openstack-designate-worker-5.0.3~dev7-3.11.1 openstack-heat-9.0.8~dev3-3.18.2 openstack-heat-api-9.0.8~dev3-3.18.2 openstack-heat-api-cfn-9.0.8~dev3-3.18.2 openstack-heat-api-cloudwatch-9.0.8~dev3-3.18.2 openstack-heat-doc-9.0.8~dev3-3.18.2 openstack-heat-engine-9.0.8~dev3-3.18.2 openstack-heat-gbp-7.0.1~dev1-3.3.1 openstack-heat-plugin-heat_docker-9.0.8~dev3-3.18.2 openstack-heat-test-9.0.8~dev3-3.18.2 openstack-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1 openstack-ironic-9.1.8~dev5-3.18.2 openstack-ironic-api-9.1.8~dev5-3.18.2 openstack-ironic-conductor-9.1.8~dev5-3.18.2 openstack-ironic-doc-9.1.8~dev5-3.18.1 openstack-keystone-12.0.4~dev2-5.19.2 openstack-keystone-doc-12.0.4~dev2-5.19.1 openstack-monasca-agent-2.2.5~dev2-3.9.2 openstack-monasca-api-2.2.1~dev26-3.12.2 openstack-monasca-log-api-2.3.1~dev12-3.6.2 openstack-neutron-11.0.9~dev28-3.18.2 openstack-neutron-dhcp-agent-11.0.9~dev28-3.18.2 openstack-neutron-doc-11.0.9~dev28-3.18.1 openstack-neutron-fwaas-11.0.3~dev1-3.14.1 openstack-neutron-fwaas-doc-11.0.3~dev1-3.14.1 openstack-neutron-gbp-7.3.1~dev28-3.3.1 openstack-neutron-ha-tool-11.0.9~dev28-3.18.2 openstack-neutron-l3-agent-11.0.9~dev28-3.18.2 openstack-neutron-lbaas-11.0.4~dev6-3.9.1 openstack-neutron-lbaas-agent-11.0.4~dev6-3.9.1 openstack-neutron-lbaas-doc-11.0.4~dev6-3.9.1 openstack-neutron-linuxbridge-agent-11.0.9~dev28-3.18.2 openstack-neutron-macvtap-agent-11.0.9~dev28-3.18.2 openstack-neutron-metadata-agent-11.0.9~dev28-3.18.2 openstack-neutron-metering-agent-11.0.9~dev28-3.18.2 openstack-neutron-openvswitch-agent-11.0.9~dev28-3.18.2 openstack-neutron-server-11.0.9~dev28-3.18.2 openstack-neutron-vpn-agent-11.0.1~dev5-3.12.1 openstack-neutron-vpnaas-11.0.1~dev5-3.12.1 openstack-neutron-vpnaas-doc-11.0.1~dev5-3.12.1 openstack-neutron-vyatta-agent-11.0.1~dev5-3.12.1 openstack-nova-16.1.9~dev3-3.23.2 openstack-nova-api-16.1.9~dev3-3.23.2 openstack-nova-cells-16.1.9~dev3-3.23.2 openstack-nova-compute-16.1.9~dev3-3.23.2 openstack-nova-conductor-16.1.9~dev3-3.23.2 openstack-nova-console-16.1.9~dev3-3.23.2 openstack-nova-consoleauth-16.1.9~dev3-3.23.2 openstack-nova-doc-16.1.9~dev3-3.23.1 openstack-nova-novncproxy-16.1.9~dev3-3.23.2 openstack-nova-placement-api-16.1.9~dev3-3.23.2 openstack-nova-scheduler-16.1.9~dev3-3.23.2 openstack-nova-serialproxy-16.1.9~dev3-3.23.2 openstack-nova-vncproxy-16.1.9~dev3-3.23.2 openstack-trove-8.0.1~dev13-3.9.1 openstack-trove-api-8.0.1~dev13-3.9.1 openstack-trove-conductor-8.0.1~dev13-3.9.1 openstack-trove-doc-8.0.1~dev13-3.9.1 openstack-trove-guestagent-8.0.1~dev13-3.9.1 openstack-trove-taskmanager-8.0.1~dev13-3.9.1 python-Django-1.11.20-3.7.1 python-aodh-5.1.1~dev7-3.11.2 python-ardana-configurationprocessor-8.0+git.1534266236.fb1623c-6.9.1 python-barbican-5.0.2~dev3-3.14.2 python-ceilometer-9.0.8~dev7-3.12.2 python-cinder-11.2.3~dev5-3.15.2 python-cinderlm-0.0.2+git.1541444073.4d3347c-3.6.1 python-cliff-2.8.3-3.6.2 python-designate-5.0.3~dev7-3.11.1 python-freezerclient-1.5.1-3.3.2 python-freezerclient-doc-1.5.1-3.3.2 python-heat-9.0.8~dev3-3.18.2 python-heat-gbp-7.0.1~dev1-3.3.1 python-horizon-12.0.4~dev6-3.20.2 python-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1 python-ironic-9.1.8~dev5-3.18.2 python-ironicclient-1.17.2-3.3.1 python-ironicclient-doc-1.17.2-3.3.1 python-keystone-12.0.4~dev2-5.19.2 python-magnumclient-2.7.1-3.3.1 python-magnumclient-doc-2.7.1-3.3.1 python-manilaclient-1.17.4-3.6.1 python-manilaclient-doc-1.17.4-3.6.1 python-monasca-agent-2.2.5~dev2-3.9.2 python-monasca-api-2.2.1~dev26-3.12.2 python-monasca-log-api-2.3.1~dev12-3.6.2 python-muranoclient-0.14.1-3.3.1 python-muranoclient-doc-0.14.1-3.3.1 python-neutron-11.0.9~dev28-3.18.2 python-neutron-fwaas-11.0.3~dev1-3.14.1 python-neutron-gbp-7.3.1~dev28-3.3.1 python-neutron-lbaas-11.0.4~dev6-3.9.1 python-neutron-vpnaas-11.0.1~dev5-3.12.1 python-nova-16.1.9~dev3-3.23.2 python-novaclient-9.1.3-3.6.2 python-novaclient-doc-9.1.3-3.6.2 python-openstackclient-3.12.2-3.3.1 python-os-brick-1.15.9-3.6.2 python-os-client-config-1.28.1-3.3.1 python-os-vif-1.7.2-3.3.2 python-os-win-2.2.1-3.3.1 python-oslo.cache-1.25.2-3.3.1 python-oslo.concurrency-3.21.2-3.3.1 python-oslo.config-4.11.2-3.3.1 python-oslo.config-doc-4.11.2-3.3.1 python-oslo.i18n-3.17.2-3.3.2 python-oslo.log-3.30.3-3.3.1 python-oslo.messaging-5.30.8-3.8.1 python-oslo.middleware-3.30.2-3.3.1 python-oslo.policy-1.25.4-3.6.1 python-oslo.privsep-1.22.2-3.3.1 python-oslo.reports-1.22.2-3.3.1 python-oslo.utils-3.28.4-3.6.1 python-oslo.versionedobjects-1.26.3-3.6.1 python-oslo.vmware-2.23.2-3.3.1 python-oslotest-2.17.2-3.3.1 python-python-subunit-1.2.0-4.3.1 python-saharaclient-1.3.1-3.3.1 python-saharaclient-doc-1.3.1-3.3.1 python-swiftclient-3.4.1-3.3.1 python-swiftclient-doc-3.4.1-3.3.1 python-trove-8.0.1~dev13-3.9.1 python-zaqarclient-1.7.1-3.3.1 supportutils-plugin-suse-openstack-cloud-8.0.1551262227.7a7deb6-3.3.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.16.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.17.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.14.1 venv-openstack-cinder-x86_64-11.2.3~dev5-14.17.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.15.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.12.1 venv-openstack-glance-x86_64-15.0.2~dev9-12.15.1 venv-openstack-heat-x86_64-9.0.8~dev3-12.17.1 venv-openstack-horizon-hpe-x86_64-12.0.4~dev6-14.22.1 venv-openstack-ironic-x86_64-9.1.8~dev5-12.17.1 venv-openstack-keystone-x86_64-12.0.4~dev2-11.17.1 venv-openstack-magnum-x86_64-5.0.2-11.15.1 venv-openstack-manila-x86_64-5.0.4~dev17-12.19.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1-8.11.1 venv-openstack-monasca-x86_64-2.2.1-11.13.1 venv-openstack-murano-x86_64-4.0.1-12.11.1 venv-openstack-neutron-x86_64-11.0.2-13.19.1 venv-openstack-nova-x86_64-16.1.9~dev3-11.18.1 venv-openstack-octavia-x86_64-1.0.5~dev1-12.17.1 venv-openstack-sahara-x86_64-7.0.4~dev1-11.16.1 venv-openstack-swift-x86_64-2.15.2-11.11.1 venv-openstack-trove-x86_64-8.0.1~dev13-11.16.1 References: https://www.suse.com/security/cve/CVE-2018-14574.html https://www.suse.com/security/cve/CVE-2019-10876.html https://www.suse.com/security/cve/CVE-2019-11068.html https://www.suse.com/security/cve/CVE-2019-3498.html https://www.suse.com/security/cve/CVE-2019-6975.html https://bugzilla.suse.com/1083721 https://bugzilla.suse.com/1105559 https://bugzilla.suse.com/1118003 https://bugzilla.suse.com/1120932 https://bugzilla.suse.com/1122875 https://bugzilla.suse.com/1124170 https://bugzilla.suse.com/1126391 https://bugzilla.suse.com/1128753 https://bugzilla.suse.com/1130593 https://bugzilla.suse.com/1131712 https://bugzilla.suse.com/1131791 https://bugzilla.suse.com/1132542 https://bugzilla.suse.com/1132852 https://bugzilla.suse.com/1132860 https://bugzilla.suse.com/124991 From sle-security-updates at lists.suse.com Wed Jul 17 07:14:57 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Jul 2019 15:14:57 +0200 (CEST) Subject: SUSE-SU-2019:1861-1: important: Security update for MozillaFirefox Message-ID: <20190717131457.9485DFFE6@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1861-1 Rating: important References: #1140868 Cross-References: CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1861=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1861=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1861=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1861=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1861=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1861=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1861=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1861=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1861=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1861=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-1861=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1861=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1861=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1861=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1861=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1861=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1861=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1861=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-devel-3.44.1-58.28.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-devel-3.44.1-58.28.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-devel-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-devel-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Enterprise Storage 5 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-devel-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - SUSE CaaS Platform 3.0 (x86_64): libfreebl3-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 References: https://www.suse.com/security/cve/CVE-2019-11709.html https://www.suse.com/security/cve/CVE-2019-11711.html https://www.suse.com/security/cve/CVE-2019-11712.html https://www.suse.com/security/cve/CVE-2019-11713.html https://www.suse.com/security/cve/CVE-2019-11715.html https://www.suse.com/security/cve/CVE-2019-11717.html https://www.suse.com/security/cve/CVE-2019-11719.html https://www.suse.com/security/cve/CVE-2019-11729.html https://www.suse.com/security/cve/CVE-2019-11730.html https://www.suse.com/security/cve/CVE-2019-9811.html https://bugzilla.suse.com/1140868 From sle-security-updates at lists.suse.com Wed Jul 17 10:11:23 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Jul 2019 18:11:23 +0200 (CEST) Subject: SUSE-SU-2019:1870-1: important: Security update for the Linux Kernel Message-ID: <20190717161123.BCFC3FFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1870-1 Rating: important References: #1102340 #1112824 #1130159 #1133190 #1134395 #1135603 #1136922 #1137194 #1138293 #1139751 Cross-References: CVE-2018-20836 CVE-2018-5390 CVE-2018-7191 CVE-2019-11487 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has three fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5390 aka "SegmentSmack": A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP and/or TCP fragment reassembly (bsc#1102340) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395) - CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc#1137194) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293) - CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. (bsc#1136922) - CVE-2019-11487: An attacker could have triggered use-after-free via page reference count overflow on slow filesystems with at least of 140 GiB of RAM available. (bnc#1133190) The following non-security bugs were fixed: - fuse: Don't access pipe->buffers without pipe_lock() (Prerequisity for CVE-2019-11487, bsc#1133190). - fuse: call pipe_buf_release() under pipe lock (Prerequisity for CVE-2019-11487, bsc#1133190). - mm: /proc/pid/maps: Check permissions when opening proc pid maps (bsc#1130159). - pipe: add pipe_buf_get() helper (Prerequisity for CVE-2019-11487, bsc#1133190). - tcp: refine memory limit test in tcp_fragment() after CVE-2019-11478 fix (bsc#1139751). - x86/bugs: do not default to IBRS even on SKL (bsc#1112824). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1870=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1870=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-1870=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-default-3.12.74-60.64.118.1 kernel-default-base-3.12.74-60.64.118.1 kernel-default-base-debuginfo-3.12.74-60.64.118.1 kernel-default-debuginfo-3.12.74-60.64.118.1 kernel-default-debugsource-3.12.74-60.64.118.1 kernel-default-devel-3.12.74-60.64.118.1 kernel-syms-3.12.74-60.64.118.1 kernel-xen-3.12.74-60.64.118.1 kernel-xen-base-3.12.74-60.64.118.1 kernel-xen-base-debuginfo-3.12.74-60.64.118.1 kernel-xen-debuginfo-3.12.74-60.64.118.1 kernel-xen-debugsource-3.12.74-60.64.118.1 kernel-xen-devel-3.12.74-60.64.118.1 kgraft-patch-3_12_74-60_64_118-default-1-2.3.1 kgraft-patch-3_12_74-60_64_118-xen-1-2.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.118.1 kernel-macros-3.12.74-60.64.118.1 kernel-source-3.12.74-60.64.118.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.118.1 kernel-default-base-3.12.74-60.64.118.1 kernel-default-base-debuginfo-3.12.74-60.64.118.1 kernel-default-debuginfo-3.12.74-60.64.118.1 kernel-default-debugsource-3.12.74-60.64.118.1 kernel-default-devel-3.12.74-60.64.118.1 kernel-syms-3.12.74-60.64.118.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.118.1 kernel-xen-base-3.12.74-60.64.118.1 kernel-xen-base-debuginfo-3.12.74-60.64.118.1 kernel-xen-debuginfo-3.12.74-60.64.118.1 kernel-xen-debugsource-3.12.74-60.64.118.1 kernel-xen-devel-3.12.74-60.64.118.1 kgraft-patch-3_12_74-60_64_118-default-1-2.3.1 kgraft-patch-3_12_74-60_64_118-xen-1-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.118.1 kernel-macros-3.12.74-60.64.118.1 kernel-source-3.12.74-60.64.118.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.118.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.118.1 kernel-ec2-debuginfo-3.12.74-60.64.118.1 kernel-ec2-debugsource-3.12.74-60.64.118.1 kernel-ec2-devel-3.12.74-60.64.118.1 kernel-ec2-extra-3.12.74-60.64.118.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.118.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://bugzilla.suse.com/1102340 https://bugzilla.suse.com/1112824 https://bugzilla.suse.com/1130159 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1139751 From sle-security-updates at lists.suse.com Wed Jul 17 10:13:57 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Jul 2019 18:13:57 +0200 (CEST) Subject: SUSE-SU-2019:1869-1: important: Security update for MozillaFirefox Message-ID: <20190717161357.53B08FFE6@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1869-1 Rating: important References: #1140868 Cross-References: CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1869=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1869=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1869=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1869=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1869=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1869=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1869=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.44.1-3.16.2 libsoftokn3-hmac-3.44.1-3.16.2 mozilla-nss-debuginfo-3.44.1-3.16.2 mozilla-nss-debugsource-3.44.1-3.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.8.0-3.51.4 MozillaFirefox-debuginfo-60.8.0-3.51.4 MozillaFirefox-debugsource-60.8.0-3.51.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): MozillaFirefox-buildsymbols-60.8.0-3.51.4 libfreebl3-hmac-32bit-3.44.1-3.16.2 libsoftokn3-hmac-32bit-3.44.1-3.16.2 mozilla-nss-32bit-debuginfo-3.44.1-3.16.2 mozilla-nss-debugsource-3.44.1-3.16.2 mozilla-nss-sysinit-32bit-3.44.1-3.16.2 mozilla-nss-sysinit-32bit-debuginfo-3.44.1-3.16.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): MozillaFirefox-devel-60.8.0-3.51.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.8.0-3.51.4 MozillaFirefox-debuginfo-60.8.0-3.51.4 MozillaFirefox-debugsource-60.8.0-3.51.4 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.8.0-3.51.4 MozillaFirefox-debuginfo-60.8.0-3.51.4 MozillaFirefox-debugsource-60.8.0-3.51.4 MozillaFirefox-translations-common-60.8.0-3.51.4 MozillaFirefox-translations-other-60.8.0-3.51.4 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-60.8.0-3.51.4 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.8.0-3.51.4 MozillaFirefox-debuginfo-60.8.0-3.51.4 MozillaFirefox-debugsource-60.8.0-3.51.4 MozillaFirefox-devel-60.8.0-3.51.4 MozillaFirefox-translations-common-60.8.0-3.51.4 MozillaFirefox-translations-other-60.8.0-3.51.4 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libfreebl3-3.44.1-3.16.2 libfreebl3-debuginfo-3.44.1-3.16.2 libsoftokn3-3.44.1-3.16.2 libsoftokn3-debuginfo-3.44.1-3.16.2 mozilla-nss-3.44.1-3.16.2 mozilla-nss-certs-3.44.1-3.16.2 mozilla-nss-certs-debuginfo-3.44.1-3.16.2 mozilla-nss-debuginfo-3.44.1-3.16.2 mozilla-nss-debugsource-3.44.1-3.16.2 mozilla-nss-devel-3.44.1-3.16.2 mozilla-nss-sysinit-3.44.1-3.16.2 mozilla-nss-sysinit-debuginfo-3.44.1-3.16.2 mozilla-nss-tools-3.44.1-3.16.2 mozilla-nss-tools-debuginfo-3.44.1-3.16.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libfreebl3-32bit-3.44.1-3.16.2 libfreebl3-32bit-debuginfo-3.44.1-3.16.2 libsoftokn3-32bit-3.44.1-3.16.2 libsoftokn3-32bit-debuginfo-3.44.1-3.16.2 mozilla-nss-32bit-3.44.1-3.16.2 mozilla-nss-32bit-debuginfo-3.44.1-3.16.2 mozilla-nss-certs-32bit-3.44.1-3.16.2 mozilla-nss-certs-32bit-debuginfo-3.44.1-3.16.