SUSE-SU-2019:1744-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Jul 4 07:17:38 MDT 2019
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:1744-1
Rating: important
References: #1051510 #1071995 #1094555 #1111666 #1112374
#1114279 #1128432 #1134730 #1134738 #1135153
#1135296 #1135642 #1136156 #1136157 #1136271
#1136333 #1137103 #1137194 #1137366 #1137884
#1137985 #1138263 #1138336 #1138374 #1138375
#1138589 #1138681 #1138719 #1138732
Cross-References: CVE-2018-16871 CVE-2019-12614 CVE-2019-12817
Affected Products:
SUSE Linux Enterprise Workstation Extension 15-SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Module for Legacy Software 15-SP1
SUSE Linux Enterprise Module for Development Tools 15-SP1
SUSE Linux Enterprise Module for Basesystem 15-SP1
SUSE Linux Enterprise High Availability 15-SP1
______________________________________________________________________________
An update that solves three vulnerabilities and has 26
fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various
security and bugfixes.
This update adds support for the Hygon Dhyana CPU (fate#327735).
The following security bugs were fixed:
- CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in
arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup
of prop->name, which might allow an attacker to cause a denial of
service (NULL pointer dereference and system crash) (bnc#1137194).
- CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS
message sequence was fixed. (bnc#1137103).
- CVE-2019-12817: On the PowerPC architecture, local attackers could
access other users processes memory (bnc#1138263).
The following non-security bugs were fixed:
- 6lowpan: Off by one handling ->nexthdr (bsc#1051510).
- acpi: Add Hygon Dhyana support (fate#327735).
- af_key: unconditionally clone on broadcast (bsc#1051510).
- alsa: firewire-motu: fix destruction of data for isochronous resources
(bsc#1051510).
- alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510).
- alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510).
- ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510).
- ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510).
- audit: fix a memory leak bug (bsc#1051510).
- blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432).
- ceph: factor out ceph_lookup_inode() (bsc#1138681).
- ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681).
- ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681).
- ceph: flush dirty inodes before proceeding with remount (bsc#1138681).
- ceph: print inode number in __caps_issued_mask debugging messages
(bsc#1138681).
- ceph: quota: fix quota subdir mounts (bsc#1138681).
- ceph: remove duplicated filelock ref increase (bsc#1138681).
- cfg80211: fix memory leak of wiphy device name (bsc#1051510).
- cpufreq: Add Hygon Dhyana support (fate#327735).
- cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (fate#327735).
- cpu/topology: Export die_id (jsc#SLE-5454).
- Do not restrict NFSv4.2 on openSUSE (bsc#1138719).
- drbd: Avoid Clang warning about pointless switch statment (bsc#1051510).
- drbd: disconnect, if the wrong UUIDs are attached on a connected peer
(bsc#1051510).
- drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510).
- drbd: skip spurious timeout (ping-timeo) when failing promote
(bsc#1051510).
- drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource()
(bsc#1136333 jsc#SLE-4994).
- drivers: fix a typo in the kernel doc for
devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).
- drivers: provide devm_platform_ioremap_resource() (bsc#1136333
jsc#SLE-4994).
- drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error
handling path in 'rio_dma_transfer()' (bsc#1051510).
- drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen()
(bsc#1051510).
- drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER
(bsc#1051510).
- drm: add fallback override/firmware EDID modes workaround (bsc#1111666).
- drm/amd/display: Use plane->color_space for dpp if specified
(bsc#1111666).
- drm/edid: abstract override/firmware EDID retrieval (bsc#1111666).
- drm/i915: Add new AML_ULX support list (jsc#SLE-4986).
- drm/i915: Add new ICL PCI ID (jsc#SLE-4986).
- drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986).
- drm/i915: Apply correct ddi translation table for AML device
(jsc#SLE-4986).
- drm/i915: Attach the pci match data to the device upon creation
(jsc#SLE-4986).
- drm/i915/cfl: Adding another PCI Device ID (jsc#SLE-4986).
- drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986).
- drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init
(jsc#SLE-4986).
- drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986).
- drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986).
- drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986).
- drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy
(jsc#SLE-4986).
- drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).
- drm/i915: Remove redundant device id from IS_IRONLAKE_M macro
(jsc#SLE-4986).
- drm/i915/sdvo: Implement proper HDMI audio support for SDVO
(bsc#1051510).
- drm/i915: Split Pineview device info into desktop and mobile
(jsc#SLE-4986).
- drm/i915: Split some PCI ids into separate groups (jsc#SLE-4986).
- drm/i915: start moving runtime device info to a separate struct
(jsc#SLE-4986).
- drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver
(bsc#1111666).
- drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable()
(bsc#1111666).
- drm/mediatek: clear num_pipes when unbind driver (bsc#1111666).
- drm/mediatek: fix unbind functions (bsc#1111666).
- drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666).
- drm/nouveau/disp/dp: respect sink limits when selecting failsafe link
configuration (bsc#1051510).
- drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd
when encoders change (bsc#1111666).
- drm/nouveau/kms/gv100-: fix spurious window immediate interlocks
(bsc#1111666).
- EDAC, amd64: Add Hygon Dhyana support (fate#327735).
- EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279).
- HID: wacom: Add ability to provide explicit battery status info
(bsc#1051510).
- HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510).
- HID: wacom: Add support for Pro Pen slim (bsc#1051510).
- HID: wacom: convert Wacom custom usages to standard HID usages
(bsc#1051510).
- HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth
(bsc#1051510).
- HID: wacom: Do not report anything prior to the tool entering range
(bsc#1051510).
- HID: wacom: Do not set tool type until we're in range (bsc#1051510).
- HID: wacom: fix mistake in printk (bsc#1051510).
- HID: wacom: generic: add the "Report Valid" usage (bsc#1051510).
- HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510).
- HID: wacom: generic: Leave tool in prox until it completely leaves sense
(bsc#1051510).
- HID: wacom: generic: Refactor generic battery handling (bsc#1051510).
- HID: wacom: generic: Report AES battery information (bsc#1051510).
- HID: wacom: generic: Reset events back to zero when pen leaves
(bsc#1051510).
- HID: wacom: generic: Scale battery capacity measurements to percentages
(bsc#1051510).
- HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set
(bsc#1051510).
- HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range
(bsc#1051510).
- HID: wacom: generic: Support multiple tools per report (bsc#1051510).
- HID: wacom: generic: Use generic codepath terminology in
wacom_wac_pen_report (bsc#1051510).
- HID: wacom: Mark expected switch fall-through (bsc#1051510).
- HID: wacom: Move handling of HID quirks into a dedicated function
(bsc#1051510).
- HID: wacom: Move HID fix for AES serial number into
wacom_hid_usage_quirk (bsc#1051510).
- HID: wacom: Properly handle AES serial number and tool type
(bsc#1051510).
- HID: wacom: Queue events with missing type/serial data for later
processing (bsc#1051510).
- HID: wacom: Remove comparison of u8 mode with zero and simplify
(bsc#1051510).
- HID: wacom: Replace touch_max fixup code with static touch_max
definitions (bsc#1051510).
- HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact
(bsc#1051510).
- HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible
(bsc#1051510).
- HID: Wacom: switch Dell canvas into highres mode (bsc#1051510).
- HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary
(bsc#1051510).
- HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510).
- HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452
(bsc#1051510).
- hwmon/coretemp: Cosmetic: Rename internal variables to zones from
packages (jsc#SLE-5454).
- hwmon/coretemp: Support multi-die/package (jsc#SLE-5454).
- hwmon: (k10temp) 27C Offset needed for Threadripper2 (FATE#327735).
- hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735).
- hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics
(FATE#327735).
- hwmon: (k10temp) Add support for family 17h (FATE#327735).
- hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs
(FATE#327735).
- hwmon: (k10temp) Add support for temperature offsets (FATE#327735).
- hwmon: (k10temp) Add temperature offset for Ryzen 1900X (FATE#327735).
- hwmon: (k10temp) Add temperature offset for Ryzen 2700X (FATE#327735).
- hwmon: (k10temp) Correct model name for Ryzen 1600X (FATE#327735).
- hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735).
- hwmon: (k10temp) Fix reading critical temperature register
(FATE#327735).
- hwmon: (k10temp) Make function get_raw_temp static (FATE#327735).
- hwmon: (k10temp) Move chip specific code into probe function
(FATE#327735).
- hwmon: (k10temp) Only apply temperature offset if result is positive
(FATE#327735).
- hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh
processors (FATE#327735).
- hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset
table (FATE#327735).
- hwmon: (k10temp) Use API function to access System Management Network
(FATE#327735).
- hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (FATE#327735).
- i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735).