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libfreebl3-3.44.1-3.16.2 libfreebl3-debuginfo-3.44.1-3.16.2 libfreebl3-hmac-3.44.1-3.16.2 libsoftokn3-3.44.1-3.16.2 libsoftokn3-debuginfo-3.44.1-3.16.2 libsoftokn3-hmac-3.44.1-3.16.2 mozilla-nss-3.44.1-3.16.2 mozilla-nss-certs-3.44.1-3.16.2 mozilla-nss-certs-debuginfo-3.44.1-3.16.2 mozilla-nss-debuginfo-3.44.1-3.16.2 mozilla-nss-debugsource-3.44.1-3.16.2 mozilla-nss-devel-3.44.1-3.16.2 mozilla-nss-sysinit-3.44.1-3.16.2 mozilla-nss-sysinit-debuginfo-3.44.1-3.16.2 mozilla-nss-tools-3.44.1-3.16.2 mozilla-nss-tools-debuginfo-3.44.1-3.16.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libfreebl3-32bit-3.44.1-3.16.2 libfreebl3-32bit-debuginfo-3.44.1-3.16.2 libfreebl3-hmac-32bit-3.44.1-3.16.2 libsoftokn3-32bit-3.44.1-3.16.2 libsoftokn3-32bit-debuginfo-3.44.1-3.16.2 libsoftokn3-hmac-32bit-3.44.1-3.16.2 mozilla-nss-32bit-3.44.1-3.16.2 mozilla-nss-32bit-debuginfo-3.44.1-3.16.2 mozilla-nss-certs-32bit-3.44.1-3.16.2 mozilla-nss-certs-32bit-debuginfo-3.44.1-3.16.2 References: https://www.suse.com/security/cve/CVE-2019-11709.html https://www.suse.com/security/cve/CVE-2019-11711.html https://www.suse.com/security/cve/CVE-2019-11712.html https://www.suse.com/security/cve/CVE-2019-11713.html https://www.suse.com/security/cve/CVE-2019-11715.html https://www.suse.com/security/cve/CVE-2019-11717.html https://www.suse.com/security/cve/CVE-2019-11719.html https://www.suse.com/security/cve/CVE-2019-11729.html https://www.suse.com/security/cve/CVE-2019-11730.html https://www.suse.com/security/cve/CVE-2019-9811.html https://bugzilla.suse.com/1140868 From sle-security-updates at lists.suse.com Wed Jul 17 10:14:39 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Jul 2019 18:14:39 +0200 (CEST) Subject: SUSE-SU-2019:1867-1: moderate: Security update for libxslt Message-ID: <20190717161439.0C747FFE6@maintenance.suse.de> SUSE Security Update: Security update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1867-1 Rating: moderate References: #1140095 #1140101 Cross-References: CVE-2019-13117 CVE-2019-13118 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1867=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1867=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1867=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.28-17.6.1 libxslt-devel-1.1.28-17.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.28-17.6.1 libxslt-tools-1.1.28-17.6.1 libxslt-tools-debuginfo-1.1.28-17.6.1 libxslt1-1.1.28-17.6.1 libxslt1-debuginfo-1.1.28-17.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libxslt1-32bit-1.1.28-17.6.1 libxslt1-debuginfo-32bit-1.1.28-17.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libxslt-debugsource-1.1.28-17.6.1 libxslt-tools-1.1.28-17.6.1 libxslt-tools-debuginfo-1.1.28-17.6.1 libxslt1-1.1.28-17.6.1 libxslt1-32bit-1.1.28-17.6.1 libxslt1-debuginfo-1.1.28-17.6.1 libxslt1-debuginfo-32bit-1.1.28-17.6.1 - SUSE CaaS Platform 3.0 (x86_64): libxslt1-1.1.28-17.6.1 libxslt1-debuginfo-1.1.28-17.6.1 References: https://www.suse.com/security/cve/CVE-2019-13117.html https://www.suse.com/security/cve/CVE-2019-13118.html https://bugzilla.suse.com/1140095 https://bugzilla.suse.com/1140101 From sle-security-updates at lists.suse.com Wed Jul 17 10:16:47 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Jul 2019 18:16:47 +0200 (CEST) Subject: SUSE-SU-2019:14124-1: important: Security update for MozillaFirefox Message-ID: <20190717161647.31FF1FFE6@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14124-1 Rating: important References: #1137792 #1138614 #1138872 #1140868 Cross-References: CVE-2019-11707 CVE-2019-11708 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for MozillaFirefox to version ESR 60.8 fixes the following issues: Security issues fixed: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). - CVE-2019-11708: Fix sandbox escape using Prompt:Open (bsc#1138872). - CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614) Non-security issues fixed: - Fix broken language plugins (bsc#1137792) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14124=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-60.8.0esr-78.43.2 MozillaFirefox-translations-common-60.8.0esr-78.43.2 MozillaFirefox-translations-other-60.8.0esr-78.43.2 References: https://www.suse.com/security/cve/CVE-2019-11707.html https://www.suse.com/security/cve/CVE-2019-11708.html https://www.suse.com/security/cve/CVE-2019-11709.html https://www.suse.com/security/cve/CVE-2019-11711.html https://www.suse.com/security/cve/CVE-2019-11712.html https://www.suse.com/security/cve/CVE-2019-11713.html https://www.suse.com/security/cve/CVE-2019-11715.html https://www.suse.com/security/cve/CVE-2019-11717.html https://www.suse.com/security/cve/CVE-2019-11719.html https://www.suse.com/security/cve/CVE-2019-11729.html https://www.suse.com/security/cve/CVE-2019-11730.html https://www.suse.com/security/cve/CVE-2019-9811.html https://bugzilla.suse.com/1137792 https://bugzilla.suse.com/1138614 https://bugzilla.suse.com/1138872 https://bugzilla.suse.com/1140868 From sle-security-updates at lists.suse.com Wed Jul 17 10:18:00 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Jul 2019 18:18:00 +0200 (CEST) Subject: SUSE-SU-2019:1866-1: moderate: Security update for tomcat Message-ID: <20190717161800.033F7FFE6@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1866-1 Rating: moderate References: #1131055 #1136085 #1139924 Cross-References: CVE-2019-0199 CVE-2019-0221 CVE-2019-10072 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tomcat to version 9.0.21 fixes the following issues: Security issues fixed: - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames (bsc#1131055). - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI printenv command (bsc#1136085). - CVE-2019-10072: Fixed incomplete patch for CVE-2019-0199 (bsc#1139924). Please also see http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.21_(markt ) and http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt ) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1866=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): tomcat-9.0.21-3.13.2 tomcat-admin-webapps-9.0.21-3.13.2 tomcat-docs-webapp-9.0.21-3.13.2 tomcat-el-3_0-api-9.0.21-3.13.2 tomcat-javadoc-9.0.21-3.13.2 tomcat-jsp-2_3-api-9.0.21-3.13.2 tomcat-lib-9.0.21-3.13.2 tomcat-servlet-4_0-api-9.0.21-3.13.2 tomcat-webapps-9.0.21-3.13.2 References: https://www.suse.com/security/cve/CVE-2019-0199.html https://www.suse.com/security/cve/CVE-2019-0221.html https://www.suse.com/security/cve/CVE-2019-10072.html https://bugzilla.suse.com/1131055 https://bugzilla.suse.com/1136085 https://bugzilla.suse.com/1139924 From sle-security-updates at lists.suse.com Thu Jul 18 07:13:20 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jul 2019 15:13:20 +0200 (CEST) Subject: SUSE-SU-2019:1877-1: moderate: Security update for glibc Message-ID: <20190718131320.50F40FFE6@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1877-1 Rating: moderate References: #1117993 #1123710 #1127223 #1127308 #1131330 Cross-References: CVE-2009-5155 CVE-2019-9169 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Does no longer compress debug sections in crt*.o files (bsc#1123710) - Fixes a concurrency problem in ldconfig (bsc#1117993) - Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1877=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1877=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1877=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1877=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1877=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1877=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x x86_64): glibc-debugsource-2.26-13.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): glibc-html-2.26-13.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): glibc-32bit-debuginfo-2.26-13.24.1 glibc-devel-static-32bit-2.26-13.24.1 glibc-locale-base-32bit-2.26-13.24.1 glibc-locale-base-32bit-debuginfo-2.26-13.24.1 glibc-profile-32bit-2.26-13.24.1 glibc-utils-32bit-2.26-13.24.1 glibc-utils-32bit-debuginfo-2.26-13.24.1 glibc-utils-src-debugsource-2.26-13.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): glibc-html-2.26-13.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.26-13.24.1 glibc-debugsource-2.26-13.24.1 glibc-devel-static-2.26-13.24.1 glibc-utils-2.26-13.24.1 glibc-utils-debuginfo-2.26-13.24.1 glibc-utils-src-debugsource-2.26-13.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): glibc-32bit-debuginfo-2.26-13.24.1 glibc-devel-32bit-2.26-13.24.1 glibc-devel-32bit-debuginfo-2.26-13.24.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.26-13.24.1 glibc-debugsource-2.26-13.24.1 glibc-devel-static-2.26-13.24.1 glibc-utils-2.26-13.24.1 glibc-utils-debuginfo-2.26-13.24.1 glibc-utils-src-debugsource-2.26-13.24.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): glibc-32bit-debuginfo-2.26-13.24.1 glibc-devel-32bit-2.26-13.24.1 glibc-devel-32bit-debuginfo-2.26-13.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): glibc-2.26-13.24.1 glibc-debuginfo-2.26-13.24.1 glibc-debugsource-2.26-13.24.1 glibc-devel-2.26-13.24.1 glibc-devel-debuginfo-2.26-13.24.1 glibc-extra-2.26-13.24.1 glibc-extra-debuginfo-2.26-13.24.1 glibc-locale-2.26-13.24.1 glibc-locale-base-2.26-13.24.1 glibc-locale-base-debuginfo-2.26-13.24.1 glibc-profile-2.26-13.24.1 nscd-2.26-13.24.1 nscd-debuginfo-2.26-13.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): glibc-32bit-2.26-13.24.1 glibc-32bit-debuginfo-2.26-13.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): glibc-i18ndata-2.26-13.24.1 glibc-info-2.26-13.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): glibc-2.26-13.24.1 glibc-debuginfo-2.26-13.24.1 glibc-debugsource-2.26-13.24.1 glibc-devel-2.26-13.24.1 glibc-devel-debuginfo-2.26-13.24.1 glibc-extra-2.26-13.24.1 glibc-extra-debuginfo-2.26-13.24.1 glibc-locale-2.26-13.24.1 glibc-locale-base-2.26-13.24.1 glibc-locale-base-debuginfo-2.26-13.24.1 glibc-profile-2.26-13.24.1 nscd-2.26-13.24.1 nscd-debuginfo-2.26-13.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): glibc-32bit-2.26-13.24.1 glibc-32bit-debuginfo-2.26-13.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): glibc-i18ndata-2.26-13.24.1 glibc-info-2.26-13.24.1 References: https://www.suse.com/security/cve/CVE-2009-5155.html https://www.suse.com/security/cve/CVE-2019-9169.html https://bugzilla.suse.com/1117993 https://bugzilla.suse.com/1123710 https://bugzilla.suse.com/1127223 https://bugzilla.suse.com/1127308 https://bugzilla.suse.com/1131330 From sle-security-updates at lists.suse.com Thu Jul 18 10:10:43 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jul 2019 18:10:43 +0200 (CEST) Subject: SUSE-SU-2019:1889-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1) Message-ID: <20190718161043.59B22FFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1889-1 Rating: important References: #1137597 #1140747 Cross-References: CVE-2019-11477 CVE-2019-11478 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-195 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1889=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-195-default-4-10.1 References: https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://bugzilla.suse.com/1137597 https://bugzilla.suse.com/1140747 From sle-security-updates at lists.suse.com Thu Jul 18 10:11:37 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jul 2019 18:11:37 +0200 (CEST) Subject: SUSE-SU-2019:1882-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15) Message-ID: <20190718161137.B52F4FFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1882-1 Rating: important References: #1136446 #1137597 #1140747 Cross-References: CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_14 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1878=1 SUSE-SLE-Module-Live-Patching-15-2019-1879=1 SUSE-SLE-Module-Live-Patching-15-2019-1880=1 SUSE-SLE-Module-Live-Patching-15-2019-1881=1 SUSE-SLE-Module-Live-Patching-15-2019-1882=1 SUSE-SLE-Module-Live-Patching-15-2019-1883=1 SUSE-SLE-Module-Live-Patching-15-2019-1884=1 SUSE-SLE-Module-Live-Patching-15-2019-1885=1 SUSE-SLE-Module-Live-Patching-15-2019-1886=1 SUSE-SLE-Module-Live-Patching-15-2019-1887=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_14-default-3-2.1 kernel-livepatch-4_12_14-150_14-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-150_17-default-3-2.1 kernel-livepatch-4_12_14-150_17-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-25_13-default-8-2.1 kernel-livepatch-4_12_14-25_13-default-debuginfo-8-2.1 kernel-livepatch-4_12_14-25_16-default-7-2.1 kernel-livepatch-4_12_14-25_16-default-debuginfo-7-2.1 kernel-livepatch-4_12_14-25_19-default-7-2.1 kernel-livepatch-4_12_14-25_19-default-debuginfo-7-2.1 kernel-livepatch-4_12_14-25_22-default-6-2.1 kernel-livepatch-4_12_14-25_22-default-debuginfo-6-2.1 kernel-livepatch-4_12_14-25_25-default-5-2.1 kernel-livepatch-4_12_14-25_25-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-25_28-default-4-2.1 kernel-livepatch-4_12_14-25_28-default-debuginfo-4-2.1 kernel-livepatch-4_12_14-25_3-default-11-2.1 kernel-livepatch-4_12_14-25_3-default-debuginfo-11-2.1 kernel-livepatch-4_12_14-25_6-default-10-2.1 kernel-livepatch-4_12_14-25_6-default-debuginfo-10-2.1 References: https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-3846.html https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1137597 https://bugzilla.suse.com/1140747 From sle-security-updates at lists.suse.com Thu Jul 18 10:12:36 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jul 2019 18:12:36 +0200 (CEST) Subject: SUSE-SU-2019:1888-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP1) Message-ID: <20190718161236.1643DFFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1888-1 Rating: important References: #1140747 Cross-References: CVE-2019-11478 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-197_7 fixes one issue. The following security issue was fixed: This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1890=1 SUSE-SLE-Module-Live-Patching-15-SP1-2019-1891=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1888=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_4-default-3-2.1 kernel-livepatch-4_12_14-197_7-default-2-2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_22-default-2-2.1 kernel-livepatch-4_12_14-150_22-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-11478.html https://bugzilla.suse.com/1140747 From sle-security-updates at lists.suse.com Thu Jul 18 13:11:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jul 2019 21:11:19 +0200 (CEST) Subject: SUSE-SU-2019:1894-1: moderate: Security update for LibreOffice Message-ID: <20190718191119.8EFC3FFE6@maintenance.suse.de> SUSE Security Update: Security update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1894-1 Rating: moderate References: #1089811 #1116451 #1121874 #1123131 #1123455 #1124062 #1124869 #1127760 #1127857 #1128845 #1135189 #1135228 Cross-References: CVE-2018-16858 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has 11 fixes is now available. Description: This update for libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.2.5.2 (fate#327121 bsc#1128845 bsc#1123455), bringing lots of bug and stability fixes. Additional bugfixes: - If there is no firebird engine we still need java to run hsqldb (bsc#1135189) - PPTX: Rectangle turns from green to blue and loses transparency when transparency is set (bsc#1135228) - Slide deck compression doesn't, hmm, compress too much (bsc#1127760) - Psychedelic graphics in LibreOffice (but not PowerPoint) (bsc#1124869) - Image from PPTX shown in a square, not a circle (bsc#1121874) libixion was updated to 0.14.1: * Updated for new orcus liborcus was updated to 0.14.1: * Boost 1.67 support * Various cell handling issues fixed libwps was updated to 0.4.10: * QuattroPro: add parser of .qwp files * all: support complex encoding mdds was updated to 1.4.3: * Api change to 1.4 * More multivector operations and tweaks * Various multi vector fixes * flat_segment_tree: add segment iterator and functions * fix to handle out-of-range insertions on flat_segment_tree * Another api version -> rename to mdds-1_2 myspell-dictionaries was updated to 20190423: * Serbian dictionary updated * Update af_ZA hunspell * Update Spanish dictionary * Update Slovenian dictionary * Update Breton dictionary * Update Galician