- ibmveth: Update ethtool settings to reflect virtual properties
(bsc#1136157, LTC#177197).
- ipv6: fib: Do not assume only nodes hold a reference on routes
(bsc#1138732).
- kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803 FATE#327056).
- kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730
LTC#173388).
- kabi: s390: enum interruption_class (jsc#SLE-5789 FATE#327042
bsc#1134730 LTC#173388).
- kabi/severities: Whitelist airq_iv_* (s390-specific)
- kABI workaround for asus-wmi changes (bsc#1051510).
- kABI workaround for the new pci_dev.skip_bus_pm field addition
(bsc#1051510).
- kabi: x86/topology: Add CPUID.1F multi-die/package support
(jsc#SLE-5454).
- kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
- kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID
(bsc#1114279).
- kvm: x86: Include multiple indices with CPUID leaf 0x8000001d
(bsc#1114279).
- mfd: intel-lpss: Set the device in reset state when init (bsc#1051510).
- mfd: tps65912-spi: Add missing of table registration (bsc#1051510).
- mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510).
- mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
(bsc#1051510).
- mmc: mmci: Prevent polling for busy detection in IRQ context
(bsc#1051510).
- mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
(bsc#1051510).
- module: Fix livepatch/ftrace module text permissions race (bsc#1071995
fate#323487).
- new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156).
- nl80211: fix station_info pertid memory leak (bsc#1051510).
- {nl,mac}80211: allow 4addr AP operation on crypto controlled devices
(bsc#1051510).
- nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510).
- nvmem: core: fix read buffer in place (bsc#1051510).
- nvmem: correct Broadcom OTP controller driver writes (bsc#1051510).
- nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us
(bsc#1051510).
- nvmem: imx-ocotp: Add i.MX7D timing write clock setup support
(bsc#1051510).
- nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510).
- nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510).
- nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function
(bsc#1051510).
- nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510).
- nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510).
- nvmem: imx-ocotp: Update module description (bsc#1051510).
- nvmem: properly handle returned value nvmem_reg_read (bsc#1051510).
- nvme: skip nvme_update_disk_info() if the controller is not live
(bsc#1128432).
- PCI: Disable VF decoding before pcibios_sriov_disable() updates
resources (jsc#SLE-5803).
- PCI/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803
FATE#327056).
- PCI/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803 FATE#327056).
- PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510).
- perf tools: Add Hygon Dhyana support (fate#327735).
- perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454).
- perf/x86/intel/rapl: Cosmetic rename internal variables in response to
multi-die/pkg support (jsc#SLE-5454).
- perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454).
- perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg
support (jsc#SLE-5454).
- perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454).
- platform/chrome: cros_ec_proto: check for NULL transfer function
(bsc#1051510).
- platform_data/mlxreg: Add capability field to core platform data
(bsc#1112374).
- platform_data/mlxreg: additions for Mellanox watchdog driver
(bsc#1112374).
- platform_data/mlxreg: Document fixes for core platform data
(bsc#1112374).
- platform/mellanox: Add new ODM system types to mlx-platform
(bsc#1112374).
- platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc
(bsc#1136333 jsc#SLE-4994).
- platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow
(bsc#1111666).
- platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys
from asus_nb_wmi (bsc#1051510).
- platform/x86: intel_pmc_core: Add ICL platform support (jsc#SLE-5226).
- platform/x86: intel_pmc_core: Add Package cstates residency info
(jsc#SLE-5226).
- platform/x86: intel_pmc_core: Avoid a u32 overflow (jsc#SLE-5226).
- platform/x86: intel_pmc_core: Include Reserved IP for LTR (jsc#SLE-5226).
- platform/x86: intel_pmc_core: Mark local function static (jsc#SLE-5226).
- platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown
(jsc#SLE-5226).
- platform/x86: mlx-platform: Add ASIC hotplug device configuration
(bsc#1112374).
- platform/x86: mlx-platform: Add definitions for new registers
(bsc#1112374).
- platform/x86: mlx-platform: Add extra CPLD for next generation systems
(bsc#1112374).
- platform/x86: mlx-platform: Add LED platform driver activation
(bsc#1112374).
- platform/x86: mlx-platform: Add mlxreg-fan platform driver activation
(bsc#1112374).
- platform/x86: mlx-platform: Add mlxreg-io platform driver activation
(bsc#1112374).
- platform/x86: mlx-platform: Add mlx-wdt platform driver activation
(bsc#1112374).
- platform/x86: mlx-platform: Add support for fan capability registers
(bsc#1112374).
- platform/x86: mlx-platform: Add support for fan direction register
(bsc#1112374).
- platform/x86: mlx-platform: Add support for new VMOD0007 board name
(bsc#1112374).
- platform/x86: mlx-platform: Add support for tachometer speed register
(bsc#1112374).
- platform/x86: mlx-platform: Add UID LED for the next generation systems
(bsc#1112374).
- platform/x86: mlx-platform: Allow mlxreg-io driver activation for more
systems (bsc#1112374).
- platform/x86: mlx-platform: Allow mlxreg-io driver activation for new
systems (bsc#1112374).
- platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x
systems (bsc#1112374).
- platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374).
- platform/x86: mlx-platform: Fix access mode for fan_dir attribute
(bsc#1112374).
- platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init()
(bsc#1112374).
- platform/x86: mlx-platform: Fix LED configuration (bsc#1112374).
- platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device
registration (bsc#1051510).
- platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374).
- platform/x86: mlx-platform: Remove unused define (bsc#1112374).
- platform/x86: mlx-platform: Rename new systems product names
(bsc#1112374).
- PM / core: Propagate dev->power.wakeup_path when no callbacks
(bsc#1051510).
- powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454).
- powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454).
- powercap/intel_rapl: Update RAPL domain name and debug messages
(jsc#SLE-5454).
- powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
(bsc#1138374, LTC#178199).
- powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375,
LTC#178204).
- powerpc/pseries/mobility: prevent cpu hotplug during DT update
(bsc#1138374, LTC#178199).
- powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration
(bsc#1138374, LTC#178199).
- power: supply: max14656: fix potential use-before-alloc (bsc#1051510).
- power: supply: sysfs: prevent endless uevent loop with
CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510).
- qlcnic: Avoid potential NULL pointer dereference (bsc#1051510).
- qmi_wwan: add network device usage statistics for qmimux devices
(bsc#1051510).
- qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510).
- qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510).
- qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode
(bsc#1051510).
- qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510).
- rapidio: fix a NULL pointer dereference when create_workqueue() fails
(bsc#1051510).
- RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279).
- RAS/CEC: Fix binary search function (bsc#1114279).
- rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681).
- Revert "ALSA: hda/realtek - Improve the headset mic for Acer Aspire
laptops" (bsc#1051510).
- Revert "HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen
enters range" (bsc#1051510).
- Revert "s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589)."
This broke the build with older gcc instead.
- s390/airq: provide cacheline aligned ivs (jsc#SLE-5789 FATE#327042
bsc#1134730 LTC#173388).
- s390/airq: recognize directed interrupts (jsc#SLE-5789 FATE#327042
bsc#1134730 LTC#173388).
- s390/dasd: fix using offset into zero size array error (bsc#1051510).
- s390: enable processes for mio instructions (jsc#SLE-5802 FATE#327055
bsc#1134738 LTC#173387).
- s390/ism: move oddities of device IO to wrapper function (jsc#SLE-5802
FATE#327055 bsc#1134738 LTC#173387).
- s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589).
- s390/pci: add parameter to disable usage of MIO instructions
(jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
- s390/pci: add parameter to force floating irqs (jsc#SLE-5789
FATE#327042 bsc#1134730 LTC#173388).
- s390/pci: clarify interrupt vector usage (jsc#SLE-5789 FATE#327042
bsc#1134730 LTC#173388).
- s390/pci: fix assignment of bus resources (jsc#SLE-5802 FATE#327055
bsc#1134738 LTC#173387).
- s390/pci: fix struct definition for set PCI function (jsc#SLE-5802
FATE#327055 bsc#1134738 LTC#173387).
- s390/pci: gather statistics for floating vs directed irqs (jsc#SLE-5789
FATE#327042 bsc#1134730 LTC#173388).
- s390/pci: improve bar check (jsc#SLE-5803 FATE#327056).
- s390/pci: map IOV resources (jsc#SLE-5803 FATE#327056).
- s390/pci: mark command line parser data __initdata (jsc#SLE-5789
FATE#327042 bsc#1134730 LTC#173388).
- s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789
FATE#327042 bsc#1134730 LTC#173388).
- s390/pci: move io address mapping code to pci_insn.c (jsc#SLE-5802
FATE#327055 bsc#1134738 LTC#173387).