dictionary Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1894=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1894=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1894=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1894=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1894=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1894=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): libixion-0_14-0-0.14.1-4.3.8 libixion-0_14-0-debuginfo-0.14.1-4.3.8 libixion-debuginfo-0.14.1-4.3.8 libixion-debugsource-0.14.1-4.3.8 liborcus-0_14-0-0.14.1-3.3.8 liborcus-0_14-0-debuginfo-0.14.1-3.3.8 liborcus-debuginfo-0.14.1-3.3.8 liborcus-debugsource-0.14.1-3.3.8 liborcus-devel-0.14.1-3.3.8 - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): myspell-af_ZA-20190423-3.9.7 myspell-ar-20190423-3.9.7 myspell-bg_BG-20190423-3.9.7 myspell-bn_BD-20190423-3.9.7 myspell-br_FR-20190423-3.9.7 myspell-ca-20190423-3.9.7 myspell-cs_CZ-20190423-3.9.7 myspell-da_DK-20190423-3.9.7 myspell-el_GR-20190423-3.9.7 myspell-et_EE-20190423-3.9.7 myspell-fr_FR-20190423-3.9.7 myspell-gl-20190423-3.9.7 myspell-gu_IN-20190423-3.9.7 myspell-he_IL-20190423-3.9.7 myspell-hi_IN-20190423-3.9.7 myspell-hr_HR-20190423-3.9.7 myspell-it_IT-20190423-3.9.7 myspell-lt_LT-20190423-3.9.7 myspell-lv_LV-20190423-3.9.7 myspell-nl_NL-20190423-3.9.7 myspell-nn_NO-20190423-3.9.7 myspell-pl_PL-20190423-3.9.7 myspell-pt_PT-20190423-3.9.7 myspell-si_LK-20190423-3.9.7 myspell-sk_SK-20190423-3.9.7 myspell-sl_SI-20190423-3.9.7 myspell-sr-20190423-3.9.7 myspell-sv_SE-20190423-3.9.7 myspell-te_IN-20190423-3.9.7 myspell-th_TH-20190423-3.9.7 myspell-tr_TR-20190423-3.9.7 myspell-uk_UA-20190423-3.9.7 myspell-zu_ZA-20190423-3.9.7 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): libixion-0_14-0-0.14.1-4.3.8 libixion-0_14-0-debuginfo-0.14.1-4.3.8 libixion-debuginfo-0.14.1-4.3.8 libixion-debugsource-0.14.1-4.3.8 liborcus-0_14-0-0.14.1-3.3.8 liborcus-0_14-0-debuginfo-0.14.1-3.3.8 liborcus-debuginfo-0.14.1-3.3.8 liborcus-debugsource-0.14.1-3.3.8 liborcus-devel-0.14.1-3.3.8 libreoffice-6.2.5.2-3.18.5 libreoffice-base-6.2.5.2-3.18.5 libreoffice-base-debuginfo-6.2.5.2-3.18.5 libreoffice-base-drivers-postgresql-6.2.5.2-3.18.5 libreoffice-base-drivers-postgresql-debuginfo-6.2.5.2-3.18.5 libreoffice-calc-6.2.5.2-3.18.5 libreoffice-calc-debuginfo-6.2.5.2-3.18.5 libreoffice-calc-extensions-6.2.5.2-3.18.5 libreoffice-debuginfo-6.2.5.2-3.18.5 libreoffice-debugsource-6.2.5.2-3.18.5 libreoffice-draw-6.2.5.2-3.18.5 libreoffice-draw-debuginfo-6.2.5.2-3.18.5 libreoffice-filters-optional-6.2.5.2-3.18.5 libreoffice-gnome-6.2.5.2-3.18.5 libreoffice-gnome-debuginfo-6.2.5.2-3.18.5 libreoffice-gtk3-6.2.5.2-3.18.5 libreoffice-gtk3-debuginfo-6.2.5.2-3.18.5 libreoffice-impress-6.2.5.2-3.18.5 libreoffice-impress-debuginfo-6.2.5.2-3.18.5 libreoffice-mailmerge-6.2.5.2-3.18.5 libreoffice-math-6.2.5.2-3.18.5 libreoffice-math-debuginfo-6.2.5.2-3.18.5 libreoffice-officebean-6.2.5.2-3.18.5 libreoffice-officebean-debuginfo-6.2.5.2-3.18.5 libreoffice-pyuno-6.2.5.2-3.18.5 libreoffice-pyuno-debuginfo-6.2.5.2-3.18.5 libreoffice-writer-6.2.5.2-3.18.5 libreoffice-writer-debuginfo-6.2.5.2-3.18.5 libreoffice-writer-extensions-6.2.5.2-3.18.5 libreofficekit-6.2.5.2-3.18.5 libwps-0_4-4-0.4.10-3.6.7 libwps-0_4-4-debuginfo-0.4.10-3.6.7 libwps-debuginfo-0.4.10-3.6.7 libwps-debugsource-0.4.10-3.6.7 libwps-devel-0.4.10-3.6.7 - SUSE Linux Enterprise Workstation Extension 15 (noarch): libreoffice-branding-upstream-6.2.5.2-3.18.5 libreoffice-icon-themes-6.2.5.2-3.18.5 libreoffice-l10n-af-6.2.5.2-3.18.5 libreoffice-l10n-ar-6.2.5.2-3.18.5 libreoffice-l10n-as-6.2.5.2-3.18.5 libreoffice-l10n-bg-6.2.5.2-3.18.5 libreoffice-l10n-bn-6.2.5.2-3.18.5 libreoffice-l10n-br-6.2.5.2-3.18.5 libreoffice-l10n-ca-6.2.5.2-3.18.5 libreoffice-l10n-cs-6.2.5.2-3.18.5 libreoffice-l10n-cy-6.2.5.2-3.18.5 libreoffice-l10n-da-6.2.5.2-3.18.5 libreoffice-l10n-de-6.2.5.2-3.18.5 libreoffice-l10n-dz-6.2.5.2-3.18.5 libreoffice-l10n-el-6.2.5.2-3.18.5 libreoffice-l10n-en-6.2.5.2-3.18.5 libreoffice-l10n-eo-6.2.5.2-3.18.5 libreoffice-l10n-es-6.2.5.2-3.18.5 libreoffice-l10n-et-6.2.5.2-3.18.5 libreoffice-l10n-eu-6.2.5.2-3.18.5 libreoffice-l10n-fa-6.2.5.2-3.18.5 libreoffice-l10n-fi-6.2.5.2-3.18.5 libreoffice-l10n-fr-6.2.5.2-3.18.5 libreoffice-l10n-ga-6.2.5.2-3.18.5 libreoffice-l10n-gl-6.2.5.2-3.18.5 libreoffice-l10n-gu-6.2.5.2-3.18.5 libreoffice-l10n-he-6.2.5.2-3.18.5 libreoffice-l10n-hi-6.2.5.2-3.18.5 libreoffice-l10n-hr-6.2.5.2-3.18.5 libreoffice-l10n-hu-6.2.5.2-3.18.5 libreoffice-l10n-it-6.2.5.2-3.18.5 libreoffice-l10n-ja-6.2.5.2-3.18.5 libreoffice-l10n-kk-6.2.5.2-3.18.5 libreoffice-l10n-kn-6.2.5.2-3.18.5 libreoffice-l10n-ko-6.2.5.2-3.18.5 libreoffice-l10n-lt-6.2.5.2-3.18.5 libreoffice-l10n-lv-6.2.5.2-3.18.5 libreoffice-l10n-mai-6.2.5.2-3.18.5 libreoffice-l10n-ml-6.2.5.2-3.18.5 libreoffice-l10n-mr-6.2.5.2-3.18.5 libreoffice-l10n-nb-6.2.5.2-3.18.5 libreoffice-l10n-nl-6.2.5.2-3.18.5 libreoffice-l10n-nn-6.2.5.2-3.18.5 libreoffice-l10n-nr-6.2.5.2-3.18.5 libreoffice-l10n-nso-6.2.5.2-3.18.5 libreoffice-l10n-or-6.2.5.2-3.18.5 libreoffice-l10n-pa-6.2.5.2-3.18.5 libreoffice-l10n-pl-6.2.5.2-3.18.5 libreoffice-l10n-pt_BR-6.2.5.2-3.18.5 libreoffice-l10n-pt_PT-6.2.5.2-3.18.5 libreoffice-l10n-ro-6.2.5.2-3.18.5 libreoffice-l10n-ru-6.2.5.2-3.18.5 libreoffice-l10n-si-6.2.5.2-3.18.5 libreoffice-l10n-sk-6.2.5.2-3.18.5 libreoffice-l10n-sl-6.2.5.2-3.18.5 libreoffice-l10n-sr-6.2.5.2-3.18.5 libreoffice-l10n-ss-6.2.5.2-3.18.5 libreoffice-l10n-st-6.2.5.2-3.18.5 libreoffice-l10n-sv-6.2.5.2-3.18.5 libreoffice-l10n-ta-6.2.5.2-3.18.5 libreoffice-l10n-te-6.2.5.2-3.18.5 libreoffice-l10n-th-6.2.5.2-3.18.5 libreoffice-l10n-tn-6.2.5.2-3.18.5 libreoffice-l10n-tr-6.2.5.2-3.18.5 libreoffice-l10n-ts-6.2.5.2-3.18.5 libreoffice-l10n-uk-6.2.5.2-3.18.5 libreoffice-l10n-ve-6.2.5.2-3.18.5 libreoffice-l10n-xh-6.2.5.2-3.18.5 libreoffice-l10n-zh_CN-6.2.5.2-3.18.5 libreoffice-l10n-zh_TW-6.2.5.2-3.18.5 libreoffice-l10n-zu-6.2.5.2-3.18.5 myspell-af_ZA-20190423-3.9.7 myspell-ar-20190423-3.9.7 myspell-bg_BG-20190423-3.9.7 myspell-bn_BD-20190423-3.9.7 myspell-br_FR-20190423-3.9.7 myspell-ca-20190423-3.9.7 myspell-cs_CZ-20190423-3.9.7 myspell-da_DK-20190423-3.9.7 myspell-el_GR-20190423-3.9.7 myspell-et_EE-20190423-3.9.7 myspell-fr_FR-20190423-3.9.7 myspell-gl-20190423-3.9.7 myspell-gu_IN-20190423-3.9.7 myspell-he_IL-20190423-3.9.7 myspell-hi_IN-20190423-3.9.7 myspell-hr_HR-20190423-3.9.7 myspell-it_IT-20190423-3.9.7 myspell-lt_LT-20190423-3.9.7 myspell-lv_LV-20190423-3.9.7 myspell-nl_NL-20190423-3.9.7 myspell-nn_NO-20190423-3.9.7 myspell-pl_PL-20190423-3.9.7 myspell-pt_PT-20190423-3.9.7 myspell-si_LK-20190423-3.9.7 myspell-sk_SK-20190423-3.9.7 myspell-sl_SI-20190423-3.9.7 myspell-sr-20190423-3.9.7 myspell-sv_SE-20190423-3.9.7 myspell-te_IN-20190423-3.9.7 myspell-th_TH-20190423-3.9.7 myspell-tr_TR-20190423-3.9.7 myspell-uk_UA-20190423-3.9.7 myspell-zu_ZA-20190423-3.9.7 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libixion-debuginfo-0.14.1-4.3.8 libixion-debugsource-0.14.1-4.3.8 libixion-devel-0.14.1-4.3.8 libixion-tools-0.14.1-4.3.8 libixion-tools-debuginfo-0.14.1-4.3.8 liborcus-debuginfo-0.14.1-3.3.8 liborcus-debugsource-0.14.1-3.3.8 liborcus-tools-0.14.1-3.3.8 liborcus-tools-debuginfo-0.14.1-3.3.8 python3-libixion-0.14.1-4.3.8 python3-libixion-debuginfo-0.14.1-4.3.8 python3-liborcus-0.14.1-3.3.8 python3-liborcus-debuginfo-0.14.1-3.3.8 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): mdds-1_4-devel-1.4.3-1.3.7 myspell-af_NA-20190423-3.9.7 myspell-af_ZA-20190423-3.9.7 myspell-an-20190423-3.9.7 myspell-an_ES-20190423-3.9.7 myspell-ar-20190423-3.9.7 myspell-ar_AE-20190423-3.9.7 myspell-ar_BH-20190423-3.9.7 myspell-ar_DZ-20190423-3.9.7 myspell-ar_EG-20190423-3.9.7 myspell-ar_IQ-20190423-3.9.7 myspell-ar_JO-20190423-3.9.7 myspell-ar_KW-20190423-3.9.7 myspell-ar_LB-20190423-3.9.7 myspell-ar_LY-20190423-3.9.7 myspell-ar_MA-20190423-3.9.7 myspell-ar_OM-20190423-3.9.7 myspell-ar_QA-20190423-3.9.7 myspell-ar_SA-20190423-3.9.7 myspell-ar_SD-20190423-3.9.7 myspell-ar_SY-20190423-3.9.7 myspell-ar_TN-20190423-3.9.7 myspell-ar_YE-20190423-3.9.7 myspell-be_BY-20190423-3.9.7 myspell-bg_BG-20190423-3.9.7 myspell-bn_BD-20190423-3.9.7 myspell-bn_IN-20190423-3.9.7 myspell-bo-20190423-3.9.7 myspell-bo_CN-20190423-3.9.7 myspell-bo_IN-20190423-3.9.7 myspell-br_FR-20190423-3.9.7 myspell-bs-20190423-3.9.7 myspell-bs_BA-20190423-3.9.7 myspell-ca-20190423-3.9.7 myspell-ca_AD-20190423-3.9.7 myspell-ca_ES-20190423-3.9.7 myspell-ca_ES_valencia-20190423-3.9.7 myspell-ca_FR-20190423-3.9.7 myspell-ca_IT-20190423-3.9.7 myspell-cs_CZ-20190423-3.9.7 myspell-da_DK-20190423-3.9.7 myspell-de_AT-20190423-3.9.7 myspell-de_CH-20190423-3.9.7 myspell-el_GR-20190423-3.9.7 myspell-en_AU-20190423-3.9.7 myspell-en_BS-20190423-3.9.7 myspell-en_BZ-20190423-3.9.7 myspell-en_CA-20190423-3.9.7 myspell-en_GB-20190423-3.9.7 myspell-en_GH-20190423-3.9.7 myspell-en_IE-20190423-3.9.7 myspell-en_IN-20190423-3.9.7 myspell-en_JM-20190423-3.9.7 myspell-en_MW-20190423-3.9.7 myspell-en_NA-20190423-3.9.7 myspell-en_NZ-20190423-3.9.7 myspell-en_PH-20190423-3.9.7 myspell-en_TT-20190423-3.9.7 myspell-en_ZA-20190423-3.9.7 myspell-en_ZW-20190423-3.9.7 myspell-es_AR-20190423-3.9.7 myspell-es_BO-20190423-3.9.7 myspell-es_CL-20190423-3.9.7 myspell-es_CO-20190423-3.9.7 myspell-es_CR-20190423-3.9.7 myspell-es_CU-20190423-3.9.7 myspell-es_DO-20190423-3.9.7 myspell-es_EC-20190423-3.9.7 myspell-es_GT-20190423-3.9.7 myspell-es_HN-20190423-3.9.7 myspell-es_MX-20190423-3.9.7 myspell-es_NI-20190423-3.9.7 myspell-es_PA-20190423-3.9.7 myspell-es_PE-20190423-3.9.7 myspell-es_PR-20190423-3.9.7 myspell-es_PY-20190423-3.9.7 myspell-es_SV-20190423-3.9.7 myspell-es_UY-20190423-3.9.7 myspell-es_VE-20190423-3.9.7 myspell-et_EE-20190423-3.9.7 myspell-fr_BE-20190423-3.9.7 myspell-fr_CA-20190423-3.9.7 myspell-fr_CH-20190423-3.9.7 myspell-fr_FR-20190423-3.9.7 myspell-fr_LU-20190423-3.9.7 myspell-fr_MC-20190423-3.9.7 myspell-gd_GB-20190423-3.9.7 myspell-gl-20190423-3.9.7 myspell-gl_ES-20190423-3.9.7 myspell-gu_IN-20190423-3.9.7 myspell-gug-20190423-3.9.7 myspell-gug_PY-20190423-3.9.7 myspell-he_IL-20190423-3.9.7 myspell-hi_IN-20190423-3.9.7 myspell-hr_HR-20190423-3.9.7 myspell-id-20190423-3.9.7 myspell-id_ID-20190423-3.9.7 myspell-is-20190423-3.9.7 myspell-is_IS-20190423-3.9.7 myspell-it_IT-20190423-3.9.7 myspell-kmr_Latn-20190423-3.9.7 myspell-kmr_Latn_SY-20190423-3.9.7 myspell-kmr_Latn_TR-20190423-3.9.7 myspell-lo_LA-20190423-3.9.7 myspell-lt_LT-20190423-3.9.7 myspell-lv_LV-20190423-3.9.7 myspell-ne_NP-20190423-3.9.7 myspell-nl_BE-20190423-3.9.7 myspell-nl_NL-20190423-3.9.7 myspell-nn_NO-20190423-3.9.7 myspell-oc_FR-20190423-3.9.7 myspell-pl_PL-20190423-3.9.7 myspell-pt_AO-20190423-3.9.7 myspell-pt_PT-20190423-3.9.7 myspell-si_LK-20190423-3.9.7 myspell-sk_SK-20190423-3.9.7 myspell-sl_SI-20190423-3.9.7 myspell-sq_AL-20190423-3.9.7 myspell-sr-20190423-3.9.7 myspell-sr_CS-20190423-3.9.7 myspell-sr_Latn_CS-20190423-3.9.7 myspell-sr_Latn_RS-20190423-3.9.7 myspell-sr_RS-20190423-3.9.7 myspell-sv_FI-20190423-3.9.7 myspell-sv_SE-20190423-3.9.7 myspell-sw_TZ-20190423-3.9.7 myspell-te-20190423-3.9.7 myspell-te_IN-20190423-3.9.7 myspell-th_TH-20190423-3.9.7 myspell-tr-20190423-3.9.7 myspell-tr_TR-20190423-3.9.7 myspell-uk_UA-20190423-3.9.7 myspell-vi-20190423-3.9.7 myspell-vi_VN-20190423-3.9.7 myspell-zu_ZA-20190423-3.9.7 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libixion-debuginfo-0.14.1-4.3.8 libixion-debugsource-0.14.1-4.3.8 libixion-devel-0.14.1-4.3.8 libixion-tools-0.14.1-4.3.8 libixion-tools-debuginfo-0.14.1-4.3.8 liborcus-debuginfo-0.14.1-3.3.8 liborcus-debugsource-0.14.1-3.3.8 liborcus-tools-0.14.1-3.3.8 liborcus-tools-debuginfo-0.14.1-3.3.8 libwps-debuginfo-0.4.10-3.6.7 libwps-debugsource-0.4.10-3.6.7 libwps-tools-0.4.10-3.6.7 libwps-tools-debuginfo-0.4.10-3.6.7 python3-libixion-0.14.1-4.3.8 python3-libixion-debuginfo-0.14.1-4.3.8 python3-liborcus-0.14.1-3.3.8 python3-liborcus-debuginfo-0.14.1-3.3.8 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): mdds-1_4-devel-1.4.3-1.3.7 myspell-af_NA-20190423-3.9.7 myspell-an-20190423-3.9.7 myspell-an_ES-20190423-3.9.7 myspell-ar_AE-20190423-3.9.7 myspell-ar_BH-20190423-3.9.7 myspell-ar_DZ-20190423-3.9.7 myspell-ar_EG-20190423-3.9.7 myspell-ar_IQ-20190423-3.9.7 myspell-ar_JO-20190423-3.9.7 myspell-ar_KW-20190423-3.9.7 myspell-ar_LB-20190423-3.9.7 myspell-ar_LY-20190423-3.9.7 myspell-ar_MA-20190423-3.9.7 myspell-ar_OM-20190423-3.9.7 myspell-ar_QA-20190423-3.9.7 myspell-ar_SA-20190423-3.9.7 myspell-ar_SD-20190423-3.9.7 myspell-ar_SY-20190423-3.9.7 myspell-ar_TN-20190423-3.9.7 myspell-ar_YE-20190423-3.9.7 myspell-be_BY-20190423-3.9.7 myspell-bn_IN-20190423-3.9.7 myspell-bo-20190423-3.9.7 myspell-bo_CN-20190423-3.9.7 myspell-bo_IN-20190423-3.9.7 myspell-bs-20190423-3.9.7 myspell-bs_BA-20190423-3.9.7 myspell-ca_AD-20190423-3.9.7 myspell-ca_ES-20190423-3.9.7 myspell-ca_ES_valencia-20190423-3.9.7 myspell-ca_FR-20190423-3.9.7 myspell-ca_IT-20190423-3.9.7 myspell-de_AT-20190423-3.9.7 myspell-de_CH-20190423-3.9.7 myspell-en_AU-20190423-3.9.7 myspell-en_BS-20190423-3.9.7 myspell-en_BZ-20190423-3.9.7 myspell-en_CA-20190423-3.9.7 myspell-en_GB-20190423-3.9.7 myspell-en_GH-20190423-3.9.7 myspell-en_IE-20190423-3.9.7 myspell-en_IN-20190423-3.9.7 myspell-en_JM-20190423-3.9.7 myspell-en_MW-20190423-3.9.7 myspell-en_NA-20190423-3.9.7 myspell-en_NZ-20190423-3.9.7 myspell-en_PH-20190423-3.9.7 myspell-en_TT-20190423-3.9.7 myspell-en_ZA-20190423-3.9.7 myspell-en_ZW-20190423-3.9.7 myspell-es_AR-20190423-3.9.7 myspell-es_BO-20190423-3.9.7 myspell-es_CL-20190423-3.9.7 myspell-es_CO-20190423-3.9.7 myspell-es_CR-20190423-3.9.7 myspell-es_CU-20190423-3.9.7 myspell-es_DO-20190423-3.9.7 myspell-es_EC-20190423-3.9.7 myspell-es_GT-20190423-3.9.7 myspell-es_HN-20190423-3.9.7 myspell-es_MX-20190423-3.9.7 myspell-es_NI-20190423-3.9.7 myspell-es_PA-20190423-3.9.7 myspell-es_PE-20190423-3.9.7 myspell-es_PR-20190423-3.9.7 myspell-es_PY-20190423-3.9.7 myspell-es_SV-20190423-3.9.7 myspell-es_UY-20190423-3.9.7 myspell-es_VE-20190423-3.9.7 myspell-fr_BE-20190423-3.9.7 myspell-fr_CA-20190423-3.9.7 myspell-fr_CH-20190423-3.9.7 myspell-fr_LU-20190423-3.9.7 myspell-fr_MC-20190423-3.9.7 myspell-gd_GB-20190423-3.9.7 myspell-gl_ES-20190423-3.9.7 myspell-gug-20190423-3.9.7 myspell-gug_PY-20190423-3.9.7 myspell-is-20190423-3.9.7 myspell-is_IS-20190423-3.9.7 myspell-kmr_Latn-20190423-3.9.7 myspell-kmr_Latn_SY-20190423-3.9.7 myspell-kmr_Latn_TR-20190423-3.9.7 myspell-lo_LA-20190423-3.9.7 myspell-ne_NP-20190423-3.9.7 myspell-nl_BE-20190423-3.9.7 myspell-nn_NO-20190423-3.9.7 myspell-oc_FR-20190423-3.9.7 myspell-pt_AO-20190423-3.9.7 myspell-sq_AL-20190423-3.9.7 myspell-sr_CS-20190423-3.9.7 myspell-sr_Latn_CS-20190423-3.9.7 myspell-sr_Latn_RS-20190423-3.9.7 myspell-sr_RS-20190423-3.9.7 myspell-sv_FI-20190423-3.9.7 myspell-sw_TZ-20190423-3.9.7 myspell-te-20190423-3.9.7 myspell-vi-20190423-3.9.7 myspell-vi_VN-20190423-3.9.7 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): myspell-dictionaries-20190423-3.9.7 myspell-lightproof-en-20190423-3.9.7 myspell-lightproof-hu_HU-20190423-3.9.7 myspell-lightproof-pt_BR-20190423-3.9.7 myspell-lightproof-ru_RU-20190423-3.9.7 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): myspell-de-20190423-3.9.7 myspell-de_DE-20190423-3.9.7 myspell-en-20190423-3.9.7 myspell-en_US-20190423-3.9.7 myspell-es-20190423-3.9.7 myspell-es_ES-20190423-3.9.7 myspell-hu_HU-20190423-3.9.7 myspell-nb_NO-20190423-3.9.7 myspell-no-20190423-3.9.7 myspell-pt_BR-20190423-3.9.7 myspell-ro-20190423-3.9.7 myspell-ro_RO-20190423-3.9.7 myspell-ru_RU-20190423-3.9.7 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): myspell-dictionaries-20190423-3.9.7 myspell-lightproof-en-20190423-3.9.7 myspell-lightproof-hu_HU-20190423-3.9.7 myspell-lightproof-pt_BR-20190423-3.9.7 myspell-lightproof-ru_RU-20190423-3.9.7 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): myspell-de-20190423-3.9.7 myspell-de_DE-20190423-3.9.7 myspell-en-20190423-3.9.7 myspell-en_US-20190423-3.9.7 myspell-es-20190423-3.9.7 myspell-es_ES-20190423-3.9.7 myspell-hu_HU-20190423-3.9.7 myspell-nb_NO-20190423-3.9.7 myspell-no-20190423-3.9.7 myspell-pt_BR-20190423-3.9.7 myspell-ro-20190423-3.9.7 myspell-ro_RO-20190423-3.9.7 myspell-ru_RU-20190423-3.9.7 References: https://www.suse.com/security/cve/CVE-2018-16858.html https://bugzilla.suse.com/1089811 https://bugzilla.suse.com/1116451 https://bugzilla.suse.com/1121874 https://bugzilla.suse.com/1123131 https://bugzilla.suse.com/1123455 https://bugzilla.suse.com/1124062 https://bugzilla.suse.com/1124869 https://bugzilla.suse.com/1127760 https://bugzilla.suse.com/1127857 https://bugzilla.suse.com/1128845 https://bugzilla.suse.com/1135189 https://bugzilla.suse.com/1135228 From sle-security-updates at lists.suse.com Thu Jul 18 16:10:32 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Jul 2019 00:10:32 +0200 (CEST) Subject: SUSE-SU-2019:14127-1: important: Security update for the Linux Kernel Message-ID: <20190718221032.E9B22FFE6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14127-1 Rating: important References: #1063416 #1090078 #1102340 #1120758 #1134395 #1134835 #1135650 #1136424 #1137194 #1138943 #1139751 Cross-References: CVE-2018-20836 CVE-2018-5390 CVE-2019-12614 CVE-2019-3459 CVE-2019-3460 CVE-2019-3846 CVE-2019-3896 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel(bnc#1120758). - CVE-2019-3460: A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before (bnc#1120758). - CVE-2019-3896: A double-free could happen in idr_remove_all() in lib/idr.c in the Linux kernel. An unprivileged local attacker could use this flaw for a privilege escalation or for a system crash and a denial of service (DoS) (bnc#1138943). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which could lead to a denial of service (bnc#1102340). - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424 1136446). The following non-security bugs were fixed: - KEYS: do not let add_key() update an uninstantiated key (bnc#1063416). - fnic: Fix to cleanup aborted IO to avoid device being offlined by mid-layer (bsc#1134835). - signal: give SEND_SIG_FORCED more power to beat SIGNAL_UNKILLABLE (bsc#1135650). - signal: oom_kill_task: use SEND_SIG_FORCED instead of force_sig() (bsc#1135650). - tcp: a regression in the previous fix for the TCP SACK issue was fixed (bnc#1139751) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kernel-source-14127=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-14127=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-14127=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): kernel-default-3.0.101-108.98.1 kernel-default-base-3.0.101-108.98.1 kernel-default-devel-3.0.101-108.98.1 kernel-source-3.0.101-108.98.1 kernel-syms-3.0.101-108.98.1 kernel-trace-3.0.101-108.98.1 kernel-trace-base-3.0.101-108.98.1 kernel-trace-devel-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): kernel-ec2-3.0.101-108.98.1 kernel-ec2-base-3.0.101-108.98.1 kernel-ec2-devel-3.0.101-108.98.1 kernel-xen-3.0.101-108.98.1 kernel-xen-base-3.0.101-108.98.1 kernel-xen-devel-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): kernel-bigmem-3.0.101-108.98.1 kernel-bigmem-base-3.0.101-108.98.1 kernel-bigmem-devel-3.0.101-108.98.1 kernel-ppc64-3.0.101-108.98.1 kernel-ppc64-base-3.0.101-108.98.1 kernel-ppc64-devel-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x): kernel-default-man-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): kernel-pae-3.0.101-108.98.1 kernel-pae-base-3.0.101-108.98.1 kernel-pae-devel-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.98.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.98.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.98.1 kernel-default-debugsource-3.0.101-108.98.1 kernel-trace-debuginfo-3.0.101-108.98.1 kernel-trace-debugsource-3.0.101-108.98.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.98.1 kernel-trace-devel-debuginfo-3.0.101-108.98.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.98.1 kernel-ec2-debugsource-3.0.101-108.98.1 kernel-xen-debuginfo-3.0.101-108.98.1 kernel-xen-debugsource-3.0.101-108.98.1 kernel-xen-devel-debuginfo-3.0.101-108.98.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.98.1 kernel-bigmem-debugsource-3.0.101-108.98.1 kernel-ppc64-debuginfo-3.0.101-108.98.1 kernel-ppc64-debugsource-3.0.101-108.98.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.98.1 kernel-pae-debugsource-3.0.101-108.98.1 kernel-pae-devel-debuginfo-3.0.101-108.98.1 References: https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-3896.html https://bugzilla.suse.com/1063416 https://bugzilla.suse.com/1090078 https://bugzilla.suse.com/1102340 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1134835 https://bugzilla.suse.com/1135650 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1138943 https://bugzilla.suse.com/1139751 From sle-security-updates at lists.suse.com Thu Jul 18 16:12:41 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Jul 2019 00:12:41 +0200 (CEST) Subject: SUSE-SU-2019:1896-1: moderate: Security update for libxml2 Message-ID: <20190718221241.43A80FFE6@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1896-1 Rating: moderate References: #1010675 #1110146 #1126613 Cross-References: CVE-2016-9318 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libxml2 fixes the following issues: Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1896=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1896=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1896=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.20.1 libxml2-devel-2.9.4-46.20.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.20.1 libxml2-2-debuginfo-2.9.4-46.20.1 libxml2-debugsource-2.9.4-46.20.1 libxml2-tools-2.9.4-46.20.1 libxml2-tools-debuginfo-2.9.4-46.20.1 python-libxml2-2.9.4-46.20.1 python-libxml2-debuginfo-2.9.4-46.20.1 python-libxml2-debugsource-2.9.4-46.20.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libxml2-2-32bit-2.9.4-46.20.1 libxml2-2-debuginfo-32bit-2.9.4-46.20.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): libxml2-doc-2.9.4-46.20.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libxml2-2-2.9.4-46.20.1 libxml2-2-32bit-2.9.4-46.20.1 libxml2-2-debuginfo-2.9.4-46.20.1 libxml2-2-debuginfo-32bit-2.9.4-46.20.1 libxml2-debugsource-2.9.4-46.20.1 libxml2-tools-2.9.4-46.20.1 libxml2-tools-debuginfo-2.9.4-46.20.1 python-libxml2-2.9.4-46.20.1 python-libxml2-debuginfo-2.9.4-46.20.1 python-libxml2-debugsource-2.9.4-46.20.1 - SUSE CaaS Platform 3.0 (x86_64): libxml2-2-2.9.4-46.20.1 libxml2-2-debuginfo-2.9.4-46.20.1 libxml2-debugsource-2.9.4-46.20.1 libxml2-tools-2.9.4-46.20.1 libxml2-tools-debuginfo-2.9.4-46.20.1 References: https://www.suse.com/security/cve/CVE-2016-9318.html https://bugzilla.suse.com/1010675 https://bugzilla.suse.com/1110146 https://bugzilla.suse.com/1126613 From sle-security-updates at lists.suse.com Thu Jul 18 16:13:37 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Jul 2019 00:13:37 +0200 (CEST) Subject: SUSE-SU-2019:1895-1: moderate: Security update for tomcat Message-ID: <20190718221337.A7502FFE6@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1895-1 Rating: moderate References: #1111966 #1131055 #1136085 Cross-References: CVE-2019-0199 CVE-2019-0221 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for tomcat to version 9.0.21 fixes the following issues: Security issues fixed: - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames (bsc#1131055). - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI printenv command (bsc#1136085). Non-security issues fixed: - Increase maximum number of threads and open files for tomcat (bsc#1111966). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-1895=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1895=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): tomcat-9.0.21-4.5.5 tomcat-admin-webapps-9.0.21-4.5.5 tomcat-el-3_0-api-9.0.21-4.5.5 tomcat-jsp-2_3-api-9.0.21-4.5.5 tomcat-lib-9.0.21-4.5.5 tomcat-servlet-4_0-api-9.0.21-4.5.5 tomcat-webapps-9.0.21-4.5.5 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): tomcat-docs-webapp-9.0.21-4.5.5 tomcat-embed-9.0.21-4.5.5 tomcat-javadoc-9.0.21-4.5.5 tomcat-jsvc-9.0.21-4.5.5 References: https://www.suse.com/security/cve/CVE-2019-0199.html https://www.suse.com/security/cve/CVE-2019-0221.html https://bugzilla.suse.com/1111966 https://bugzilla.suse.com/1131055 https://bugzilla.suse.com/1136085 From sle-security-updates at lists.suse.com Fri Jul 19 10:11:54 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:11:54 +0200 (CEST) Subject: SUSE-SU-2019:1909-1: important: Security update for ucode-intel Message-ID: <20190719161154.C0F40FEA9@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1909-1 Rating: important References: #1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1909=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): ucode-intel-20190618-3.22.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 From sle-security-updates at lists.suse.com Fri Jul 19 10:13:49 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Jul 2019 18:13:49 +0200 (CEST) Subject: SUSE-SU-2019:1910-1: important: Security update for ucode-intel Message-ID: <20190719161349.5698BFEA9@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1910-1 Rating: important References: #1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded what missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1910=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): ucode-intel-20190618-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 From sle-security-updates at lists.suse.com Tue Jul 23 07:11:15 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:11:15 +0200 (CEST) Subject: SUSE-SU-2019:1955-1: important: Security update for bzip2 Message-ID: <20190723131115.6AD70FEA9@maintenance.suse.de> SUSE Security Update: Security update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1955-1 Rating: important References: #1139083 #985657 Cross-References: CVE-2016-3189 CVE-2019-12900 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1955=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1955=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1955=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1955=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1955=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1955=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1955=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1955=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1955=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1955=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1955=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1955=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1955=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1955=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1955=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1955=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1955=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE OpenStack Cloud 8 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE OpenStack Cloud 7 (s390x x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE OpenStack Cloud 7 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-devel-1.0.6-30.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-devel-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Enterprise Storage 5 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE Enterprise Storage 5 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Enterprise Storage 4 (noarch): bzip2-doc-1.0.6-30.5.1 - SUSE Enterprise Storage 4 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-32bit-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 libbz2-1-debuginfo-32bit-1.0.6-30.5.1 - SUSE CaaS Platform 3.0 (x86_64): bzip2-1.0.6-30.5.1 bzip2-debuginfo-1.0.6-30.5.1 bzip2-debugsource-1.0.6-30.5.1 libbz2-1-1.0.6-30.5.1 libbz2-1-debuginfo-1.0.6-30.5.1 References: https://www.suse.com/security/cve/CVE-2016-3189.html https://www.suse.com/security/cve/CVE-2019-12900.html https://bugzilla.suse.com/1139083 https://bugzilla.suse.com/985657 From sle-security-updates at lists.suse.com Tue Jul 23 07:12:11 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:12:11 +0200 (CEST) Subject: SUSE-SU-2019:1954-1: important: Security update for ucode-intel Message-ID: <20190723131211.45076FEA9@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1954-1 Rating: important References: #1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1954=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1954=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1954=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1954=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1954=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1954=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1954=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1954=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1954=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-1954=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1954=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1954=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1954=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1954=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1954=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1954=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1954=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1954=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE OpenStack Cloud 8 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE OpenStack Cloud 7 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Enterprise Storage 5 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE Enterprise Storage 4 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - SUSE CaaS Platform 3.0 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 - HPE Helion Openstack 8 (x86_64): ucode-intel-20190618-13.47.1 ucode-intel-debuginfo-20190618-13.47.1 ucode-intel-debugsource-20190618-13.47.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 From sle-security-updates at lists.suse.com Tue Jul 23 07:12:57 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:12:57 +0200 (CEST) Subject: SUSE-SU-2019:1935-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP1) Message-ID: <20190723131257.28678FEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1935-1 Rating: important References: #1140747 Cross-References: CVE-2019-11478 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.74-60_64_115 fixes one issue. The following security issue was fixed: This update contains a regression fix for CVE-2019-11478 (bsc#1140747). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1953=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1935=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1927=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1953=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1935=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1927=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1941=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_97-default-3-2.1 kgraft-patch-4_4_180-94_97-default-debuginfo-3-2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_114-default-3-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_115-default-3-2.1 kgraft-patch-3_12_74-60_64_115-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_97-default-3-2.1 kgraft-patch-4_4_180-94_97-default-debuginfo-3-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_114-default-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_115-default-3-2.1 kgraft-patch-3_12_74-60_64_115-xen-3-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_19-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-11478.html https://bugzilla.suse.com/1140747 From sle-security-updates at lists.suse.com Tue Jul 23 07:14:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:14:31 +0200 (CEST) Subject: SUSE-SU-2019:1924-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) Message-ID: <20190723131431.0C458FEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1924-1 Rating: important References: #1137597 #1140747 Cross-References: CVE-2019-11477 CVE-2019-11478 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_104 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1923=1 SUSE-SLE-SAP-12-SP1-2019-1924=1 SUSE-SLE-SAP-12-SP1-2019-1925=1 SUSE-SLE-SAP-12-SP1-2019-1926=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1923=1 SUSE-SLE-SERVER-12-SP1-2019-1924=1 SUSE-SLE-SERVER-12-SP1-2019-1925=1 SUSE-SLE-SERVER-12-SP1-2019-1926=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_104-default-8-2.1 kgraft-patch-3_12_74-60_64_104-xen-8-2.1 kgraft-patch-3_12_74-60_64_107-default-8-2.1 kgraft-patch-3_12_74-60_64_107-xen-8-2.1 kgraft-patch-3_12_74-60_64_110-default-4-2.1 kgraft-patch-3_12_74-60_64_110-xen-4-2.1 kgraft-patch-3_12_74-60_64_99-default-10-2.1 kgraft-patch-3_12_74-60_64_99-xen-10-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_104-default-8-2.1 kgraft-patch-3_12_74-60_64_104-xen-8-2.1 kgraft-patch-3_12_74-60_64_107-default-8-2.1 kgraft-patch-3_12_74-60_64_107-xen-8-2.1 kgraft-patch-3_12_74-60_64_110-default-4-2.1 kgraft-patch-3_12_74-60_64_110-xen-4-2.1 kgraft-patch-3_12_74-60_64_99-default-10-2.1 kgraft-patch-3_12_74-60_64_99-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://bugzilla.suse.com/1137597 https://bugzilla.suse.com/1140747 From sle-security-updates at lists.suse.com Tue Jul 23 07:15:56 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:15:56 +0200 (CEST) Subject: SUSE-SU-2019:14133-1: important: Security update for microcode_ctl Message-ID: <20190723131556.7FAD5FEA9@maintenance.suse.de> SUSE Security Update: Security update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14133-1 Rating: important References: #1111331 #1141977 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for microcode_ctl fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded what missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-microcode_ctl-14133=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-microcode_ctl-14133=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): microcode_ctl-1.17-102.83.41.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): microcode_ctl-1.17-102.83.41.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1141977 From sle-security-updates at lists.suse.com Tue Jul 23 07:17:11 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Jul 2019 15:17:11 +0200 (CEST) Subject: SUSE-SU-2019:1948-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) Message-ID: <20190723131711.BEC7DFEA9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1948-1 Rating: important References: #1136446 #1137597 #1140747 Cross-References: CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1942=1 SUSE-SLE-SAP-12-SP3-2019-1943=1 SUSE-SLE-SAP-12-SP3-2019-1944=1 SUSE-SLE-SAP-12-SP3-2019-1945=1 SUSE-SLE-SAP-12-SP3-2019-1946=1 SUSE-SLE-SAP-12-SP3-2019-1947=1 SUSE-SLE-SAP-12-SP3-2019-1948=1 SUSE-SLE-SAP-12-SP3-2019-1949=1 SUSE-SLE-SAP-12-SP3-2019-1950=1 SUSE-SLE-SAP-12-SP3-2019-1951=1 SUSE-SLE-SAP-12-SP3-2019-1952=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1928=1 SUSE-SLE-SAP-12-SP2-2019-1929=1 SUSE-SLE-SAP-12-SP2-2019-1931=1 SUSE-SLE-SAP-12-SP2-2019-1932=1 SUSE-SLE-SAP-12-SP2-2019-1933=1 SUSE-SLE-SAP-12-SP2-2019-1934=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1942=1 SUSE-SLE-SERVER-12-SP3-2019-1943=1 SUSE-SLE-SERVER-12-SP3-2019-1944=1 SUSE-SLE-SERVER-12-SP3-2019-1945=1 SUSE-SLE-SERVER-12-SP3-2019-1946=1 SUSE-SLE-SERVER-12-SP3-2019-1947=1 SUSE-SLE-SERVER-12-SP3-2019-1948=1 SUSE-SLE-SERVER-12-SP3-2019-1949=1 SUSE-SLE-SERVER-12-SP3-2019-1950=1 SUSE-SLE-SERVER-12-SP3-2019-1951=1 SUSE-SLE-SERVER-12-SP3-2019-1952=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1928=1 SUSE-SLE-SERVER-12-SP2-2019-1929=1 SUSE-SLE-SERVER-12-SP2-2019-1931=1 SUSE-SLE-SERVER-12-SP2-2019-1932=1 SUSE-SLE-SERVER-12-SP2-2019-1933=1 SUSE-SLE-SERVER-12-SP2-2019-1934=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-1936=1 SUSE-SLE-Live-Patching-12-SP4-2019-1937=1 SUSE-SLE-Live-Patching-12-SP4-2019-1938=1 SUSE-SLE-Live-Patching-12-SP4-2019-1939=1 SUSE-SLE-Live-Patching-12-SP4-2019-1940=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_140-94_42-default-10-2.1 kgraft-patch-4_4_140-94_42-default-debuginfo-10-2.1 kgraft-patch-4_4_143-94_47-default-7-2.1 kgraft-patch-4_4_143-94_47-default-debuginfo-7-2.1 kgraft-patch-4_4_155-94_50-default-7-2.1 kgraft-patch-4_4_155-94_50-default-debuginfo-7-2.1 kgraft-patch-4_4_156-94_57-default-7-2.1 kgraft-patch-4_4_156-94_57-default-debuginfo-7-2.1 kgraft-patch-4_4_156-94_61-default-7-2.1 kgraft-patch-4_4_156-94_61-default-debuginfo-7-2.1 kgraft-patch-4_4_156-94_64-default-6-2.1 kgraft-patch-4_4_156-94_64-default-debuginfo-6-2.1 kgraft-patch-4_4_162-94_69-default-5-2.1 kgraft-patch-4_4_162-94_69-default-debuginfo-5-2.1 kgraft-patch-4_4_162-94_72-default-5-2.1 kgraft-patch-4_4_162-94_72-default-debuginfo-5-2.1 kgraft-patch-4_4_175-94_79-default-4-2.1 kgraft-patch-4_4_175-94_79-default-debuginfo-4-2.1 kgraft-patch-4_4_176-94_88-default-3-2.1 kgraft-patch-4_4_176-94_88-default-debuginfo-3-2.1 kgraft-patch-4_4_178-94_91-default-3-2.1 kgraft-patch-4_4_178-94_91-default-debuginfo-3-2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_101-default-4-2.1 kgraft-patch-4_4_121-92_104-default-4-2.1 kgraft-patch-4_4_121-92_109-default-4-2.1 kgraft-patch-4_4_121-92_95-default-7-2.1 kgraft-patch-4_4_121-92_98-default-6-2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kgraft-patch-4_4_121-92_92-default-8-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_140-94_42-default-10-2.1 kgraft-patch-4_4_140-94_42-default-debuginfo-10-2.1 kgraft-patch-4_4_143-94_47-default-7-2.1 kgraft-patch-4_4_143-94_47-default-debuginfo-7-2.1 kgraft-patch-4_4_155-94_50-default-7-2.1 kgraft-patch-4_4_155-94_50-default-debuginfo-7-2.1 kgraft-patch-4_4_156-94_57-default-7-2.1 kgraft-patch-4_4_156-94_57-default-debuginfo-7-2.1 kgraft-patch-4_4_156-94_61-default-7-2.1 kgraft-patch-4_4_156-94_61-default-debuginfo-7-2.1 kgraft-patch-4_4_156-94_64-default-6-2.1 kgraft-patch-4_4_156-94_64-default-debuginfo-6-2.1 kgraft-patch-4_4_162-94_69-default-5-2.1 kgraft-patch-4_4_162-94_69-default-debuginfo-5-2.1 kgraft-patch-4_4_162-94_72-default-5-2.1 kgraft-patch-4_4_162-94_72-default-debuginfo-5-2.1 kgraft-patch-4_4_175-94_79-default-4-2.1 kgraft-patch-4_4_175-94_79-default-debuginfo-4-2.1 kgraft-patch-4_4_176-94_88-default-3-2.1 kgraft-patch-4_4_176-94_88-default-debuginfo-3-2.1 kgraft-patch-4_4_178-94_91-default-3-2.1 kgraft-patch-4_4_178-94_91-default-debuginfo-3-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_101-default-4-2.1 kgraft-patch-4_4_121-92_104-default-4-2.1 kgraft-patch-4_4_121-92_109-default-4-2.1 kgraft-patch-4_4_121-92_95-default-7-2.1 kgraft-patch-4_4_121-92_98-default-6-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kgraft-patch-4_4_121-92_92-default-8-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-94_41-default-6-2.16.1 kgraft-patch-4_12_14-94_41-default-debuginfo-6-2.16.1 kgraft-patch-4_12_14-95_13-default-3-2.1 kgraft-patch-4_12_14-95_16-default-3-2.1 kgraft-patch-4_12_14-95_3-default-5-2.1 kgraft-patch-4_12_14-95_6-default-4-2.1 kgraft-patch-SLE12-SP4_Update_0-debugsource-6-2.16.1 References: https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-3846.html https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1137597 https://bugzilla.suse.com/1140747 From sle-security-updates at lists.suse.com Tue Jul 23 10:13:01 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Jul 2019 18:13:01 +0200 (CEST) Subject: SUSE-SU-2019:1958-1: moderate: Security update for glibc Message-ID: <20190723161301.E81F3FEA9@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1958-1 Rating: moderate References: #1127223 #1127308 #1128574 Cross-References: CVE-2009-5155 CVE-2019-9169 Affected Products: SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1958=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1958=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1958=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1958=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1958=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1958=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1958=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1958=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1958=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE OpenStack Cloud 8 (x86_64): glibc-2.22-62.22.5 glibc-32bit-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE OpenStack Cloud 7 (s390x x86_64): glibc-2.22-62.22.5 glibc-32bit-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE OpenStack Cloud 7 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): glibc-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-profile-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): glibc-32bit-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): glibc-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-profile-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): glibc-32bit-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): glibc-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-profile-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): glibc-32bit-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): glibc-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-profile-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): glibc-32bit-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glibc-2.22-62.22.5 glibc-32bit-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Enterprise Storage 5 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE Enterprise Storage 5 (x86_64): glibc-2.22-62.22.5 glibc-32bit-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Enterprise Storage 4 (x86_64): glibc-2.22-62.22.5 glibc-32bit-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debuginfo-32bit-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-devel-2.22-62.22.5 glibc-devel-32bit-2.22-62.22.5 glibc-devel-debuginfo-2.22-62.22.5 glibc-devel-debuginfo-32bit-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-32bit-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 glibc-locale-debuginfo-32bit-2.22-62.22.5 glibc-profile-2.22-62.22.5 glibc-profile-32bit-2.22-62.22.5 nscd-2.22-62.22.5 nscd-debuginfo-2.22-62.22.5 - SUSE Enterprise Storage 4 (noarch): glibc-html-2.22-62.22.5 glibc-i18ndata-2.22-62.22.5 glibc-info-2.22-62.22.5 - SUSE CaaS Platform 3.0 (x86_64): glibc-2.22-62.22.5 glibc-debuginfo-2.22-62.22.5 glibc-debugsource-2.22-62.22.5 glibc-locale-2.22-62.22.5 glibc-locale-debuginfo-2.22-62.22.5 References: https://www.suse.com/security/cve/CVE-2009-5155.html https://www.suse.com/security/cve/CVE-2019-9169.html https://bugzilla.suse.com/1127223 https://bugzilla.suse.com/1127308 https://bugzilla.suse.com/1128574 From sle-security-updates at lists.suse.com Wed Jul 24 07:10:36 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Jul 2019 15:10:36 +0200 (CEST) Subject: SUSE-SU-2019:1963-1: moderate: Security update for openexr Message-ID: <20190724131036.76EE2F798@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1963-1 Rating: moderate References: #1040109 #1040113 #1040115 Cross-References: CVE-2017-9111 CVE-2017-9113 CVE-2017-9115 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openexr fixes the following issues: Security issues fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1963=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1963=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1963=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1963=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): openexr-2.2.1-3.6.1 openexr-debuginfo-2.2.1-3.6.1 openexr-debugsource-2.2.1-3.6.1 openexr-doc-2.2.1-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libIlmImf-2_2-23-32bit-2.2.1-3.6.1 libIlmImf-2_2-23-32bit-debuginfo-2.2.1-3.6.1 libIlmImfUtil-2_2-23-32bit-2.2.1-3.6.1 libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openexr-2.2.1-3.6.1 openexr-debuginfo-2.2.1-3.6.1 openexr-debugsource-2.2.1-3.6.1 openexr-doc-2.2.1-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.6.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.6.1 libIlmImfUtil-2_2-23-2.2.1-3.6.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.6.1 openexr-debuginfo-2.2.1-3.6.1 openexr-debugsource-2.2.1-3.6.1 openexr-devel-2.2.1-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.6.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.6.1 libIlmImfUtil-2_2-23-2.2.1-3.6.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.6.1 openexr-debuginfo-2.2.1-3.6.1 openexr-debugsource-2.2.1-3.6.1 openexr-devel-2.2.1-3.6.1 References: https://www.suse.com/security/cve/CVE-2017-9111.html https://www.suse.com/security/cve/CVE-2017-9113.html https://www.suse.com/security/cve/CVE-2017-9115.html https://bugzilla.suse.com/1040109 https://bugzilla.suse.com/1040113 https://bugzilla.suse.com/1040115 From sle-security-updates at lists.suse.com Wed Jul 24 07:11:34 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Jul 2019 15:11:34 +0200 (CEST) Subject: SUSE-SU-2019:1962-1: moderate: Security update for openexr Message-ID: <20190724131134.9DA45F798@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1962-1 Rating: moderate References: #1040109 #1040112 #1040113 #1040115 #1113455 Cross-References: CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9115 CVE-2018-18444 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for openexr fixes the following issues: Security issue fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). - CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455). - CVE-2017-9112: Fixed invalid read of size 1 in the getBits function in ImfHuf.cpp (bsc#1040112). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1962=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1962=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1962=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1962=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libIlmImf-Imf_2_1-21-32bit-2.1.0-6.10.1 libIlmImf-Imf_2_1-21-debuginfo-32bit-2.1.0-6.10.1 openexr-debugsource-2.1.0-6.10.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): openexr-debuginfo-2.1.0-6.10.1 openexr-debugsource-2.1.0-6.10.1 openexr-devel-2.1.0-6.10.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.10.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.10.1 openexr-2.1.0-6.10.1 openexr-debuginfo-2.1.0-6.10.1 openexr-debugsource-2.1.0-6.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.10.1 libIlmImf-Imf_2_1-21-32bit-2.1.0-6.10.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.10.1 libIlmImf-Imf_2_1-21-debuginfo-32bit-2.1.0-6.10.1 openexr-2.1.0-6.10.1 openexr-debuginfo-2.1.0-6.10.1 openexr-debugsource-2.1.0-6.10.1 References: https://www.suse.com/security/cve/CVE-2017-9111.html https://www.suse.com/security/cve/CVE-2017-9112.html https://www.suse.com/security/cve/CVE-2017-9113.html https://www.suse.com/security/cve/CVE-2017-9115.html https://www.suse.com/security/cve/CVE-2018-18444.html https://bugzilla.suse.com/1040109 https://bugzilla.suse.com/1040112 https://bugzilla.suse.com/1040113 https://bugzilla.suse.com/1040115 https://bugzilla.suse.com/1113455 From sle-security-updates at lists.suse.com Wed Jul 24 10:13:06 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Jul 2019 18:13:06 +0200 (CEST) Subject: SUSE-SU-2019:1961-1: important: Security update for spamassassin Message-ID: <20190724161306.7DCB0F798@maintenance.suse.de> SUSE Security Update: Security update for spamassassin ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1961-1 Rating: important References: #1108745 #1108748 #1108750 Cross-References: CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for spamassassin to version 3.4.2 fixes the following issues: Security issues fixed: - CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails (bsc#1108745). - CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users (bsc#1108748). - CVE-2018-11780: Fixed a potential remote code execution vulnerability in PDFInfo plugin (bsc#1108750). Non-security issues fixed: - Added four new plugins (disabled by default): HashBL, ResourceLimits, FromNameSpoof, Phishing - sa-update script: optional support for SHA-256 / SHA-512 been added for better validation of rules - GeoIP2 support has been added to RelayCountry and URILocalBL plugins - Several new or enhanced configuration options Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1961=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1961=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.2-44.3.1 spamassassin-3.4.2-44.3.1 spamassassin-debuginfo-3.4.2-44.3.1 spamassassin-debugsource-3.4.2-44.