- s390/pci: provide support for CPU directed interrupts (jsc#SLE-5789
FATE#327042 bsc#1134730 LTC#173388).
- s390/pci: provide support for MIO instructions (jsc#SLE-5802
FATE#327055 bsc#1134738 LTC#173387).
- s390/pci: remove stale rc (jsc#SLE-5789 FATE#327042 bsc#1134730
LTC#173388).
- s390/pci: remove unused define (jsc#SLE-5789 FATE#327042 bsc#1134730
LTC#173388).
- s390/pci: skip VF scanning (jsc#SLE-5803 FATE#327056).
- s390/protvirt: add memory sharing for diag 308 set/store (jsc#SLE-5759
FATE#327003 bsc#1135153 LTC#173151).
- s390/protvirt: block kernel command line alteration (jsc#SLE-5759
FATE#327003 bsc#1135153 LTC#173151).
- s390/qeth: fix race when initializing the IP address table (bsc#1051510).
- s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
(bsc#1051510).
- s390/sclp: detect DIRQ facility (jsc#SLE-5789 FATE#327042 bsc#1134730
LTC#173388).
- s390/setup: fix early warning messages (bsc#1051510).
- s390: show statistics for MSI IRQs (jsc#SLE-5789 FATE#327042
bsc#1134730 LTC#173388).
- s390/uv: introduce guest side ultravisor code (jsc#SLE-5759 FATE#327003
bsc#1135153 LTC#173151).
- s390/virtio: handle find on invalid queue gracefully (bsc#1051510).
- sched/topology: Improve load balancing on AMD EPYC (bsc#1137366).
- scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156).
- scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156).
- scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156).
- scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156).
- scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156).
- scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156).
- scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156).
- scsi: hpsa: fix an uninitialized read and dereference of pointer dev
(jsc#SLE-4712 bsc#1136156).
- scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712
bsc#1136156).
- scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156).
- scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156).
- scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712
bsc#1136156).
- scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver
(bsc#1136271).
- scsi: megaraid_sas: correct an info message (bsc#1136271).
- scsi: megaraid_sas: driver version update (bsc#1136271).
- scsi: megaraid_sas: Retry reads of outbound_intr_status reg
(bsc#1136271).
- scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271).
- scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271).
- scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD
(bsc#1136271).
- scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555).
- scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555).
- scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296).
- scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from
port_remove (bsc#1051510).
- scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
(bsc#1051510).
- scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP
devices (bsc#1051510).
- scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only
sdevs) (bsc#1051510).
- serial: sh-sci: disable DMA for uart_console (bsc#1051510).
- SMB3: Fix endian warning (bsc#1137884).
- soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
(bsc#1051510).
- soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510).
- spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
(bsc#1051510).
- spi: Fix zero length xfer bug (bsc#1051510).
- spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510).
- spi: spi-fsl-spi: call spi_finalize_current_message() at the end
(bsc#1051510).
- spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510).
- spi: tegra114: reset controller on probe (bsc#1051510).
- supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994)
- thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510).
- thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to
zones from packages (jsc#SLE-5454).
- thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454).
- tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510).
- tmpfs: fix uninitialized return value in shmem_link (bsc#1051510).
- tools/cpupower: Add Hygon Dhyana support (fate#327735).
- topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454).
- topology: Create package_cpus sysfs attribute (jsc#SLE-5454).
- tty: max310x: Fix external crystal register setup (bsc#1051510).
- usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).
- usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642).
- usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642).
- vfio: ccw: only free cp on final interrupt (bsc#1051510).
- video: hgafb: fix potential NULL pointer dereference (bsc#1051510).
- video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510).
- virtio_console: initialize vtermno value for ports (bsc#1051510).
- vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).
- watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510).
- x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735).
- x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735).
- x86/amd_nb: Check vendor in AMD-only functions (fate#327735).
- x86/apic: Add Hygon Dhyana support (fate#327735).
- x86/bugs: Add Hygon Dhyana to the respective mitigation machinery
(fate#327735).
- x86/cpu: Add Icelake model number (jsc#SLE-5226).
- x86/cpu/amd: Do not force the CPB cap when running under a hypervisor
(bsc#1114279).
- x86/cpu: Create Hygon Dhyana architecture support file (fate#327735).
- x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382).
- x86/cpufeatures: Combine word 11 and 12 into a new scattered features
word (jsc#SLE-5382).