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): perl-Mail-SpamAssassin-3.4.2-44.3.1 spamassassin-3.4.2-44.3.1 spamassassin-debuginfo-3.4.2-44.3.1 spamassassin-debugsource-3.4.2-44.3.1 References: https://www.suse.com/security/cve/CVE-2016-1238.html https://www.suse.com/security/cve/CVE-2017-15705.html https://www.suse.com/security/cve/CVE-2018-11780.html https://www.suse.com/security/cve/CVE-2018-11781.html https://bugzilla.suse.com/1108745 https://bugzilla.suse.com/1108748 https://bugzilla.suse.com/1108750 From sle-security-updates at lists.suse.com Wed Jul 24 10:13:55 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Jul 2019 18:13:55 +0200 (CEST) Subject: SUSE-SU-2019:1960-1: important: Security update for MozillaThunderbird Message-ID: <20190724161355.04AE6F798@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1960-1 Rating: important References: #1140868 Cross-References: CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaThunderbird version 60.8 fixes the following issues: Security issues fixed: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). Non-security issued fixed: - Calendar: Problems when editing event times, some related to AM/PM setting in non-English locales Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1960=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1960=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-60.8.0-3.46.2 MozillaThunderbird-debuginfo-60.8.0-3.46.2 MozillaThunderbird-debugsource-60.8.0-3.46.2 MozillaThunderbird-translations-common-60.8.0-3.46.2 MozillaThunderbird-translations-other-60.8.0-3.46.2 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.8.0-3.46.2 MozillaThunderbird-debuginfo-60.8.0-3.46.2 MozillaThunderbird-debugsource-60.8.0-3.46.2 MozillaThunderbird-translations-common-60.8.0-3.46.2 MozillaThunderbird-translations-other-60.8.0-3.46.2 References: https://www.suse.com/security/cve/CVE-2019-11709.html https://www.suse.com/security/cve/CVE-2019-11711.html https://www.suse.com/security/cve/CVE-2019-11712.html https://www.suse.com/security/cve/CVE-2019-11713.html https://www.suse.com/security/cve/CVE-2019-11715.html https://www.suse.com/security/cve/CVE-2019-11717.html https://www.suse.com/security/cve/CVE-2019-11719.html https://www.suse.com/security/cve/CVE-2019-11729.html https://www.suse.com/security/cve/CVE-2019-11730.html https://www.suse.com/security/cve/CVE-2019-9811.html https://bugzilla.suse.com/1140868 From sle-security-updates at lists.suse.com Wed Jul 24 10:17:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Jul 2019 18:17:31 +0200 (CEST) Subject: SUSE-SU-2019:14134-1: moderate: Security update for OpenEXR Message-ID: <20190724161731.24B92F798@maintenance.suse.de> SUSE Security Update: Security update for OpenEXR ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14134-1 Rating: moderate References: #1040109 #1040112 #1040113 #1040115 Cross-References: CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9115 Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for OpenEXR fixes the following issues: Security issues fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). - CVE-2017-9112: Fixed invalid read of size 1 in the getBits function in ImfHuf.cpp. (This was already fixed by the previous update bug not referenced.) (bsc#1040112) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-OpenEXR-14134=1 Package List: - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): OpenEXR-debuginfo-1.6.1-83.17.8.2 OpenEXR-debugsource-1.6.1-83.17.8.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): OpenEXR-debuginfo-32bit-1.6.1-83.17.8.2 References: https://www.suse.com/security/cve/CVE-2017-9111.html https://www.suse.com/security/cve/CVE-2017-9112.html https://www.suse.com/security/cve/CVE-2017-9113.html https://www.suse.com/security/cve/CVE-2017-9115.html https://bugzilla.suse.com/1040109 https://bugzilla.suse.com/1040112 https://bugzilla.suse.com/1040113 https://bugzilla.suse.com/1040115 From sle-security-updates at lists.suse.com Thu Jul 25 10:10:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Jul 2019 18:10:31 +0200 (CEST) Subject: SUSE-SU-2019:1971-1: moderate: Security update for libgcrypt Message-ID: <20190725161031.8EB36FFD7@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1971-1 Rating: moderate References: #1138939 Cross-References: CVE-2019-12904 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1971=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1971=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libgcrypt-cavs-1.8.2-8.6.2 libgcrypt-cavs-debuginfo-1.8.2-8.6.2 libgcrypt-debugsource-1.8.2-8.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libgcrypt-devel-32bit-1.8.2-8.6.2 libgcrypt-devel-32bit-debuginfo-1.8.2-8.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.8.2-8.6.2 libgcrypt-devel-1.8.2-8.6.2 libgcrypt-devel-debuginfo-1.8.2-8.6.2 libgcrypt20-1.8.2-8.6.2 libgcrypt20-debuginfo-1.8.2-8.6.2 libgcrypt20-hmac-1.8.2-8.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libgcrypt20-32bit-1.8.2-8.6.2 libgcrypt20-32bit-debuginfo-1.8.2-8.6.2 libgcrypt20-hmac-32bit-1.8.2-8.6.2 References: https://www.suse.com/security/cve/CVE-2019-12904.html https://bugzilla.suse.com/1138939 From sle-security-updates at lists.suse.com Thu Jul 25 10:11:17 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Jul 2019 18:11:17 +0200 (CEST) Subject: SUSE-SU-2019:1972-1: moderate: Security update for libsolv, libzypp, zypper Message-ID: <20190725161117.4886FFFD7@maintenance.suse.de> SUSE Security Update: Security update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1972-1 Rating: moderate References: #1109893 #1110542 #1111319 #1112911 #1113296 #1120629 #1120630 #1120631 #1127155 #1131823 #1134226 #1137977 Cross-References: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 Affected Products: SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has 9 fixes is now available. Description: This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). libzypp received following fixes: - Fixes a bug where locking the kernel was not possible (bsc#1113296) zypper received following fixes: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-1972=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-1972=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1972=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-1972=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-1972=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1972=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1972=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-1972=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1972=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1972=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 8 (x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE OpenStack Cloud 8 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-devel-0.6.36-2.16.2 libsolv-devel-debuginfo-0.6.36-2.16.2 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 libzypp-devel-16.20.0-2.39.4 libzypp-devel-doc-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-devel-0.6.36-2.16.2 libsolv-devel-debuginfo-0.6.36-2.16.2 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 libzypp-devel-16.20.0-2.39.4 libzypp-devel-doc-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE Linux Enterprise Server 12-SP5 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE Linux Enterprise Server 12-SP4 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): zypper-log-1.13.51-21.26.4 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Enterprise Storage 5 (noarch): zypper-log-1.13.51-21.26.4 - SUSE Enterprise Storage 5 (x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 perl-solv-0.6.36-2.16.2 perl-solv-debuginfo-0.6.36-2.16.2 python-solv-0.6.36-2.16.2 python-solv-debuginfo-0.6.36-2.16.2 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 - SUSE CaaS Platform 3.0 (x86_64): libsolv-debugsource-0.6.36-2.16.2 libsolv-tools-0.6.36-2.16.2 libsolv-tools-debuginfo-0.6.36-2.16.2 libzypp-16.20.0-2.39.4 libzypp-debuginfo-16.20.0-2.39.4 libzypp-debugsource-16.20.0-2.39.4 zypper-1.13.51-21.26.4 zypper-debuginfo-1.13.51-21.26.4 zypper-debugsource-1.13.51-21.26.4 References: https://www.suse.com/security/cve/CVE-2018-20532.html https://www.suse.com/security/cve/CVE-2018-20533.html https://www.suse.com/security/cve/CVE-2018-20534.html https://bugzilla.suse.com/1109893 https://bugzilla.suse.com/1110542 https://bugzilla.suse.com/1111319 https://bugzilla.suse.com/1112911 https://bugzilla.suse.com/1113296 https://bugzilla.suse.com/1120629 https://bugzilla.suse.com/1120630 https://bugzilla.suse.com/1120631 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1131823 https://bugzilla.suse.com/1134226 https://bugzilla.suse.com/1137977 From sle-security-updates at lists.suse.com Thu Jul 25 13:10:22 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Jul 2019 21:10:22 +0200 (CEST) Subject: SUSE-SU-2019:1973-1: important: Security update for rmt-server Message-ID: <20190725191022.84BF6FFD7@maintenance.suse.de> SUSE Security Update: Security update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1973-1 Rating: important References: #1128858 #1129271 #1129392 #1132160 #1132690 #1134190 #1134428 #1135222 #1136020 #1136081 #1138316 #1140492 Cross-References: CVE-2019-11068 CVE-2019-5419 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 10 fixes is now available. Description: This update for rmt-server to version 2.3.1 fixes the following issues: - Fix mirroring logic when errors are encountered (bsc#1140492) - Refactor RMT::Mirror to download metadata/licenses in parallel - Check repo metadata GPG signatures during mirroring (bsc#1132690) - Add rmt-server-config subpackage with nginx configs (fate#327816, bsc#1136081) - Fix dependency to removed boot_cli_i18n file (bsc#1136020) - Add `rmt-cli systems list` command to list registered systems - Fix create UUID when system_uuid file empty (bsc#1138316) - Fix duplicate nginx location in rmt-server-pubcloud (bsc#1135222) - Mirror additional repos that were enabled during mirroring (bsc#1132690) - Make service IDs consistent across different RMT instances (bsc#1134428) - Make SMT data import scripts faster (bsc#1134190) - Fix incorrect triggering of registration sharing (bsc#1129392) - Fix license mirroring issue in some non-SUSE repositories (bsc#1128858) - Update dependencies to fix vulnerabilities in rails (CVE-2019-5419, bsc#1129271) and nokogiri (CVE-2019-11068, bsc#1132160) - Allow RMT registration to work under HTTP as well as HTTPS. - Offline migration from SLE 15 to SLE 15 SP1 will add Python2 module - Online migrations will automatically add additional modules to the client systems depending on the base product - Supply log severity to journald - Breaking Change: Added headers to generated CSV files Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1973=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-1973=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): rmt-server-2.3.1-3.3.3 rmt-server-config-2.3.1-3.3.3 rmt-server-debuginfo-2.3.1-3.3.3 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.3.1-3.3.3 rmt-server-pubcloud-2.3.1-3.3.3 References: https://www.suse.com/security/cve/CVE-2019-11068.html https://www.suse.com/security/cve/CVE-2019-5419.html https://bugzilla.suse.com/1128858 https://bugzilla.suse.com/1129271 https://bugzilla.suse.com/1129392 https://bugzilla.suse.com/1132160 https://bugzilla.suse.com/1132690 https://bugzilla.suse.com/1134190 https://bugzilla.suse.com/1134428 https://bugzilla.suse.com/1135222 https://bugzilla.suse.com/1136020 https://bugzilla.suse.com/1136081 https://bugzilla.suse.com/1138316 https://bugzilla.suse.com/1140492 From sle-security-updates at lists.suse.com Fri Jul 26 10:13:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Jul 2019 18:13:19 +0200 (CEST) Subject: SUSE-SU-2019:1990-1: Security update for cronie Message-ID: <20190726161319.6AF45FFD7@maintenance.suse.de> SUSE Security Update: Security update for cronie ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1990-1 Rating: low References: #1128935 #1128937 #1130746 #1133100 Cross-References: CVE-2019-9704 CVE-2019-9705 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for cronie fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the deamon (bsc#1128937). - CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935). Bug fixes: - Manual start of cron is possible even when it's already started using systemd (bsc#1133100). - Cron schedules only one job of crontab (bsc#1130746). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1990=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1990=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): cron-4.2-59.10.1 cronie-1.4.11-59.10.1 cronie-debuginfo-1.4.11-59.10.1 cronie-debugsource-1.4.11-59.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): cron-4.2-59.10.1 cronie-1.4.11-59.10.1 cronie-debuginfo-1.4.11-59.10.1 cronie-debugsource-1.4.11-59.10.1 - SUSE CaaS Platform 3.0 (x86_64): cron-4.2-59.10.1 cronie-1.4.11-59.10.1 cronie-debuginfo-1.4.11-59.10.1 cronie-debugsource-1.4.11-59.10.1 References: https://www.suse.com/security/cve/CVE-2019-9704.html https://www.suse.com/security/cve/CVE-2019-9705.html https://bugzilla.suse.com/1128935 https://bugzilla.suse.com/1128937 https://bugzilla.suse.com/1130746 https://bugzilla.suse.com/1133100 From sle-security-updates at lists.suse.com Mon Jul 29 07:11:26 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Jul 2019 15:11:26 +0200 (CEST) Subject: SUSE-SU-2019:1861-2: important: Security update for MozillaFirefox Message-ID: <20190729131126.8FC01FFD7@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1861-2 Rating: important References: #1140868 Cross-References: CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 Affected Products: SUSE OpenStack Cloud Crowbar 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-1861=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-1861=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-60.8.0-109.83.3 MozillaFirefox-debuginfo-60.8.0-109.83.3 MozillaFirefox-debugsource-60.8.0-109.83.3 MozillaFirefox-translations-common-60.8.0-109.83.3 libfreebl3-3.44.1-58.28.1 libfreebl3-32bit-3.44.1-58.28.1 libfreebl3-debuginfo-3.44.1-58.28.1 libfreebl3-debuginfo-32bit-3.44.1-58.28.1 libfreebl3-hmac-3.44.1-58.28.1 libfreebl3-hmac-32bit-3.44.1-58.28.1 libsoftokn3-3.44.1-58.28.1 libsoftokn3-32bit-3.44.1-58.28.1 libsoftokn3-debuginfo-3.44.1-58.28.1 libsoftokn3-debuginfo-32bit-3.44.1-58.28.1 libsoftokn3-hmac-3.44.1-58.28.1 libsoftokn3-hmac-32bit-3.44.1-58.28.1 mozilla-nss-3.44.1-58.28.1 mozilla-nss-32bit-3.44.1-58.28.1 mozilla-nss-certs-3.44.1-58.28.1 mozilla-nss-certs-32bit-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-3.44.1-58.28.1 mozilla-nss-certs-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debuginfo-3.44.1-58.28.1 mozilla-nss-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-debugsource-3.44.1-58.28.1 mozilla-nss-sysinit-3.44.1-58.28.1 mozilla-nss-sysinit-32bit-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-3.44.1-58.28.1 mozilla-nss-sysinit-debuginfo-32bit-3.44.1-58.28.1 mozilla-nss-tools-3.44.1-58.28.1 mozilla-nss-tools-debuginfo-3.44.1-58.28.1 References: https://www.suse.com/security/cve/CVE-2019-11709.html https://www.suse.com/security/cve/CVE-2019-11711.html https://www.suse.com/security/cve/CVE-2019-11712.html https://www.suse.com/security/cve/CVE-2019-11713.html https://www.suse.com/security/cve/CVE-2019-11715.html https://www.suse.com/security/cve/CVE-2019-11717.html https://www.suse.com/security/cve/CVE-2019-11719.html https://www.suse.com/security/cve/CVE-2019-11729.html https://www.suse.com/security/cve/CVE-2019-11730.html https://www.suse.com/security/cve/CVE-2019-9811.html https://bugzilla.suse.com/1140868 From sle-security-updates at lists.suse.com Mon Jul 29 13:10:36 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Jul 2019 21:10:36 +0200 (CEST) Subject: SUSE-SU-2019:2013-1: important: Security update for bzip2 Message-ID: <20190729191036.E7FE3FFD7@maintenance.suse.de> SUSE Security Update: Security update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2013-1 Rating: important References: #1139083 Cross-References: CVE-2019-12900 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2013=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2013=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2013=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2013=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2013=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2013=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2013=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2013=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2013=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2013=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2013=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2013=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2013=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2013=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2013=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2013=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2013=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2013=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2013=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2013=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE OpenStack Cloud 8 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE OpenStack Cloud 8 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE OpenStack Cloud 7 (s390x x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE OpenStack Cloud 7 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-devel-1.0.6-30.