- x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions
(jsc#SLE-5382).
- x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana
(fate#327735).
- x86/cpu/hygon: Fix phys_proc_id calculation logic for multi-die
processors ().
- x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (fate#327735).
- x86/events: Add Hygon Dhyana support to PMU infrastructure
(fate#327735).
- x86/kvm: Add Hygon Dhyana support to KVM (fate#327735).
- x86/mce: Add Hygon Dhyana support to the MCA infrastructure
(fate#327735).
- x86/mce: Do not disable MCA banks when offlining a CPU on AMD
(fate#327735).
- x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279).
- x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback
(bsc#1114279).
- x86/microcode: Fix microcode hotplug state (bsc#1114279).
- x86/microcode: Fix the ancient deprecated microcode loading method
(bsc#1114279).
- x86/mm/mem_encrypt: Disable all instrumentation for early SME setup
(bsc#1114279).
- x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge
(fate#327735).
- x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana
(fate#327735).
- x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454).
- x86/speculation/mds: Revert CPU buffer clear on double fault exit
(bsc#1114279).
- x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).
- x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454).
- x86/topology: Define topology_die_id() (jsc#SLE-5454).
- x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
- x86/umip: Make the UMIP activated message generic (bsc#1138336).
- x86/umip: Print UMIP line only once (bsc#1138336).
- x86/xen: Add Hygon Dhyana support to Xen (fate#327735).
- x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die
processors (fate#327735).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 15-SP1:
zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1744=1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:
zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1744=1
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1744=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP1:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1744=1
- SUSE Linux Enterprise Module for Development Tools 15-SP1:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1744=1
- SUSE Linux Enterprise Module for Basesystem 15-SP1:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1744=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1744=1
Package List:
- SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64):
kernel-default-debuginfo-4.12.14-197.7.1
kernel-default-debugsource-4.12.14-197.7.1
kernel-default-extra-4.12.14-197.7.1
kernel-default-extra-debuginfo-4.12.14-197.7.1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-197.7.1
kernel-default-debugsource-4.12.14-197.7.1
kernel-obs-qa-4.12.14-197.7.1
kernel-vanilla-4.12.14-197.7.1
kernel-vanilla-base-4.12.14-197.7.1
kernel-vanilla-base-debuginfo-4.12.14-197.7.1
kernel-vanilla-debuginfo-4.12.14-197.7.1
kernel-vanilla-debugsource-4.12.14-197.7.1
kernel-vanilla-devel-4.12.14-197.7.1
kernel-vanilla-devel-debuginfo-4.12.14-197.7.1
kernel-vanilla-livepatch-devel-4.12.14-197.7.1
kselftests-kmp-default-4.12.14-197.7.1
kselftests-kmp-default-debuginfo-4.12.14-197.7.1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64):
kernel-debug-4.12.14-197.7.1
kernel-debug-base-4.12.14-197.7.1
kernel-debug-base-debuginfo-4.12.14-197.7.1
kernel-debug-debuginfo-4.12.14-197.7.1
kernel-debug-debugsource-4.12.14-197.7.1
kernel-debug-devel-4.12.14-197.7.1
kernel-debug-devel-debuginfo-4.12.14-197.7.1
kernel-debug-livepatch-devel-4.12.14-197.7.1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x):
kernel-default-livepatch-4.12.14-197.7.1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64):
dtb-al-4.12.14-197.7.1
dtb-allwinner-4.12.14-197.7.1
dtb-altera-4.12.14-197.7.1
dtb-amd-4.12.14-197.7.1
dtb-amlogic-4.12.14-197.7.1
dtb-apm-4.12.14-197.7.1
dtb-arm-4.12.14-197.7.1
dtb-broadcom-4.12.14-197.7.1
dtb-cavium-4.12.14-197.7.1
dtb-exynos-4.12.14-197.7.1
dtb-freescale-4.12.14-197.7.1
dtb-hisilicon-4.12.14-197.7.1
dtb-lg-4.12.14-197.7.1
dtb-marvell-4.12.14-197.7.1
dtb-mediatek-4.12.14-197.7.1
dtb-nvidia-4.12.14-197.7.1
dtb-qcom-4.12.14-197.7.1
dtb-renesas-4.12.14-197.7.1
dtb-rockchip-4.12.14-197.7.1
dtb-socionext-4.12.14-197.7.1
dtb-sprd-4.12.14-197.7.1
dtb-xilinx-4.12.14-197.7.1
dtb-zte-4.12.14-197.7.1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch):
kernel-docs-html-4.12.14-197.7.1
kernel-source-vanilla-4.12.14-197.7.1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64):
kernel-kvmsmall-4.12.14-197.7.1
kernel-kvmsmall-base-4.12.14-197.7.1
kernel-kvmsmall-base-debuginfo-4.12.14-197.7.1
kernel-kvmsmall-debuginfo-4.12.14-197.7.1
kernel-kvmsmall-debugsource-4.12.14-197.7.1
kernel-kvmsmall-devel-4.12.14-197.7.1
kernel-kvmsmall-devel-debuginfo-4.12.14-197.7.1
kernel-kvmsmall-livepatch-devel-4.12.14-197.7.1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x):
kernel-zfcpdump-debuginfo-4.12.14-197.7.1
kernel-zfcpdump-debugsource-4.12.14-197.7.1
kernel-zfcpdump-man-4.12.14-197.7.1
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-197.7.1
kernel-default-debugsource-4.12.14-197.7.1
kernel-default-livepatch-4.12.14-197.7.1
kernel-default-livepatch-devel-4.12.14-197.7.1
kernel-livepatch-4_12_14-197_7-default-1-3.3.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-197.7.1
kernel-default-debugsource-4.12.14-197.7.1
reiserfs-kmp-default-4.12.14-197.7.1
reiserfs-kmp-default-debuginfo-4.12.14-197.7.1
- SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-4.12.14-197.7.1
kernel-obs-build-debugsource-4.12.14-197.7.1
kernel-syms-4.12.14-197.7.1
- SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch):
kernel-docs-4.12.14-197.7.1
kernel-source-4.12.14-197.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-197.7.1
kernel-default-base-4.12.14-197.7.1
kernel-default-base-debuginfo-4.12.14-197.7.1
kernel-default-debuginfo-4.12.14-197.7.1
kernel-default-debugsource-4.12.14-197.7.1
kernel-default-devel-4.12.14-197.7.1
kernel-default-devel-debuginfo-4.12.14-197.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):
kernel-devel-4.12.14-197.7.1
kernel-macros-4.12.14-197.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x):
kernel-default-man-4.12.14-197.7.1
kernel-zfcpdump-4.12.14-197.7.1
kernel-zfcpdump-debuginfo-4.12.14-197.7.1
kernel-zfcpdump-debugsource-4.12.14-197.7.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-197.7.1
cluster-md-kmp-default-debuginfo-4.12.14-197.7.1
dlm-kmp-default-4.12.14-197.7.1
dlm-kmp-default-debuginfo-4.12.14-197.7.1
gfs2-kmp-default-4.12.14-197.7.1
gfs2-kmp-default-debuginfo-4.12.14-197.7.1
kernel-default-debuginfo-4.12.14-197.7.1
kernel-default-debugsource-4.12.14-197.7.1
ocfs2-kmp-default-4.12.14-197.7.1
ocfs2-kmp-default-debuginfo-4.12.14-197.7.1
References:
https://www.suse.com/security/cve/CVE-2018-16871.html
https://www.suse.com/security/cve/CVE-2019-12614.html
https://www.suse.com/security/cve/CVE-2019-12817.html
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1071995
https://bugzilla.suse.com/1094555
https://bugzilla.suse.com/1111666
https://bugzilla.suse.com/1112374
https://bugzilla.suse.com/1114279
https://bugzilla.suse.com/1128432
https://bugzilla.suse.com/1134730
https://bugzilla.suse.com/1134738
https://bugzilla.suse.com/1135153
https://bugzilla.suse.com/1135296
https://bugzilla.suse.com/1135642
https://bugzilla.suse.com/1136156
https://bugzilla.suse.com/1136157
https://bugzilla.suse.com/1136271
https://bugzilla.suse.com/1136333
https://bugzilla.suse.com/1137103
https://bugzilla.suse.com/1137194
https://bugzilla.suse.com/1137366
https://bugzilla.suse.com/1137884
https://bugzilla.suse.com/1137985
https://bugzilla.suse.com/1138263
https://bugzilla.suse.com/1138336
https://bugzilla.suse.com/1138374
https://bugzilla.suse.com/1138375
https://bugzilla.suse.com/1138589
https://bugzilla.suse.com/1138681
https://bugzilla.suse.com/1138719
https://bugzilla.suse.com/1138732
More information about the sle-security-updates
mailing list