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-devel-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Enterprise Storage 5 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Enterprise Storage 5 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE Enterprise Storage 4 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - SUSE Enterprise Storage 4 (noarch): bzip2-doc-1.0.6-30.8.1 - SUSE CaaS Platform 3.0 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 - HPE Helion Openstack 8 (x86_64): bzip2-1.0.6-30.8.1 bzip2-debuginfo-1.0.6-30.8.1 bzip2-debugsource-1.0.6-30.8.1 libbz2-1-1.0.6-30.8.1 libbz2-1-32bit-1.0.6-30.8.1 libbz2-1-debuginfo-1.0.6-30.8.1 libbz2-1-debuginfo-32bit-1.0.6-30.8.1 - HPE Helion Openstack 8 (noarch): bzip2-doc-1.0.6-30.8.1 References: https://www.suse.com/security/cve/CVE-2019-12900.html https://bugzilla.suse.com/1139083 From sle-security-updates at lists.suse.com Mon Jul 29 13:11:25 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Jul 2019 21:11:25 +0200 (CEST) Subject: SUSE-SU-2019:2014-1: moderate: Security update for openexr Message-ID: <20190729191125.B2C9BFFD7@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2014-1 Rating: moderate References: #1061305 Cross-References: CVE-2017-14988 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openexr fixes the following issues: - CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2014=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2014=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2014=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2014=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libIlmImf-Imf_2_1-21-32bit-2.1.0-6.13.1 libIlmImf-Imf_2_1-21-debuginfo-32bit-2.1.0-6.13.1 openexr-debugsource-2.1.0-6.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): openexr-debuginfo-2.1.0-6.13.1 openexr-debugsource-2.1.0-6.13.1 openexr-devel-2.1.0-6.13.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.13.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.13.1 openexr-2.1.0-6.13.1 openexr-debuginfo-2.1.0-6.13.1 openexr-debugsource-2.1.0-6.13.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.13.1 libIlmImf-Imf_2_1-21-32bit-2.1.0-6.13.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.13.1 libIlmImf-Imf_2_1-21-debuginfo-32bit-2.1.0-6.13.1 openexr-2.1.0-6.13.1 openexr-debuginfo-2.1.0-6.13.1 openexr-debugsource-2.1.0-6.13.1 References: https://www.suse.com/security/cve/CVE-2017-14988.html https://bugzilla.suse.com/1061305 From sle-security-updates at lists.suse.com Tue Jul 30 10:11:00 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2019 18:11:00 +0200 (CEST) Subject: SUSE-SU-2019:2020-1: important: Security update for mariadb, mariadb-connector-c Message-ID: <20190730161100.4D3D3FFD7@maintenance.suse.de> SUSE Security Update: Security update for mariadb, mariadb-connector-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2020-1 Rating: important References: #1126088 #1132666 #1136035 Cross-References: CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for mariadb and mariadb-connector-c fixes the following issues: mariadb: - Update to version 10.2.25 (bsc#1136035) - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666) mariadb-connector-c: - Update to version 3.1.2 (bsc#1136035) - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2020=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2020=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2020=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2020=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2020=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2020=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libmariadb-devel-3.1.2-3.9.3 libmariadb-devel-debuginfo-3.1.2-3.9.3 libmariadb_plugins-3.1.2-3.9.3 libmariadb_plugins-debuginfo-3.1.2-3.9.3 libmysqld-devel-10.2.25-3.17.2 libmysqld19-10.2.25-3.17.2 libmysqld19-debuginfo-10.2.25-3.17.2 mariadb-10.2.25-3.17.2 mariadb-client-10.2.25-3.17.2 mariadb-client-debuginfo-10.2.25-3.17.2 mariadb-connector-c-debugsource-3.1.2-3.9.3 mariadb-debuginfo-10.2.25-3.17.2 mariadb-debugsource-10.2.25-3.17.2 mariadb-tools-10.2.25-3.17.2 mariadb-tools-debuginfo-10.2.25-3.17.2 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): mariadb-errormessages-10.2.25-3.17.2 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libmariadb-devel-3.1.2-3.9.3 libmariadb-devel-debuginfo-3.1.2-3.9.3 libmariadb_plugins-3.1.2-3.9.3 libmariadb_plugins-debuginfo-3.1.2-3.9.3 libmysqld-devel-10.2.25-3.17.2 libmysqld19-10.2.25-3.17.2 libmysqld19-debuginfo-10.2.25-3.17.2 mariadb-10.2.25-3.17.2 mariadb-client-10.2.25-3.17.2 mariadb-client-debuginfo-10.2.25-3.17.2 mariadb-connector-c-debugsource-3.1.2-3.9.3 mariadb-debuginfo-10.2.25-3.17.2 mariadb-debugsource-10.2.25-3.17.2 mariadb-tools-10.2.25-3.17.2 mariadb-tools-debuginfo-10.2.25-3.17.2 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): mariadb-errormessages-10.2.25-3.17.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): mariadb-bench-10.2.25-3.17.2 mariadb-bench-debuginfo-10.2.25-3.17.2 mariadb-debuginfo-10.2.25-3.17.2 mariadb-debugsource-10.2.25-3.17.2 mariadb-galera-10.2.25-3.17.2 mariadb-test-10.2.25-3.17.2 mariadb-test-debuginfo-10.2.25-3.17.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libmariadb3-32bit-3.1.2-3.9.3 libmariadb3-32bit-debuginfo-3.1.2-3.9.3 mariadb-connector-c-debugsource-3.1.2-3.9.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): mariadb-bench-10.2.25-3.17.2 mariadb-bench-debuginfo-10.2.25-3.17.2 mariadb-debuginfo-10.2.25-3.17.2 mariadb-debugsource-10.2.25-3.17.2 mariadb-galera-10.2.25-3.17.2 mariadb-test-10.2.25-3.17.2 mariadb-test-debuginfo-10.2.25-3.17.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libmariadb3-3.1.2-3.9.3 libmariadb3-debuginfo-3.1.2-3.9.3 libmariadbprivate-3.1.2-3.9.3 libmariadbprivate-debuginfo-3.1.2-3.9.3 mariadb-connector-c-debugsource-3.1.2-3.9.3 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libmariadb3-3.1.2-3.9.3 libmariadb3-debuginfo-3.1.2-3.9.3 libmariadbprivate-3.1.2-3.9.3 libmariadbprivate-debuginfo-3.1.2-3.9.3 mariadb-connector-c-debugsource-3.1.2-3.9.3 References: https://www.suse.com/security/cve/CVE-2019-2614.html https://www.suse.com/security/cve/CVE-2019-2627.html https://www.suse.com/security/cve/CVE-2019-2628.html https://bugzilla.suse.com/1126088 https://bugzilla.suse.com/1132666 https://bugzilla.suse.com/1136035 From sle-security-updates at lists.suse.com Tue Jul 30 10:16:39 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2019 18:16:39 +0200 (CEST) Subject: SUSE-SU-2019:2018-1: important: Security update for polkit Message-ID: <20190730161639.F2E7BFFD7@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2018-1 Rating: important References: #1121826 Cross-References: CVE-2019-6133 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2018=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2018=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2018=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2018=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpolkit0-32bit-0.114-3.9.1 libpolkit0-32bit-debuginfo-0.114-3.9.1 polkit-debugsource-0.114-3.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): polkit-doc-0.114-3.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): polkit-doc-0.114-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpolkit0-0.114-3.9.1 libpolkit0-debuginfo-0.114-3.9.1 polkit-0.114-3.9.1 polkit-debuginfo-0.114-3.9.1 polkit-debugsource-0.114-3.9.1 polkit-devel-0.114-3.9.1 polkit-devel-debuginfo-0.114-3.9.1 typelib-1_0-Polkit-1_0-0.114-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpolkit0-0.114-3.9.1 libpolkit0-debuginfo-0.114-3.9.1 polkit-0.114-3.9.1 polkit-debuginfo-0.114-3.9.1 polkit-debugsource-0.114-3.9.1 polkit-devel-0.114-3.9.1 polkit-devel-debuginfo-0.114-3.9.1 typelib-1_0-Polkit-1_0-0.114-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-6133.html https://bugzilla.suse.com/1121826 From sle-security-updates at lists.suse.com Tue Jul 30 13:12:34 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Jul 2019 21:12:34 +0200 (CEST) Subject: SUSE-SU-2019:2021-1: important: Security update for java-1_8_0-openjdk Message-ID: <20190730191234.36F30FFE1@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2021-1 Rating: important References: #1115375 #1141780 #1141782 #1141783 #1141784 #1141785 #1141786 #1141787 #1141789 Cross-References: CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - Certificate validation improvements Non-security issue fixed: - Fixed an issue where the installation failed when the manpages are not present (bsc#1115375) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2021=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2021=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2021=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2021=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-2021=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.222-3.24.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-accessibility-1.8.0.222-3.24.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-debugsource-1.8.0.222-3.24.2 java-1_8_0-openjdk-src-1.8.0.222-3.24.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.222-3.24.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-accessibility-1.8.0.222-3.24.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-debugsource-1.8.0.222-3.24.2 java-1_8_0-openjdk-src-1.8.0.222-3.24.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.222-3.24.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.222-3.24.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-debugsource-1.8.0.222-3.24.2 java-1_8_0-openjdk-demo-1.8.0.222-3.24.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-devel-1.8.0.222-3.24.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-headless-1.8.0.222-3.24.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-3.24.2 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.222-3.24.2 java-1_8_0-openjdk-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-debugsource-1.8.0.222-3.24.2 java-1_8_0-openjdk-demo-1.8.0.222-3.24.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-devel-1.8.0.222-3.24.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.222-3.24.2 java-1_8_0-openjdk-headless-1.8.0.222-3.24.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.222-3.24.2 References: https://www.suse.com/security/cve/CVE-2019-2745.html https://www.suse.com/security/cve/CVE-2019-2762.html https://www.suse.com/security/cve/CVE-2019-2766.html https://www.suse.com/security/cve/CVE-2019-2769.html https://www.suse.com/security/cve/CVE-2019-2786.html https://www.suse.com/security/cve/CVE-2019-2816.html https://www.suse.com/security/cve/CVE-2019-2842.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1115375 https://bugzilla.suse.com/1141780 https://bugzilla.suse.com/1141782 https://bugzilla.suse.com/1141783 https://bugzilla.suse.com/1141784 https://bugzilla.suse.com/1141785 https://bugzilla.suse.com/1141786 https://bugzilla.suse.com/1141787 https://bugzilla.suse.com/1141789 From sle-security-updates at lists.suse.com Wed Jul 31 07:10:36 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 31 Jul 2019 15:10:36 +0200 (CEST) Subject: SUSE-SU-2019:2027-1: moderate: Security update for python-requests Message-ID: <20190731131036.740CEFFD7@maintenance.suse.de> SUSE Security Update: Security update for python-requests ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2027-1 Rating: moderate References: #1111622 Cross-References: CVE-2018-18074 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed an issue which could ease attackers to discover credentials by sniffing the network (bsc#1111622). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2027=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-requests-2.11.1-6.31.1 References: https://www.suse.com/security/cve/CVE-2018-18074.html https://bugzilla.suse.com/1111622 From sle-security-updates at lists.suse.com Wed Jul 31 10:10:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 31 Jul 2019 18:10:31 +0200 (CEST) Subject: SUSE-SU-2019:2028-1: important: Security update for java-1_7_0-openjdk Message-ID: <20190731161031.26D7FFFD7@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2028-1 Rating: important References: #1087082 #1134297 #1141780 #1141782 #1141783 #1141784 #1141785 #1141786 #1141787 #1141789 Cross-References: CVE-2018-3639 CVE-2019-2426 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk to version 7u231 fixes the following issues: Security issues fixed: - CVE_2019-2426: Improve web server connections (bsc#1134297). - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE (bsc#1087082). - Certificate validation improvements Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2028=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2028=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.231-43.27.2 java-1_7_0-openjdk-debuginfo-1.7.0.231-43.27.2 java-1_7_0-openjdk-debugsource-1.7.0.231-43.27.2 java-1_7_0-openjdk-demo-1.7.0.231-43.27.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.231-43.27.2 java-1_7_0-openjdk-devel-1.7.0.231-43.27.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.231-43.27.2 java-1_7_0-openjdk-headless-1.7.0.231-43.27.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.231-43.27.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): java-1_7_0-openjdk-1.7.0.231-43.27.2 java-1_7_0-openjdk-debuginfo-1.7.0.231-43.27.2 java-1_7_0-openjdk-debugsource-1.7.0.231-43.27.2 java-1_7_0-openjdk-headless-1.7.0.231-43.27.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.231-43.27.2 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2019-2426.html https://www.suse.com/security/cve/CVE-2019-2745.html https://www.suse.com/security/cve/CVE-2019-2762.html https://www.suse.com/security/cve/CVE-2019-2766.html https://www.suse.com/security/cve/CVE-2019-2769.html https://www.suse.com/security/cve/CVE-2019-2786.html https://www.suse.com/security/cve/CVE-2019-2816.html https://www.suse.com/security/cve/CVE-2019-2842.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1134297 https://bugzilla.suse.com/1141780 https://bugzilla.suse.com/1141782 https://bugzilla.suse.com/1141783 https://bugzilla.suse.com/1141784 https://bugzilla.suse.com/1141785 https://bugzilla.suse.com/1141786 https://bugzilla.suse.com/1141787 https://bugzilla.suse.com/1141789 From sle-security-updates at lists.suse.com Wed Jul 31 16:11:14 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 1 Aug 2019 00:11:14 +0200 (CEST) Subject: SUSE-SU-2019:2030-1: moderate: Security update for zypper, libzypp and libsolv Message-ID: <20190731221114.089B7FDF5@maintenance.suse.de> SUSE Security Update: Security update for zypper, libzypp and libsolv ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2030-1 Rating: moderate References: #1047962 #1049826 #1053177 #1065022 #1099019 #1102261 #1110542 #1111319 #1112911 #1113296 #1114908 #1115341 #1116840 #1118758 #1119373 #1119820 #1119873 #1120263 #1120463 #1120629 #1120630 #1120631 #1121611 #1122062 #1122471 #1123137 #1123681 #1123843 #1123865 #1123967 #1124897 #1125415 #1127026 #1127155 #1127220 #1130161 #1131823 #1135749 #1137977 #663358 #764147 #965786 #978193 #993025 Cross-References: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has 41 fixes is now available. Description: This update for libzypp and libsolv fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629). - CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630). - CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631). Fixed bugs and enhancements: - make cleandeps jobs on patterns work (bnc#1137977) - Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749). - Virtualization host upgrade from SLES-15 to SLES-15-SP1 finished with wrong product name shown up (bsc#1131823). - Copy pattern categories from the rpm that defines the pattern (fate#323785). - Enhance scanning /sys for modaliases (bsc#1130161). - Prevent SEGV if the application sets an empty TextLocale (bsc#1127026). - Handle libgpgme error when gpg key is not completely read and user hits CTRL + C (bsc#1127220). - Added a hint when registration codes have expired (bsc#965786). - Adds a better handling of an error when verifying any repository medium (bsc#1065022). - Will now only write type field when probing (bsc#1114908). - Fixes an issue where zypper has showed the info message 'Installation aborted by user' while the installation was aborted by wicked (bsc#978193). - Suppresses reporting `/memfd:` pseudo files (bsc#1123843). - Fixes an issue where zypper was not able to install or uninstall packages when rpm is unavailable (bsc#1122471). - Fixes an issue where locks were ignored (bsc#1113296). - Simplify complex locks so zypper can display them (bsc#1112911). - zypper will now set `SYSTEMD_OFFLINE=1` during chrooted commits (bsc#1118758). - no-recommends: Nevertheless consider resolver namespaces (hardware, language,..supporting packages) (fate#325513). - Removes world-readable bit from /var/log/zypp (bsc#1099019). - Does no longer fail service-refresh on a empty repoindex.xml (bsc#1116840). - Fixes soname due to libsolv ABI changes (bsc#1115341). - Add infrastructure to flag specific packages to trigger a reboot needed hint (fate#326451). This update for zypper 1.14.27 fixes the following issues: - bash-completion: add package completion for addlock (bsc#1047962) - bash-completion: fix incorrect detection of command names (bsc#1049826) - Offer to change the 'runSearchPackages' config option at the prompt (bsc#1119373, FATE#325599) - Prompt: provide a 'yes/no/always/never' prompt. - Prompt: support "#NUM" as answer to select the NUMth option... - Augeas: enable writing back changed option values (to ~/.zypper.conf) - removelocale: fix segfault - Move needs-restarting command to subpackage (fixes #254) - Allow empty string as argument (bsc#1125415) - Provide a way to delete cache for volatile repositories (bsc#1053177) - Adapt to boost-1.69 requiring explicit casts tribool->bool (fixes #255) - Show support status in info if not unknown (bsc#764147) - Fix installing plain rpm files with `zypper in` (bsc#1124897) - Show only required info in the summary in quiet mode (bsc#993025) - Stay with legacy behavior and return ZYPPER_EXIT_INF_REBOOT_NEEDED only for patches. We don't extend this return code to packages, although they may also carry the 'reboot-needed' attribute. The preferred way to test whether the system needs to be rebooted is `zypper needs-rebooting`. (openSUSE/zypper#237) - Skip repository on error (bsc#1123967) - New commands for locale management: locales addlocale removelocale Inspect and manipulate the systems `requested locales`, aka. the languages software packages should try support by installing translations, dictionaries and tools, as far as they are available. - Don't throw, just warn if options are repeated (bsc#1123865) - Fix detection whether stdout is a tty (happened too late) - Fix broken --plus-content switch (fixes bsc#1123681) - Fix broken --replacefiles switch (fixes bsc#1123137) - Extend zypper source-install (fixes bsc#663358) - Fix inconsistent results for search (bsc#1119873) - Show reboot hint in zypper ps and summary (fixes bsc#1120263) - Improve handling of partially locked packages (bsc#1113296) - Fix wrong default values in help text (bsc#1121611) - Fixed broken argument parsing for --reposd-dir (bsc#1122062) - Fix wrong zypp::indeterminate use (bsc#1120463) - CLI parser: fix broken initialization enforcing 'select by name' (bsc#1119820) - zypper.conf: [commit] autoAgreeWithLicenses {=false} (fixes #220) - locks: Fix printing of versioned locks (bsc#1112911) - locks: create and write versioned locks correctly (bsc#1112911) - patch: --with update may implicitly assume --with-optional (bsc#1102261) - no-recommends: Nevertheless consider resolver namespaces (hardware, language,..supporting packages) (FATE#325513) - Optionally run "zypper search-packages" after "search" (FATE#325599) - zypper.conf: Add [search]runSearchPackages config variable. - Don't iterate twice on --no-cd (bsc#1111319) - zypper-log: Make it Python 3 compatible - man: mention /etc/zypp/needreboot config file (fate#326451, fixes #140) - Add `needs-restarting` shell script and manpage (fate#326451) - Add zypper needs-rebooting command (fate#326451) - Introduce new zypper command framefork. Migrated commands so far: addlock addrepo addservice clean cleanlocks modifyrepo modifyservice ps refresh refresh-services removelock removerepo removeservice renamerepo repos services - MediaChangeReport: fix https URLs causing 2 prompts on error (bsc#1110542) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2030=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2030=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2030=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2030=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2030=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2030=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2019-2030=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): PackageKit-debuginfo-1.1.10-4.10.4 PackageKit-debugsource-1.1.10-4.10.4 PackageKit-gstreamer-plugin-1.1.10-4.10.4 PackageKit-gstreamer-plugin-debuginfo-1.1.10-4.10.4 PackageKit-gtk3-module-1.1.10-4.10.4 PackageKit-gtk3-module-debuginfo-1.1.10-4.10.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.5-3.12.2 libsolv-debugsource-0.7.5-3.12.2 libsolv-demo-0.7.5-3.12.2 libsolv-demo-debuginfo-0.7.5-3.12.2 libyui-ncurses-pkg-debugsource-2.48.5.2-3.5.2 libyui-ncurses-pkg8-2.48.5.2-3.5.2 libyui-ncurses-pkg8-debuginfo-2.48.5.2-3.5.2 libyui-qt-pkg-debugsource-2.45.15.2-3.5.3 libyui-qt-pkg8-2.45.15.2-3.5.3 libyui-qt-pkg8-debuginfo-2.45.15.2-3.5.3 libzypp-debuginfo-17.12.0-3.23.6 libzypp-debugsource-17.12.0-3.23.6 libzypp-devel-doc-17.12.0-3.23.6 python-solv-0.7.5-3.12.2 python-solv-debuginfo-0.7.5-3.12.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): zypper-aptitude-1.14.28-3.18.6 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.5-3.12.2 libsolv-debugsource-0.7.5-3.12.2 libsolv-demo-0.7.5-3.12.2 libsolv-demo-debuginfo-0.7.5-3.12.2 libzypp-debuginfo-17.12.0-3.23.6 libzypp-debugsource-17.12.0-3.23.6 libzypp-devel-doc-17.12.0-3.23.6 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): PackageKit-branding-upstream-1.1.10-4.10.4 yast2-pkg-bindings-devel-doc-4.0.13-3.7.2 zypper-aptitude-1.14.28-3.18.6 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.5-3.12.2 libsolv-debugsource-0.7.5-3.12.2 perl-solv-0.7.5-3.12.2 perl-solv-debuginfo-0.7.5-3.12.2 python3-solv-0.7.5-3.12.2 python3-solv-debuginfo-0.7.5-3.12.2 ruby-solv-0.7.5-3.12.2 ruby-solv-debuginfo-0.7.5-3.12.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): PackageKit-1.1.10-4.10.4 PackageKit-backend-zypp-1.1.10-4.10.4 PackageKit-backend-zypp-debuginfo-1.1.10-4.10.4 PackageKit-debuginfo-1.1.10-4.10.4 PackageKit-debugsource-1.1.10-4.10.4 PackageKit-devel-1.1.10-4.10.4 PackageKit-devel-debuginfo-1.1.10-4.10.4 libpackagekit-glib2-18-1.1.10-4.10.4 libpackagekit-glib2-18-debuginfo-1.1.10-4.10.4 libpackagekit-glib2-devel-1.1.10-4.10.4 libyui-qt-pkg-debugsource-2.45.15.2-3.5.3 libyui-qt-pkg-devel-2.45.15.2-3.5.3 typelib-1_0-PackageKitGlib-1_0-1.1.10-4.10.4 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): PackageKit-lang-1.1.10-4.10.4 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.5-3.12.2 libsolv-debugsource-0.7.5-3.12.2 libsolv-devel-0.7.5-3.12.2 libsolv-devel-debuginfo-0.7.5-3.12.2 libsolv-tools-0.7.5-3.12.2 libsolv-tools-debuginfo-0.7.5-3.12.2 libyui-ncurses-pkg-debugsource-2.48.5.2-3.5.2 libyui-ncurses-pkg-devel-2.48.5.2-3.5.2 libyui-ncurses-pkg8-2.48.5.2-3.5.2 libyui-ncurses-pkg8-debuginfo-2.48.5.2-3.5.2 libyui-qt-pkg-debugsource-2.45.15.2-3.5.3 libyui-qt-pkg8-2.45.15.2-3.5.3 libyui-qt-pkg8-debuginfo-2.45.15.2-3.5.3 libzypp-17.12.0-3.23.6 libzypp-debuginfo-17.12.0-3.23.6 libzypp-debugsource-17.12.0-3.23.6 libzypp-devel-17.12.0-3.23.6 python-solv-0.7.5-3.12.2 python-solv-debuginfo-0.7.5-3.12.2 yast2-pkg-bindings-4.0.13-3.7.2 yast2-pkg-bindings-debuginfo-4.0.13-3.7.2 yast2-pkg-bindings-debugsource-4.0.13-3.7.2 zypper-1.14.28-3.18.6 zypper-debuginfo-1.14.28-3.18.6 zypper-debugsource-1.14.28-3.18.6 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libyui-ncurses-pkg-doc-2.48.5.2-3.5.3 libyui-qt-pkg-doc-2.45.15.2-3.5.3 zypper-log-1.14.28-3.18.6 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libsolv-tools-0.7.5-3.12.2 libyui-ncurses-pkg8-2.48.5.2-3.5.2 libyui-qt-pkg8-2.45.15.2-3.5.3 libzypp-17.12.0-3.23.6 yast2-pkg-bindings-4.0.13-3.7.2 zypper-1.14.28-3.18.6 References: https://www.suse.com/security/cve/CVE-2018-20532.html https://www.suse.com/security/cve/CVE-2018-20533.html https://www.suse.com/security/cve/CVE-2018-20534.html https://bugzilla.suse.com/1047962 https://bugzilla.suse.com/1049826 https://bugzilla.suse.com/1053177 https://bugzilla.suse.com/1065022 https://bugzilla.suse.com/1099019 https://bugzilla.suse.com/1102261 https://bugzilla.suse.com/1110542 https://bugzilla.suse.com/1111319 https://bugzilla.suse.com/1112911 https://bugzilla.suse.com/1113296 https://bugzilla.suse.com/1114908 https://bugzilla.suse.com/1115341 https://bugzilla.suse.com/1116840 https://bugzilla.suse.com/1118758 https://bugzilla.suse.com/1119373 https://bugzilla.suse.com/1119820 https://bugzilla.suse.com/1119873 https://bugzilla.suse.com/1120263 https://bugzilla.suse.com/1120463 https://bugzilla.suse.com/1120629 https://bugzilla.suse.com/1120630 https://bugzilla.suse.com/1120631 https://bugzilla.suse.com/1121611 https://bugzilla.suse.com/1122062 https://bugzilla.suse.com/1122471 https://bugzilla.suse.com/1123137 https://bugzilla.suse.com/1123681 https://bugzilla.suse.com/1123843 https://bugzilla.suse.com/1123865 https://bugzilla.suse.com/1123967 https://bugzilla.suse.com/1124897 https://bugzilla.suse.com/1125415 https://bugzilla.suse.com/1127026 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127220 https://bugzilla.suse.com/1130161 https://bugzilla.suse.com/1131823 https://bugzilla.suse.com/1135749 https://bugzilla.suse.com/1137977 https://bugzilla.suse.com/663358 https://bugzilla.suse.com/764147 https://bugzilla.suse.com/965786 https://bugzilla.suse.com/978193 https://bugzilla.suse.com/993025 From sle-security-updates at lists.suse.com Wed Jul 31 16:16:59 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 1 Aug 2019 00:16:59 +0200 (CEST) Subject: SUSE-SU-2019:2033-1: important: Security update for icedtea-web Message-ID: <20190731221659.8F206FFD7@maintenance.suse.de> SUSE Security Update: Security update for icedtea-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2033-1 Rating: important References: #1142825 #1142832 #1142835 Cross-References: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for icedtea-web to version 1.7.2 fixes the following issues: Security issues fixed: - CVE-2019-10181: Fixed an unsigned code injection in a signed JAR file (bsc#1142835) - CVE-2019-10182: Fixed a path traversal while processing elements of JNLP files results in arbitrary file overwrite (bsc#1142825). - CVE-2019-10185: Fixed a directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite (bsc#1142832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2033=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2033=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): icedtea-web-1.7.2-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): icedtea-web-javadoc-1.7.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-10181.html https://www.suse.com/security/cve/CVE-2019-10182.html https://www.suse.com/security/cve/CVE-2019-10185.html https://bugzilla.suse.com/1142825 https://bugzilla.suse.com/1142832 https://bugzilla.suse.com/1142835 From sle-security-updates at lists.suse.com Wed Jul 31 16:17:49 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 1 Aug 2019 00:17:49 +0200 (CEST) Subject: SUSE-SU-2019:2032-1: important: Security update for subversion Message-ID: <20190731221749.9B9E6FDF5@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2032-1 Rating: important References: #1049448 #1142721 #1142743 Cross-References: CVE-2018-11782 CVE-2019-0203 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for subversion fixes the following issues: Security issues fixed: - CVE-2018-11782: Fixed a remote denial of service in svnserve 'get-deleted-rev' (bsc#1142743). - CVE-2019-0203: Fixed a remote, unauthenticated denial of service in svnserve (bsc#1142721). Non-security issues fixed: - Add instructions for running svnserve as a user different from "svn", and remove sysconfig variables that are no longer effective with the systemd unit. bsc#1049448 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2032=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.8.19-25.9.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.19-25.9.1 subversion-1.8.19-25.9.1 subversion-debuginfo-1.8.19-25.9.1 subversion-debugsource-1.8.19-25.9.1 subversion-devel-1.8.19-25.9.1 subversion-perl-1.8.19-25.9.1 subversion-perl-debuginfo-1.8.19-25.9.1 subversion-python-1.8.19-25.9.1 subversion-python-debuginfo-1.8.19-25.9.1 subversion-server-1.8.19-25.9.1 subversion-server-debuginfo-1.8.19-25.9.1 subversion-tools-1.8.19-25.9.1 subversion-tools-debuginfo-1.8.19-25.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): subversion-bash-completion-1.8.19-25.9.1 References: https://www.suse.com/security/cve/CVE-2018-11782.html https://www.suse.com/security/cve/CVE-2019-0203.html https://bugzilla.suse.com/1049448 https://bugzilla.suse.com/1142721 https://bugzilla.suse.com/1142743 From sle-security-updates at lists.suse.com Wed Jul 31 16:18:47 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 1 Aug 2019 00:18:47 +0200 (CEST) Subject: SUSE-SU-2019:2031-1: important: Security update for subversion Message-ID: <20190731221847.065D4FDF5@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2031-1 Rating: important References: #1142721 #1142743 Cross-References: CVE-2018-11782 CVE-2019-0203 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for subversion to version 1.10.6 fixes the following issues: Security issues fixed: - CVE-2018-11782: Fixed a remote denial of service in svnserve 'get-deleted-rev' (bsc#1142743). - CVE-2019-0203: Fixed a remote, unauthenticated denial of service in svnserve (bsc#1142721). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2031=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2031=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2031=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2031=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2031=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2031=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2031=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2031=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-server-1.10.6-3.6.2 subversion-server-debuginfo-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-server-1.10.6-3.6.2 subversion-server-debuginfo-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.10.6-3.6.2 libsvn_auth_gnome_keyring-1-0-debuginfo-1.10.6-3.6.2 subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-python-ctypes-1.10.6-3.6.2 subversion-ruby-1.10.6-3.6.2 subversion-ruby-debuginfo-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.10.6-3.6.2 libsvn_auth_gnome_keyring-1-0-debuginfo-1.10.6-3.6.2 subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-python-ctypes-1.10.6-3.6.2 subversion-ruby-1.10.6-3.6.2 subversion-ruby-debuginfo-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-perl-1.10.6-3.6.2 subversion-perl-debuginfo-1.10.6-3.6.2 subversion-python-1.10.6-3.6.2 subversion-python-debuginfo-1.10.6-3.6.2 subversion-tools-1.10.6-3.6.2 subversion-tools-debuginfo-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): subversion-bash-completion-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-perl-1.10.6-3.6.2 subversion-perl-debuginfo-1.10.6-3.6.2 subversion-python-1.10.6-3.6.2 subversion-python-debuginfo-1.10.6-3.6.2 subversion-tools-1.10.6-3.6.2 subversion-tools-debuginfo-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): subversion-bash-completion-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): subversion-1.10.6-3.6.2 subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-devel-1.10.6-3.6.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): subversion-1.10.6-3.6.2 subversion-debuginfo-1.10.6-3.6.2 subversion-debugsource-1.10.6-3.6.2 subversion-devel-1.10.6-3.6.2 References: https://www.suse.com/security/cve/CVE-2018-11782.html https://www.suse.com/security/cve/CVE-2019-0203.html https://bugzilla.suse.com/1142721 https://bugzilla.suse.com/1142743